Disable your spammed addresses with Postfix
Classified in : Homepage, Debian, Command line, To remember
Using address extension
Postfix (and many other mail servers) offers one nice address
extension feature: addresses like
<user+whaterver@> are implicit aliases to
<user@>. This allows users to implement a simple measure to
fight spam:
- when SomeCompany® or whatever asks for your email address, give
them
<user+somecompany@>; - if you start receiving spam at that address, you know who sold or was stolen your address;
- finally, you will be able to disable that address so messages are simply refused with a permanent error code.
How to implement a Postfix spam trap?
Spam trap
Dear lazyweb, I am considering to implement spam traps and evaluate their efficiency. The idea as rather simple:
- publish some real-looking email addresses on websites, in ways that no human would use them to send legitimate mail, for instance in hidden texts, or in texts clearly stating they should not be used;
- when my mail server receives a message for one of these address, blacklist the originating server for some time so it cannot spam real recipients.
Google, your IPv6-related email restrictions suck
After years of waiting, Google has finally enabled IPv6 for their email service Gmail. And a few weeks ago, they updated their policy, adding one specific rule: reject email from IP addresses with no reverse name:
% nc -Cv gmail-smtp-in.l.google.com. smtp Connection to gmail-smtp-in.l.google.com. 25 port [tcp/smtp] succeeded! 220 mx.google.com ESMTP bz2si13656083wjc.108 - gsmtp HELO boo.example.com 250 mx.google.com at your service MAIL FROM: <me@example.com> 250 2.1.0 OK bz2si13656083wjc.108 - gsmtp RCPT TO: <you@gmail.com> 250 2.1.5 OK bz2si13656083wjc.108 - gsmtp DATA 354 Go ahead bz2si13656083wjc.108 - gsmtp Subject: Test From: Me <me@example.com> To: You <you@gmail.com> Test. . 550-5.7.1 [2001:db8:8e3f:43c7::12 16] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. bz2si13656083wjc.108 - gsmtp
Looking for an SPF milter
For email extensions such as SPF, DKIM and DMARC, I think the most flexible and portable system is the milter protocol. Originally developed for Sendmail, it is now also supported by Postfix, and it allows to “plug” specific filters in the mail server without the hassle of the previous systems like SMTP proxies.