I've been using AWS SES as an SMTP relay (Postfix + Dovecot) for years and now am facing the pausing of sending emails for the second time. We use this combination as an email server for business email purposes.
After my email server has been hacked for the first time I enabled Multi-Factor Authentication. I didn't find out how the attacker managed to compromise the server and send emails. Everything went well for more than a year, and now the problem was one of the user's email accounts as an attacker somehow got in the possession of the user's email password.
So, I am wondering what is the best way to prevent future problems of this type, as this can happen all the time to any of the users? After my email server was compromised for the first time I configured Amazon's Automatically pausing email sending for the entire Amazon SES account, using their guide, but it seems it looks it didn't help this time to pause email sending after reaching the bounce limit, so I will have to check in more details what happened with this alarm.
Are there any other suggestions? I thought that it may be good to somehow (using postfix configuration) limit the number of outgoing emails, for each user, per minute/hour - so it could give me more time to react if the same happens again, instead of allowing the user to send hundreds of emails per minute?
