OT Sendmail configuration question
John Rudd
jrudd at UCSC.EDU
Tue Feb 15 21:50:04 GMT 2005
At work:
I use a delay of 15 seconds. We also use SBL and XBL for DNSBLs.
Last week, we blocked 76,915 messages via the delay.
(combined SBL and XBL blocking was 745,964 messages for that
week)
When we disable the delay, our count of XBL messages tends to go
up, but they don't appear to be a 1:1 mapping (so if we aren't
doing both, then some messages slip through).
We still get thousands of spam (38,782 at a score of 8 or higher,
for that week) and viruses (9,197 for that week) leaking through,
but those numbers are 10% (for spam) and 30% (for viruses) of what
we used to get before instituting SBL/XBL and the 220 Delay.
At home:
same set up, but 30 second delay. I tend to block about 15-30
messages per day via the delay. I rarely get XBL blocks, but
sometimes I do. If I remove the delay, then the XBL blocks
go up. So do my virus counts.
For the SBL, I tend to block about 5-20 per day. The combination
just about eliminates all spam and viruses from my email. SURBL
catches the rest, via spam assassin (0-3 per day, 0 being much
more common than 1-3).
In both cases, I tried identifying who verizon's servers are (I used
their MX server list, because those are the hosts that are likely to do
the call-back), and gave them specific values of 15 seconds ... so I
can be sure that they don't have problems with their call backs (for
work, that means I can raise the delay without impacting verizon's
servers).
On Feb 15, 2005, at 10:33 AM, JD wrote:
> Does creating a delay in the 220 greeting really make any difference
> in your
> experience? Im wondering if I shouldupgrade to 8.13 to try it out.
>
> -JD
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of John Rudd
> Sent: Friday, February 11, 2005 9:02 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Sendmail configuration question
>
>
> No, milters don't happen until later in the conversation (as far as I
> know), so I don't think milters can do it. It required new code, so
> I'm pretty sure you really need to use 8.13 and not 8.12. But, 8.13.1
> is pretty rock solid. I can't think of a reason NOT to upgrade to it
> from 8.12.
>
> On Feb 11, 2005, at 5:49 PM, Alex Neuman van der Hans wrote:
>
>> There is *no* way to do this on sendmail 8.12, is there? Maybe through
>> a
>> milter? Just asking, not intended as flamebait (you know, people
>> screaming
>> RTFM and the like)...
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf
>> Of John Rudd
>> Sent: Friday, February 11, 2005 6:33 PM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: OT Sendmail configuration question
>>
>> I think he's actually talking about the server delaying the
>> pre-HELO/EHLO
>> greeting (the server's 220 greeting). It's new to sendmail 8.13.x,
>> and it's
>> called "greet_pause".
>>
>> What you want to do, is anywhere after your "access_db" declaration in
>> the
>> mc file, put:
>>
>> FEATURE(`greet_pause', `30000')dnl
>>
>> The 30000 is in milliseconds, so that's a 30 second delay. Note that
>> there
>> are some side effects if you go higher than 28 seconds (verizon does
>> "call
>> backs" when accepting email from you, and if they don't get a valid
>> response
>> in 28 seconds, they give up and reject your message).
>>
>> Also, you can put entries in your access_db that look like this:
>>
>> # 220 GreetPause (miliseconds)
>> #
>> GreetPause:127.0.0 0
>> GreetPause:128.114.125 0
>> GreetPause:128.114 3000
>> GreetPause:169.233 15000
>> GreetPause: 30000
>>
>> These set aside other delays based upon the connecting host. 0 means
>> "disable the delay".
>>
>>
>> On Feb 11, 2005, at 14:54, Alex Neuman van der Hans wrote:
>>
>>> I don't think that's what he means. It's an option in newer sendmail
>>> versions (8.13 I think) that lets you insert a delay between the HELO
>>> from the client and the OK from the server.
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Mark Campbell
>>> Sent: Friday, February 11, 2005 5:47 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: OT Sendmail configuration question
>>>
>>> Is this what you're looking for?
>>>
>>> During an SMTP conversation, a client introduces itself to a server
>>> using the HELO or EHLO command. The standard does not specify what
>>> should be said here, and many Windows clients in fact use a "bogus"
>>> name: for instance, the domain name of the destination server.
>>> Nevertheless, it may sometimes be useful to check the argument to
>>> HELO/EHLO, as many SPAM programs use bogus arguments in a consistent
>>> manner.
>>>
>>> In a very helpful e-mail, a sendmail maintainer explained to me how
>>> this could be done. The trick is to use delayed macro expansion with
>>> the $s macro. As the sendmail manual explains, $s is a transient
>>> macro: at startup, when sendmail reads its configuration file, it
>>> contains the name of the host on which sendmail runs, but during an
>>> SMTP conversation, it expands into the hostname supplied by the
>>> remote
>>> client as the argument to HELO/EHLO. By writing $&s, it is possible
>>> to
>>> delay the expansion of this macro, so it is expanded only when it is
>>> needed; e.g., during Local_check_rcpt.
>>>
>>> Consequently, my sendmail.mc file contains a local rule set similar
>>> to
>>> the following (note that Local_check_rcpt, if exists, is
>>> automatically
>>> called by sendmail at the appropriate stage of processing the
>>> envelope):
>>>
>>> SLocal_check_rcpt
>>> R$* $: $&s
>>> Rbogus.domain $#error $: 550 Spam Forbidden\ ($&s)
>>> R$* $@ OK
>>>
>>>
>>> REF: http://www.vttoth.com/heloehlo.htm
>>>
>>> Mark
>>>
>>> Mark Campbell
>>> --
>>> IT Convergence OS Administrator <mcampbell at itconvergence.com>
>>>
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>> Behalf Of Jim Dickenson
>>> Sent: Friday, February 11, 2005 4:48 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: OT Sendmail configuration question
>>>
>>> Some time ago there was talk on this list about using a relatively
>>> new
>>> option in sendmail. As I recall there is some option that allows one
>>> to delay the response to a helo or ehlo line. The theory was that
>>> spammers could not afford to wait when sending messages and they
>>> would
>>> not wait for the delay time.
>>>
>>> Can someone remind me what the command was.
>>>
>>> I tried to search the archive but not knowing exactly what I am
>>> searching for I did not find the past messages.
>>>
>>> Thanks,
>>> --
>>> Jim Dickenson
>>> mailto:dickenson at cfmc.com
>>>
>>> CfMC
>>> http://www.cfmc.com/
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> ------------------------ MailScanner list ------------------------ To
>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the
>>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------ To
>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list