[tor-relays] Two-step abuse management?
Ralph Seichter
m16+tor at monksofcool.net
Wed Sep 13 18:19:02 UTC 2017
On 13.09.17 18:48, Moritz Bartl wrote:
> Mind sharing that configuration, and maybe even the filters you
> already set up?
My method is highly Postfix-specific, but I can see that you use Postfix
as well. ;-) Here is an example for sender-based rejection (incomplete):
smtpd_sender_restrictions =
check_sender_access pcre:${config_directory}/sender_access
# pcre:sender_access
/abuse-reporting\.webiron\.com/ REJECT
That line alone catches most of the useless generated complaints. W.I.
holds a special place in my heart due to past misbehaviour, so I don't
even bother telling them how to contact me any more and flatly reject
all their robot messages.
Combine this with recipient-based checks (incomplete again):
smtpd_recipient_restrictions =
check_recipient_access pcre:${config_directory}/recipient_access
# pcre:recipient_access
/^abuse\@tordom\.tld$/ REJECT Please use https://foo/ to report abuse
I imagine you already have a (captcha-protected) ticket system in place.
Finally, sprinkle header- and/or body-based checks into the mix:
header_checks = pcre:${config_directory}/header_checks
# pcre:header_checks
/^Subject:.+fail2ban generated abuse report/ DISCARD
Not that I actually recommend using DISCARD, mind you, it is just another
example. Should you require more specific information about what Postfix
checks can do, contact me off-list. I'm guessing you know about these
very powerful checks already.
-Ralph
More information about the tor-relays
mailing list