Prev: smrsh: "foo.php" not available for sendmail programs (stat failed)
Next: White list
From: JonB on 17 Nov 2009 10:05

We use the .mc setting "confBAD_RCPT_THROTTLE" to delay people who
randomly connect and try and email bad recipients...

Is there any way of promoting this to a 'disconnect' rather than
throttle?

Is there any way of having sendmail either throttle, or disconnect
people who continously supply bad auth credentials?

Or, say who don't "HELO/EHLO" (and ignore the error responses?)

Thanks,

-Jon
From: mike scott on 17 Nov 2009 12:06
JonB wrote:
> We use the .mc setting "confBAD_RCPT_THROTTLE" to delay people who
> randomly connect and try and email bad recipients...
>
> Is there any way of promoting this to a 'disconnect' rather than
> throttle?
>
> Is there any way of having sendmail either throttle, or disconnect
> people who continously supply bad auth credentials?
>
> Or, say who don't "HELO/EHLO" (and ignore the error responses?)
>
> Thanks,
>
> -Jon

It's probably not what you're after, but I've been running a script for
quite a while now that monitors the sendmail log for troublesome
machines - it adds entries to the firewall table and then forcibly drops
the connection (kill -TERM to anything with an open connection to that
relay). They don't come back in a hurry :-)

It's not quite real-time, but near enough; it has the singular merit
that it doesn't doesn't use a milter, so updating and testing doesn't
impact on mail operations. And you can if wanted readily make decisions
based on multiple connections from a relay - things like too many
'connection dropped' messages, too many unknown users from a relay, that
sort of thing.

Just a thought.



--
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex England
From: Dietmar Rieder on 17 Nov 2009 12:43
JonB wrote:
> We use the .mc setting "confBAD_RCPT_THROTTLE" to delay people who
> randomly connect and try and email bad recipients...
>
> Is there any way of promoting this to a 'disconnect' rather than
> throttle?
>
> Is there any way of having sendmail either throttle, or disconnect
> people who continously supply bad auth credentials?
>
> Or, say who don't "HELO/EHLO" (and ignore the error responses?)

Take a look at _FFR_BADRCPT_SHUTDOWN.

You can use something like this in your sendmail.mc

define(`_FFR_BADRCPT_SHUTDOWN')dnl
define(`confBAD_RCPT_SHUTDOWN', `3')dnl
define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl

This, however, requires sendmail v8.14.3

HTH

Didi
From: JonB on 18 Nov 2009 10:27
On Nov 17, 5:43 pm, Dietmar Rieder <nos...(a)tugraz.at> wrote:

> Take a look at _FFR_BADRCPT_SHUTDOWN.
>
> You can use something like this in your sendmail.mc
>
> define(`_FFR_BADRCPT_SHUTDOWN')dnl
> define(`confBAD_RCPT_SHUTDOWN', `3')dnl
> define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl
>
> This, however, requires sendmail v8.14.3

Thanks for the info - I hadn't seen those options - I think the boxes
are running 8.14.3, if not, they probably soon will be... It won't
help us for the brain dead clients that connect and ignore error
responses, but it's certainly a way of culling the population that
connect and won't take a 550 for an answer :)

Thx

-Jon
From: Bruce Esquibel on 18 Nov 2009 12:31
Dietmar Rieder <nospam(a)tugraz.at> wrote:

> Take a look at _FFR_BADRCPT_SHUTDOWN.

> You can use something like this in your sendmail.mc

> define(`_FFR_BADRCPT_SHUTDOWN')dnl
> define(`confBAD_RCPT_SHUTDOWN', `3')dnl
> define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl

> This, however, requires sendmail v8.14.3


I'd like to look at that myself, but does it really exists in 8.14.3?

I see one reference to FFR (for future release) in the release notes but
nothing else for BAD_RCPT_SHUTDOWN or BAD_RCPT_SHUTDOWN_GOOD.

-bruce
bje(a)ripco.com
 |  Next  |  Last
Pages: 1 2
Prev: smrsh: "foo.php" not available for sendmail programs (stat failed)
Next: White list