Postfix spam auto-block

I will write up a more formal blog post about this, but thought the crew here might like this.

I have recently become inundated with spam that is of the form fakename@WORD1.WORD2.com, where WORD1 is a subset of WORD2, and every single domain is parked at godaddy.

So, I now reject with a 450 every email in that format. Obviously I have to whitelist many domains, since many legitimate emails also use that format.

In addition to blocking those emails with a 450, I have written a set of scripts that inspects the postfix log every 5 minutes, looks for the 450 status code, grabs the domain name, and curls the domain. If it finds the domain parked, it adds a 521 line to blocked senders, rebuilds the map, and reloads postfix.

Super slick, and now fully automated.

Obviously this won’t work for all domains – it only works for ones that are obviously parked – but it will cut way down on my spam.

I’ll post the code soon, and will post a link to it.

3 Likes

I added a blog post about this, including link to code.

Seriously, this is one of the coolest things I’ve done in a while.