sendmail greet_pause feature
Alex Neuman van der Hans
alex at nkpanama.com
Tue Feb 7 13:21:30 GMT 2006
Whitelist them using the access db (put their netblocks or domains on a,
say, 3 second delay instead).
Randal, Phil wrote:
> Looking at the last couple of days' sendmail logs I'm finding a few who
> really should know better falling foul of a greet_pause 10 second delay:
>
> ncsmtp02.partner.nspcc.org.uk
> gateway.brent.gov.uk
>
> and these ISPs. Tut tut!
>
> various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1)
> various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through
> mx5)
> store0.mail.uk.easynet.net
>
> Cheers,
>
> Phil
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>> Of Will McDonald
>> Sent: 07 February 2006 11:44
>> To: MailScanner discussion
>> Subject: Re: sendmail greet_pause feature
>>
>> On 07/02/06, Roger Jochem <roger at rudnick.com.br> wrote:
>>
>>> I just enabled the greet_pause im my sendmail. I'm seing a lot of
>>> warnings in my maillog about messages being rejected
>>>
>> becouse there was
>>
>>> a pre-greeting traffic. Is there some way I could see what messages
>>> were this rejected messages, just to be sure I'm not
>>>
>> rejecting "good mail".
>>
>> Given what greet_pause is doing, and why, I doubt there's
>> anyway you're going to get more than is already contained in
>> the log message.
>>
>> Most of the rejections we've seen since enabling it last week
>> have been
>>
>> * from IP addresses without reverse DNS
>> * within dynamically assigned ranges (DSL, cable modems and the like)
>> * from *.pl, *.ru, *.kr and other usually suspicious TLDs.
>>
>> Try something like...
>>
>> $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u
>>
>> Have a scan through and the chances are it'll all be
>> suspicious looking. And remember, even if the reverse lookup
>> makes them look potentially legit, they're still trying to
>> inject mail traffic before you've told them to, which should
>> immediately raise concerns.
>>
>> Will.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
--
Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/
More information about the MailScanner
mailing list