OT Sendmail configuration question

Jim Dickenson dickenson at CFMC.COM
Tue Feb 15 19:30:34 GMT 2005 

I saw about 47000 messaged rejected because of me rejecting unknown email
addresses and having a 7 second delay. There were almost 1400 lines in my
logwatch about greetpause rejections in about 16 hours.

The junk email with this new gateway server in place for me personally
dropped 90%, from about 2500 per day.
--
Jim Dickenson
mailto:dickenson at cfmc.com

CfMC
http://www.cfmc.com/



> From: JD <jd at BENTECMED.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> Date: Tue, 15 Feb 2005 10:33:04 -0800
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Subject: Re: OT Sendmail configuration question
>
> Does creating a delay in the 220 greeting really make any difference in your
> experience? Im wondering if I shouldupgrade to 8.13 to try it out.
>
> -JD
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of John Rudd
> Sent: Friday, February 11, 2005 9:02 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Sendmail configuration question
>
>
> No, milters don't happen until later in the conversation (as far as I
> know), so I don't think milters can do it.  It required new code, so
> I'm pretty sure you really need to use 8.13 and not 8.12.  But, 8.13.1
> is pretty rock solid.  I can't think of a reason NOT to upgrade to it
> from 8.12.
>
> On Feb 11, 2005, at 5:49 PM, Alex Neuman van der Hans wrote:
>
>> There is *no* way to do this on sendmail 8.12, is there? Maybe through
>> a
>> milter? Just asking, not intended as flamebait (you know, people
>> screaming
>> RTFM and the like)...
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf
>> Of John Rudd
>> Sent: Friday, February 11, 2005 6:33 PM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: OT Sendmail configuration question
>>
>> I think he's actually talking about the server delaying the
>> pre-HELO/EHLO
>> greeting (the server's 220 greeting).  It's new to sendmail 8.13.x,
>> and it's
>> called "greet_pause".
>>
>> What you want to do, is anywhere after your "access_db" declaration in
>> the
>> mc file, put:
>>
>> FEATURE(`greet_pause', `30000')dnl
>>
>> The 30000 is in milliseconds, so that's a 30 second delay.  Note that
>> there
>> are some side effects if you go higher than 28 seconds (verizon does
>> "call
>> backs" when accepting email from you, and if they don't get a valid
>> response
>> in 28 seconds, they give up and reject your message).
>>
>> Also, you can put entries in your access_db that look like this:
>>
>> # 220 GreetPause (miliseconds)
>> #
>> GreetPause:127.0.0      0
>> GreetPause:128.114.125  0
>> GreetPause:128.114      3000
>> GreetPause:169.233      15000
>> GreetPause:             30000
>>
>> These set aside other delays based upon the connecting host.  0 means
>> "disable the delay".
>>
>>
>> On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote:
>>
>>> I don't think that's what he means. It's an option in newer sendmail
>>> versions (8.13 I think) that lets you insert a delay between the HELO
>>> from the client and the OK from the server.
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Mark Campbell
>>> Sent: Friday, February 11, 2005 5:47 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: OT Sendmail configuration question
>>>
>>> Is this what you're looking for?
>>>
>>> During an SMTP conversation, a client introduces itself to a server
>>> using the HELO or EHLO command. The standard does not specify what
>>> should be said here, and many Windows clients in fact use a "bogus"
>>> name: for instance, the domain name of the destination server.
>>> Nevertheless, it may sometimes be useful to check the argument to
>>> HELO/EHLO, as many SPAM programs use bogus arguments in a consistent
>>> manner.
>>>
>>> In a very helpful e-mail, a sendmail maintainer explained to me how
>>> this could be done. The trick is to use delayed macro expansion with
>>> the $s macro. As the sendmail manual explains, $s is a transient
>>> macro: at startup, when sendmail reads its configuration file, it
>>> contains the name of the host on which sendmail runs, but during an
>>> SMTP conversation, it expands into the hostname supplied by the remote
>>> client as the argument to HELO/EHLO. By writing $&s, it is possible to
>>> delay the expansion of this macro, so it is expanded only when it is
>>> needed; e.g., during Local_check_rcpt.
>>>
>>> Consequently, my sendmail.mc file contains a local rule set similar to
>>> the following (note that Local_check_rcpt, if exists, is automatically
>>> called by sendmail at the appropriate stage of processing the
>>> envelope):
>>>
>>> SLocal_check_rcpt
>>> R$*                     $: $&s
>>> Rbogus.domain           $#error $: 550 Spam Forbidden\ ($&s)
>>> R$*                     $@ OK
>>>
>>>
>>> REF: http://www.vttoth.com/heloehlo.htm
>>>
>>> Mark
>>>
>>> Mark Campbell
>>> --
>>> IT Convergence OS Administrator <mcampbell at itconvergence.com>
>>>
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Jim Dickenson
>>> Sent: Friday, February 11, 2005 4:48 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: OT Sendmail configuration question
>>>
>>> Some time ago there was talk on this list about using a relatively new
>>> option in sendmail. As I recall there is some option that allows one
>>> to delay the response to a helo or ehlo line. The theory was that
>>> spammers could not afford to wait when sending messages and they would
>>> not wait for the delay time.
>>>
>>> Can someone remind me what the command was.
>>>
>>> I tried to search the archive but not knowing exactly what I am
>>> searching for I did not find the past messages.
>>>
>>> Thanks,
>>> --
>>> Jim Dickenson
>>> mailto:dickenson at cfmc.com
>>>
>>> CfMC
>>> http://www.cfmc.com/
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------ To
>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list