I use Sendmail 8.13.1 Suse 9.2

This is my suse-linux.m4

--------------------------------------------------------star t
divert(-1)
#
# Copyright (c) 1999,2000 SuSE GmbH Nuernberg, Germany.
# Author: Werner Fink <werner [at] suse.de>
#
divert(0)
VERSIONID(` [at] (#) suse-linux.m4 8.12.3-0.6 (SuSE Linux) 2003/04/15')
define(`confCF_VERSION', `SuSE Linux 0.7')dnl
dnl
dnl Flags
dnl
define(`confDEF_USER_ID', `daemon:daemon')dnl
define(`confCOPY_ERRORS_TO', `Postmaster')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confMAX_MIME_HEADER_LENGTH', `256/128')dnl
define(`confMAX_HEADERS_LENGTH', `32768')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confMAX_DAEMON_CHILDREN', `15')dnl
define(`confTO_ICONNECT', `30s')dnl
dnl Many sysadmins have disabled IDENT
define(`confTO_IDENT', `0s')dnl
dnl Should we set noreceipts aka disable DSN?
define(`confPRIVACY_FLAGS',
`authwarnings,needmailhelo,novrfy,noexpn,noverb')dnl
define(`confTRUSTED_USERS', `mdom vscan wwwrun root uucp
daemon mail')dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
dnl Note: RFC1891 says that, but often misused
dnl define(`confRRT_IMPLIES_DSN', `True')dnl
FEATURE(`always_add_domain')dnl
dnl
dnl Mailer
dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`PROCMAIL_MAILER_ARGS', `procmail -m $h $f $u')dnl
FEATURE(`local_procmail')dnl
define(`LOCAL_SHELL_FLAGS', `eu09')dnl
define(`LOCAL_MAILER_ARGS', `procmail -a $h -d $u')dnl
define(`LOCAL_MAILER_FLAGS', `SPfhn09')dnl
define(`USENET_MAILER_PATH', `/usr/bin/inews')dnl
dnl
dnl The default data base type is hash
dnl
define(`DATABASE_MAP_TYPE', `hash')dnl
dnl
dnl Main paths
dnl
define(`SMLIBDIR', `/usr/lib/sendmail.d')dnl
define(`MAIL_SETTINGS_DIR', `/etc/mail/')dnl
define(`confDEAD_LETTER_DROP', `/var/log/dead.letter')dnl
define(`STATUS_FILE', `/var/run/sendmail/statistics')dnl
define(`QUEUE_DIR', `/var/spool/mqueue')dnl
define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
define(`HELP_FILE', SMLIBDIR`/helpfile')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`confHOSTS_FILE', `/etc/hosts')dnl
FEATURE(`use_ct_file')dnl
define(`confCT_FILE', `-o /etc/mail/trusted-users
%[^\#]')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names
%[^\#]')dnl
define(`confCR_FILE', `-o /etc/mail/relay-domains
%[^\#]')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confSERVICE_SWITCH_FILE', `/etc/mail/service.switch')dnl
define(`confEBINDIR', SMLIBDIR`/bin')dnl
define(`confDONT_BLAME_SENDMAIL',
`AssumeSafeChown,TrustStickyBit,GroupReadableSASLDBFile')dnl
define(`confCONTROL_SOCKET_NAME', `/var/run/sendmail/control')dnl
define(`CERT_DIR', MAIL_SETTINGS_DIR`certs')dnl
define(`confCACERT_PATH', CERT_DIR)dnl
define(`AUTH_DIR', MAIL_SETTINGS_DIR`auth')dnl
dnl
dnl Daemon (disable new Message Submission Agent)
dnl
FEATURE(`no_default_msa')dnl
dnl
dnl Common features
dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access.db')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`greet_pause', `10000')dnl
FEATURE(`dnsbl', `ix.dnsbl.manitu.net', `Mail from $&{client_addr}
rejected - black list; see http://www.heise.de/ix/nixspam/dnsbl/')dnl
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by spamhaus.org! Please
see http://www.spamhaus.org/sbl for details.')dnl
FEATURE(`dnsbl', `list.dsbl.org', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by dsbl.org! Please see
http://www.dsbl.org for details.')dnl
FEATURE(`dnsbl', `relays.ordb.org', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by ordb.org! Please see
http://www.ordb.org for details.')dnl
FEATURE(`dnsbl', `relays.visi.com', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by relays.visi.com! Please see
http://relays.visi.com for details.')dnl
FEATURE(`dnsbl', `blacklist.spambag.org', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by blacklist.spambag.org!
Please see http://www.spambag.org for details.')dnl
FEATURE(`dnsbl', `ix.dnsbl.manitu.net', `571 SPAM MAIL REJECTED from
$&{client_name} by LINUX-FUER-ALLE.DE powered by ix.dnsbl.manitu.net!
Please see http://ix.dnsbl.manitu.net for details.')dnl
dnl
LOCAL_CONFIG

------------------------------------------------------------ --------------end

Someone any hint to stop this messages?????

