Does anyone know of a way, using Postfix, to block a domain as soon as it tries to send to a specific recipient address?
Spam typically goes to several recipients in my organization. Some email addresses are active but many are dormant, meaning the email addresses still exist but should not be getting any legitimate email. If anyone sends to one of the dormant addresses, then we can assume everything else from that domain is spam.
What I want to do is as soon as an email is received to a recipient address on the dormant email list, then immediately reject all other emails from that sender domain.
Looking at the log I see the following pattern. Each email comes in about a minute apart:
- Mail sent to [email protected] from [email protected]
- Mail sent to [email protected] from [email protected]
- Mail sent to [email protected] from [email protected]
- Mail sent to [email protected] from [email protected]
- Mail sent to [email protected] from [email protected]
- Mail sent to [email protected] from [email protected]
I know all the dormant email addresses, and know that any mail sent to them is spam, so what I want to do is block the sending domain as soon as it sends mail to a dormant email address as so:
- Mail sent to [email protected] from [email protected]
Block domain spamdomain.com
- Mail sent to [email protected] from [email protected] > Rejected
- Mail sent to [email protected] from [email protected] > Rejected
- Mail sent to [email protected] from [email protected] > Rejected
- Mail sent to [email protected] from [email protected] > Rejected
- Mail sent to [email protected] from [email protected] > Rejected
One idea is to scan the tail of the log every 10 seconds or so and, based on finding one of the dormant addresses, modify the check_sender_access file and restart Postfix but that might result in my server being down when real email is being received. So ideally this could be done without bringing down Postfix.
Any help is greatly appreciated.