On 1 Nov 2018, at 12:03, Viktor Dukhovni wrote:
On Nov 1, 2018, at 11:30 AM, Bill Cole
<postfixlists-070...@billmail.scconsult.com> wrote:
I intend to experiment with postscreen on 587 on the next Postfix
system I work with where compromised accounts are a problem.
Don't waste your time. Postscreen cannot help you with this.
Postscreen maintains dynamic IP-address whitelists/blacklists,
which are of little use in submission, because submission users
routinely use dynamic IP addresses.
Not the ones who show up in an office carrying something infective from
Vegas that didn't stay in Vegas.
Also MUAs are interactive, and users are not terribly fond of
having their mail submission temporarily rejected and having
to try again later. Postscreen never accepts a message on
the first try when the IP address is not already whitelisted.
It does if you don't use the after-220 tests, which I do not and would
not.
Postscreen also gets most of its effectiveness from RBLs,
For me, it gets most of its UNIQUE effectiveness from the banner delay.
YMMV obviously.
these too are not terribly appropriate for submission, as
legitimate submission users will dynamically get IPs that
botnets have previously abused.
You probably know all this, and perhaps you'll still be able
to figure out some usable deployment model, but I'm not
optimistic...
I'm attacking the problem of an authenticating account on a network that
others may just toss into mynetworks and forget, using an
idiosyncratically bot-like behavior to send spam that ends up carrying
lots of ham indicators.
