spamtrap and dynamic blacklisting
Patrick Proniewski
patrick.proniewski at univ-lyon2.fr
Wed Mar 15 12:04:10 CET 2017
On 15 Mar 2017, at 10:48, Dino Edwards <dino.edwards at mydirectmail.net> wrote:
>
> The only way that I know to add spam scores is by creating SA rules. I don't think Amavis can add scores on its own unless someone knows another approach to this.
I'm thinking about the soft black/white listing available in amavisd.conf into the definition of score_sender_maps:
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
../..
})
Any chance to source this data from Redis/SQL ?
> Regardless, if you don't want to use SQL then you are going to have to parse the log files for sender sending to your honeypot receivers and add those to a SA rule in order to add the +5 spam score.
I don't want to push everything into SQL and filter later, for sure. In a DB scenario I feel like Redis would be very nice (already installed). But if SQL is the only solution, then it would probably be OK for reading (scenario where I push filtered data from Splunk), and it would be OK for selective push (scenario where Amavis is capable of pushing only sender address that where used in email messages sent to honeypot recipients).
> Again, the entire problem with this approach is you are using valuable resources processing e-mail (i.e. letting it get to Amavis) instead of stopping it at the front door with Postfix.
Yes, I'm fully aware of that, but it's no big deal as I currently process those messages anyway.
And I just came with a new idea: using postfix's check_sender_access to push messages to different Amavisd policy_bank depending on sender address. then I could have a default policy and an hardened policy with a +5 score bonus for every message. The check_sender_access file/table would be populated by my script every time an honeypot address is spotted in the logs.
Got to think about this.
Patrick
More information about the amavis-users
mailing list