[nycbug-talk] Postfix filter for Exchange
N.J. Thomas
njt at ayvali.org
Thu Jul 27 12:25:53 EDT 2006
* Pete Wright <pete at nomadlogic.org> [2006-07-27 11:31:12 -0400]:
> So, to help us out with this I am going to propose putting a Postfix
> filter infront of the exchange server to kill these mail bombs before
> they take down exchange.
We do this exact thing. We were hit with a virus/worm back in December
(W32/Sober.AA at m). We weren't sending anything out, but someone spoofed
our domain and we got hundreds of thousands of bounces.
Since the worm mailed out using standardized headers, the solution was
to put some simple Postfix header checks in of the form:
/^Subject:.*Fw: DSC-00465.jpg/ DISCARD
/^Subject:.*Fw: Funny :)/ DISCARD
/^Subject:.*Fw: Picturs/ DISCARD
This worked, it was extremely fast and we never had any problems with
the worm after putting it in. I seriously believe that had Postfix not
been there to throw this garbage away, our corporate mail infrastructure
would not have been left standing with Exchange alone (one of the most
braindead pieces of software I have had the misfortune to admin in my
short life -- if you ever want to amuse yourself, search the web and see
how so called "Windows Experts" recommend taking backups for Exchange
mailboxes).
The Postfix after-queue and before-queue content filters are also very
useful -- they give you full control over filtering, albeit at the cost
of some performance.
> Has anyone implemented such a solution for a highvolume mailserver, if
> so any caveat's i should be looking out for?
Drop me a note if you run into any problems, it is fairly straight
forward though. We set up virtual users whose mail forward to the actual
Exchange mailboxes. Exchange is set up to recognize and receive mail for
them. It is a little kludgy, but it works.
Thomas
--
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo
More information about the talk
mailing list