sendmail greet_pause feature

Roger Jochem roger at rudnick.com.br
Wed Feb 1 10:26:28 GMT 2006 

I'm using the rpm version of sendmail in my centos-3 box (sendmail 8.12) and 
I would like to upgrade to sendmail 8.13 to use this feature, that seems 
really great. Is there some problem I should be aware, or the tar.gz version 
found at sendmail.org would work fine on my machine? Anyone using 8.13 at 
centos-3 or some similar OS?

Regards

Roger Jochem

----- Original Message ----- 
From: "Anders Andersson, IT" <anders.andersson at ltkalmar.se>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, February 01, 2006 8:01 AM
Subject: RE: sendmail greet_pause feature


>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>> Of Jim Holland
>> Sent: Wednesday, February 01, 2006 9:12 AM
>> To: MailScanner mailing list
>> Subject: OT: sendmail greet_pause feature
>>
>> Perhaps other sendmail users know all about this, but I have
>> only looked at it for the first time.
>>
>> I run sendmail 8.13.1 and have decided to implement the
>> greet_pause feature for the first time (after seeing that it
>> is a default option in Debian installations).  This requires
>> a specified delay after connection, which can be network
>> specific, before a client system is allowed to send any SMTP
>> commands.  Any client that breaks normal SMTP protocols by
>> trying to force commands before receiving the go-ahead is
>> immediately disconnected.  This seems to distinguish very
>> successfully between genuine mailers and spammers/viruses
>> that are not RFC-compliant.
>>
>> Using a 5 second delay I have found that the system has
>> blocked over 3200 connections in the first 24 hours I used
>> it.  The client systems were all typical of spammers, with
>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR
>> record at all.  I found only four systems in the blocked
>> group that looked as if they were genuine.  On further
>> investigation I found that earlier log records for some of
>> those sites indicated behaviour typical of virus infections
>> in any case.
>
> I second that, thoguh I raised mine to 25 sec just for the fun of it. I
> started low but raised it by 5 sec eeverytime and its been running
> smooth. So far no one complained and the ones we have a great
> mailexchange with been added to acces list
>
> /Anders
>
>>
>> To implement the feature:
>>
>> Add the following to the sendmail.mc file:
>>
>> FEATURE(`greet_pause', `5000')dnl 5 seconds
>>
>> Rebuild sendmail and restart MailScanner:
>>
>> m4 < sendmail.mc > sendmail.cf
>> service MailScanner restart
>>
>> Then specific entries for client hostname, domain, IP address
>> or subnet can be put in the access file:
>>
>> GreetPause:my.domain    0
>> GreetPause:example.com  5000
>> GreetPause:10.1.2       2000
>> GreetPause:127.0.0.1    0
>>
>> Definitely worth a look I would say, as it blocks large
>> numbers of spammers before they are allowed to send any data,
>> with very low risk of blocking genuine systems.  It even
>> seems to allow genuine mail from infected systems to be
>> accepted while blocking viruses from those same systems
>> before the DATA phase - as many viruses seem to behave rather
>> impolitely :-)
>>
>> Regards
>>
>> Jim Holland
>> System Administrator
>> MANGO - Zimbabwe's non-profit e-mail service
> -- 
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list