[Mimedefang] Re: Pre-greeting traffic.

G.W. Haywood ged at jubileegroup.co.uk
Thu Apr 12 16:52:47 EDT 2007


Hi there,

On Thu, 12 Apr 2007 Mark G. Thomas wrote:

> On Wed, Apr 04, 2007 at 07:31:55PM +0100, G.W. Haywood wrote:
> >
> > My mail system automatically firewalls spam sources.  Depending on a
> > variety of factors, the block is either for a few hours or indefinite.
> >
> > At the moment about half of the spam sources I see send pre-greeting
> > traffic (I'm using sendmail's greet_pause feature), but blocking on
> > that basis alone does give false positives, which I'd like to avoid.
>
> Really?  I haven't had any complaints about blocking any non-spam sources
> due to pre-greeting traffic, and we're handling about a million messages
> per week.  Right now we're using a greet_pause setting of 5000 (5 secs)
> and blocking about 45,000 connections per week with this rule.

One such non-spam source was mac.com - I tweaked the rules to give no pause.

But apparently there are no takers for my question?  That is, paraphrasing,
does anyone have a way to log the actual pre-greeting traffic for analysis?
Other than sniffing the TCP connection, of course.

--

73,
Ged.



More information about the MIMEDefang mailing list