sendmail greet_pause feature

[Randal, Phil]

You can't - the reject happens in the early stages of the smtp
transaction, because the machine connecting isn't following the smtp
RFC.

That's the whole point of it.

So all you're going to see is the IP of the dodgy sender.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Roger Jochem
> Sent: 07 February 2006 11:13
> To: MailScanner discussion
> Subject: Re: sendmail greet_pause feature
> 
> I just enabled the greet_pause im my sendmail. I'm seing a 
> lot of warnings in my maillog about messages being rejected 
> becouse there was a pre-greeting traffic. Is there some way I 
> could see what messages were this rejected messages, just to 
> be sure I'm not rejecting "good mail".
> 
> Regards
> 
> Roger Jochem
> 
> ----- Original Message -----
> From: "Roger Jochem" <roger at rudnick.com.br>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, February 01, 2006 8:44 AM
> Subject: Re: sendmail greet_pause feature
> 
> 
> > Dag Wieers repository has only sendmail 8.12, or I'm missing it.
> >
> > http://dag.wieers.com/packages/sendmail/
> >
> > ----- Original Message ----- 
> > From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Sent: Wednesday, February 01, 2006 8:34 AM
> > Subject: Re: sendmail greet_pause feature
> >
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >>
> >> Don't forget to change MailScanner.conf to
> >> Lock Type = posix
> >> when you upgrade sendmail to 8.13.
> >>
> >> You should be able to find a good RPM of this, so you 
> don't build it 
> >> from source and put everything in odd locations. Try http:// 
> >> dag.wieers.com/ and search his RPM repository.
> >>
> >> On 1 Feb 2006, at 10:26, Roger Jochem wrote:
> >>
> >>> I'm using the rpm version of sendmail in my centos-3 box 
> (sendmail 
> >>> 8.12) and I would like to upgrade to sendmail 8.13 to use 
> this  feature, 
> >>> that seems really great. Is there some problem I should 
> be  aware, or 
> >>> the tar.gz version found at sendmail.org would work fine  
> on my machine? 
> >>> Anyone using 8.13 at centos-3 or some similar OS?
> >>>
> >>> Regards
> >>>
> >>> Roger Jochem
> >>>
> >>> ----- Original Message ----- From: "Anders Andersson, IT" 
> >>> <anders.andersson at ltkalmar.se>
> >>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> >>> Sent: Wednesday, February 01, 2006 8:01 AM
> >>> Subject: RE: sendmail greet_pause feature
> >>>
> >>>
> >>>>> -----Original Message-----
> >>>>> From: mailscanner-bounces at lists.mailscanner.info
> >>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> >>>>> Of Jim Holland
> >>>>> Sent: Wednesday, February 01, 2006 9:12 AM
> >>>>> To: MailScanner mailing list
> >>>>> Subject: OT: sendmail greet_pause feature
> >>>>>
> >>>>> Perhaps other sendmail users know all about this, but I have
> >>>>> only looked at it for the first time.
> >>>>>
> >>>>> I run sendmail 8.13.1 and have decided to implement the
> >>>>> greet_pause feature for the first time (after seeing that it
> >>>>> is a default option in Debian installations).  This requires
> >>>>> a specified delay after connection, which can be network
> >>>>> specific, before a client system is allowed to send any SMTP
> >>>>> commands.  Any client that breaks normal SMTP protocols by
> >>>>> trying to force commands before receiving the go-ahead is
> >>>>> immediately disconnected.  This seems to distinguish very
> >>>>> successfully between genuine mailers and spammers/viruses
> >>>>> that are not RFC-compliant.
> >>>>>
> >>>>> Using a 5 second delay I have found that the system has
> >>>>> blocked over 3200 connections in the first 24 hours I used
> >>>>> it.  The client systems were all typical of spammers, with
> >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR
> >>>>> record at all.  I found only four systems in the blocked
> >>>>> group that looked as if they were genuine.  On further
> >>>>> investigation I found that earlier log records for some of
> >>>>> those sites indicated behaviour typical of virus infections
> >>>>> in any case.
> >>>>
> >>>> I second that, thoguh I raised mine to 25 sec just for 
> the fun of  it. 
> >>>> I
> >>>> started low but raised it by 5 sec eeverytime and its 
> been running
> >>>> smooth. So far no one complained and the ones we have a great
> >>>> mailexchange with been added to acces list
> >>>>
> >>>> /Anders
> >>>>
> >>>>>
> >>>>> To implement the feature:
> >>>>>
> >>>>> Add the following to the sendmail.mc file:
> >>>>>
> >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds
> >>>>>
> >>>>> Rebuild sendmail and restart MailScanner:
> >>>>>
> >>>>> m4 < sendmail.mc > sendmail.cf
> >>>>> service MailScanner restart
> >>>>>
> >>>>> Then specific entries for client hostname, domain, IP address
> >>>>> or subnet can be put in the access file:
> >>>>>
> >>>>> GreetPause:my.domain    0
> >>>>> GreetPause:example.com  5000
> >>>>> GreetPause:10.1.2       2000
> >>>>> GreetPause:127.0.0.1    0
> >>>>>
> >>>>> Definitely worth a look I would say, as it blocks large
> >>>>> numbers of spammers before they are allowed to send any data,
> >>>>> with very low risk of blocking genuine systems.  It even
> >>>>> seems to allow genuine mail from infected systems to be
> >>>>> accepted while blocking viruses from those same systems
> >>>>> before the DATA phase - as many viruses seem to behave rather
> >>>>> impolitely :-)
> >>>>>
> >>>>> Regards
> >>>>>
> >>>>> Jim Holland
> >>>>> System Administrator
> >>>>> MANGO - Zimbabwe's non-profit e-mail service
> >>>> -- 
> >>>> MailScanner mailing list
> >>>> MailScanner at lists.mailscanner.info
> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>
> >>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>
> >>>> Support MailScanner development - buy the book off the website!
> >>>
> >>> -- 
> >>> MailScanner mailing list
> >>> MailScanner at lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>
> >> - -- 
> >> Julian Field
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: PGP Desktop 9.0.4 (Build 4042)
> >>
> >> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG
> >> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn
> >> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC
> >> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB
> >> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q
> >> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA==
> >> =QCbF
> >> -----END PGP SIGNATURE-----
> >>
> >> -- 
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> -- 
> >> MailScanner mailing list
> >> MailScanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> > -- 
> > MailScanner mailing list
> > MailScanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
>