Aug 9 09:42:39 alster172 sendmail[1800]: l797fRmN001800: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 09:55:38 alster172 sendmail[2492]: l797sH2Z002492: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 09:56:58 alster172 sendmail[2567]: l797tcQo002567: rejecting
commands from ews45.everyware.ch [212.71.111.45] due to pre-greeting traffic
Aug 9 10:03:03 alster172 sendmail[2915]: l7981hHq002915: rejecting
commands from ip17.164.adsl.wplus.ru [195.131.164.17] due to
pre-greeting traffic
Aug 9 10:05:58 alster172 sendmail[3072]: l7984b23003072: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:06:03 alster172 sendmail[3076]: l7984gHZ003076: rejecting
commands from p2124-ipbf304obiyama.kumamoto.ocn.ne.jp [122.31.7.124] due
to pre-greeting traffic
Aug 9 10:08:25 alster172 sendmail[3231]: l79875sn003231: rejecting
commands from tr14.bluewin.ch [195.186.19.82] due to pre-greeting traffic
Aug 9 10:10:03 alster172 sendmail[3349]: l7988ha6003349: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:12:53 alster172 sendmail[3521]: l798BaP2003521: rejecting
commands from ogdn-03-223.dsl.netins.net [207.199.240.223] due to
pre-greeting traffic
Aug 9 10:13:54 alster172 sendmail[3572]: l798CYKO003572: rejecting
commands from p1136-ipbf306osakakita.osaka.ocn.ne.jp [221.184.232.136]
due to pre-greeting traffic
Aug 9 10:20:52 alster172 sendmail[3988]: l798JVXj003988: rejecting
commands from IGLD-83-130-95-4.inter.net.il [83.130.95.4] due to
pre-greeting traffic
Aug 9 10:23:04 alster172 sendmail[4016]: l798LlBA004016: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:25:28 alster172 sendmail[4041]: l798O7uO004041: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:25:45 alster172 sendmail[4063]: l798PgBZ004063: rejecting
commands from no-dns-yet.demon.co.uk [195.173.199.197] due to
pre-greeting traffic
Aug 9 10:28:12 alster172 sendmail[4082]: l798QuJV004082: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:28:25 alster172 sendmail[4084]: l798R34J004084: rejecting
commands from [58.147.10.234] [58.147.10.234] due to pre-greeting traffic
Aug 9 10:46:19 alster172 sendmail[4313]: l798ixc2004313: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:53:37 alster172 sendmail[4442]: l798qHkC004442: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:55:11 alster172 sendmail[4477]: l798rpFu004477: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:58:32 alster172 sendmail[4730]: l798vC11004730: rejecting
commands from CPE-124-191-17-59.vic.bigpond.net.au [124.191.17.59] due
to pre-greeting traffic
Aug 9 11:04:36 alster172 sendmail[5574]: l7994SC4005574: rejecting
commands from [213.140.234.197] [213.140.234.197] due to pre-greeting
traffic
Aug 9 11:05:25 alster172 sendmail[5408]: l79944m1005408: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic


Tnx a lot

juerg

Maybee this is the better log detail:

