Question regardin postfix. postfwd and spam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Question regardin postfix. postfwd and spam

Jonathan Sélea
Hi!


I would like to have some help regarding this issue/scenario:

We have a "central" smtp-relay for (almost) all our servers. The server
contains (mostly) websites that sometimes send one email or two, via
localhost and the emails is then send them with postfix which is then
relaying it via this particular server.
Also, we have the privileges of getting thoose sites hacked and used for
mass-distribution of email to various email-adresses, which is
actually not something that is for anyones benefit.

The idea/hope is to use postfwd so find a exessive amount of email
originating for one host or even better - website and then dump all
thoose emails into the trash.
I have read the online documention of postfwd but honestly, I just can't
grasp it for some reason..

Does anyone here have a working example of something that works as
described?¨

Some more info:
The server is just a relay, no auth required. We want system email to go
throu it also.
All servers is configured to use this particular one as a relay.



The mail relay is using Postfix, with some poorly deployed postfwd like
this:
main.cf:

smtpd_client_restrictions = permit_mynetworks, reject
         check_policy_service inet:127.0.0.1:10040


The postfwd.cf contains:

&&DNSBLS {
         rbl=zen.spamhaus.org
         rbl=list.dsbl.org
         rbl=bl.spamcop.net
         rbl=dnsbl.sorbs.net
         rbl=ix.dnsbl.manitu.net
         rhsbl=rddn.dnsbl.net.au
         rhsbl=rhsbl.ahbl.org
         rhsbl=rhsbl.sorbs.net
}

&&DNSWLS {
         rbl=list.dnswl.org
         rbl=exemptions.ahbl.org
         rbl=query.bondedsender.org
         rbl=hostkarma.junkemailfilter.com/^127\.0\.0\.1$/3600
         rhsbl_client=hostkarma.junkemailfilter.com/^127\.0\.0\.1$/3600
}

id=RULE001
         client_name==unknown
         action=rate(client_address/50/300/450 4.7.1 only 5 recipients
per 5 minutes allowed)

id=RBL_002
         HIT_dnsbls>=2
         action=554 5.7.1 blocked using $$HIT_dnsbls dnsbls, INFO:
[$$DSBL_text]


I hope that you understand what I mean! :)


--
Jonathan Sélea

PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
https://jonathanselea.se