# rejecting specific type of emails with Postfix?

## judododo

Hi all,

I am on my way to build a mail relay using postfix + content filtering (DSPAM). I am able to tell Postfix what are the valid email he should relay for. I can use relay_recipient_maps to REJECT mails incomming for unknown recipient.

The problem is that the rejection is done before passing through the content filtering, so when I receive a SPAM incomming for an unknown user, I send a response to the Spammer and that I don't want.

I would like to scan first the message and drop without notice if it is a spam or REJECT if it is not a spam so the sender knows he did something wrong and hopefully will try to send with a correct address.

I heard about proxy filter from postfix but the content filter must speak SMTP and DSPAM doesn't.

I am also aware that It will require more power to process all this junk but that's my boss decision and he doesn't care if we have to buy a better server for this.

Any ideas to solve this problem?

Is it stupid not to send REJECT to spammers?

guillaume

----------

## Rob1n

Unfortunately there doesn't seem to be any way to do this with DSPAM.  From looking around this would seem to be because it works on a per-user basis (so one incoming mail could be addressed to two people, one of which marks it as spam and the other one doesn't) as well as the issue of doing the analysis in the very limited time before the connection is closed.

Have a look here: http://www.postfix.org/CONTENT_INSPECTION_README.html - you'll need a tool that'll either work as an SMTP proxy or use the Sendmail Milter interface.

Anyway, I doubt it'll make any difference whether you send a REJECT to a spammer or not - the vast majority of spammers won't be checking responses at all.  It makes little difference to them whether the address works or not - they've got tens of thousands of them after all (if they're not just making them up on the spot).

----------

## bombcar

It's nicer not to send an NDR for spam, as usually the spammers are "Joe Jobbing" someone and it'll just add to their mailbox being crushed.

http://en.wikipedia.org/wiki/Joe_job

----------

## Rob1n

 *bombcar wrote:*   

> It's nicer not to send an NDR for spam, as usually the spammers are "Joe Jobbing" someone and it'll just add to their mailbox being crushed.

 

Yes, but he's talking about sending a REJECT, not an NDR.

----------

## judododo

I might be confusing: what is the difference between REJECT and NDR?

I actually use relay_recipient_maps = hash:"/my hash"   to tell Postfix what are the addresses I want to accept. To be honest I don't really know what kind of reply the sender get.

If I understand correctly:

on incomming connection, postfix will do some check then check if the recipient address is a valid one (with relay_recipient_maps).

-> If it passes the tests, the messages is accepted (start transfering datas) and then post to the queue system.

    Then the message is passed to the content filter whom discard the message if it is identified as spam else delivered back to the queue and delivered to the user.

-> If it fails, the message is rejected before even starting to transfert datas, but I don't know what happen exactly at this point.

Is this the best way to configure postfix (or any other MTA)?

----------

## Rob1n

 *judododo wrote:*   

> I might be confusing: what is the difference between REJECT and NDR?

 

Essentially what happens is that the remote server connects, provides the recipient address, then passes the email data.  The local server can send a REJECT after the address or after the data (or it can accept the data).  If it accepts the mail but can't deliver it, then it sends an NDR.  If it rejected the mail then it's up to the previous mail server (or the remote mail client itself) to notify the user of the failure.

 *Quote:*   

> I actually use relay_recipient_maps = hash:"/my hash"   to tell Postfix what are the addresses I want to accept. To be honest I don't really know what kind of reply the sender get.
> 
> If I understand correctly:
> 
> on incomming connection, postfix will do some check then check if the recipient address is a valid one (with relay_recipient_maps).
> ...

 

That's the normal way, yes.  If the mail fails the tests then the remote host will get a REJECT.  If it passes and is detected as spam then you should (according to the RFCs) send an NDR.  However, as has been pointed out, this is generally a waste of time (as the sender address is usually forged or made up altogether) so a number of people (including some large ISPs) are just dropping them.

----------

## judododo

Thank you so much for your answers. It is cristal clear now.

----------

## Rob1n

Just as a thought - another option (I've not looked into how it might be implemented though) would be not to REJECT any mails (i.e. remove the relay_recipient_maps check), pass everything through DSPAM, then generate NDRs for non-spam messages with an unrecognised recipient.

----------

## magic919

I'd recommend plan A and allow Postfix to reject at the gateway.  Why waste time on the obvious spam?  I'd go so far as to suggest running some checks for valid HELO and FQHN as well.  Plus reject any mail from servers that call themselves localhost or localhost.localdomain or use your hostname or IP as a HELO.

----------

## judododo

I went for Plan A with magic919's restrictions. I am on my way to code a perl script to synchronize my recipient list with active directory. I know about getadsmtp.pl but I want to use DSPAM table to centralize the informations. My plan is to post a "HOWIDID" on this forum when it is working.

----------

