[Mimedefang] Re: Pre-greeting traffic.
Yizhar Hurwitz
yizhar at mail.com
Fri Apr 13 06:32:44 EDT 2007
HI.
> From: "G.W. Haywood" <ged at jubileegroup.co.uk>
>
> But apparently there are no takers for my question? That is, paraphrasing,
> does anyone have a way to log the actual pre-greeting traffic for analysis?
> Other than sniffing the TCP connection, of course.
>
>
Greet pause is working fine for me, with a value of 5000.
No false positive, no complaints.
You can use logwatch (or your own custom script to grep /var/log/maillog)
Depending on the detail level, it will list all the IP addresses that
failed the greet-pause.
You cannot get too much addtitional info because the connection is dropped.
You will get something like that:
rejecting commands from cp1117731-a.roemd1.lb.home.nl [84.28.15.159] due to pre-greeting traffic: 1 Time(s)
rejecting commands from dsl-241-249-46.telkomadsl.co.za [41.241.249.46] due to pre-greeting traffic: 1 Time(s)
Yizhar Hurwitz
http://yizhar.mvps.org
More information about the MIMEDefang
mailing list