Hi!
I would like to have some help regarding this issue/scenario:
We have a "central" smtp-relay for (almost) all our servers. The server
contains (mostly) websites that sometimes send one email or two, via
localhost and the emails is then send them with postfix which is then
relaying it via this particular server.
Also, we have the privileges of getting thoose sites hacked and used for
mass-distribution of email to various email-adresses, which is
actually not something that is for anyones benefit.
The idea/hope is to use postfwd so find a exessive amount of email
originating for one host or even better - website and then dump all
thoose emails into the trash.
I have read the online documention of postfwd but honestly, I just can't
grasp it for some reason..
Does anyone here have a working example of something that works as
described?¨
Some more info:
The server is just a relay, no auth required. We want system email to go
throu it also.
All servers is configured to use this particular one as a relay.
The mail relay is using Postfix, with some poorly deployed postfwd like
this:
main.cf:
smtpd_client_restrictions = permit_mynetworks, reject
check_policy_service inet:127.0.0.1:10040
The postfwd.cf contains:
&&DNSBLS {
rbl=zen.spamhaus.org
rbl=list.dsbl.org
rbl=bl.spamcop.net
rbl=dnsbl.sorbs.net
rbl=ix.dnsbl.manitu.net
rhsbl=rddn.dnsbl.net.au
rhsbl=rhsbl.ahbl.org
rhsbl=rhsbl.sorbs.net
}
&&DNSWLS {
rbl=list.dnswl.org
rbl=exemptions.ahbl.org
rbl=query.bondedsender.org
rbl=hostkarma.junkemailfilter.com/^127\.0\.0\.1$/3600
rhsbl_client=hostkarma.junkemailfilter.com/^127\.0\.0\.1$/3600
}
id=RULE001
client_name==unknown
action=rate(client_address/50/300/450 4.7.1 only 5 recipients
per 5 minutes allowed)
id=RBL_002
HIT_dnsbls>=2
action=554 5.7.1 blocked using $$HIT_dnsbls dnsbls, INFO:
[$$DSBL_text]
I hope that you understand what I mean! :)
--
Jonathan Sélea
PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD
https://jonathanselea.se
