Tip of the Trade: Sendmail's Greet_Pause

By Carla Schroder (Send Email)
Posted Jun 20, 2006


Slamming is a popular spammer tactic in which the spammer quickly fires off SMTP messages without waiting for responses from the receiving server. A poorly behaved MTA will then accept traffic from the spammer, instead of rejecting it as it should. But even well-behaved MTAs are affected because of the sheer volume of traffic with which they are forced to deal. The venerable sendmail, as of version 8.13, has a nifty feature called "greet_pause" that not only rejects incorrect SMTP transactions, but also discourages re-sends. Want to stop slamming in its tracks? Sendmail's "greet_pause" rejects incorrect SMTP transactions and discourages re-sends.

In a normal SMTP transaction, the client first connects and the server is supposed to send back a "220" greeting, something like:

$ telnet mail.foo.org 25
Trying 12.34.56.78...
Connected to foo.com.
Escape character is '^]'.
220-host6.foo.org ESMTP Sendmail 8.13.6/8.13.6; Wed, 14 Jun 2006 18:04:49 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
Then, the client says "ehlo" or "helo," and the transaction continues. When the client is an impatient spammer and sends more commands without listening, the greet_pause feature detects this, marks the connection bad, and responds to anything else that tries to come over that connection with a 554 (transaction failed) message. It works by pausing briefly before sending out its 220 messages.

The pause interval is configurable, so you can tune it as needed.

Interestingly, you'll probably find that your total spam attempts drop significantly after implementing greet_pause, possibly because the spammer's software thinks it's hitting a bad server or bad addresses, or otherwise getting stuck somehow. It's an ingenious and simple method with a low-overhead that discourages significant amounts of spam.

As always, be sure to whitelist all of your important addresses. Visit sendmail.org/doc/ to learn more.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.