[Mimedefang] Re: Pre-greeting traffic.
G.W. Haywood
ged at jubileegroup.co.uk
Thu Apr 12 16:52:47 EDT 2007
Hi there,
On Thu, 12 Apr 2007 Mark G. Thomas wrote:
> On Wed, Apr 04, 2007 at 07:31:55PM +0100, G.W. Haywood wrote:
> >
> > My mail system automatically firewalls spam sources. Depending on a
> > variety of factors, the block is either for a few hours or indefinite.
> >
> > At the moment about half of the spam sources I see send pre-greeting
> > traffic (I'm using sendmail's greet_pause feature), but blocking on
> > that basis alone does give false positives, which I'd like to avoid.
>
> Really? I haven't had any complaints about blocking any non-spam sources
> due to pre-greeting traffic, and we're handling about a million messages
> per week. Right now we're using a greet_pause setting of 5000 (5 secs)
> and blocking about 45,000 connections per week with this rule.
One such non-spam source was mac.com - I tweaked the rules to give no pause.
But apparently there are no takers for my question? That is, paraphrasing,
does anyone have a way to log the actual pre-greeting traffic for analysis?
Other than sniffing the TCP connection, of course.
--
73,
Ged.
More information about the MIMEDefang
mailing list