One of my user's email accounts has been compromised. The result was a flood of outgoing mail. Is there a way to block a user email account (not the IP) if the number of messages per minute(s) exceeds a certain threshold?
There is no automatic way to do this in Zimbra or Postfix itself. However, there is a very useful script available at the following link that will accomplish this: zimbra_spam_detection.py.