sendmail greet_pause feature
Brian O'Keeffe
brian.okeeffe at kepak.com
Thu Feb 2 11:57:17 GMT 2006
Thanks, for that, I implemented it yesterday and am noticing a difference,
could anybody recommend a package for log monitoring so I can compare before
and after implementation traffic? I'm using sendmail and MailScanner on
debian woody.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jim Holland
Sent: 01 February 2006 08:12
To: MailScanner mailing list
Subject: OT: sendmail greet_pause feature
Perhaps other sendmail users know all about this, but I have only looked
at it for the first time.
I run sendmail 8.13.1 and have decided to implement the greet_pause
feature for the first time (after seeing that it is a default option in
Debian installations). This requires a specified delay after connection,
which can be network specific, before a client system is allowed to send
any SMTP commands. Any client that breaks normal SMTP protocols by trying
to force commands before receiving the go-ahead is immediately
disconnected. This seems to distinguish very successfully between genuine
mailers and spammers/viruses that are not RFC-compliant.
Using a 5 second delay I have found that the system has blocked over 3200
connections in the first 24 hours I used it. The client systems were all
typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or
no PTR record at all. I found only four systems in the blocked group that
looked as if they were genuine. On further investigation I found that
earlier log records for some of those sites indicated behaviour typical of
virus infections in any case.
To implement the feature:
Add the following to the sendmail.mc file:
FEATURE(`greet_pause', `5000')dnl 5 seconds
Rebuild sendmail and restart MailScanner:
m4 < sendmail.mc > sendmail.cf
service MailScanner restart
Then specific entries for client hostname, domain, IP address or subnet
can be put in the access file:
GreetPause:my.domain 0
GreetPause:example.com 5000
GreetPause:10.1.2 2000
GreetPause:127.0.0.1 0
Definitely worth a look I would say, as it blocks large numbers of
spammers before they are allowed to send any data, with very low risk of
blocking genuine systems. It even seems to allow genuine mail from
infected systems to be accepted while blocking viruses from those same
systems before the DATA phase - as many viruses seem to behave rather
impolitely :-)
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
--
MailScanner mailing list
MailScanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006
More information about the MailScanner
mailing list