[nycbug-talk] Postfix filter for Exchange
george at sddi.net
Thu Jul 27 11:53:11 EDT 2006
Pete Wright wrote:
> Hi All,
> So for some reason we run exchange as our mail store, and
> frankly I'd rather not start another fight as to how we should probably move
> to more robust mail solution. we do have an issue where runaway scripts
> start generating *ton's* of email in a very short period of time. We
> have been trying our best to resolve this issue by bludgening those who
> write the offending code, but it still happens from time to time.
> So, to help us out with this I am going to propose putting a
> Postfix filter infront of the exchange server to kill these mail bombs
> before they take down exchange. The exchange admin's promise there is
> nothing they can do to properlly rate limit, or kill these mail bombs
> before spooling them. I am not so sure about that, but do not have the
> time to learn exchange.
> Has anyone implemented such a solution for a highvolume
> mailserver, if so any caveat's i should be looking out for? Or is there
> a sendmail milter that does this already that i don't know about?
There's a good number of regex-based header, body and mime checks out
and about. . . but we don't use/have anything that deals specifically
with mail bombs.
Here's one thought:
There's also a reference here about mail bombs:
# The following is the normal cleanup daemon. No header or body checks here,
# because these have already been taken care of by the pre-cleanup service
# before the content filter. The normal cleanup instance does all
# the virtual alias and canonical address mapping that was disabled
# in the pre-cleanup instance before the content filter.
cleanup unix n - n - 0 cleanup
# or use second-stage header checks, to be able to place mail bombs on HOLD
# -o header_checks=pcre:/etc/postfix/header_checks2
# consider also:
# -o always_bcc=snooping at example.com
I'll send you our body, header and mime checks offlist, which deal with
many of the apps that actually do the bombing. . .
Hope that helps a bit.
More information about the talk