sendmail greet_pause feature

Randal, Phil prandal at herefordshire.gov.uk
Tue Feb 7 14:11:15 GMT 2006


I've done that, it was more a cautionary note to others.

greet_pause is currently catching about 10% of our incoming emails.

Around 40% of our incoming mail was spam, so it helps.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Alex Neuman van der Hans
> Sent: 07 February 2006 13:22
> To: MailScanner discussion
> Subject: Re: sendmail greet_pause feature
> 
> Whitelist them using the access db (put their netblocks or 
> domains on a, say, 3 second delay instead).
> 
> Randal, Phil wrote:
> > Looking at the last couple of days' sendmail logs I'm finding a few 
> > who really should know better falling foul of a greet_pause 
> 10 second delay:
> >
> > ncsmtp02.partner.nspcc.org.uk
> > gateway.brent.gov.uk
> >
> > and these ISPs.  Tut tut!
> >
> > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) 
> > various mx servers at mail.uk.clara.net 
> (mx0.mail.uk.clara.net through
> > mx5)
> > store0.mail.uk.easynet.net
> >
> > Cheers,
> >
> > Phil
> > ----
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> >
> >   
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> >> [mailto:mailscanner-bounces at lists.mailscanner.info] On 
> Behalf Of Will 
> >> McDonald
> >> Sent: 07 February 2006 11:44
> >> To: MailScanner discussion
> >> Subject: Re: sendmail greet_pause feature
> >>
> >> On 07/02/06, Roger Jochem <roger at rudnick.com.br> wrote:
> >>     
> >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of 
> >>> warnings in my maillog about messages being rejected
> >>>       
> >> becouse there was
> >>     
> >>> a pre-greeting traffic. Is there some way I could see 
> what messages 
> >>> were this rejected messages, just to be sure I'm not
> >>>       
> >> rejecting "good mail".
> >>
> >> Given what greet_pause is doing, and why, I doubt there's anyway 
> >> you're going to get more than is already contained in the log 
> >> message.
> >>
> >> Most of the rejections we've seen since enabling it last week have 
> >> been
> >>
> >> * from IP addresses without reverse DNS
> >> * within dynamically assigned ranges (DSL, cable modems 
> and the like)
> >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs.
> >>
> >> Try something like...
> >>
> >> $ awk '/due to pre-greeting/ { print $10 }' 
> /var/log/maillog | sort 
> >> -u
> >>
> >> Have a scan through and the chances are it'll all be suspicious 
> >> looking. And remember, even if the reverse lookup makes them look 
> >> potentially legit, they're still trying to inject mail 
> traffic before 
> >> you've told them to, which should immediately raise concerns.
> >>
> >> Will.
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website! 
> >>
> >>     
> 
> -- 
> 
> Alex Neuman van der Hans
> N&K Technology Consultants
> Tel. +507 214-9002 - http://nkpanama.com/
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


More information about the MailScanner mailing list