sendmail greet_pause feature

Alex Neuman van der Hans alex at nkpanama.com
Tue Feb 7 13:21:30 GMT 2006


Whitelist them using the access db (put their netblocks or domains on a, 
say, 3 second delay instead).

Randal, Phil wrote:
> Looking at the last couple of days' sendmail logs I'm finding a few who
> really should know better falling foul of a greet_pause 10 second delay:
>
> ncsmtp02.partner.nspcc.org.uk
> gateway.brent.gov.uk 
>
> and these ISPs.  Tut tut!
>
> various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1)
> various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through
> mx5)
> store0.mail.uk.easynet.net
>
> Cheers,
>
> Phil
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Will McDonald
>> Sent: 07 February 2006 11:44
>> To: MailScanner discussion
>> Subject: Re: sendmail greet_pause feature
>>
>> On 07/02/06, Roger Jochem <roger at rudnick.com.br> wrote:
>>     
>>> I just enabled the greet_pause im my sendmail. I'm seing a lot of 
>>> warnings in my maillog about messages being rejected 
>>>       
>> becouse there was 
>>     
>>> a pre-greeting traffic. Is there some way I could see what messages 
>>> were this rejected messages, just to be sure I'm not 
>>>       
>> rejecting "good mail".
>>
>> Given what greet_pause is doing, and why, I doubt there's 
>> anyway you're going to get more than is already contained in 
>> the log message.
>>
>> Most of the rejections we've seen since enabling it last week 
>> have been
>>
>> * from IP addresses without reverse DNS
>> * within dynamically assigned ranges (DSL, cable modems and the like)
>> * from *.pl, *.ru, *.kr and other usually suspicious TLDs.
>>
>> Try something like...
>>
>> $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u
>>
>> Have a scan through and the chances are it'll all be 
>> suspicious looking. And remember, even if the reverse lookup 
>> makes them look potentially legit, they're still trying to 
>> inject mail traffic before you've told them to, which should 
>> immediately raise concerns.
>>
>> Will.
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>>
>>     

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/



More information about the MailScanner mailing list