11 Oct
2017
11 Oct
'17
4:35 a.m.
Yes, the ones that pipeline commands when they've not requested it are
typical of spammers.
I have sendmail's 'greetdelay' function enabled, which delays sending
the initial greeting herald by 5 seconds after the connection opens,
and flushes any mail where commands arrive before that time has elapsed.
This pre-greeting-flush catches one or two senders a day, presumably
spammers because they don't come back.
There are also those that connect and disconnect because they don't get
the greeting fast enough for them. The RFCs suggest that the sender
client should wait up to 3 minutes for the greeting herald but these
senders are impatient with 5 seconds.
Watching the mail logs is tedious but informative.
- Brian
On Wed, Oct 11, 2017 at 09:33:22AM +0200, Rob Janssen wrote:
When I ran my own mailserver I had greylisting that
only worked by sender mail address.
Additionally, it did the usual SPF checking etc.
This did not cause the abovementioned problem, but I'm not sure it added much spam
prevention.
I had other methods to detect trojaned PCs with bad SMTP senders (e.g. doing PIPELINING
without
having negotiated it) and that was much more effective.
Rob