Joe Lanager wrote:
> Thanks John and everyone else for all the advise. So, I entered the
> domain in the spamtrap table as '@mybogusdomain.com' but it didn't work
> so I changed the entry to '[EMAIL PROTECTED]' but spamtrapping still
> doesn't seem to be catching the attempted delivery to that bogus domain.
> For example, I see connections for [EMAIL PROTECTED]
> but spamtrap isn't triggering with either of the entries listed above.
> I read through both the policyd.conf and the README but I don't
> specifically see where it says about setting an entire domain in the
> spamtrap table so I'm just not sure what syntactical error I'm
> committing. Could anyone shed some light on what syntax I should be
> using?
>
> Thanks very much,
>
> Joe
Please post your message below the text you are referring to. Posting
above makes the discussion hard to read (google top posting)
postfix has to know that the address is valid (as a trap).
You also need to add a sql lookup to your relay_recipient_maps.
Mine looks like this:
relay_recipient_maps =
hash:/etc/postfix/relay_recipient.map,
proxy:mysql:/etc/postfix/policyd_spamtrap_alias_maps.cf
where /etc/postfix/policyd_spamtrap_alias_maps.cf has...
user = dbuser
password = dbpasswd
hosts = localhost
dbname = policyd
query = SELECT CONCAT('[EMAIL PROTECTED]') FROM spamtrap WHERE
_rcpt='%s' AND _active='1'
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John
> Beaver
> Sent: Wednesday, July 18, 2007 5:13 PM
> To: policyd-users@lists.sourceforge.net
> Subject: Re: [policyd-users] Questions Regarding Turning On Spamtrap
>
> Joe Lanager wrote:
>> Thanks for the feedback on Spamtrap's effectiveness. If we do decide
> to
>> turn the feature on however, does anyone have any suggestions on
>> configuring it? For example, we have an additional registered domain
>> that's never been used for e-mail but if we throw up an MX record and
>> listen we start getting connections. So, is there a way to enter the
>> entire domain into the spamtrap _rcpt table (e.g.,
> [EMAIL PROTECTED])
>> and spamtrap any servers trying to connect to it? Also, can you
>> blacklist an entire net block using spamtrap? Finally, as I had asked
>> originally do I need to turn on blacklisting as well as spamtrap to
> get
>> this all to work?
>
>
> Yes, you can enter just the domain into the spamtrap list and it will
> catch all addresses at that domain. Check out the README for the exact
> syntax and examples.
>
> You have the option to block the net block or the host. Example is in
> the policyd.conf sample.
>
> Yes, you need to enable blacklisting for the blacklisting to work.
>
> john
>
>>
>> Joe Lanager wrote:
>>> We currently use Policyd just for greylisting but we're thinking of
>>> implementing Spamtrap so I just had some general questions. Is
> anyone
>>> currently using this feature and if so has it been very effective?
>> In my case it was not effective. After running a low volume site
>> (~1000/day) for 6 months, I had very few repeat offenders caught by
> the
>> spam trap. I did find some, but most were mainly bot spam coming from
>
>> different IP's.
>> On the negative side, I found several legitimate outgoing mail servers
>
>> from COX and comcast that I had to whitelist after they were being
> used
>> to hit my spamtraps multiple times.
>> I found that simply rejecting the unknown users and parsing the logs
>> over time I could find which netblocks to block if any.
>>
>> YMMV
>>
>> john
>>
>>> Also, we initially just want to enter some static targeted recipient
>>> addresses and have the trapped IPs expire after a day so am I correct
>> in
>>> assuming that all we need to do to get this working is to:
>>>
>>>
>>>
>>> 1. Set SPAMTRAPPING = 1 in policyd.conf
>>>
>>> 2. Set SPAMTRAP_AUTO_EXPIRE=1d in policyd.conf
>>>
>>> 3. Enter the trap address(es) in the spamtrap table in MySQL
>>> (e.g., _rcpt = [EMAIL PROTECTED] and _active=1)
>>>
>>>
>>>
>>> Also, I'm assuming that the blacklist table is where the trapped
>>> addresses go so do I need to enable blacklisting as well or will it
>> work
>>> without expressly turning on blacklisting?
>>>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users
