sender verification

Stephen Swaney steve.swaney at FSL.COM
Wed May 11 16:10:26 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of BB
> Sent: Wednesday, May 11, 2005 10:26 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: sender verification
>
> Don't think it could be done selectively but you could put this in your
> sendmail.mc
>
> FEATURE(`greet_pause',`30000')dnl
>
> Then do your m4 rebuild.
>
> Spermmers are very inpatient.
>
>

Some caveats:

I believe this feature is only available in sendmail 8.13.x

The 30 second delay may be a bit much. Our testing indicates that we get
substantial valid spam rejections at 15000 (15 seconds) and don't seem to
have any false positives. I remember seeing some warnings about some large
ISP's balking at much over 25 seconds. Most spammers will take very little
delay :)

Also you can define systems that do not get any delay in your
/etc/mail/access file:

        # systems that get no greet_pause delay
        192.168.123.1           0
        10.1.1.100                      0

Descriptions of this and other 8.13.x features can be found at:

http://www.technoids.org/dossed.html#1.1.

These include:
        Limiting the Rate of Incoming Connections
        Limiting Simultaneous Connections
        Thwarting Dictionary Attacks
        Blocking Slammers with the greet_pause Feature

I would be good to hear from MailScanners who have implemented any of these
features. We're still testing right now.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney at fsl.com


> On 5/11/05, Jim Holland <mailscanner at mango.zw> wrote:
>
>       Hi Jan-Peter
>
>       On Wed, 11 May 2005, Jan-Peter Koopmann wrote:
>
>       > > That is why I would
>       > > like to see this being implemented after receipt of the
>       > > message - just as DNSBL and other checks are carried out
>       > > afterwards by MailScanner.
>       >
>       > I use DNSBL at MTA level and with SpamAssassin. If the IP triggers
> one
>       > of two RBLs I trust the message is rejected. If it hits one of
> several
>       > other RBLs I slow down the SMTP protocol (enforcing
> synchronization) and
>       > catch quite a lot of spam with that.
>
>       I am not familiar with how to slow down the SMTP connection
> selectively -
>       I don't think this is a feature that sendmail offers.
>
>       > To be honest: I would think of this as unneccessary overhead. Why
> don't
>       > you simply verify the sender address at MTA level, add a header to
> the
>       > message in case the verify fails and then write a simple
> SpamAssassin
>       > rule for this? That's what we do here. It's quick and no code has
> to be
>       > changed. I'm not sure how easy this is with sendmail but with exim
> this
>       > is a matter of minutes.
>
>       Again, I don't know of any easy method of doing this with sendmail
> without
>       writing a special milter.
>
>       > New code in MailScanner only brings the possibility of new errors
> as the
>       > code gets more and more complex, especially since the feature you
> want
>       > would mean implementing/using SMTP. The only advantage would be
> that
>       > people not using SpamAssassin could use this functionality. I
> doubt
>       > there are many people out there that fit this definition though.
> :-)
>
>       Sadly I am in fact in this category.  The current server could not
> cope.
>       However there is a new server sitting on my desk that I have just
> loaded
>       with CentOS (RHEL4 clone).  Now to try Exim, SpamAssassin etc . . .
>
>       Thanks for your feedback.
>
>       Regards
>
>       Jim Holland
>       System Administrator
>       MANGO - Zimbabwe's non-profit e-mail service
>
>       ------------------------ MailScanner list ------------------------
>       To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>       'leave mailscanner' in the body of the email.
>       Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>       the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html
> <http://www.jiscmail.ac.uk/lists/mailscanner.html> ).
>
>       Support MailScanner development - buy the book off the website!
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list