On Fri, May 8, 2009 at 7:07 PM, Curtis <postfixu...@isparks.com> wrote:
> On Fri, May 8, 2009 at 5:22 PM, Wietse Venema <wie...@porcupine.org> wrote:
>>
>> Curtis:
>> > I'm building a spam filtering appliance using Postfix. We will be
>> > making
>> > every effort to reject invalid recipient addresses at SMTP time, but
>> > since
>> > we will not always be made aware when an email box on a final
>> > destination
>> > server is no longer valid, we'd like to disable all bouncing after SMTP
>> > time.
>> > I saw one person suggest disabling the bounce service in
>> > /etc/master.cf...which does disable bouncing, but the logs now show
>> > the following error:
>> > "status=deferred (bounce or trace service failure)"
>> >
>> > What is the correct way to disable bounces?
>>
>> None. You need to keep the valid recipient list up-to-date. Postfix
>> does not (and will not, over my dead body) do what you ask for.
>>
>> Wietse
>
> We have every intention of keeping our valid recipient lists up-to-date,
> because we want to reject all email sent to invalid recipients at smtp time.
> However, since we don't control the remote servers that we filter email
> for and because we'll be managing thousands of domains and tens of thousands
> of email addresses, it's possible, that from time to time, that we'll not be
> made aware of recipients that are no longer valid. In those cases, if we
> bounce after smtp, postfix is going to start spewing backscatter. I guess
> the good news is that since we're filtering out most spam, that
> the likelihood of backscatter is greatly reduced, but I was hoping for total
> elimination.
>
> What I'd prefer to do here is have the bounces held for customer review so
> that they can realize that they've got an email address that isn't
> delivering and fix the problem on their end.
> Curtis
>
I'm doing something similar to what you are looking for. You can set
unverified_sender_reject_code = 550 and
unverified_recipient_reject_reason = Custom Message
Then set up something like syslog-ng to grep out 'Custom Message' from
your maillog in realtime and send those lines to a named pipe (man
mkfifo). Then create a daemon (I used perl) to read from that pipe,
grep out the invalidr...@domain.tld and perform any action you want
beyond that (for example email the IT guy at domain.tld).
Here's an example daemon and syslog-ng config:
daemon:
#!/usr/local/bin/perl
sysopen(FIFO, '/usr/local/bin/invldrcptpipe', O_RDONLY) or die "Can't
open pipe\n";
while(my $log_entry = <FIFO>)
{
$log_entry =~ /\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]/;
$ip = $1;
}
close(FIFO);
# I am grabbing IP instead of email address
syslog-ng:
destination d_pipe { pipe("/usr/local/bin/invldrcptpipe"); };
filter f_user_unk {
program("postfix\/smtp") and
match("User unknown"); };
log { source(src); filter(f_mail); filter(f_info); filter(f_user_unk);
destination(d_pipe); };
It seems pretty quick (this server can still handle 5mil messages a
day with lots of spam scans), mine actually counts IP address hits in
a DB and postfix will block if the count is higher than 20 in 10
minutes (a cleanup script handles the expiration). Seems to help curb
dictionary attacks.
--
Trey Briggs
Advanced Systems Engineer
API Digital
tbri...@apid.com
256-508-2368
