OT: sendmail greet_pause feature
Alex Neuman van der Hans
alex at nkpanama.com
Wed Feb 1 19:11:44 GMT 2006
I swear by greet_pause since it came out. I've even installed in on old
Red Hat / Fedora sites by using city-fan.org's rpm's at
http://www.city-fan.org/ftp/contrib/mail/ for older Red Hats.
Jim Holland wrote:
> Perhaps other sendmail users know all about this, but I have only looked
> at it for the first time.
>
> I run sendmail 8.13.1 and have decided to implement the greet_pause
> feature for the first time (after seeing that it is a default option in
> Debian installations). This requires a specified delay after connection,
> which can be network specific, before a client system is allowed to send
> any SMTP commands. Any client that breaks normal SMTP protocols by trying
> to force commands before receiving the go-ahead is immediately
> disconnected. This seems to distinguish very successfully between genuine
> mailers and spammers/viruses that are not RFC-compliant.
>
> Using a 5 second delay I have found that the system has blocked over 3200
> connections in the first 24 hours I used it. The client systems were all
> typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or
> no PTR record at all. I found only four systems in the blocked group that
> looked as if they were genuine. On further investigation I found that
> earlier log records for some of those sites indicated behaviour typical of
> virus infections in any case.
>
> To implement the feature:
>
> Add the following to the sendmail.mc file:
>
> FEATURE(`greet_pause', `5000')dnl 5 seconds
>
> Rebuild sendmail and restart MailScanner:
>
> m4 < sendmail.mc > sendmail.cf
> service MailScanner restart
>
> Then specific entries for client hostname, domain, IP address or subnet
> can be put in the access file:
>
> GreetPause:my.domain 0
> GreetPause:example.com 5000
> GreetPause:10.1.2 2000
> GreetPause:127.0.0.1 0
>
> Definitely worth a look I would say, as it blocks large numbers of
> spammers before they are allowed to send any data, with very low risk of
> blocking genuine systems. It even seems to allow genuine mail from
> infected systems to be accepted while blocking viruses from those same
> systems before the DATA phase - as many viruses seem to behave rather
> impolitely :-)
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
>
--
Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/
More information about the MailScanner
mailing list