On 15-10-2023 15:52, B Williams via Postfix-users wrote:
All:
Long time postfix user. I have an internet facing mail server running
Postfix. For about half of my domains, I have them run through a spam
filtering service (like MimeCast/Proofpoint). The other half just come
direct because they are either very low volume or are used for
testing/automation.
There is a spam network that has figured out that they can bypass my
spam filtering service by ignoring the MX record and just sending mail
directly to the mail server. Pretty sneaky.
So what I’m trying to devise is a strategy that would allow me to reject
email for some domains if it didn’t come through the spam filtering
service, but allow messages for other domains to be delivered that I
don’t have going through the spam service.
Ideally, there would be some kind of hash map that would basically say
if the domain is present in the map it must come through a defined
relayhost. Or maybe there is a custom milter strategy.
I'm running a similar Postfix instance, receiving mail from an external
spamfilter. I run an additional smtpd process on a dedicated port for
the spamfilter. This port only accepts mail from the spamfiltering
company (using a check_client_access cidr map).
Note: The spamfilter company allows me to configure a specific delivery
hostname and port, so no port 25 required.
On the public smtpd process at port 25, there should never arrive any
mail for the spamfiltered domains, so you can leave the domains out of
mydestination, virtual_alias_domains, or whichever way you define the
list of domains that you accept mail for.
Or maybe simpler to add to your existing setup: create a
check_recipient_access table to reject the domains only in the smtpd
process listening at port 25.
Tom
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
