OT Sendmail configuration question
Jeff A. Earickson
jaearick at COLBY.EDU
Tue Feb 15 18:41:18 GMT 2005
I have used a seven second delay for quite a while with sendmail 8.13.
Approximately 1500 connections a day out of approx 30K messages a day
are rejected via the pre-greeting setting.
When I first deployed sendmail 8.13, I started with a 30 second delay,
per a blurb on the net (that I can't find now) indicating that a 30
second delay punted nearly all spambots. But you also punt a fair
number of legit connections from places like Verizon that are in a
hurry and have short time-outs. Seven seconds keeps the really
obnoxious spambots at bay but doesn't interfere with real traffic
(or some spam).
Jeff Earickson
Colby College
On Tue, 15 Feb 2005, JD wrote:
> Date: Tue, 15 Feb 2005 10:33:04 -0800
> From: JD <jd at BENTECMED.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Sendmail configuration question
>
> Does creating a delay in the 220 greeting really make any difference in your
> experience? Im wondering if I shouldupgrade to 8.13 to try it out.
>
> -JD
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of John Rudd
> Sent: Friday, February 11, 2005 9:02 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Sendmail configuration question
>
>
> No, milters don't happen until later in the conversation (as far as I
> know), so I don't think milters can do it. It required new code, so
> I'm pretty sure you really need to use 8.13 and not 8.12. But, 8.13.1
> is pretty rock solid. I can't think of a reason NOT to upgrade to it
> from 8.12.
>
> On Feb 11, 2005, at 5:49 PM, Alex Neuman van der Hans wrote:
>
>> There is *no* way to do this on sendmail 8.12, is there? Maybe through
>> a
>> milter? Just asking, not intended as flamebait (you know, people
>> screaming
>> RTFM and the like)...
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf
>> Of John Rudd
>> Sent: Friday, February 11, 2005 6:33 PM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: OT Sendmail configuration question
>>
>> I think he's actually talking about the server delaying the
>> pre-HELO/EHLO
>> greeting (the server's 220 greeting). It's new to sendmail 8.13.x,
>> and it's
>> called "greet_pause".
>>
>> What you want to do, is anywhere after your "access_db" declaration in
>> the
>> mc file, put:
>>
>> FEATURE(`greet_pause', `30000')dnl
>>
>> The 30000 is in milliseconds, so that's a 30 second delay. Note that
>> there
>> are some side effects if you go higher than 28 seconds (verizon does
>> "call
>> backs" when accepting email from you, and if they don't get a valid
>> response
>> in 28 seconds, they give up and reject your message).
>>
>> Also, you can put entries in your access_db that look like this:
>>
>> # 220 GreetPause (miliseconds)
>> #
>> GreetPause:127.0.0 0
>> GreetPause:128.114.125 0
>> GreetPause:128.114 3000
>> GreetPause:169.233 15000
>> GreetPause: 30000
>>
>> These set aside other delays based upon the connecting host. 0 means
>> "disable the delay".
>>
>>
>> On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote:
>>
>>> I don't think that's what he means. It's an option in newer sendmail
>>> versions (8.13 I think) that lets you insert a delay between the HELO
>>> from the client and the OK from the server.
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Mark Campbell
>>> Sent: Friday, February 11, 2005 5:47 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: OT Sendmail configuration question
>>>
>>> Is this what you're looking for?
>>>
>>> During an SMTP conversation, a client introduces itself to a server
>>> using the HELO or EHLO command. The standard does not specify what
>>> should be said here, and many Windows clients in fact use a "bogus"
>>> name: for instance, the domain name of the destination server.
>>> Nevertheless, it may sometimes be useful to check the argument to
>>> HELO/EHLO, as many SPAM programs use bogus arguments in a consistent
>>> manner.
>>>
>>> In a very helpful e-mail, a sendmail maintainer explained to me how
>>> this could be done. The trick is to use delayed macro expansion with
>>> the $s macro. As the sendmail manual explains, $s is a transient
>>> macro: at startup, when sendmail reads its configuration file, it
>>> contains the name of the host on which sendmail runs, but during an
>>> SMTP conversation, it expands into the hostname supplied by the remote
>>> client as the argument to HELO/EHLO. By writing $&s, it is possible to
>>> delay the expansion of this macro, so it is expanded only when it is
>>> needed; e.g., during Local_check_rcpt.
>>>
>>> Consequently, my sendmail.mc file contains a local rule set similar to
>>> the following (note that Local_check_rcpt, if exists, is automatically
>>> called by sendmail at the appropriate stage of processing the
>>> envelope):
>>>
>>> SLocal_check_rcpt
>>> R$* $: $&s
>>> Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s)
>>> R$* $@ OK
>>>
>>>
>>> REF: http://www.vttoth.com/heloehlo.htm
>>>
>>> Mark
>>>
>>> Mark Campbell
>>> --
>>> IT Convergence OS Administrator <mcampbell at itconvergence.com>
>>>
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Jim Dickenson
>>> Sent: Friday, February 11, 2005 4:48 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: OT Sendmail configuration question
>>>
>>> Some time ago there was talk on this list about using a relatively new
>>> option in sendmail. As I recall there is some option that allows one
>>> to delay the response to a helo or ehlo line. The theory was that
>>> spammers could not afford to wait when sending messages and they would
>>> not wait for the delay time.
>>>
>>> Can someone remind me what the command was.
>>>
>>> I tried to search the archive but not knowing exactly what I am
>>> searching for I did not find the past messages.
>>>
>>> Thanks,
>>> --
>>> Jim Dickenson
>>> mailto:dickenson at cfmc.com
>>>
>>> CfMC
>>> http://www.cfmc.com/
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------ To
>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list