Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can sendmail rate throttle / drop connections on 'too many errors'...

42 views
Skip to first unread message

JonB

unread,
Nov 17, 2009, 10:05:21 AM11/17/09
to

We use the .mc setting "confBAD_RCPT_THROTTLE" to delay people who
randomly connect and try and email bad recipients...

Is there any way of promoting this to a 'disconnect' rather than
throttle?

Is there any way of having sendmail either throttle, or disconnect
people who continously supply bad auth credentials?

Or, say who don't "HELO/EHLO" (and ignore the error responses?)

Thanks,

-Jon

mike scott

unread,
Nov 17, 2009, 12:06:32 PM11/17/09
to

It's probably not what you're after, but I've been running a script for
quite a while now that monitors the sendmail log for troublesome
machines - it adds entries to the firewall table and then forcibly drops
the connection (kill -TERM to anything with an open connection to that
relay). They don't come back in a hurry :-)

It's not quite real-time, but near enough; it has the singular merit
that it doesn't doesn't use a milter, so updating and testing doesn't
impact on mail operations. And you can if wanted readily make decisions
based on multiple connections from a relay - things like too many
'connection dropped' messages, too many unknown users from a relay, that
sort of thing.

Just a thought.

--
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex England

Dietmar Rieder

unread,
Nov 17, 2009, 12:43:28 PM11/17/09
to

Take a look at _FFR_BADRCPT_SHUTDOWN.

You can use something like this in your sendmail.mc

define(`_FFR_BADRCPT_SHUTDOWN')dnl
define(`confBAD_RCPT_SHUTDOWN', `3')dnl
define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl

This, however, requires sendmail v8.14.3

HTH

Didi

JonB

unread,
Nov 18, 2009, 10:27:14 AM11/18/09
to
On Nov 17, 5:43 pm, Dietmar Rieder <nos...@tugraz.at> wrote:

> Take a look at _FFR_BADRCPT_SHUTDOWN.
>
> You can use something like this in your sendmail.mc
>
> define(`_FFR_BADRCPT_SHUTDOWN')dnl
> define(`confBAD_RCPT_SHUTDOWN', `3')dnl
> define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl
>
> This, however, requires sendmail v8.14.3

Thanks for the info - I hadn't seen those options - I think the boxes
are running 8.14.3, if not, they probably soon will be... It won't
help us for the brain dead clients that connect and ignore error
responses, but it's certainly a way of culling the population that
connect and won't take a 550 for an answer :)

Thx

-Jon

Bruce Esquibel

unread,
Nov 18, 2009, 12:31:15 PM11/18/09
to
Dietmar Rieder <nos...@tugraz.at> wrote:

> Take a look at _FFR_BADRCPT_SHUTDOWN.

> You can use something like this in your sendmail.mc

> define(`_FFR_BADRCPT_SHUTDOWN')dnl
> define(`confBAD_RCPT_SHUTDOWN', `3')dnl
> define(`confBAD_RCPT_SHUTDOWN_GOOD', `81')dnl

> This, however, requires sendmail v8.14.3


I'd like to look at that myself, but does it really exists in 8.14.3?

I see one reference to FFR (for future release) in the release notes but
nothing else for BAD_RCPT_SHUTDOWN or BAD_RCPT_SHUTDOWN_GOOD.

-bruce
b...@ripco.com

mikea

unread,
Nov 18, 2009, 12:52:32 PM11/18/09
to
Bruce Esquibel <b...@ripco.com> wrote in <he1b13$kd$1...@remote5bge0.ripco.com>:

It's there, but not documented at all that I can find.

$ pwd
/home/mikea/sendmail-8.14.3
$ grep -rn BADRCPT * | less -SI
sendmail/conf.c:6034:#if _FFR_BADRCPT_SHUTDOWN
sendmail/conf.c:6036: "_FFR_BADRCPT_SHUTDOWN",
sendmail/conf.c:6037:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/readcf.c:2252:#if _FFR_BADRCPT_SHUTDOWN
sendmail/readcf.c:2257:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/readcf.c:3826:#if _FFR_BADRCPT_SHUTDOWN
sendmail/readcf.c:3834:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/sendmail.h:2239:#if _FFR_BADRCPT_SHUTDOWN
sendmail/sendmail.h:2242:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/srvrsmtp.c:111:#define NBADRCPTS \
sendmail/srvrsmtp.c:640:#if _FFR_BADRCPT_SHUTDOWN
sendmail/srvrsmtp.c:642:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/srvrsmtp.c:2532:#if _FFR_BADRCPT_SHUTDOWN
sendmail/srvrsmtp.c:2561:#endif /* _FFR_BADRCPT_SHUTDOWN */
sendmail/srvrsmtp.c:2575: NBADRCPTS;
sendmail/srvrsmtp.c:2806: NBADRCPTS;
sendmail/srvrsmtp.c:2814: NBADRCPTS;
(END)

If the patch author reads this group, I'd be grateful for some
discussion and exposition of how this works.

--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin

Dietmar Rieder

unread,
Nov 19, 2009, 3:37:16 AM11/19/09
to

There was already some discussion about this feature in this group,
please see:

<http://groups.google.at/group/comp.mail.sendmail/browse_thread/thread/7281ad128d3eefb7/c4b2cfffd82f8113?hl=de&ie=UTF-8&q=BADRCPT_SHUTDOWN&pli=1>

in this discussion you should also find a patch for 8.14.3 that should
add the documentation and the m4 part.

Didi

ska

unread,
Nov 19, 2009, 3:45:53 AM11/19/09
to
mikea wrote:

> If the patch author reads this group, I'd be grateful for some
> discussion and exposition of how this works.

Some sendmail veteran's webpage (2nd link in google):
http://www.jmaimon.com/sendmail/

"May 15 2008, Sendmail 8.14.3
New version of badrcpt_shutdown patch for 8.14.3
This version is not tested as of this time. Sendmail 8.14.3 now
includes this _FFR patch, without documenation and m4 configuration.
This version of the patch contains only the m4 and documentation."

-ska

0 new messages