Johan Andersson wrote:
We have been targeted by a phishing attempt and I would like to
stop any replies from our accounts to the reply addresses given in the
emails...
I know this isn't a full solution, but at least it can stop the few that
DO answer
from actually giving out sensitive information.
What would you use as the easiest form for this?
a hashed map of the reply-to adresses?
smtpd_recipient_restrictions =
...
check_recipient_access = hash:/etc/postfix/phishing_recipients
...
/etc/postfix/phishing_recipients
[EMAIL PROTECTED] REJECT Phishing recipient
...
or ?
Yes, that would work. Note that it should be the first entry
(must be before "permit_mynetworks" and/or
"permit_sasl_authenticated").
I would suggest putting this under smtpd_sender_restrictions
[1] rather than smtpd_recipient_restrictions to prevent any
accidents - an OK entry in that map under
smtpd_recipient_restrictions would make you an open relay.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
[1] assuming you use the default "smtpd_delay_reject = yes",
recipient rules work just fine under smtpd_sender_restrictions.
--
Noel Jones
