With policyd-weight you are able to reject mails before the body is received by your MTA, here postfix. No bounce mails, less wasted bandwidth and cpu time. policyd-weight scores characteristics of the mail positive or negative, is a defined value reached, it got rejected. The scores are currently:
- HELO argument
- MAIL FROM: argument
- Client IP address
- DNS client/HELO/FROM entries (A/16 A/24 A/32), PTR/FQDN and Parent Domains (MX/16 MX/24 MX/32) for their correctness respectively whether they match.
It's available in etch and bpo, installation is really easy:
# aptitude install [-t sarge-backports] policyd-weight
reject_rhsbl_client checks from
main.cf and insert the
smtpd_recipient_restrictions = permit_mynetworks, ... reject_unauth_destination, check_policy_service inet:127.0.0.1:12525 ...
You can create a
/etc/policyd-weight.conf if you would like to adjusting scores or other policyd-weight parameters. You can get the defaults with
policyd-weight defaults. For more informations have a look at
/usr/share/doc/policyd-weight/documentation.txt.gz or http://policyd-weight.org.
A normal day on a backup MX with ~500 domain:
backup:~# zgrep -e "postfix.*: connect from" \ /var/log/mail.info.0 | wc -l 29936 backup:~# zgrep -e "policyd-weight.*decided action=5" \ /var/log/mail.info.0 | wc -l 22738 backup:~# zgrep -e "postfix.*status=sent" \ /var/log/mail.info.0 | wc -l 5570