My company provides hosting on two services: our primary business runs off Windows / Exchange servers that we own and manage ourselves. As a backup and temporary solution we also have a reseller account that uses Exim for email.

Our reseller system (which we subscribe to, we have no knowledge of internals) uses Exim for email and is configured to restrict all mail to 2000 messages for every 12 hours.

I'm curious as to how this is implemented. Is it 2000 messages per 12 hours with the same From: header, or does it discriminate based on some other field? (It's shared hosting, so it can't limit based on source IP address). I suppose if each website had its own SMTP authentication account then Exim could be configured to limit each username, but I don't know if that's supported or enabled.

Is it possible to do anything like this for Exchange? Or at least to get mailing statistics from Exchange to see if anything suspicious is going on?

EDIT: I just remembered that Exchange supports SMTP protocol logging, so that's something we can definitely look into using for identifying suspicious activity on a day-by-day basis, but if it's possible to get something more proactive that'd be great.