I have a client site that got blocked by their ISP because of mass mailing attempt (>10000)
This attempt was apparently executed using a legitimate user's account
If the attempts weren't using our ISP's SMTP server it would be easy to detect and prevent
I was wondering if anyone had any ideas or tools that could help prevent this type of situation at the upstart ?
Or at the very least detect it while it is happening
At the router level I suppose I could setup a netwatch script to react if there were a certain number of smtp connections within a short period of time