On 9/22/2011 10:47 AM, Steve Jenkins wrote:
On Thu, Sep 22, 2011 at 3:38 AM, Stan Hoeppner<s...@hardwarefreak.com> wrote:
On 9/21/2011 1:48 PM, Steve Jenkins wrote:
AWESOME little script. Nice, Stan!
One minor detail stops me from using it, however. I have an old domain
hosted on my server that no longer gets any legit mail, but that
serves as a great honeypot. So I direct any emails sent to that domain
via Postfix to a file, and then I point my spam filtering software at
it nightly to learn from it. However, those addresses all show up in
the maillog as "SENT" - which adds them to the raw file in your
script. I'm not a scripter, so any ideas on how to work around that,
either via Postfix or via the script?
I'm not sure how this could be an issue. The only addresses added to this
whitelist are smtp recipient addresses successfully delivered to via the
smtp(8) service. Rerouting your trap mail to a local file is going to occur
via local(8), pipe(8), or another mechanism, depending on how exactly you're
doing it, but not via smtp(8). Thus you should be able to use the script as
is without issue, unless you're running something other than GNU/Linux, in
which case you may be having sed/sort/uniq switch issues I discussed
earlier.
If you are truly having undesirable addresses added to the whitelist file,
maybe you could share some log snippets and sections of the file
/tmp/wrkng-whtlst.tmp showing the address(es) in question, obfuscated of
course, or send me the real data off list.
Running Fedora. After reading your reply I did some more snooping. The
issue is that I use a catchall address for my honeypot domain
(jenesys.com) in /etc/postfix/virtual to redirect to the honeypot
address for the primary mail domain on that box
(honey...@stevejenkins.com). I don't mind sharing the actual addresses
publicly, because if they get harvested and spammed, they'll just go
to my honeypot. :) Anyway, here's the line in my /etc/postfix/virtual:
@jenesys.com honeypot
The "sent" in the logfile is happening when the virtual alias hands
off the message to the honeypot alias:
Sep 18 21:31:41 carbonfiber postfix/smtp[12860]: D73201042498:
to=<honey...@stevejenkins.com>, orig_to=<a...@jenesys.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=3.5, delays=1/0/0/2.5,
dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09206-09, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EC7381042499)
The honey...@stevejenkins.com address on the primary mail domain
points to the /var/spool/mail/spam file for later processing. I tried
doing changing the line in my virtual file to:
@jenesys.com /var/spool/mail/spam
But that didn't work. Anyone got a method to get an incoming message
to a virtual address to write to a file without a SENT command?
If you think through the logic of how this script and the Postfix
restriction work, you'll realize this one address being inserted is a
total non issue, especially if you have an anti spoofing restriction
already, executed before the whitelist restriction.
Given that, the worse case scenario here is that you're eating a few
extra bytes of disk space. Total non issue.
--
Stan
