spamtrap and dynamic blacklisting

Patrick Proniewski patrick.proniewski at univ-lyon2.fr
Thu Mar 9 23:48:41 CET 2017


Hello,

I'm contemplating the following idea: 

- setting-up some spamtrap email addresses and publish them discretely on few places
- detect usage of these email addresses somewhere during SMTP session (postfix, amavisd, milter-greylist, realtime log processing, whatever)
- feed the corresponding sender address, or EHLO, or domain name, or whatever to Amavisd so that I can soft-blacklist next emails from the same [sender address|EHLO|domain name|...]
- after a while (1 day?), expire the blacklist

Do you think it's possible to make such a setup with Amavisd-new? And by the way, I use more than one MX server, so synchronisation between MX is important.

I'm already using Redis for JSON logging, may be I could use the same backend, not sure about the synchronisation though.

Another convoluted way to proceed would be something like this:

- setting-up a DNS server on each MX server with nsupdate capability
- setting-up milter-greylist rules to update a RBL into those DNS server each time a spamtrap gets an email
- use the RBL hit to increase spamscore

But I feel like a native Amavisd option would be better and simpler.

Any idea?

thanks


More information about the amavis-users mailing list