December 21, 2013 Roberto Puzzanghera0 comments
I replaced the original greetdelay by Erwin Hoffmann with the patch by John Simpson. Now communications trying to send commands before the greeting will be closed provided that you declare DROP_PRE_GREET; premature disconnections will be logged as well.This is the log line you will get:
@4000000052aee4ae26356134 GREETDELAY from 188.8.131.52: client disconnected
or, in case of pre-greeting data sending:
@4000000052ad37301366f11c GREETDELAY from 184.108.40.206: client sent data before greeting
To enable a delay of 15 seconds before
qmail-smtpd modify your run files as follows (both qmail-smtpd/run and qmail-submission/run):
export SMTPD_GREETDELAY=15 export DROP_PRE_GREET=1
The latter line enables the dropping of clients sending commands before our greeting.
I'm leaving intact this paragraph just in case you decided to use the greetdelay at the rblsmtpd level, as it was before in my guide. Of course, in case you decided to use the greetdelay functionality included in the qmail-smtpd program, you can skip this section.
rblsmtpd are already patched for GREETDELAY. This means that a potential attacker will be discouraged, since he has to wait GREETDELAY seconds before the communication starts because our services on ports 25 and 587 are sleeping during that period of time. Therefore, quoting Dr. E. Hoffmann,
the GREETDELAY will not only save you for spam mails, but unlike Greylisting and/or filtering a la SpamAssassin, this is the only mean to really reduce the overall amount of spam because the timeslot required for the spam sender to deliver messages (whether successfully or unsuccessfully) is raised from typically one second to (<=) GREETDELAY seconds.
Of course there is no need to delay both
qmail-smtpd. If you are using
rblsmtpd it's better to turn off the GREETDELAY related to
qmail-smtpd. To accomplish this, I have slightly modified the
qmail-smtpd's GREETDELAY patch renaming its GREETDELAY environment variable to SMTPD_GREETDELAY so that you can set the two variables indipendently acting on
qmail-submission). An example follows.
This will enable a delay of 15 seconds before
rblsmtpd and turns off the delay before
export SMTPD_GREETDELAY=0 export GREETDELAY=15
This enables a delay of 15 seconds before
qmail-smtpd and should be used when
rblsmtpd is not active:
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin