>>> Hi guys. I've been googling around looking for info on this without much >>> sucess. Here we are: Some of my customers insist on sending bulk-email >>> from their web php sites (you know, bulletins and such). My worst >>> nightmare would be having our servers listed in any RBL list because of >>> this. How do you guys deal with custommers sending bulk-mail? Are there >>> any rules in postfix to prevent it, maybe even delaying them in the queue? >> >> Unfortunately, this is a human problem, not a technology problem. >> >> There are various "band-aid" approaches, like running the outbound mail >> through spamassassin and HOLDing the "spammy" mail, however this may or may >> not catch what you want, since even SpamAssassin has no idea if the user >> actually wanted the mail or not. > > Yes, we already do that, and more. In fact, I'm not that worried because > of the contents of the emails, I'm mostly worried because sending emails > to more than 500 people in the recipient list is not very polite, and > can trigger undesired actions. People sometimes have poorly designed web > pages with a not-too good php emailing code. > > For instance. I'd like to find a way (maybe through some header checks > in outgoing email) so if it detects a large amount of recipients it > triggers actions such as: > > 1.- Adding the 'Precedence: bulk' header field > 2.- Clean the message for non-valid characters > 3.- If a non-valid sender address is detected, block the sending (for > instance, someone may send bulk-email with a From: [email protected] > (the apache user) > 4.- If the recipient list has invalid recipient domains block the whole > sending. > 5.- Of course, any modification of the email should be done before doing > the dk/dkim signing, which we already do. > > Can this be (totally or partially) done?
1, 2 & 3 are possible but probably not helpful. 4 is possible but not useful for fixing your problem (if the recipient domain is invalid, the mail won't go out anyway). I'm not sure if #5 would be good or bad, but it won't stop anybody from sending spam. It takes very little spam to get blacklisted (sometimes as little as a single message to the right spamtrap). There is no technology that I'm aware of that will stop this. If you don't want your server to be blacklisted, you need to make sure the users don't send spam, or you need to tell them they have to contract with an external mail provider. Terry
