[CLUE-Tech] sendmail question

Todd Williams hp205ctl at hotpop.com
Fri Feb 13 11:26:35 MST 2004 

Charles Oriez wrote:
> I've had some problems that suggest that some of my dnsbl queries are 
> timing out. I would like to increase the appropriate time out 
> parameter.  Any guesses which timeout parameter I should increase in 
> sendmail 8.12 to let my dnsbl queries work right?

Not sure - and not sure it would help.  Several of the DNSBL's have been under an intermittent DDOS since August, and sometimes are unreachable.
There is an upside to the timeouts, however.  Much of the spam is spewed from barely functional smtp engines that will fail to deliver and move on while waiting for your sendmail to check those 
DNSBL's, meaning you don't get the spam anyway.  Anyone running a "real" MTA like sendmail, postfix, etc. won't have a problem (unless they configure it badly).
I have seen this behavior on some of the systems I manage, and decided to leave it alone, because it still causes spam to not be delivered, and doesn't interfere with legit email.
I do use multiple DNSBL's so that more robust (or more patient) spam engines still get checked.

We use :
SPEWS (spews.org, also mirrored at SORBS)
SPAMHAUS (spamhaus.org)
DSBL (dsbl.org

   and selected portions of:
SORBS (sorbs.net)
NJABL (njabl.org)

   and still use, though rarely see any hits on:
ORBD (relays.ordb.org)
VISI-RSL (relays.visi.com)

along with local blacklistings and firewall blocks for the most egregious offenders (considering importing SPEWS into the firewall rulesets).

Some of those rules overlap, so on a "patient" spam engine, if one DNSBL times out another still may catch it.

Another useful anti-abuse configuration trick - use a multi-line smtp greeting.  Many spam engines choke on it, and since many of the newer viruses seem to use the same code (surprise, surprise), they 
also choke on it.  Cuts down the virus traffic.  Too bad it doesn't stop all the moronic anti-virus warnings.  Remind me to send an example if you would like to see how it is done (I will be out of 
touch until Tuesday).

Todd Williams

More information about the clue-tech mailing list