[Mimedefang] mimedefang behavior pre-HELO and on incomplete connections

Kelly Jones kelly.terry.jones at gmail.com
Sun Oct 26 17:29:48 EDT 2008

Can mimedefang reject a connection before it says HELO/EHLO? What
subroutine does this?

We sometimes see denial-of-service attacks (or just really stupid
people) who connect, get our banner, and then just sit there never
saying HELO/EHLO. We have a hack in place to kill this, but it'd be
nice if we could do one of the following:

 % "You are on the list of IP addresses we really really hate, so
 we're going to kill this connection even before you say HELO!"

 % "OK, it's been 30 seconds since you've seen my banner. Are you
 going to say HELO or what?"

I realize the 2nd would require mimedefang keeping track of timing

Semi-related question: what subroutines get triggered for an
incomplete connection?

Example: someone connects to my servers, says HELO, and then decides
to drop the TCP connection before saying "MAIL FROM".

I'd like to log this at the mimedefang level (not just the sendmail
level)-- is there some end_of_connection function that's called? I'm
guessing filter_end is NOT called, since there's no DATA command,

I'm too lazy to test all this myself :)

We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.

More information about the MIMEDefang mailing list