Sendmail's New GreetPause Feature
Hal Pomeranz
In most cases, spammers are motivated to send their
unsolicited emails as rapidly as possible. Slamming is a technique where
the spammer simply fires all of the SMTP commands necessary to transmit an
email message to another mail server without waiting for the normal SMTP
responses from the remote machine. Typically, the remote mail server will
end up accepting the message despite the fact that the slammer is actually
disobeying the SMTP behavior mandated by various Internet RFCs.
However, no well-behaved mail server should ever
inject email messages in this fashion, so it would be nice if there were
some way to distinguish between the malicious slamming activity and more
normal SMTP traffic. The Sendmail v8.13 release train introduced the GreetPause option for doing
exactly that. When GreetPause is enabled, Sendmail simply waits a specified amount of
time on each new connection before emitting the standard SMTP greeting
message. If the remote server starts sending SMTP commands before your mail
server sends out the SMTP greeting string,
then the remote side is trying to slam you. When this happens, Sendmail
simply rejects all of the incoming SMTP commands and drops the message.
GreetPause is one of those
extremely useful spam-fighting techniques that precisely identifies a
specific type of unwanted email traffic while
having minimal impact on regular SMTP sessions.
As such, it's a good idea to implement this feature on all of your
Internet-facing mail servers to help cut down on the amount of spam you
have to deal with.
Implementation
Turning on the GreetPause option is simple. Just add a macro like the following to your existing Sendmail macro configuration file:
FEATURE(`greet_pause', `1000')
The second argument is the number of milliseconds
Sendmail should wait before sending the SMTP greeting string to the remote
mail server -- so here we're pausing for one second.
|
