User based SMTP limits
Allow SMTP limits based on user. Doing so by IP address is not practical if many users are behind a single IP. Doing it by user login would be a quick way to stop an open relay situation if a specific account has been compromised.
Justin Lee commented
We just had DoS due to password compromise, and 37,000/hr for several hours. This stopped mail for everyone, blacklisted, and we had several hundred unhappy users. Workaround to get KMS working was to stop Kerio, rename the queue folder, and restart. We parsed the queue folder after hours, and re-added non-SPAM messages to the queue.
Ortwin Glück commented
Definitely! Account compromise happen all the time as users tend to give away their credentials to random Android and web apps... And no sane user needs to send thousands of emails per hour.
I strongly agree. We just had a user password compromised and multiple IP's were being used to send mail from one account. The current option of messages per hour from one IP address is useless against this attack.
Now we have to spend time getting delisted when you can easily program this in to Kerio v9.2+.
This should be implemented right away. Thanks for listening....
Yes, please go ahead and make this happen. One customer just got hacked a couple of days ago (using the same password on a site that got hacked). We had >500 hosts relaying (before we detected it) so the built-in feature of limiting per IP is quite useless in theese kinds of scenarios
Francesco Barcella commented
This is a fondamental feature. Almost all mail servers provide something similar, very useful to limit compromised account to spam through your mail server, with the risk of going into blacklist.
Morgan Hoffman commented
Being able to set a limit per user per hour would be excellent.