1

I have a domain that I use for my email. There are a couple of actual email addresses there, and everything else goes to a catchall. I use the catchall so I can create email addresses on-the-fly, like when I need to register for a site to download their SDK, drivers, etc. The catchall/forward sends to my personal gmail account, which I've been using for years.

This past week, I get around 400-500 messages a day from spammers sending to random addresses on the domain. Fortunately, gmail catches them all in spam.

I have amavisd, clam-av, denyhosts, etc. installed, and I was wondering if there's a way to block all messages from a sender if they send to more than n email addresses. Basically, I want to cut them off after their third guess. If I'm not asking for too much already, I'd also like to have subsequent messages bounce, to maybe give them the hint it doesn't exist. In an ideal world, the first n messages would bounce too.

I wasn't able to find much in the docs, but I wanted to ask here if there's a tool or an overlooked configuration setting before I go about scripting this myself.

Thanks for any input!

Curtis Mattoon
  • 163
  • 5
  • Replace denyhosts with fail2ban, it is supersedes the prior in actuality, security and features. – sebix Jan 05 '15 at 10:56

1 Answers1

3

Looking at this previous serverfault question, I suspect that you could use fail2ban to do this. I don't see an obvious way to count emails from senders, though. You might indeed be on your own for scripting this.

Also, are you doing greylisting with milter-greylist? That could help reduce the spam volume as well.

Community
  • 1
Phil Hollenback
  • 14,647
  • 4
  • 34
  • 51
  • Awesome, thanks! I'm not currently greylisting, but I'll give that a shot first. – Curtis Mattoon Jan 05 '15 at 01:18
  • Yes I find greylisting to be very helpful. Spammers just want to blast out their messages and don't want to queue messages to try 10 minutes later. – Phil Hollenback Jan 05 '15 at 02:54
  • Do not drop or decline spam messages. Accept them and send them to the bayes-learn. Collected tokens allow you to detect other more sophisticated spam later. – Kondybas Jan 05 '15 at 07:23
  • 1
    The 'Related' sidebar just recommended http://serverfault.com/questions/628995/postfix-auto-blacklist-senders-who-send-to-honeypot-email-addresses?rq=1 and http://serverfault.com/questions/67507/how-do-i-spamtrap-with-postfix It looks like 'spamtrap' is a good search term for anyone else ending up here. – Curtis Mattoon Jan 05 '15 at 14:40