Sendmail’s Greet_Pause

Slamming is a popular spammer tactic in which the spammer quickly fires off SMTP messages without waiting for responses from the receiving server. A poorly behaved MTA will then accept traffic from the spammer, instead of rejecting it as it should. But even well-behaved MTAs are affected because of the sheer volume of traffic with which they are forced to deal. The venerable sendmail, as of version 8.13, has a nifty feature called “greet_pause” that not only rejects incorrect SMTP transactions, but also discourages re-sends.

In a normal SMTP transaction, the client first connects and the server is supposed to send back a “220” greeting, something like:

$ telnet mail.foo.org 25
Trying 12.34.56.78...
Connected to foo.com.
Escape character is '^]'.
220-host6.foo.org ESMTP Sendmail 8.13.6/8.13.6; Wed, 14 Jun 2006 18:04:49 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

Then, the client says “ehlo” or “helo,” and the transaction continues. When the client is an impatient spammer and sends more commands without listening, the greet_pause feature detects this, marks the connection bad, and responds to anything else that tries to come over that connection with a 554 (transaction failed) message. It works by pausing briefly before sending out its 220 messages.

The pause interval is configurable, so you can tune it as needed.

Interestingly, you’ll probably find that your total spam attempts drop significantly after implementing greet_pause, possibly because the spammer’s software thinks it’s hitting a bad server or bad addresses, or otherwise getting stuck somehow. It’s an ingenious and simple method with a low-overhead that discourages significant amounts of spam.

As always, be sure to whitelist all of your important addresses. Visit sendmail.org/doc/ to learn more.