Postfix has the ability to DISCARD (or Reject) any email, by using simple regular expressions. This can be done on your incoming or outgoing mail farm and you can either check the header or body of an email.
For me header_checks is a more powerful tool but the main problem with phishing bots is that the headers arent always the same (different IPs, different Froms etc etc).
And on half of them scam situations there is an ugly url or email inside the body of the email.
Our abuse department informed us today for a scam bot that “WANTS YOU TO REPLY TO THEM WITH YOUR PASSWORDS” and we took the appropriate measures against it. None of our outgoing mail servers can be used to send a reply to the abuser mail address.
There is a debate in our team about future incoming of this specific scam bot. We could use body_check to silent DISCARD any new incoming mail but that also make it very difficult for us to communicate with each other.
The main problem is that i cant “report” to my manager about that OR the security/abuse department cant send me any email that has the “BAD email address” inside the body or our mails.