From mboxrd@z Thu Jan  1 00:00:00 1970
From: gtaylor@tnetconsulting.net (Grant Taylor)
Date: Wed, 20 Sep 2017 23:30:10 -0600
Subject: [TUHS] Who is running their own mail server and what do you run?
In-Reply-To: <alpine.BSF.2.21.1709211348380.89458@aneurin.horsfall.org>
References: <20170920162502.GN25650@mcvoy.com>
 <201709201639.v8KGdGhC024387@darkstar.fourwinds.com>
 <83CD6BB4-9617-47F9-A87E-55C447D5F1CC@bitblocks.com>
 <alpine.DEB.2.11.1709210903320.3189@sirius.opentrend.net>
 <alpine.BSF.2.21.1709210957040.89458@aneurin.horsfall.org>
 <5156de95-caf9-f7e2-6e85-37d957e406bd@tnetconsulting.net>
 <alpine.BSF.2.21.1709211044510.89458@aneurin.horsfall.org>
 <c828e69a-8fa1-ac14-ce62-920e7b4a9dfd@tnetconsulting.net>
 <alpine.BSF.2.21.1709211348380.89458@aneurin.horsfall.org>
Message-ID: <9fc7011a-b162-0b3c-62cb-731cab9a1f91@tnetconsulting.net>

On 09/20/2017 10:14 PM, Dave Horsfall wrote:
> Didn't I just see you somewhere else? :-)

Probably.

> Yep; as I recall, the RFC line length is no more than 254 chars (I 
> think), with no limit on the number of continuation lines.  Try 
> connecting to my server at horsfall.org (I'll make you wait around 10 
> seconds), then check out my RFC-compliant banner...  I'll keep an eye 
> out for you in my logs :-)

Very interesting.

I want to figure out how to make a multi-line banner.  (In Sendmail.)

I feel like your greet_pause was more than 10 seconds, but so be it. 
Still shouldn't be a problem.

> Check out www.horsfall.org/spamlog.pdf for a nice pretty graph; the 
> rejects on "banner" is the purple one on the top; the "reject" line is 
> the red one, and the "spam" line (stuff that gets through) is pink (for 
> SPAM, geddit?).
> 
> Note that many of the "banner" violations are from woodpeckers i.e. they 
> keep trying until they either give up or I notice (and firewall them).

I've wondered about a more featureful syslog daemon that could pattern 
match and watch for the log message for pre-greeting traffic, and 
forward them to a script that would dynamically update an RBL.  I just 
haven't found enough round-tuits yet.

> The tools behind this are still a work in progress, so I don't currently 
> log the number of "wait" violations etc (it was implemented fairly 
> recently).
> 
> (And yes, my HTML programming sucks.)

Interesting work.  I'd be curious to see how you're doing some of that 
and think about implementing it myself.

Thanks for sharing Dave.



-- 
Grant. . . .
unix || die