Steve, I know it's already been mentioned, but greylist. That has cut down our spam 90%+. Restricting your email to hours when you office is open means that legit email gets backed on the senders servers queues. If you really don't think your need the email during that period of time, do something more useful like cronjob the eth off between those periods. I mean, hackers try to hack during that time as well.
Now, I assume that you use some type of firewall (god I hope you do). Some of them offer the ability to do blocking during time frames. But again, you can script that off but shutting down the external eth as well... I run a 9-5 biz and suppliers like to send me updates at 1-4:am (probably because they are using their daily crontab's). Looking into the spam folder that I do get, well, it's about 9-5 on most of them, with a couple of outliers in the last evening/am. ________________________________________ From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of Steve [steve.h...@digitalcertainty.co.uk] Sent: Thursday, June 18, 2009 8:35 AM To: postfix users list Subject: Re: Defer All INET On Thu, 2009-06-18 at 10:07 -0500, Noel Jones wrote: > Steve wrote: > > Hi List, > > > > What is the quickest, easiest (and scriptable) way to have Postfix > defer > > everything with a 4xx error. It's an extension to my 'after > midnight' > > tests. Not allowing any connections is fine, but I would prefer to > > reject with a custom 4xx message such as "GO AWAY - IT'S AFTER > MIDNIGHT > > -- COME BACK IN THE MORNING" > > > > It's an odd request to be able to 'offline' with a defer so I won't > be > > surprised if I can't do it, but I would be Cindy Ecstacy Ecstatic if > I > > could. > > > > TIA. > > Steve. > > > > > # /etc/postfix/deferall.regexp > /^/ DEFER Please try again during business hours > > (this assumes you aren't using "smtpd_client_restrictions" in > your current main.cf. You can substitute any > smtpd_*_restrictions section you aren't currently using) > two commands to defer everyone with a custom message: > postconf -e > 'smtpd_client_restrictions=regexp:/etc/postfix/deferall.regexp' > postfix reload > > two commands to enable mail: > postconf -e 'smtpd_client_restrictions=' > postfix reload > > and you can skip the "postfix reload" if you don't mind "lazy" > implementation. Postfix will pick up the changes to > smtpd_client_restrictions as smtpd processes are replaced. > > > Some notes: > - this should be effective in stopping most "botnet" spam, but > no more so than greylisting. > - this will delay legit mail that arrives during the "after > hours" timeframe. The length of delay is controlled by the > sender, and could be significant. > - this won't have any effect on spammers that retry; it will > just delay their delivery along with the legit mail. > > My recommendation is to just implement greylisting and skip > this nonsense. > > > -- Noel Jones I'm not so sure it's nonsense. Look at it this way if the office is closed there is nobody there to deal with email. So it's pointless to accept it. Trawling my logs I can just see the same old UK spammers knocking away all night. They are blocked anyway, but it I like to play and test. Basically sending an email outside of business hours does not get a quicker reply so I think it's valid to test this angle. Grey listing is something I am no fan of. I am using client restrictions, but I can just as easily 'swap' the conf file around with a script. You've hit the nail right on the head Noel and I appreciate your help. Thank you. Steve.