made with grep -A 0 -B 1 'pre-greeting' /var/log/mail



Aug 9 10:27:43 alster172 sendmail[4095]: ruleset=check_relay,
arg1=[202.158.32.114], arg2=127.0.0.2, relay=sahul.wwf.or.id
[202.158.32.114] (may be forged), reject=553 5.3.0 Mail from
202.158.32.114 rejected - black list;see
http://www.heise.de/ix/nixspam/dnsbl/
Aug 9 10:28:12 alster172 sendmail[4082]: l798QuJV004082: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
--
Aug 9 10:28:18 alster172 sendmail[4100]: l798Ql1Y004080:
to=<info [at] gartenservice-ag.ch>, delay=00:00:00, xdelay=00:00:00,
mailer=local, pri=31717, dsn=2.0.0, stat=Sent
Aug 9 10:28:25 alster172 sendmail[4084]: l798R34J004084: rejecting
commands from [58.147.10.234] [58.147.10.234] due to pre-greeting traffic
--
Aug 9 10:45:49 alster172 popper[4350]: Stats: web26p1 0 0 0 0
adsl-89-217-142-45.adslplus.ch 89.217.142.45 [pop_updt.c:296]
Aug 9 10:46:19 alster172 sendmail[4313]: l798ixc2004313: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
--
Aug 9 10:53:20 alster172 sendmail[4467]: l798pnu3004433:
to=<info [at] econlog.eu>, delay=00:00:00, xdelay=00:00:00, mailer=local,
pri=35638, dsn=2.0.0, stat=Sent
Aug 9 10:53:37 alster172 sendmail[4442]: l798qHkC004442: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Aug 9 10:55:01 alster172 sendmail[4540]: l798t1nj004540: from=root,
size=506, class=0, nrcpts=1,
msgid=<200708090855.l798t1nj004540 [at] alster172.server4you.de>,
relay=root [at] localhost
Aug 9 10:55:11 alster172 sendmail[4477]: l798rpFu004477: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
--
Aug 9 10:56:35 alster172 sendmail[4573]: l798t3lw004548:
to=<info [at] gartenservice-ag.ch>, delay=00:00:00, xdelay=00:00:00,
mailer=local, pri=34973, dsn=2.0.0, stat=Sent
Aug 9 10:58:32 alster172 sendmail[4730]: l798vC11004730: rejecting
commands from CPE-124-191-17-59.vic.bigpond.net.au [124.191.17.59] due
to pre-greeting traffic
--
Aug 9 11:04:28 alster172 sendmail[5574]: ruleset=check_relay,
arg1=[213.140.234.197], arg2=127.0.0.4, relay=[213.140.234.197],
reject=571 5.7.1 SPAM MAIL REJECTED from[213.140.234.197]by
LINUX-FUER-ALLE.DE powered by spamhaus.org!Please see
http://www.spamhaus.org/sbl for details.
Aug 9 11:04:36 alster172 sendmail[5574]: l7994SC4005574: rejecting
commands from [213.140.234.197] [213.140.234.197] due to pre-greeting
traffic
--
Aug 9 11:05:18 alster172 popper[5703]: Stats: web11p2 0 0 0 0
130.132.77.83.cust.bluewin.ch 83.77.132.130 [pop_updt.c:296]
Aug 9 11:05:25 alster172 sendmail[5408]: l79944m1005408: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
--
Aug 9 11:08:21 alster172 popper[5891]: Stats: web11p2 0 0 0 0
130.132.77.83.cust.bluewin.ch 83.77.132.130 [pop_updt.c:296]
Aug 9 11:08:57 alster172 sendmail[5846]: l7997bVG005846: rejecting
commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic

On Thu, 09 Aug 2007 11:07:17 +0200, Juerg Schwarz
<info [at] web4you-gmbh.ch> wrote:

>Someone any hint to stop this messages?????
>
>Aug 9 09:42:39 alster172 sendmail[1800]: l797fRmN001800: rejecting
>commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
Why do you want to stop them? You have set greet_pause parameter
(10000). It means, that after connection on port 25 your sendmail will
wait 10 seconds before it sends "220 SMTP" message. If client, which
try to send email to your server, does not wait for that and start
SMTP sesion before receiving that message - it will be disconnected.
So - near all normal, well configured servers wait for that message
(as is described in RFC). In most cases spam senders do not respect
that rule.

Andrzej Ciach

In article <46bad932$0$3805$5402220f [at] news.sunrise.ch>,
Juerg Schwarz <info [at] web4you-gmbh.ch> wrote:

> I use Sendmail 8.13.1 Suse 9.2
>
> This is my suse-linux.m4

[...]

> FEATURE(`greet_pause', `10000')dnl

That means sendmail waits for 10 seconds after accepting a connection to
send the SMTP greeting. If a client sends any traffic before the
greeting, Sendmail rejects all transactions on that session.

This is USUALLY a sign of a spamming 'zombie' machine or abuse proxy. In
principle, a greeting pause of up to 5 minutes should not cause any
trouble. In practice, a lot of people running misconfigured MTA's (for
some reason qmail and derivatives seem to be common cases) start to have
problems around 4 seconds: they send a 'QUIT' when they fail to get a
banner, and then disconnect. That causes Sendmail to see them as sending
'pre-greeting traffic' just like a zombie. Sendmail logs each such
event.

