[tor-relays] Two-step abuse management?

Ralph Seichter m16+tor at monksofcool.net
Wed Sep 13 18:19:02 UTC 2017


On 13.09.17 18:48, Moritz Bartl wrote:

> Mind sharing that configuration, and maybe even the filters you
> already set up?

My method is highly Postfix-specific, but I can see that you use Postfix
as well. ;-) Here is an example for sender-based rejection (incomplete):

  smtpd_sender_restrictions =
   check_sender_access pcre:${config_directory}/sender_access

  # pcre:sender_access
  /abuse-reporting\.webiron\.com/ REJECT

That line alone catches most of the useless generated complaints. W.I.
holds a special place in my heart due to past misbehaviour, so I don't
even bother telling them how to contact me any more and flatly reject
all their robot messages.

Combine this with recipient-based checks (incomplete again):

  smtpd_recipient_restrictions =
   check_recipient_access pcre:${config_directory}/recipient_access

  # pcre:recipient_access
  /^abuse\@tordom\.tld$/ REJECT Please use https://foo/ to report abuse

I imagine you already have a (captcha-protected) ticket system in place.
Finally, sprinkle header- and/or body-based checks into the mix:

  header_checks = pcre:${config_directory}/header_checks

  # pcre:header_checks
  /^Subject:.+fail2ban generated abuse report/ DISCARD

Not that I actually recommend using DISCARD, mind you, it is just another
example. Should you require more specific information about what Postfix
checks can do, contact me off-list. I'm guessing you know about these
very powerful checks already.

-Ralph


More information about the tor-relays mailing list