[Mimedefang] SMTP Pipelining, and GREYLISTING

Cormack, Ken kcormack at acs.roadway.com
Thu Mar 25 13:59:07 EST 2004 

All -
 
Please read the thread below.  If you impliment greylisting with MIMEDefang,
you MIGHT want to disable sendmail's support for PIPELINING.  (See rfc 2920:
SMTP Service Extension for Command Pipelining)
 
You can check your sendmail to see if it currently supports pipelining, as
follows:
 
sendmail -d0.1 -bt < /dev/null
 
If you see PIPELINING in the "Compiled with" options, then pipelining
support is active.  To disable support for pipelining (which is enabled by
default if you compile the sendmail source tar-ball), you need to add the
following statement to your devtools/Site/site.config.m4 and recompile
sendmail.
 
APPENDDEF(`conf_sendmail_ENVDEF', `-DPIPELINING=0')
 
Ken
-----Original Message-----
From: Cormack, Ken 
Sent: Wednesday, March 24, 2004 4:14 PM
To: 'etoll at vipstructure.com'
Cc: 'System Administrator (Roadway)'; Charlton, Dane; Tyler Hudak (E-mail)
Subject: Pipelining SMTP - was RE: test

Eric,

I have checked our SMTP engine's HELO response, and have confirmed that the
sendmail engine was, in fact, configured to support pipelining, as follows:
 
> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail01.roadway.com ESMTP - This system checks to see who you really are
ehlo localhost
250-mail01.roadway.com Hello mail01.roadway.com [127.0.0.1], pleased to meet
you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 50000000
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
 
The problem was that the "451 4.3.0 Tempfailed:" came from a milter/plugin
in use on our end which impliments greylisting (and which does not consider
the possible use of pipelining in the sendmail engine itself.)
 
Rather than disabling the greylist, which has proven itself to be a valuable
defense against spammers, I have disabled our sendmail's support for the
PIPELINING command.  Our sendmail will no longer announce support for
pipelining...
 
I appreciate that you took the time to research the problem, and for
reporting it to us.

KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
    Open Systems Group
Sr. Software Analyst,
    TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
    557 E. Tallmadge Ave., Akron, OH  44310


-----Original Message-----
From: Eric Toll 
Sent: Wednesday, March 24, 2004 2:21 PM
To: System Administrator 
Subject: RE: test
 
<<snip>> 

Perhaps you should look at PIPELINING RFC. With ESMTP command pipelining,
the client sends the DATA command BEFORE the server has replied to all the
RCPT TO requests.
 
My system is RFC Compliant, looks like your (Sendmail) is doing a validation
of users before accepting?
 
Regards,
Eric
 
 
Eric Toll, CNE 
Director of Computer Services 
VIP Structures, Inc. 
One Websters Landing
Syracuse, NY 13206

More information about the MIMEDefang mailing list