On 19.10.2009, at 21:30, Stanislav Sinyagin wrote:
last AprilMartin Blapp has presented a nice concept at SwiNOG:
instead of greylisting, the SMTP server delays the first OK response to HELO/EHLO for 30 seconds. That is usually enough for the vast majority of spambots to give up. Also if the client tries to send something before receiving the OK, the connection is dropped immediately.
That feature is in stock sendmail. It's called the greet_pause ruleset.
FEATURE(`greet_pause', `5000') dnl 5 seconds
causes the MTA to wait 5 seconds before greeting. You could also use 30000 to make it be 30 seconds, though usually 5 is plenty.
Check http://www.sendmail.org/documentation/configurationReadme for a further description of how to implement.
I think there should be ways to do it outside of kernel, in userland, in a nice and efficient way. But I never had the time to dig any deeper :) The biggest challenge is to keep thousands of open TCP connections in the memory and still have enough CPU power to process SMTP and deliver the mail.
It's not that many thousands of connections. 30 seconds is pretty long, less usually works. The feature set basically loads the box with X extra seconds worth of connections, usually not actually thousands.
Chris