Hi Everyone,
We have a setup in which users smtp auth to a MTA, this then relays the messages onto ironport to be sent.
All messages have headers added with the originating IP address of the sender. Some of these messages come from a webmail portal, but again are marked with the originating IP address of the user.
Unfortunately compromised credentials are a daily problem, which causes a flood of email from the offending senders.
Is there any way to limit or throttle senders based on the originating IP header instead of the MTA’s IP address ?
Many thanks in advance,