sendmail greet_pause feature
Randal, Phil
prandal at herefordshire.gov.uk
Tue Feb 7 14:11:15 GMT 2006
I've done that, it was more a cautionary note to others.
greet_pause is currently catching about 10% of our incoming emails.
Around 40% of our incoming mail was spam, so it helps.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Alex Neuman van der Hans
> Sent: 07 February 2006 13:22
> To: MailScanner discussion
> Subject: Re: sendmail greet_pause feature
>
> Whitelist them using the access db (put their netblocks or
> domains on a, say, 3 second delay instead).
>
> Randal, Phil wrote:
> > Looking at the last couple of days' sendmail logs I'm finding a few
> > who really should know better falling foul of a greet_pause
> 10 second delay:
> >
> > ncsmtp02.partner.nspcc.org.uk
> > gateway.brent.gov.uk
> >
> > and these ISPs. Tut tut!
> >
> > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1)
> > various mx servers at mail.uk.clara.net
> (mx0.mail.uk.clara.net through
> > mx5)
> > store0.mail.uk.easynet.net
> >
> > Cheers,
> >
> > Phil
> > ----
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> >> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of Will
> >> McDonald
> >> Sent: 07 February 2006 11:44
> >> To: MailScanner discussion
> >> Subject: Re: sendmail greet_pause feature
> >>
> >> On 07/02/06, Roger Jochem <roger at rudnick.com.br> wrote:
> >>
> >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of
> >>> warnings in my maillog about messages being rejected
> >>>
> >> becouse there was
> >>
> >>> a pre-greeting traffic. Is there some way I could see
> what messages
> >>> were this rejected messages, just to be sure I'm not
> >>>
> >> rejecting "good mail".
> >>
> >> Given what greet_pause is doing, and why, I doubt there's anyway
> >> you're going to get more than is already contained in the log
> >> message.
> >>
> >> Most of the rejections we've seen since enabling it last week have
> >> been
> >>
> >> * from IP addresses without reverse DNS
> >> * within dynamically assigned ranges (DSL, cable modems
> and the like)
> >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs.
> >>
> >> Try something like...
> >>
> >> $ awk '/due to pre-greeting/ { print $10 }'
> /var/log/maillog | sort
> >> -u
> >>
> >> Have a scan through and the chances are it'll all be suspicious
> >> looking. And remember, even if the reverse lookup makes them look
> >> potentially legit, they're still trying to inject mail
> traffic before
> >> you've told them to, which should immediately raise concerns.
> >>
> >> Will.
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >>
>
> --
>
> Alex Neuman van der Hans
> N&K Technology Consultants
> Tel. +507 214-9002 - http://nkpanama.com/
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list