Menu

Tree [r1] /
 History

HTTPS svn://
HTTPS access

File Date Author Commit
 README 2009-08-14 mmzz [r1] Initial import
 stixs.pl 2009-08-14 mmzz [r1] Initial import

Read Me

**** stixs 
**** a blacklisting delegate policy agent for postfix

more details in http://www.zeromx.net
http://www.cammozzo.com
a.cammozzo at gmail
-------------------
(c) Alberto Cammozzo Aug 2009
release 0.5 Licensed under the terms of the GPLv2
-------------------
How it works:

checks if sender IP is already blacklisted querying bld (Blacklist daemon). 
In this case: Rejects. If mail addressed to one of a list of fake sender 
address listed in honeypot webpages arrives, blacklists sender IP
and rejects. Reject timeout are delegated to bld (see bld configuration).
-------------------

README

Installation
1) install and configure bld (Black List Daemon) and postfix
   apt-get install postfix bld 
   Unless you plan to use an ssh tunnel, they should be installed
   on the same machine with bld listening on localhost.
   Otherwise, edit bld access lists to allow updating blacklists
   only from localhost.
2) place this file in /etc/postfix/stixs.pl

Configure postfix as follows:
3) edit main.cf and insert:
    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        check_policy_service unix:private/stixs,
        ...
4) edit master.cf and add:
     stixs   unix    -       n       n       -       -       spawn 
             user=nobody argv=/usr/bin/perl /etc/postfix/daemon.pl
5) edit /etc/postfix/fakeaddr is in postfix access (5) format:
     fakeaddress1@domain.tld REJECT
     fakeaddress2@domain.tld REJECT
     fakeaddress3@domain.tld REJECT
   these are the addresses that should be bublished in an indexed webpage
   or extracted from the logs of frquently rejected addresses
   Make sure the addresses are not rejected as unauth_destionation.
   Perhaps you'll have to edit /etc/aliases to add them as "valid" destinations:
     fakeaddress1: /dev/null
     fakeaddress2: /dev/null
     fakeaddress3: /dev/null
   
6) rebuild fake addresses database and aliases
     postmap /etc/postfix/fakeaddr
     postalias /etc/aliases

Configuration done. Now:
7) restart postfix
     /etc/init.d postfix restart
8) watch the logs

Troubleshooting hints:
edit $debug=1

bld normally binds to localhost, port 2905. 
If you configured differently, edit $blhost and $blport accordingly
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.