I am wondering if there is a way with the IronPort AsyncOS to rate-limit outbound SMTP traffic based on a specific sender NOT by host system (or IP address of host system).
We have had situations where a compromised internal user mailbox becomes compromised (hijacked) and sends hundreds of thousands of spam messages outbound to Internet ISP mail systems causing our mail system to become blacklisted.
Adding outbound smtp rate-limiting confounds the problem as it blocks the entire system not just the compromised mailbox. This halts all mail from our system and upsets everyone.
If no, is there another (non-Cisco IronPort) product that does this? Many Internet ISPs (Verizon, Hotmail, etc. do this, just wondering how they do this?)
Thank you so much in advance, my job relies on an answer here!