Re: blacklist senders to dead addresses?
On Tue, Sep 09, 2014 at 10:52:38PM -0500, Noel Jones wrote: But it's not too hard to make such a feature with either a policy service (eg. postfwd) or a log scraper (eg. fail2ban or just a shell script) to update a blacklist file. I'm currently setting up an project for a policy daemon at http://www.mtpolicyd.org/ I think a Honeypot plugin is a good idea and i'll add one. - Markus
Re: blacklist senders to dead addresses?
LuKreme: I had a user account on my system many years ago (like 12) that continues to get many email attempts. Is it possible to add servers trying to send to this address to a blacklist. The mail is rejected before Postfix accepts the DATA command. If you must, you can configure an access map (or policy server) action with a 421 or 521 (hang up now) response. Wietse NB: I'm not talking about any no such user error, but this specific user who could not possibly be getting legitimate mail. (and yes, email attempts to this user account have shot up dramatically in the last year). -- I DID NOT SEE ELVIS Bart chalkboard Ep. 7G07
Re: blacklist senders to dead addresses?
On Wed, Sep 10, 2014 at 10:30:03AM +0200, Markus Benning wrote: On Tue, Sep 09, 2014 at 10:52:38PM -0500, Noel Jones wrote: But it's not too hard to make such a feature with either a policy service (eg. postfwd) or a log scraper (eg. fail2ban or just a shell script) to update a blacklist file. I'm currently setting up an project for a policy daemon at http://www.mtpolicyd.org/ I think a Honeypot plugin is a good idea and i'll add one. I just pushed a basic Honeypot plugin to git. Docs: http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Honeypot Code: https://github.com/benningm/mtpolicyd/commit/d49f71c444ffc410eafd353c12896e321dee1fba I'm currently testing it on my mail server. Maybe you want to give it also a try. - Markus
Re: blacklist senders to dead addresses?
Am 10.09.2014 um 16:10 schrieb Markus Benning: On Wed, Sep 10, 2014 at 10:30:03AM +0200, Markus Benning wrote: On Tue, Sep 09, 2014 at 10:52:38PM -0500, Noel Jones wrote: But it's not too hard to make such a feature with either a policy service (eg. postfwd) or a log scraper (eg. fail2ban or just a shell script) to update a blacklist file. I'm currently setting up an project for a policy daemon at http://www.mtpolicyd.org/ looks nice ! I think a Honeypot plugin is a good idea and i'll add one. I just pushed a basic Honeypot plugin to git. Docs: http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Honeypot Code: https://github.com/benningm/mtpolicyd/commit/d49f71c444ffc410eafd353c12896e321dee1fba I'm currently testing it on my mail server. Maybe you want to give it also a try. - Markus Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
blacklist senders to dead addresses?
I had a user account on my system many years ago (like 12) that continues to get many email attempts. Is it possible to add servers trying to send to this address to a blacklist. NB: I'm not talking about any no such user error, but this specific user who could not possibly be getting legitimate mail. (and yes, email attempts to this user account have shot up dramatically in the last year). -- I DID NOT SEE ELVIS Bart chalkboard Ep. 7G07
Re: blacklist senders to dead addresses?
This is what I do for my blacklist. There are probably other solutions, but this works for me. smtpd_client_restrictions = check_client_access cidr:/usr/local/etc/postfix/blacklist.cidr blacklist.cidr 212.180.242.0/24REJECT On 09/09/2014 08:26 PM, LuKreme wrote: I had a user account on my system many years ago (like 12) that continues to get many email attempts. Is it possible to add servers trying to send to this address to a blacklist. NB: I'm not talking about any no such user error, but this specific user who could not possibly be getting legitimate mail. (and yes, email attempts to this user account have shot up dramatically in the last year).
Re: blacklist senders to dead addresses?
On 09 Sep 2014, at 20:11 , Edgar Pettijohn pettijo...@hotmail.com wrote: This is what I do for my blacklist. There are probably other solutions, but this works for me. smtpd_client_restrictions = check_client_access cidr:/usr/local/etc/postfix/blacklist.cidr blacklist.cidr 212.180.242.0/24REJECT Just the one? Anyway, I was looking for something a little more automated. -- NO ONE WANTS TO HEAR FROM MY ARMPITS Bart chalkboard Ep. 3F01
Re: blacklist senders to dead addresses?
On 9/9/2014 10:23 PM, LuKreme wrote: On 09 Sep 2014, at 20:11 , Edgar Pettijohn pettijo...@hotmail.com wrote: This is what I do for my blacklist. There are probably other solutions, but this works for me. smtpd_client_restrictions = check_client_access cidr:/usr/local/etc/postfix/blacklist.cidr blacklist.cidr 212.180.242.0/24REJECT Just the one? Anyway, I was looking for something a little more automated. Postfix has no built-in auto-blacklist/honeypot capability. But it's not too hard to make such a feature with either a policy service (eg. postfwd) or a log scraper (eg. fail2ban or just a shell script) to update a blacklist file. Note this might cause problems when a user account at $BigMailProvider is hacked and sends mail to your blacklist address. But this seems like too much trouble... Most of the spam to retired addresses here is blocked by spamhaus with very little extra attention required. Maybe you're on a different feed. -- Noel Jones
