I open a thread to the community as official support is very slow to reply.
I need a good strategy to face this issue.
We have a client with a lot of users who send messages through an authenticates SMTP server. This server relay messages to a SEA and it is listed as mail delivery server and as Internal Mail Hosts.
It happens the the internal SMTP server send a huge quantity of messages to SEA due to the password has been cracked or a virus in the client of for any other reason.
I have tried to configure an outbond anti-spam filter policy but without success. This morning the issue happened again, and I was obliged to block the sender, but the ip has been already blacklisted.
Can you suggest how to solve this situation? Any where to detect a malicious outgoing mail trend?
Thank you for sharing you comment. Kind regards,
Enrico
This thread was automatically locked due to age.