In message <53f664fe.1030...@megan.vbhcs.org>, Noel Jones <njo...@megan.vbhcs.org> wrote:
>amavisd-new has a "penpals" feature that integrates nicely with >postfix as a pre-queue smtpd_proxy_filter, or a post-queue >content_filter. I don't use this particular feature, but amavisd-new >is solid software. >http://www.ijs.si/software/amavisd/ Hummm... What I had in mind was something rather a lot less "heavyweight". I'd prefer not to have to install a whole separate (sizable) monster whose primary purposes isn't even related to the kind of whitelisting I asked about. >As an alternative, I don't suppose it would be much trouble to >convince fail2ban to add outbound email addresses to a database to >use as a postfix check_sender_access map. OK. Not that this is at all relevant to me personally, or to my own (small) local mail setup, but... Question: Assuming that something like that was built, and then deployed on a server with thousands or tens of thousands of e-mail users... How well would it scale? (Just curious.) I'm just wondering about the effects of constant & frequent diddling of a data base that Postfix is using to make decisions. >This would still be subject to spoofing. Yes, but that possibility really doesn't worry me much. In order to be useful, to spammers, they would have to find some e-mail addresses that _lots_ of people have previously whitelisted (by virtue of their having all sent e-mail to that address). Seems rather difficult and probably not worthwhile... for the spammers.
