21 Sep
2017
21 Sep
'17
7:30 a.m.
On 09/20/2017 10:14 PM, Dave Horsfall wrote:
Didn't I just see you somewhere else? :-)
Probably.
Yep; as I recall, the RFC line length is no more than
254 chars (I
think), with no limit on the number of continuation lines. Try
connecting to my server at horsfall.org (I'll make you wait around 10
seconds), then check out my RFC-compliant banner... I'll keep an eye
out for you in my logs :-)
Very interesting.
I want to figure out how to make a multi-line banner. (In Sendmail.)
I feel like your greet_pause was more than 10 seconds, but so be it.
Still shouldn't be a problem.
Check out www.horsfall.org/spamlog.pdf for a nice
pretty graph; the
rejects on "banner" is the purple one on the top; the "reject" line
is
the red one, and the "spam" line (stuff that gets through) is pink (for
SPAM, geddit?).
Note that many of the "banner" violations are from woodpeckers i.e. they
keep trying until they either give up or I notice (and firewall them).
I've wondered about a more featureful syslog daemon that could pattern
match and watch for the log message for pre-greeting traffic, and
forward them to a script that would dynamically update an RBL. I just
haven't found enough round-tuits yet.
The tools behind this are still a work in progress, so
I don't currently
log the number of "wait" violations etc (it was implemented fairly
recently).
(And yes, my HTML programming sucks.)
Interesting work. I'd be curious to see how you're doing some of that
and think about implementing it myself.
Thanks for sharing Dave.
--
Grant. . . .
unix || die