Commit 26bf9cc7 authored by ale's avatar ale
Browse files

Add an alert to spot potentially compromised email accounts

parent 1e21bef5
groups:
- name: roles/ai3-prometheus/files/rules/alerts_spammers.conf
rules:
- alert: PotentiallyCompromisedAccount
expr: sum(delta(postfix_ratelimited_users_total[1h])) by (sender) > 10
for: 2h
labels:
severity: page
scope: global
annotations:
runbook: '[[ alert_playbook_url ]]/PotentiallyCompromisedAccount'
summary: '[SECURITY] Potentially compromised account {{$labels.sender}}'
description: |
The email account '{{$labels.sender}}' has been repeatedly
hitting our outbound SMTP rate limits, which is usually a
sign of a spammer trying to abuse a compromised account.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment