sendmail greet_pause feature

Anders Andersson, IT anders.andersson at ltkalmar.se
Wed Feb 1 10:01:21 GMT 2006 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Jim Holland
> Sent: Wednesday, February 01, 2006 9:12 AM
> To: MailScanner mailing list
> Subject: OT: sendmail greet_pause feature
> 
> Perhaps other sendmail users know all about this, but I have 
> only looked at it for the first time.
> 
> I run sendmail 8.13.1 and have decided to implement the 
> greet_pause feature for the first time (after seeing that it 
> is a default option in Debian installations).  This requires 
> a specified delay after connection, which can be network 
> specific, before a client system is allowed to send any SMTP 
> commands.  Any client that breaks normal SMTP protocols by 
> trying to force commands before receiving the go-ahead is 
> immediately disconnected.  This seems to distinguish very 
> successfully between genuine mailers and spammers/viruses 
> that are not RFC-compliant.
> 
> Using a 5 second delay I have found that the system has 
> blocked over 3200 connections in the first 24 hours I used 
> it.  The client systems were all typical of spammers, with 
> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR 
> record at all.  I found only four systems in the blocked 
> group that looked as if they were genuine.  On further 
> investigation I found that earlier log records for some of 
> those sites indicated behaviour typical of virus infections 
> in any case.

I second that, thoguh I raised mine to 25 sec just for the fun of it. I
started low but raised it by 5 sec eeverytime and its been running
smooth. So far no one complained and the ones we have a great
mailexchange with been added to acces list

/Anders

> 
> To implement the feature:
> 
> Add the following to the sendmail.mc file:
> 
> 	FEATURE(`greet_pause', `5000')dnl 5 seconds
> 
> Rebuild sendmail and restart MailScanner:
> 
> 	m4 < sendmail.mc > sendmail.cf
> 	service MailScanner restart
> 
> Then specific entries for client hostname, domain, IP address 
> or subnet can be put in the access file:
> 
> 	GreetPause:my.domain    0
> 	GreetPause:example.com  5000
> 	GreetPause:10.1.2       2000
> 	GreetPause:127.0.0.1    0
> 
> Definitely worth a look I would say, as it blocks large 
> numbers of spammers before they are allowed to send any data, 
> with very low risk of blocking genuine systems.  It even 
> seems to allow genuine mail from infected systems to be 
> accepted while blocking viruses from those same systems 
> before the DATA phase - as many viruses seem to behave rather 
> impolitely :-)
> 
> Regards
> 
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list