You MAY be failing to receive legitimate mail due to the long greeting
pause. It is impossible to know for sure, but I know that in a US
corporate environment I had serious problems with a greeting pause of 5
seconds and have had to exempt a long list of senders including
MessageLabs and Yahoo. This is done in the access map (see the Sendmail
docs.) On a high volume system, it may also be important to recognize
that a long greeting pause directly causes an increase in SMTP session
concurrency.

The feature is a good and useful one, but you must take care in its use.


> FEATURE(`dnsbl', `relays.ordb.org', `571 SPAM MAIL REJECTED from
> $&{client_name} by LINUX-FUER-ALLE.DE powered by ordb.org! Please see
> http://www.ordb.org for details.')dnl

Remove that. ORDB is defunct


> FEATURE(`dnsbl', `relays.visi.com', `571 SPAM MAIL REJECTED from
> $&{client_name} by LINUX-FUER-ALLE.DE powered by relays.visi.com! Please see
> http://relays.visi.com for details.')dnl

Remove that. The Visi Relays list is defunct


> FEATURE(`dnsbl', `blacklist.spambag.org', `571 SPAM MAIL REJECTED from
> $&{client_name} by LINUX-FUER-ALLE.DE powered by blacklist.spambag.org!
> Please see http://www.spambag.org for details.')dnl

Remove that. Spambag is defunct


Each of those defunct DNSBL's in your config can cause greeting delays
possibly beyond your configured greeting pause, and each has a real risk
of being switched to a wildcard without notice if the people getting the
query traffic from inattentive mail admins lose their patience with the
continued useless query traffic.


> Someone any hint to stop this messages?????

You could stop using the 'greet_pause' feature altogether, but that is
likely to be counter-productive.

I would suggest backing off the greet_pause setting to 3000 (3 seconds)
as a start, along with removing the configuration for dead DNSBL's. That
won't stop the messages, but it will reduce the chances of having
legitimate senders cause them by their impatience, which seems to be
happening, e.g.:

> Aug 9 09:42:39 alster172 sendmail[1800]: l797fRmN001800: rejecting
> commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
> Aug 9 09:55:38 alster172 sendmail[2492]: l797sH2Z002492: rejecting
> commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic

That host (mx1.uark.edu) is definitely a legitimate MTA. It's even
running Sendmail. It may be configured with a short greeting timeout
that is causing tit to give up before the greeting.

On the other hand:

> Aug 9 09:56:58 alster172 sendmail[2567]: l797tcQo002567: rejecting
> commands from ews45.everyware.ch [212.71.111.45] due to pre-greeting traffic
> Aug 9 10:03:03 alster172 sendmail[2915]: l7981hHq002915: rejecting
> commands from ip17.164.adsl.wplus.ru [195.131.164.17] due to
> pre-greeting traffic
> Aug 9 10:05:58 alster172 sendmail[3072]: l7984b23003072: rejecting
> commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
> Aug 9 10:06:03 alster172 sendmail[3076]: l7984gHZ003076: rejecting
> commands from p2124-ipbf304obiyama.kumamoto.ocn.ne.jp [122.31.7.124] due
> to pre-greeting traffic
> Aug 9 10:08:25 alster172 sendmail[3231]: l79875sn003231: rejecting
> commands from tr14.bluewin.ch [195.186.19.82] due to pre-greeting traffic
> Aug 9 10:10:03 alster172 sendmail[3349]: l7988ha6003349: rejecting
> commands from mx1.uark.edu [130.184.5.58] due to pre-greeting traffic
> Aug 9 10:12:53 alster172 sendmail[3521]: l798BaP2003521: rejecting
> commands from ogdn-03-223.dsl.netins.net [207.199.240.223] due to
> pre-greeting traffic
> Aug 9 10:13:54 alster172 sendmail[3572]: l798CYKO003572: rejecting
> commands from p1136-ipbf306osakakita.osaka.ocn.ne.jp [221.184.232.136]
> due to pre-greeting traffic

[...]

Those all look like zombie machines rto me. That's the greet_pause
feature doing its intended job.

If you really don't care about those events, you can reduce the LogLevel
setting for Sendmail until they are no longer logged. That is likely to
eliminate things you DO want to have logged, so it seems to me that the
solution is to just ignore the messages you don't care about.

--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>
Current Peeve: People who poke at the trolls and regularly post wildly
offtopic who still think others are being rude by auto-ignoring them