On Sun, Jan 17, 2010 at 10:44:48PM -0800, Daniel L. Miller wrote: > > Daily scanning of logfiles does not accomplish this. Nor would even an > hourly scan - and constant logfile scanning strikes me as inelegant. If > there is any method currently existing within Postfix to accomplish this > goal please point me at it! If not, I'd like to discuss possible means > and methods for a future implementation.
I've been meaning to make something like this for postfix, your post refreshed me. Amavisd-new penpals is ok (and you can make other custom queries to it's database), but it can't make MTA bypass all the ptr/helo/foo checks. My main problem is all bad SOHO servers etc that get blocked by those. It can be achieved with a simple policy daemon that records all outgoing recipients and/or relays and compares them for incoming messages, possibly adding a header that you can also reuse in SA for scoring. I think I prefer a separate daemon that tails postfix log and greps all to=xxx, relay=xxx info and passes it to the policy daemon. That way the policy daemon doesn't need to have a big DNS mess to resolve all the recipient MX ips. If someone has any suggestions, feel free, I'll have something ready soon..
