чт, 2 нояб. 2023 г. в 09:51, kasak <kasakof...@gmail.com>: > > пн, 23 окт. 2023 г. в 09:11, kasak <kasakof...@gmail.com>: > > > > пт, 20 окт. 2023 г. в 19:52, Юрий Иванов <format_...@outlook.com>: > > > > > > Sorry for off top... > > > ...but thanks for your OpenBSD PF book Peter :-) > > > ________________________________ > > > От: kasak <kasakof...@gmail.com> > > > Отправлено: 20 октября 2023 г. 8:48 > > > Кому: Peter N. M. Hansteen <pe...@bsdly.net> > > > Копия: misc@opensmtpd.org <misc@opensmtpd.org> > > > Тема: Re: need help with honeypot > > > > > > чт, 19 окт. 2023 г. в 19:52, Peter N. M. Hansteen <pe...@bsdly.net>: > > > > > > > > On Thu, Oct 19, 2023 at 09:05:56AM +0300, kasak wrote: > > > > > In traps file I have list of spoiled addresses for example > > > > > aa...@tvema.ru > > > > > But mail is not accepted :( > > > > > > > > This sounds like you are more or less trying to imitate the greytrapping > > > > feature of OpenBSD spamd. > > > > > > Yes, it is something similar, but not quite. I'm no need of > > > greytrapping, I want to teach rspamd. > > > Hope I can do this without spamd. > > > > > > > You might want to read this article of mine (gosh, it's been 11 years) > > > > and links therein for inspiration: > > > > https://bsdly.blogspot.com/2012/05/in-name-of-sane-email-setting-up-spamd.html > > > > (also newly available trackerless but with even uglier formatting as > > > > https://nxdomain.no/~peter/in_the_name_of_sane_email.html), > > > > assuming, as usual that your system runs OpenBSD (also applicable with > > > > minor adjustments on FreeBSD or NetBSD) > > > > > > > > - Peter > > > > > > > > -- > > > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > > > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > > > > "Remember to set the evil bit on all malicious network traffic" > > > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > > > > I did some experiment here, and looks like this is not "match" > > problem, this is "action" problem. > > If I change action "trap" to some real delivery method, it works. > > So, I need to fix it with rspamc somehow. > > If someone interested, I have figured out how to do what I wanted to do. > > Here is howto: > At first, collect spoiled email addresses to some list, for example > /etc/mail/traps. > Second, we must map these addresses to some local user, because > otherwize, smtpd will not know where to put them. > To do this, we must make another table, with mapping all addresses to > _rspamd user. > You can do this with a simple sed pattern: > cat /etc/mail/traps | sed 's/$/ _rspamd/' > /etc/mail/virtualtraps > Now we have two tables, traps for matching and virtualtraps for action. > > add something like this to smtpd.conf: > ---- > table traps file:/etc/mail/traps > table virtualtraps file:/etc/mail/virtualtraps > > action "trap" mda "/usr/local/bin/rspamc -f 1 -w 10 fuzzy_add" virtual > <virtualtraps> > > match from any for rcpt-to <honeypot> action "trap" > ---- > > The match directive should be placed above the main domain match. > And voila! > You can monitor teaching with grep: > grep -F -f /etc/mail/traps /var/log/maillog
Folks, I just suddenly discovered that rspamd has a module to achieve exactly similar functionality. https://rspamd.com/doc/modules/spamtrap.html I already tested it and it works like a charm! How did I not notice it before?
