On 5/26/2010 2:53 PM, brian wrote: > I've a hunch that the following problem is not something that can be > configured away through postfix but, as I'm well aware that my config-fu > is not the strongest, I'd like any advice more experience among you > might have. I'm sure this isn't a rare problem. > > I recently began supporting the website for a small organisation. One > change I suggested was to utilise a .org domain rather than .com (not > due to any trouble but simply because they're a non-comercial > organisation). The old domain points to this new server in order to > redirect web traffic. AFAIK, there were never any email addresses used > under the old domain. But, now I've set up postfix, I'm seeing thousands > of failed attempts to send to various fictitious DOMAIN.com addresses. > These are properly being blocked 554/relay access denied. > > I've installed fail2ban, which seems to help. However, I'm still seeing > several attempts a second as the sender IP is changed. Is there > something more I can do to mitigate the stress on the server? > > FWIW, aside from aliases for the usual postmaster, abuse, and webmaster > addresses, this domain has just 2 actual addresses to be maintained. So, > might a whitelist approach be the way to go? Or, is this something i > should leave to iptables/fail2ban? > > myhostname = demeter.DOMAIN.org > mydomain = DOMAIN.org > myorigin = $mydomain > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost > relayhost = > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
You could look into using RBLs such as spamhaus etc. -Matt
