NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-06

Re: SPAM TRAPPING

From: /dev/rob0 (rob0gmx.co.uk)
Date: Fri Jun 09 2006 - 11:32:58 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 2006-June-08 22:59, DK wrote:
> I was wondering if someone could help me with the spamassassin SPAM
> TRAPPING future.

My advice: don't use it.

> I don't quite understand how I should forward emails to
> spamtrap1: "? /path/to/spamassassin ?r ?w spamtrap1"

That is aliases(5) syntax, except I'm not sure what those "?"
characters are supposed to be. Note, you can only use aliases(5) with
local(8) delivery.

> =================
>
> SPAM TRAPPING
[snip]
> This will add any incoming mail messages straight into spam-tracking
> databases, such as Vipul's Razor; send an explanatory reply message
> to the sender, from the spamtrap1 address; then drop the mail into
> the bit?bucket.

This whole idea is ill-advised. Definitely DO NOT "send an explanatory
reply message to the sender". Who is the sender? Certainly not the MAIL
FROM address! This makes you a spammer, a perpetrator of backscatter.
See the BACKSCATTER_README.html for information.

Second, why the bit bucket? It makes much more sense to simply REJECT
the spam in SMTP. Use a check_recipient_access lookup to tell the
occasional human sender what your new address is, and reject it.

main.cf :
smtpd_recipient_restrictions = [ ... ]
check_recipient_access hash:$config_directory/rcpt_access [ ... ]

rcpt_access :
spamtrap1 REJECT Go away, you nasty spammer
old.account REJECT Account disabled, please use new.account

> If you want to keep a copy of the mails, use something like this:

Why would you want to keep spam?

> It is suggested you familiarise yourself with how MTAs run programs
> specified in aliases, if you plan to do this; for one thing,

No, I'd say understanding SMTP access(5) control is much better. See
SMTPD_ACCESS_README.html and access.5.html ("man 5 access"). I also
recommend Jim Seymour's Cheat Sheet:
    http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]