[nycbug-talk] Postfix filter for Exchange

Peter Wright pete at nomadlogic.org
Thu Jul 27 11:59:02 EDT 2006

> Pete Wright wrote:
>> Hi All,
>> 	So for some reason we run exchange as our mail store, and
>> frankly I'd rather not start another fight as to how we should probably
>> move
>> to more robust mail solution.  we do have an issue where runaway scripts
>> start generating *ton's* of email in a very short period of time.  We
>> have been trying our best to resolve this issue by bludgening those who
>> write the offending code, but it still happens from time to time.
>> 	So, to help us out with this I am going to propose putting a
>> Postfix filter infront of the exchange server to kill these mail bombs
>> before they take down exchange.  The exchange admin's promise there is
>> nothing they can do to properlly rate limit, or kill these mail bombs
>> before spooling them.  I am not so sure about that, but do not have the
>> time to learn exchange.
>> 	Has anyone implemented such a solution for a highvolume
>> mailserver, if so any caveat's i should be looking out for?  Or is there
>> a sendmail milter that does this already that i don't know about?
> There's a good number of regex-based header, body and mime checks out
> and about. . . but we don't use/have anything that deals specifically
> with mail bombs.
> Here's one thought:
> http://tinyurl.com/rlxzj
> There's also a reference here about mail bombs:
> http://tinyurl.com/rfzxp
> # The following is the normal cleanup daemon. No header or body checks
> here,
> # because these have already been taken care of by the pre-cleanup service
> # before the content filter.  The normal cleanup instance does all
> # the virtual alias and canonical address mapping that was disabled
> # in the pre-cleanup instance before the content filter.
> #
> cleanup	unix	n	-	n	-	0	cleanup
>     -o mime_header_checks=
>     -o nested_header_checks=
>     -o body_checks=
>     -o header_checks=
> # or use second-stage header checks, to be able to place mail bombs on
> #   -o header_checks=pcre:/etc/postfix/header_checks2
> # consider also:
> #   -o always_bcc=snooping at example.com
> I'll send you our body, header and mime checks offlist, which deal with
> many of the apps that actually do the bombing. . .
> Hope that helps a bit.

yea this is execellent!  thanks Gman!


Peter Wright
pete at nomadlogic.org

More information about the talk mailing list