Tip of the Trade: Sendmail's Greet_Pause

Slamming is a popular spammer tactic in which the spammer quickly fires off SMTP messages without waiting for responses from the receiving server. A poorly behaved MTA will then accept traffic from the spammer, instead of rejecting it as it should. But even well-behaved MTAs are affected because of the sheer volume of traffic with which they are forced to deal. The venerable sendmail, as of version 8.13, has a nifty feature called "greet_pause" that not only rejects incorrect SMTP transactions, but also discourages re-sends. Want to stop slamming in its tracks? Sendmail's "greet_pause" rejects incorrect SMTP transactions and discourages re-sends.

In a normal SMTP transaction, the client first connects and the server is supposed to send back a "220" greeting, something like:

$ telnet mail.foo.org 25
Trying 12.34.56.78...
Connected to foo.com.
Escape character is '^]'.
220-host6.foo.org ESMTP Sendmail 8.13.6/8.13.6; Wed, 14 Jun 2006 18:04:49 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

The pause interval is configurable, so you can tune it as needed.

Interestingly, you'll probably find that your total spam attempts drop significantly after implementing greet_pause, possibly because the spammer's software thinks it's hitting a bad server or bad addresses, or otherwise getting stuck somehow. It's an ingenious and simple method with a low-overhead that discourages significant amounts of spam.

As always, be sure to whitelist all of your important addresses. Visit sendmail.org/doc/ to learn more.