Limiting the Number of Honeypot Spam Messages

(4.0)

If you are not running Postfix, you can stop reading now. This solution is Postfix-only.

Still with me? Good.

Suppose that you have one or more Honeypots (a.k.a. Spam traps) and you use them to provide Corpus or Innoculate training for DSPAM. You may find that you receive so much Spam that it becomes too much of a good thing and makes your accuracy worse (too much Spam, not enough innocent mail).

I feed my Honeypot messages into a Merged group that is shared by all of my users. Per Jon's recommendation, I want to add a few Spams to this group every now and then in order to keep it current with the latest Spam.

I want a way to be able to control how many messages per day will be delivered to my Honeypot account. For example, I want to be able to say:

Accept one message per day and reject the rest.
or
Accept only three messages per week.
etc.

Using the Postfix Policy Service feature, I was able to accomplish just what I wanted using a Perl script. Interested? Here's all you have to do:

  1. Install spam_gatekeeper.pl in some convenient place and make it executable.
    I put it in /usr/local/bin.

  2. Edit the configuration parameters in the script (number of days, number of messages, etc.)

  3. Edit the Postfix master.cf file to define spam-gatekeeper.pl as a policy service.
       spam_gatekeeper unix - n n - - spawn
           user=nobody argv=/usr/local/bin/spam_gatekeeper.pl
  4. Edit the Postfix main.cf file to use the policy service.
       smtpd_restriction_classes = spam_gatekeeper
       spam_gatekeeper = check_policy_service unix:private/spam_gatekeeper
           spam_gatekeeper_time_limit = 3600

            smtpd_recipient_restrictions =
              <your existing stuff>,
              hash:/etc/postfix/apply_spam_gatekeeper_to,
              <your other stuff>
  5. Create a text file (mine is /etc/postfix/apply_spam_gatekeeper_to) that lists each of your Honeypot addresses. For each one, you tell Postfix to ask spam-gatekeeper whether to accept or reject the message.
    (Note: Recipient addresses not listed in this file are not passed to spam-gatekeeper. They "fall through" to the next item in your smtpd_recipient_restrictions.)

  6. Run the text file through postmap (Postfix does not read the text file).

  7. Reload Postfix and you are done!

The author of this submission hereby releases any and all copyright interest in this code, documentation, or other materials included to the DSPAM project and its primary governors. I intend this relinquishment of copyright interest in perpetuity of all present and future rights to said submission under copyright law.
Powered by Apache