Re: setting up a "rejector"

Mon, 26 Oct 2009 08:19:29 -0700 

On 10/26/2009 8:07 AM, rac...@mcs.anl.gov wrote:

I'm trying out various DNS blacklist items and am calling on the
wisdom here for a little help.  For example, if I DNS blacklist
malwaresite.example.com to point to an internal "honeypot"
machine.

When the user goes to http://www dot malwaresite.example.com
site, we have a little web server that gives a 404 error for any
page they may attempt to pull down.  Immediate feedback that
they something is wrong with the site they are attempting to get
to.  They may not agree that it should be blacklisted, but they
know why they are not getting to the site.

With email, it's a little harder.
The 2 simple examples of this are that someone typos an email
address, or someone is on vacation/travel when a bit of spam
makes it through the filters.  The result is that a message is
now sitting in the mail queue attempting to go out to a
blacklisted domain.  Ultimately, after the various timeouts
expire, the message gets bounced back as undeliverable.

What I'd like to do is set up a postfix instance on the above
honeypot.  For any email that is sent to it, I'd like to reject
the mail with a reject message like: "The site is DNS
Blacklisted, contact cybersec office for details"

Again immediate feedback.  The message isn't sitting in the mail
server queues for long, etc.  I also now have a simple log file
of people that hit this site and hopefully find possible
problems more quickly.  No legit mail should be targetting this
machine for delivery, and multiple on-site mail servers are all
centrally hitting the same delivery spot for this class of
responses.

Has anyone created such a config they could share?

Many Thanks
--Gene
/~\ The ASCII         Gene Rackow               email: rac...@anl.gov
\ / Ribbon Campaign   Cyber Security Office     voice: 630-252-7126
  X  Against HTML      Argonne National Lab
/ \ Email!            9700 S. Cass Ave. / Argonne, IL  60439
It appears your question boils down to "how can I make postfix reject ALL mail with a static custom error message" or something to that effect. 

That's pretty easy.

# main.cf
smtpd_client_restrictions =
  check_client_access regexp:/etc/postfix/reject_all.regexp

# reject_all.regexp
/^/  REJECT Destination domain blacklisted.  Contact foo ...
Note: this will not reject mail submitted via the sendmail(1) command line, but that doesn't sound like a problem in this case. 

  -- Noel Jones

Reply via email to