Hello,
On Thu, Feb 23, 2012, at 03:46 PM, Noel Jones wrote:
> On 2/23/2012 3:39 PM, /dev/rob0 wrote:
> The check_recipient_access with DISCARD is probably easiest, but the
> spamtrap address must be accepted by the pre-filter postfix.
Looking for the most straightforward place to do this, in my main.cf I
have currently
...
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/vdomains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/vmailboxes.cf
...
Where "valid addresses ( == <valid user>@<valid domain>)" are assembled
from "valid users" queried for in 'vmailboxes.cf' and "valid domains"
queried for in 'vdomains.cf'.
It is this combination/check that's being done for (non)existing users.
Those that don't exist, get rejected on the spot.
Since spamtrap addresses sourced by compromise of previously-good
addresses are all, by definition, at domains I own/manage, I was
thinking that a hash: table of <valid user> parts only, e.g.
cat /etc/postfix/spamtrap_userparts
test1
test2
test3
postmap /etc/postfix/spamtrap_userparts
then changing
- virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/vmailboxes.cf
+ virtual_mailbox_maps = hash:/etc/postfix/spamtrap_userparts
+ proxy:mysql:/etc/postfix/sql/vmailboxes.cf
might do the trick for getting through the pre-filter postfix; my
intention would be here that those spamtrap addresses are identified as
valid_users.
then the downstream check at 127.0.0.1:10026 reinjection listener,
checking against
cat /etc/postfix/spamtrap
te...@mydomain1.com DISCARD
te...@mydomain2.com DISCARD
te...@mydomain3.com DISCARD
postmap /etc/postfix/spamtrap
should now actually receive, and hopefully trigger upon, the
spamtrap-containing message?
Does this sound like a reasonable approach that will, most importantly,
not cause other inadvertent breakage?
If so, I'd eventually consolidate the /etc/postfix/spamtrap
/etc/postfix/spamtrap_userparts into a sql table, so as to remove
overlap/redundancy of information ...
Cheers,
Roger
