spamtrap and dynamic blacklisting
patrick.proniewski at univ-lyon2.fr
Thu Mar 9 23:48:41 CET 2017
I'm contemplating the following idea:
- setting-up some spamtrap email addresses and publish them discretely on few places
- detect usage of these email addresses somewhere during SMTP session (postfix, amavisd, milter-greylist, realtime log processing, whatever)
- feed the corresponding sender address, or EHLO, or domain name, or whatever to Amavisd so that I can soft-blacklist next emails from the same [sender address|EHLO|domain name|...]
- after a while (1 day?), expire the blacklist
Do you think it's possible to make such a setup with Amavisd-new? And by the way, I use more than one MX server, so synchronisation between MX is important.
I'm already using Redis for JSON logging, may be I could use the same backend, not sure about the synchronisation though.
Another convoluted way to proceed would be something like this:
- setting-up a DNS server on each MX server with nsupdate capability
- setting-up milter-greylist rules to update a RBL into those DNS server each time a spamtrap gets an email
- use the RBL hit to increase spamscore
But I feel like a native Amavisd option would be better and simpler.
More information about the amavis-users