sendmail greet_pause feature

Roger Jochem roger at rudnick.com.br
Tue Feb 7 11:12:39 GMT 2006 

I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings 
in my maillog about messages being rejected becouse there was a pre-greeting 
traffic. Is there some way I could see what messages were this rejected 
messages, just to be sure I'm not rejecting "good mail".

Regards

Roger Jochem

----- Original Message ----- 
From: "Roger Jochem" <roger at rudnick.com.br>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, February 01, 2006 8:44 AM
Subject: Re: sendmail greet_pause feature


> Dag Wieers repository has only sendmail 8.12, or I'm missing it.
>
> http://dag.wieers.com/packages/sendmail/
>
> ----- Original Message ----- 
> From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, February 01, 2006 8:34 AM
> Subject: Re: sendmail greet_pause feature
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Don't forget to change MailScanner.conf to
>> Lock Type = posix
>> when you upgrade sendmail to 8.13.
>>
>> You should be able to find a good RPM of this, so you don't build it 
>> from source and put everything in odd locations. Try http:// 
>> dag.wieers.com/ and search his RPM repository.
>>
>> On 1 Feb 2006, at 10:26, Roger Jochem wrote:
>>
>>> I'm using the rpm version of sendmail in my centos-3 box (sendmail 
>>> 8.12) and I would like to upgrade to sendmail 8.13 to use this  feature, 
>>> that seems really great. Is there some problem I should be  aware, or 
>>> the tar.gz version found at sendmail.org would work fine  on my machine? 
>>> Anyone using 8.13 at centos-3 or some similar OS?
>>>
>>> Regards
>>>
>>> Roger Jochem
>>>
>>> ----- Original Message ----- From: "Anders Andersson, IT" 
>>> <anders.andersson at ltkalmar.se>
>>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>>> Sent: Wednesday, February 01, 2006 8:01 AM
>>> Subject: RE: sendmail greet_pause feature
>>>
>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>>>>> Of Jim Holland
>>>>> Sent: Wednesday, February 01, 2006 9:12 AM
>>>>> To: MailScanner mailing list
>>>>> Subject: OT: sendmail greet_pause feature
>>>>>
>>>>> Perhaps other sendmail users know all about this, but I have
>>>>> only looked at it for the first time.
>>>>>
>>>>> I run sendmail 8.13.1 and have decided to implement the
>>>>> greet_pause feature for the first time (after seeing that it
>>>>> is a default option in Debian installations).  This requires
>>>>> a specified delay after connection, which can be network
>>>>> specific, before a client system is allowed to send any SMTP
>>>>> commands.  Any client that breaks normal SMTP protocols by
>>>>> trying to force commands before receiving the go-ahead is
>>>>> immediately disconnected.  This seems to distinguish very
>>>>> successfully between genuine mailers and spammers/viruses
>>>>> that are not RFC-compliant.
>>>>>
>>>>> Using a 5 second delay I have found that the system has
>>>>> blocked over 3200 connections in the first 24 hours I used
>>>>> it.  The client systems were all typical of spammers, with
>>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR
>>>>> record at all.  I found only four systems in the blocked
>>>>> group that looked as if they were genuine.  On further
>>>>> investigation I found that earlier log records for some of
>>>>> those sites indicated behaviour typical of virus infections
>>>>> in any case.
>>>>
>>>> I second that, thoguh I raised mine to 25 sec just for the fun of  it. 
>>>> I
>>>> started low but raised it by 5 sec eeverytime and its been running
>>>> smooth. So far no one complained and the ones we have a great
>>>> mailexchange with been added to acces list
>>>>
>>>> /Anders
>>>>
>>>>>
>>>>> To implement the feature:
>>>>>
>>>>> Add the following to the sendmail.mc file:
>>>>>
>>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds
>>>>>
>>>>> Rebuild sendmail and restart MailScanner:
>>>>>
>>>>> m4 < sendmail.mc > sendmail.cf
>>>>> service MailScanner restart
>>>>>
>>>>> Then specific entries for client hostname, domain, IP address
>>>>> or subnet can be put in the access file:
>>>>>
>>>>> GreetPause:my.domain    0
>>>>> GreetPause:example.com  5000
>>>>> GreetPause:10.1.2       2000
>>>>> GreetPause:127.0.0.1    0
>>>>>
>>>>> Definitely worth a look I would say, as it blocks large
>>>>> numbers of spammers before they are allowed to send any data,
>>>>> with very low risk of blocking genuine systems.  It even
>>>>> seems to allow genuine mail from infected systems to be
>>>>> accepted while blocking viruses from those same systems
>>>>> before the DATA phase - as many viruses seem to behave rather
>>>>> impolitely :-)
>>>>>
>>>>> Regards
>>>>>
>>>>> Jim Holland
>>>>> System Administrator
>>>>> MANGO - Zimbabwe's non-profit e-mail service
>>>> -- 
>>>> MailScanner mailing list
>>>> MailScanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> -- 
>>> MailScanner mailing list
>>> MailScanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> - -- 
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.4 (Build 4042)
>>
>> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG
>> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn
>> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC
>> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB
>> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q
>> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA==
>> =QCbF
>> -----END PGP SIGNATURE-----
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> -- 
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list