Am 28.08.2012 22:33, schrieb Jon A.:
> I've seen an increased number of issues with some domains that use
> fakemx.net <http://fakemx.net> to deny mail and am looking for some
> advice on how to best reject email for domains that only have one MX
> record that points to fakemx.net <http://fakemx.net> servers.
>
> While I question the effectiveness, I have no problem with someone
> trying to detect bad mail senders. Unfortunately, my server finds
> itself trying to do legit business and being "seen" by fakemx.net
> <http://fakemx.net> and having messages back up in my queue and
> continually retry doesn't make me happy.
>
> I'd like to immediately reject mail for all destinations with ONLY a
> fakemx.net <http://fakemx.net> record. While I could block these as I
> find them, I'd prefer to detect it if possible.
>
> One such:
>
> hitmail.com <http://hitmail.com> mail is handled by 0 mx.fakemx.net
> <http://mx.fakemx.net>.
>
> My thought is to use the transports mechanism and BOUNCE the message...
> I could scrape the logs and update transports with something like:
>
> *.example.com <http://example.com> error
> <http://www.postfix.org/error.8.html>:mail not deliverable (only destination
> is fakemx.net <http://fakemx.net>)*
>
> but as we know, over time systems get fixed. I'd prefer to do this
> detection on the fly as part of the delivery attempt.
>
> Can someone provide a suggestion on how to best accomplish this?
>
> Thanks
> jon
>
you might use
check_recipient_mx_access type:table
Search the specified access(5) database for the MX hosts for the
RCPT TO domain, and execute the corresponding action. Note: a result of
"OK" is not allowed for safety reasons. Instead, use DUNNO in order to
exclude specific hosts from blacklists. This feature is available in
Postfix 2.1 and later
as alternative to error, but there is nothing you can do about changing
mx record in dns, you might want to monitor them, or/and perhaps better,
give an support mail address in the reject reason, for postmasters
contact you which have changed from fakemx to real mailservers
there may be some policy services which may handle this better, but at
recent i dont know some
--
Best Regards
MfG Robert Schetterer
