I'm hosting a mail server for a couple different domains. Recently, the password of one of the users was guessed/hacked and the account was used to send out a couple hundred thousand messages before I noticed and was able to shut it down, which got the entire server blacklisted
I'd like to put a limit in qmail to rate-limit outgoing email on a per user/domain/time basis, but so far have not been able to find any built in functionality for that.
Any techniques you know of would be useful. One option I've come across is to send outbound email through SpamAssassin, but I'm concerned about blocking legit messages.
Best Answer
There's some sort of throttle patch available for Qmail that fits your description. I doubt there's built in functionality without patching Qmail, as Qmail is, ahem, perfectly coded as is.
Please take a look at this discussion of various MTAs, particularly the note about Qmail. Bear in mind that this discussion is from 6 years ago, and what was said about Qmail then is even more true. This would perhaps not be in your short or medium term planning, but migrating from Qmail should be something to consider, particularly if you have to apply a bunch of sort of random patches to get it to do what you want it to do.
Hmm, the discussion on how to do something similar in Postfix is to use the policyd add-on. A glance at that project suggests it can be used with different MTAs, so possibly you can convince Qmail to use it.