[Mimedefang] Re: Pre-greeting traffic.

G.W. Haywood ged at jubileegroup.co.uk
Fri Apr 13 12:28:03 EDT 2007


Hi there,

On Fri, 13 Apr 2007 Joseph Brennan wrote:

> I'm curious why we have such different results, unless your greet pause
> is much longer than our 4 seconds.

It is.

> We get spam from sender addresses @mac.com-- 217 yesterday-- but they
> don't actually come from mac.com servers.

My problem was legitimate mails from (e.g.) mac.com, not forged spam.

> Mail from smtpout.mac.com does not hit the greetpause.

It doesn't hit _your_ greetpause.  :)  Actually it doesn't hit ours now
either, as it's custom set for mac.com, but it did for a while when it
was just our loooong default.

> > paraphrasing, does anyone have a way to log the actual pre-greeting
> > traffic for analysis?  Other than sniffing the TCP connection
>
> You mean what the content is?  Presumably it's helo/ehlo or even mail.

Yes.

> If we cared, we would modify sendmail to log what it was.

It looks like nobody has bothered doing that.  I probably won't either.
My concern was that there might be more legitimate senders failing the
pre-greeting traffic test than those I know about, but it's looking as
if that isn't the case.

Thanks all.

--

73,
Ged.



More information about the MIMEDefang mailing list