Re: Fighting spam with "sendmail aliases" in postfix (spampots?)
On Tue, May 25, 2004 at 11:57:36AM +0200, Tom?s N??ez wrote:
> Hi
> I have a mail server with some domains (about 200). I'm taking them from a
> sendmail and putting them on a postfix-ldap + courier-ldap + amavisd +
> spamassassin + clamav (thanks to perdition, the pop/imap proxy, I am doing
> this and nobody notices). Everything goes well, but I have a doubt.
>
> On the sendmail server I have some "aliases", I mean, some accounts from what
> I receive mail no matter which domain is sent to (being a domain of this
> machine). One utility of this was that I received all "postmaster@domain.com"
> without having to configure anything.
>
> But another utility was the spam honeypots, or spampots, or whatever you call
> it, (that is, some addresses I'm sure are going to receive spam), and this
> served to prove the anti-spam filter. For example, man@domain.com: no one of
> my customers have this account, so every mail on this mail account is spam.
> If the mail passed the anti-spam filter, I can feedback spamassassin with it
> (using sa-learn).
> I have some others like this: comercial, info, webmaster, etc, etc. What was
> very good in Sendmail is that this aliases were only active if they were not
> in the virtual user table, that is, I receive mail to "comercial@domain.com"
> only if "domain.com" don't have this account.
>
> This was pretty useful to keep trained bayesian filters in spamasssassin, and
> I increased efficiency killing spam.
>
> But now with postfix, to get this working I have 2 possibilities: create
> accounts and redirect them to me if customer doesn't want it, or put all
> domains in $mydestinations, and deliver them as local and not as virtual...
> I think creating all accounts is very uncomfortable, but maybe I miss some
> points on security about $mydestinations...
How about option 3...
Add a wildcard to the bottom of the domain name to catch all the other
rubbish...
@domain.name spamgoeshere@localhost
This will catch anything that's not already caught by the addresses
before it.
Hope that Helps,
--
Brett Parker
Reply to: