diff options
| author | Micah <micah@leap.se> | 2016-07-12 11:20:58 -0400 | 
|---|---|---|
| committer | Micah <micah@leap.se> | 2016-07-19 10:44:11 -0400 | 
| commit | bbdc193f05cb2f1624d6c7bbffd27f8060de35c8 (patch) | |
| tree | 5afe409027ccc69fd7d3c1895e39bb1800c9d2d0 | |
| parent | 68544ba2ffdfa988c060b3b4c5bd075f7304a022 (diff) | |
Block ip-based helo at MTA (#8139).
Numeric helo is a very strong indicator of spam. When this is blocked, a
very significant amount of spam stops.
Change-Id: Ieb340190faf37638950d1aa60b52268659e0b7f6
| -rw-r--r-- | puppet/modules/site_postfix/files/checks/helo_access.pcre | 2 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/checks.pp | 7 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 | 
3 files changed, 10 insertions, 1 deletions
| diff --git a/puppet/modules/site_postfix/files/checks/helo_access.pcre b/puppet/modules/site_postfix/files/checks/helo_access.pcre new file mode 100644 index 00000000..4ebd42e6 --- /dev/null +++ b/puppet/modules/site_postfix/files/checks/helo_access.pcre @@ -0,0 +1,2 @@ +!/[[:alpha:]]/ REJECT Numeric HELO is a sign of spam, please contact us if this is in error + diff --git a/puppet/modules/site_postfix/manifests/mx/checks.pp b/puppet/modules/site_postfix/manifests/mx/checks.pp index f406ad34..9678c205 100644 --- a/puppet/modules/site_postfix/manifests/mx/checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/checks.pp @@ -1,3 +1,4 @@ +# management of specific MTA checks  class site_postfix::mx::checks {    file { @@ -13,6 +14,12 @@ class site_postfix::mx::checks {        mode    => '0644',        owner   => root,        group   => root; + +    '/etc/postfix/checks/helo_checks.pcre': +      source => 'puppet:///modules/site_postfix/checks/helo_access.pcre', +      mode   => '0644', +      owner  => root, +      group  => root;    }    exec { diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index 291d7ee4..162e6d86 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -28,7 +28,7 @@ class site_postfix::mx::smtpd_checks {      'smtps_relay_restrictions':        value => 'permit_mynetworks, permit_tls_clientcerts, defer_unauth_destination';      'smtps_helo_restrictions': -      value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, permit'; +      value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, check_helo_access pcre:$checks_dir/helo_checks.pcre, permit';      'smtpd_sender_restrictions':        value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';      } | 
