sendmail greet_pause feature

Alex Neuman van der Hans alex at nkpanama.com
Wed Feb 1 19:36:01 GMT 2006 

Alongside. I've set up greylisting on most domains I administer. Also 
works wonders. I *do* start greylisting with a low value (30 seconds) 
and work my way up to what is comfortable (some people *demand* their 
e-mail be let through immediately).

Plant, Dean wrote:
> Should this be used as a replacement to greylisting or can it be used
> along side?
>
> Dean
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jim
> Holland
> Sent: 01 February 2006 08:12
> To: MailScanner mailing list
> Subject: OT: sendmail greet_pause feature
>
>
> Perhaps other sendmail users know all about this, but I have only looked
>
> at it for the first time.
>
> I run sendmail 8.13.1 and have decided to implement the greet_pause
> feature for the first time (after seeing that it is a default option in
> Debian installations).  This requires a specified delay after
> connection,
> which can be network specific, before a client system is allowed to send
> any SMTP commands.  Any client that breaks normal SMTP protocols by
> trying
> to force commands before receiving the go-ahead is immediately
> disconnected.  This seems to distinguish very successfully between
> genuine 
> mailers and spammers/viruses that are not RFC-compliant.
>
> Using a 5 second delay I have found that the system has blocked over
> 3200
> connections in the first 24 hours I used it.  The client systems were
> all
> typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames
> or
> no PTR record at all.  I found only four systems in the blocked group
> that
> looked as if they were genuine.  On further investigation I found that
> earlier log records for some of those sites indicated behaviour typical
> of
> virus infections in any case.
>
> To implement the feature:
>
> Add the following to the sendmail.mc file:
>
> 	FEATURE(`greet_pause', `5000')dnl 5 seconds
>
> Rebuild sendmail and restart MailScanner:
>
> 	m4 < sendmail.mc > sendmail.cf
> 	service MailScanner restart
>
> Then specific entries for client hostname, domain, IP address or subnet 
> can be put in the access file:
>
> 	GreetPause:my.domain    0
> 	GreetPause:example.com  5000
> 	GreetPause:10.1.2       2000
> 	GreetPause:127.0.0.1    0
>
> Definitely worth a look I would say, as it blocks large numbers of 
> spammers before they are allowed to send any data, with very low risk of
>
> blocking genuine systems.  It even seems to allow genuine mail from 
> infected systems to be accepted while blocking viruses from those same 
> systems before the DATA phase - as many viruses seem to behave rather
> impolitely :-)
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
>   

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/

More information about the MailScanner mailing list