[Mimedefang] Re: Pre-greeting traffic.

Yizhar Hurwitz yizhar at mail.com
Fri Apr 13 06:32:44 EDT 2007


HI.

> From: "G.W. Haywood" <ged at jubileegroup.co.uk>
>   
> But apparently there are no takers for my question?  That is, paraphrasing,
> does anyone have a way to log the actual pre-greeting traffic for analysis?
> Other than sniffing the TCP connection, of course.
>
>   
Greet pause is working fine for me, with a value of 5000.
No false positive, no complaints.

You can use logwatch (or your own custom script to grep /var/log/maillog)
Depending on the detail level, it will list all the IP addresses that 
failed the greet-pause.
You cannot get too much addtitional info because the connection is dropped.

You will get something like that:

   rejecting commands from cp1117731-a.roemd1.lb.home.nl [84.28.15.159] due to pre-greeting traffic: 1 Time(s)
   rejecting commands from dsl-241-249-46.telkomadsl.co.za [41.241.249.46] due to pre-greeting traffic: 1 Time(s)


Yizhar Hurwitz
http://yizhar.mvps.org




More information about the MIMEDefang mailing list