OT: sendmail greet_pause feature

Alex Neuman van der Hans alex at nkpanama.com
Wed Feb 1 19:11:44 GMT 2006 

I swear by greet_pause since it came out. I've even installed in on old 
Red Hat / Fedora sites by using city-fan.org's rpm's at 
http://www.city-fan.org/ftp/contrib/mail/ for older Red Hats.

Jim Holland wrote:
> Perhaps other sendmail users know all about this, but I have only looked 
> at it for the first time.
>
> I run sendmail 8.13.1 and have decided to implement the greet_pause
> feature for the first time (after seeing that it is a default option in
> Debian installations).  This requires a specified delay after connection,
> which can be network specific, before a client system is allowed to send
> any SMTP commands.  Any client that breaks normal SMTP protocols by trying
> to force commands before receiving the go-ahead is immediately
> disconnected.  This seems to distinguish very successfully between genuine 
> mailers and spammers/viruses that are not RFC-compliant.
>
> Using a 5 second delay I have found that the system has blocked over 3200
> connections in the first 24 hours I used it.  The client systems were all
> typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or
> no PTR record at all.  I found only four systems in the blocked group that
> looked as if they were genuine.  On further investigation I found that
> earlier log records for some of those sites indicated behaviour typical of
> virus infections in any case.
>
> To implement the feature:
>
> Add the following to the sendmail.mc file:
>
> 	FEATURE(`greet_pause', `5000')dnl 5 seconds
>
> Rebuild sendmail and restart MailScanner:
>
> 	m4 < sendmail.mc > sendmail.cf
> 	service MailScanner restart
>
> Then specific entries for client hostname, domain, IP address or subnet 
> can be put in the access file:
>
> 	GreetPause:my.domain    0
> 	GreetPause:example.com  5000
> 	GreetPause:10.1.2       2000
> 	GreetPause:127.0.0.1    0
>
> Definitely worth a look I would say, as it blocks large numbers of 
> spammers before they are allowed to send any data, with very low risk of 
> blocking genuine systems.  It even seems to allow genuine mail from 
> infected systems to be accepted while blocking viruses from those same 
> systems before the DATA phase - as many viruses seem to behave rather
> impolitely :-)
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
>   

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/

More information about the MailScanner mailing list