Frank Bonnet put forth on 11/18/2010 2:22 AM: > Hello > > I use smtpd_sender_restrictions map to filter undesirable addresses > actually I had manually a bunch of addresses every day. > > I wonder if it would be possible to do that by forwarding this SPAM to > a "special" email address ? > > I mean the fact to forward the email would start a script on the MX that > would > add the address in smtpd_sender_restrictions map and reload postfix. > > I have no problem to write the script that would to this but I am not able > to build a filter that intercept the forwarded email. > > Would it be possible with sieve ?
If you have mailboxes stored on a filesystem accessible by the MX Postfix+Dovecot server, sure, it's possible. For obvious reasons I would suggest using mbox format for these emails so the filename never changes, simply the contents. This makes your script easier to write. Simply use a sieve script to file the email into your special mbox folder. Write your custom script to parse out all header From: "u...@domain.tld" addresses. Then add them to your blacklist hash file. Cron the script to run periodically, say every hour or once per day, depending on your needs. I wrote a while back, with Victor's help, an auto whitelist script which works similarly to what you wish to accomplish. It may be useful as a guide. It obviously reads the mail log whereas your script will read an mbox file. The parsing, sorting, duplicate address elimination, and action appending should all be directly applicable to your script. Obviously you will change "OK" to something like "REJECT". Hope this is helpful as a starting point. #! /bin/sh # [1] grab all sent to addresses from the current mail log sed -n -e '/postfix\/smtp\[.*status=sent/s/^.*to=<\([^>]*\).*$/\1/p' /var/log/mail.log | sort -u > /tmp/sender_addrs.tmp # merge the new addresses with the current list, eliminate dups cat /tmp/sender_addrs.tmp /etc/postfix/auto-whtlst.raw | sort -f | uniq -i > /tmp/wrkng-whtlst.tmp # keep a copy without "OK" action for next processing iteration cp /tmp/wrkng-whtlst.tmp /etc/postfix/auto-whtlst.raw # add "OK" action to each entry, generating new list file sed 's/$/ OK/g' /etc/postfix/auto-whtlst.raw > /etc/postfix/auto-whtlst # regenerate hash /usr/sbin/postmap /etc/postfix/auto-whtlst Keep in mind that header From: and ENVELOPE FROM are two different things. This script method acting on messages in a mailbox file will only work for header From: addresses. This may or may not give you your desired results, since spammers almost always forge the header From: address. You should probably be going after the ENVELOPE FROM addresses. To do this would make this script much more complicated. You would need to search your mbox file for message-id's. You'd then search for each message-id in your mail log, and match up the ENVELOPE FROM address corresponding to that message-id. This is definitely more complicated but it should be possible. If you Google around I'm guessing you'll find someone has already come up with something similar. Googling for "postfix auto blacklist" returns lots of hits. ;) -- Stan
