You can not try to start figuring out who is legit or not, it's a never ending task and will cause you nothing but a headache. Use SPF, DKIM and other traditional methods, utilize some RBL's.
I do block them using fail2ban for long periods of time, if someone is identified as sending spam, there is no reason to allow them to continue. I have done extreme types of things like this to slow spam down, and really haven't been burned by it. I created my own set of rules to match different types of rejections and made the fail2ban filter postfix policy to include the types of rejetions like, RBL, bad user ( dictionary attack ) and other such rejections so they can be blocked at the firewall level and not postfix which has a higher resource cost. How many users do you have? How much spam are you rejecting daily? On Wed, Apr 23, 2014 at 5:07 PM, Ron Wheeler <rwhee...@artifact-software.com > wrote: > Another approach to reduce SPAM would be to use fail2ban for a > "reasonable" period to shut out IP addresses for a "reasonable" period that > are sending a "lot" of SPAM in a "short" period. > > Ron > > On 23/04/2014 3:56 PM, Larry Stone wrote: > >> On Wed, 23 Apr 2014, James B. Byrne wrote: >> >> Does the idea of configuring Postfix so that external (to our network) >>> smtp >>> connections are only accepted from servers identified with MX records >>> for the >>> connecting IP address make any sense? Is it possible? >>> >> >> No, it makes no sense at all. MX records define what hosts RECEIVE mail >> for a domain. They say nothing about what hosts should be SENDING mail for >> a domain. Many large ISPs use separate systems for receiving and sending >> mail. What you want to do will reject large quantities of legitimate mail. >> >> -- Larry Stone >> lston...@stonejongleux.com >> >> > > -- > Ron Wheeler > President > Artifact Software Inc > email: rwhee...@artifact-software.com > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > -- Thanks! Joey
