[Greylist-users] Stopping "machine gunners" - not really a greylist issue

Brian Ross bsr+greylist at qualcomm.com
Thu Mar 2 11:26:21 PST 2006

I think you want something like Sendmail 8.13.x's ratecontrol and 
conncontrol throttle options.

 From the CF Readme:

The features ratecontrol and conncontrol allow to establish connection
limits per client IP address or net.  These features can limit the
rate of connections (connections per time unit) or the number of
incoming SMTP connections, respectively.  If enabled, appropriate
rulesets are called at the end of check_relay, i.e., after DNS
blacklists and generic access_db operations.  The features require
FEATURE(`access_db') to be listed earlier in the mc file.

Note: FEATURE(`delay_checks') delays those connection control checks
after a recipient address has been received, hence making these
connection control features less useful.  To run the checks as early
as possible, specify the parameter `nodelay', e.g.,

         FEATURE(`ratecontrol', `nodelay')

In that case, FEATURE(`delay_checks') has no effect on connection
control (and it must be specified earlier in the mc file).

An optional second argument `terminate' specifies whether the
rulesets should return the error code 421 which will cause
sendmail to terminate the session with that error if it is
returned from check_relay, i.e., not delayed as explained in
the previous paragraph.  Example:

         FEATURE(`ratecontrol', `nodelay', `terminate')

We're using these with fairly good success here.

Brian Ross
IT Engineer, Sr. - Messaging Services
Postmaster - QUALCOMM, Inc.

At 10:56 AM 3/2/2006, Dennis Wynne wrote:
>What I am looking / hoping for is just a way to throttle connections by IP
>so the next time I get flooded from a single IP (either legit or SPAM) I can
>get sendmail just to ignore them until some time has passed.
>Sounds like something possible?

More information about the Greylist-users mailing list