sendmail greet_pause feature

Will McDonald wmcdonald at gmail.com
Tue Feb 7 11:43:30 GMT 2006


On 07/02/06, Roger Jochem <roger at rudnick.com.br> wrote:
> I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings
> in my maillog about messages being rejected becouse there was a pre-greeting
> traffic. Is there some way I could see what messages were this rejected
> messages, just to be sure I'm not rejecting "good mail".

Given what greet_pause is doing, and why, I doubt there's anyway
you're going to get more than is already contained in the log message.

Most of the rejections we've seen since enabling it last week have been

* from IP addresses without reverse DNS
* within dynamically assigned ranges (DSL, cable modems and the like)
* from *.pl, *.ru, *.kr and other usually suspicious TLDs.

Try something like...

$ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u

Have a scan through and the chances are it'll all be suspicious
looking. And remember, even if the reverse lookup makes them look
potentially legit, they're still trying to inject mail traffic before
you've told them to, which should immediately raise concerns.

Will.


More information about the MailScanner mailing list