On 2010-05-26 Jan-Kaspar Münnich wrote: > I've setup Postfix 2.7.0 to relay all mails to the local proxy spampd: > > smtp inet n - n - 25 smtpd > -o smtpd_proxy_filter=127.0.0.1:10025 > -o smtpd_proxy_options=speed_adjust > 127.0.0.1:10026 inet n - n - - smtpd > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o smtpd_data_restrictions= > -o mynetworks=127.0.0.0/8 > -o receive_override_options=no_unknown_recipient_checks > -o smtpd_client_connection_count_limit=25 > > This works well for ~10.000 mails a day, but not for one kind of spam > that occured first two weeks ago. It is always very similar (one line, > just varying URL and spam bot): http://pastebin.com/4arTzeRu > > These mails are just delivered to the mailbox, without any other log > entry. Unfortunately it's not really possible to run Postfix in debug > mode, since I can't reproduce the problem and would have to wait for > the next occurance.
You could "replay" those messages from some host outside Postfix' $mynetworks, either manually (via telnet) or with some script. Also you should post an excerpt from mail.log demonstrating the full delivery of one such mail. > It's not a big problem since there are max. 5 of these spams getting > through on the whole server per day. But I really want to investigate > it and would be happy if anybody had an idea. If those spam mails are sent to just that one address, maybe body_checks will do the trick: /etc/postfix/main.cf: body_checks = regexp:/etc/postfix/body_checks /etc/postfix/body_checks: /^http:\/\/.+\..+\/\?email=jan\.muenn...@dotplex\.de/ REJECT Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
