[nycbug-talk] Postfix filter for Exchange

George R. george at sddi.net
Thu Jul 27 11:53:11 EDT 2006 

Pete Wright wrote:
> Hi All,
> 	So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should probably move
> to more robust mail solution.  we do have an issue where runaway scripts
> start generating *ton's* of email in a very short period of time.  We
> have been trying our best to resolve this issue by bludgening those who
> write the offending code, but it still happens from time to time.
> 
> 	So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange.  The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them.  I am not so sure about that, but do not have the
> time to learn exchange.
> 
> 	Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for?  Or is there
> a sendmail milter that does this already that i don't know about?
> 

There's a good number of regex-based header, body and mime checks out
and about. . . but we don't use/have anything that deals specifically
with mail bombs.

Here's one thought:

http://tinyurl.com/rlxzj

There's also a reference here about mail bombs:

http://tinyurl.com/rfzxp

# The following is the normal cleanup daemon. No header or body checks here,
# because these have already been taken care of by the pre-cleanup service
# before the content filter.  The normal cleanup instance does all
# the virtual alias and canonical address mapping that was disabled
# in the pre-cleanup instance before the content filter.
#
cleanup	unix	n	-	n	-	0	cleanup
    -o mime_header_checks=
    -o nested_header_checks=
    -o body_checks=
    -o header_checks=
# or use second-stage header checks, to be able to place mail bombs on HOLD
#   -o header_checks=pcre:/etc/postfix/header_checks2
# consider also:
#   -o always_bcc=snooping at example.com

I'll send you our body, header and mime checks offlist, which deal with
many of the apps that actually do the bombing. . .

Hope that helps a bit.

g

More information about the talk mailing list