sendmail greet_pause feature

Julian Field MailScanner at ecs.soton.ac.uk
Wed Feb 1 10:34:44 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----

Don't forget to change MailScanner.conf to
	Lock Type = posix
when you upgrade sendmail to 8.13.

You should be able to find a good RPM of this, so you don't build it  
from source and put everything in odd locations. Try http:// 
dag.wieers.com/ and search his RPM repository.

On 1 Feb 2006, at 10:26, Roger Jochem wrote:

> I'm using the rpm version of sendmail in my centos-3 box (sendmail  
> 8.12) and I would like to upgrade to sendmail 8.13 to use this  
> feature, that seems really great. Is there some problem I should be  
> aware, or the tar.gz version found at sendmail.org would work fine  
> on my machine? Anyone using 8.13 at centos-3 or some similar OS?
>
> Regards
>
> Roger Jochem
>
> ----- Original Message ----- From: "Anders Andersson, IT"  
> <anders.andersson at ltkalmar.se>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, February 01, 2006 8:01 AM
> Subject: RE: sendmail greet_pause feature
>
>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>>> Of Jim Holland
>>> Sent: Wednesday, February 01, 2006 9:12 AM
>>> To: MailScanner mailing list
>>> Subject: OT: sendmail greet_pause feature
>>>
>>> Perhaps other sendmail users know all about this, but I have
>>> only looked at it for the first time.
>>>
>>> I run sendmail 8.13.1 and have decided to implement the
>>> greet_pause feature for the first time (after seeing that it
>>> is a default option in Debian installations).  This requires
>>> a specified delay after connection, which can be network
>>> specific, before a client system is allowed to send any SMTP
>>> commands.  Any client that breaks normal SMTP protocols by
>>> trying to force commands before receiving the go-ahead is
>>> immediately disconnected.  This seems to distinguish very
>>> successfully between genuine mailers and spammers/viruses
>>> that are not RFC-compliant.
>>>
>>> Using a 5 second delay I have found that the system has
>>> blocked over 3200 connections in the first 24 hours I used
>>> it.  The client systems were all typical of spammers, with
>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR
>>> record at all.  I found only four systems in the blocked
>>> group that looked as if they were genuine.  On further
>>> investigation I found that earlier log records for some of
>>> those sites indicated behaviour typical of virus infections
>>> in any case.
>>
>> I second that, thoguh I raised mine to 25 sec just for the fun of  
>> it. I
>> started low but raised it by 5 sec eeverytime and its been running
>> smooth. So far no one complained and the ones we have a great
>> mailexchange with been added to acces list
>>
>> /Anders
>>
>>>
>>> To implement the feature:
>>>
>>> Add the following to the sendmail.mc file:
>>>
>>> FEATURE(`greet_pause', `5000')dnl 5 seconds
>>>
>>> Rebuild sendmail and restart MailScanner:
>>>
>>> m4 < sendmail.mc > sendmail.cf
>>> service MailScanner restart
>>>
>>> Then specific entries for client hostname, domain, IP address
>>> or subnet can be put in the access file:
>>>
>>> GreetPause:my.domain    0
>>> GreetPause:example.com  5000
>>> GreetPause:10.1.2       2000
>>> GreetPause:127.0.0.1    0
>>>
>>> Definitely worth a look I would say, as it blocks large
>>> numbers of spammers before they are allowed to send any data,
>>> with very low risk of blocking genuine systems.  It even
>>> seems to allow genuine mail from infected systems to be
>>> accepted while blocking viruses from those same systems
>>> before the DATA phase - as many viruses seem to behave rather
>>> impolitely :-)
>>>
>>> Regards
>>>
>>> Jim Holland
>>> System Administrator
>>> MANGO - Zimbabwe's non-profit e-mail service
>> -- 
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> -- 
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)

iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG
1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn
ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC
pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB
Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q
lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA==
=QCbF
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list