On Thu, Sep 22, 2011 at 3:38 AM, Stan Hoeppner <s...@hardwarefreak.com> wrote: > On 9/21/2011 1:48 PM, Steve Jenkins wrote: > >> AWESOME little script. Nice, Stan! >> >> One minor detail stops me from using it, however. I have an old domain >> hosted on my server that no longer gets any legit mail, but that >> serves as a great honeypot. So I direct any emails sent to that domain >> via Postfix to a file, and then I point my spam filtering software at >> it nightly to learn from it. However, those addresses all show up in >> the maillog as "SENT" - which adds them to the raw file in your >> script. I'm not a scripter, so any ideas on how to work around that, >> either via Postfix or via the script? > > I'm not sure how this could be an issue. The only addresses added to this > whitelist are smtp recipient addresses successfully delivered to via the > smtp(8) service. Rerouting your trap mail to a local file is going to occur > via local(8), pipe(8), or another mechanism, depending on how exactly you're > doing it, but not via smtp(8). Thus you should be able to use the script as > is without issue, unless you're running something other than GNU/Linux, in > which case you may be having sed/sort/uniq switch issues I discussed > earlier. > > If you are truly having undesirable addresses added to the whitelist file, > maybe you could share some log snippets and sections of the file > /tmp/wrkng-whtlst.tmp showing the address(es) in question, obfuscated of > course, or send me the real data off list.
Running Fedora. After reading your reply I did some more snooping. The issue is that I use a catchall address for my honeypot domain (jenesys.com) in /etc/postfix/virtual to redirect to the honeypot address for the primary mail domain on that box (honey...@stevejenkins.com). I don't mind sharing the actual addresses publicly, because if they get harvested and spammed, they'll just go to my honeypot. :) Anyway, here's the line in my /etc/postfix/virtual: @jenesys.com honeypot The "sent" in the logfile is happening when the virtual alias hands off the message to the honeypot alias: Sep 18 21:31:41 carbonfiber postfix/smtp[12860]: D73201042498: to=<honey...@stevejenkins.com>, orig_to=<a...@jenesys.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.5, delays=1/0/0/2.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09206-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EC7381042499) The honey...@stevejenkins.com address on the primary mail domain points to the /var/spool/mail/spam file for later processing. I tried doing changing the line in my virtual file to: @jenesys.com /var/spool/mail/spam But that didn't work. Anyone got a method to get an incoming message to a virtual address to write to a file without a SENT command? SteveJ