securing outgoing emails on Web servers

Good Day,

This is not critical.

I'm looking for some sort of best practice in securing outgoing emails on a mutualized server. I don't always find it obvious to find which virtual account gets hacked (how and where). Too often, we don't control the code that goes on our servers. Like bad code or an old version of unpatched CMS... Like we all know, once an account gets hacked and many mails (spam) are sent, the IP gets Black Listed and affects every account on the server. Just a pain in the neck...

What is it that you guys do with IPSConfig?

- Can I force a user/passord from each piece of code that wants to use the local smtp (in PHP for example) on the Web servers? No password, no send. I figure, in 99% of the issues, the script would not be able to send because of connection issue. Or if it did send, i'd know from the connected user (no more nobody of spoofed emails from forms)?
- Is there a HowToForge procedure to set this up (in ISPConfig or not I guess)?

- I see a previous post that mentions policyd (for Postfix). Could be good to rate limit sending (100/hour) and be warned. Can policyd be configured by account? One limited at 100 other at 1000 per hour or more?

- I guess write a script that checks the queue count. If it gets to say 1000, it sends me an email (alert) ?

- Anything else you do or recommend?

I really want to limit the chances of this happening. I have a customer that requires a environment of this type. I'm going to install a Multiserver or Cluster (not sure which one yet - maybe a mix of both on an 8 server instead of 5). I would really like to make email issues of this sort a thing of the past.

Thank you,

JP Cyrenne