Add SMTP HELO/EHLO delay

Need help? Ask here.

Moderator: Moderators

Post Reply
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Add SMTP HELO/EHLO delay

Post by Black20VT »

Hi,

Unless I've missed it, is it possible to add an SMTP HELO/EHLO delay?

Thanks,

Chris.
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

It isn't, but it's something we can look in to. Are you just looking for an option to add a delay in responding to HELO/EHLO, or something more complex?
Technical Support support@rollernet.us
Roller Network LLC
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

glendale2x wrote:Are you just looking for an option to add a delay in responding to HELO/EHLO, or something more complex?
Just a simple option to add a delay.

Any idea if this will be easy to implement and if so, when it could possibly be available?

I use it on my primary mail server and find a lot of SPAM bots give up if they don't get an instant response :lol:

Although, Tarpitting will be a 'nice to have' in the future. :wink:
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We do simple simple flood control on a global level, such as when a client sends too many RCPT TO commands that look like a dictionary attack.
Technical Support support@rollernet.us
Roller Network LLC
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

glendale2x wrote:We do simple simple flood control on a global level, such as when a client sends too many RCPT TO commands that look like a dictionary attack.
Ah ok, that's perfect then.

Just the delay would be brilliant :wink:
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

A configuration option for "HELO/EHLO Response Delay" has been added to the account control center. It can be found under a new "Advanced Options" section in the mail domain settings, which can be accessed by clicking on a domain name in the mail services section.

This feature is not yet active in the filter core, but you can configure the settings now and they will take effect with the next filter core upgrade.
Technical Support support@rollernet.us
Roller Network LLC
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

Superb, thanks glendale2x for looking into that and setting it up so promptly! It's a great feature and will hopefully reduce SPAM to your servers! Any idea when the new filter core upgrade is planned?

Also, any further news on setting up a higher level fake MX record?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Well, we're still trying to work out a final bug... the problem is that we don't know what filter settings to apply until we get a recipient address, and HELO comes before that. We could proxy buffer incoming connections, but that only works for non-TLS sessions. We can, quite easily, introduce a delay after each (or first only, or make it an option to delay first or all) RCPT TO command, if that's an acceptable substitute.
Technical Support support@rollernet.us
Roller Network LLC
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We currently have this implemented as a RCPT TO delay; I'm not seeing a solution short of introducing a proxy in front of the SMTP session. I'd prefer not to do that since it adds complexity to the system and a failure point.
Technical Support support@rollernet.us
Roller Network LLC
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

Hi glendale2x

I've sent you a PM with a mail log showing where my server adds the delay. Don't know if it's of any use, but thought I'd send it over anyway :wink:

Keep me posted :D
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Well, we can't do it with the current way our content filter works. We might be able to do it with the Postfix Milter-style interface, but that'll take some work to do. (Postfix 2.3 added milter support; we've been using 2.2 until recently.) We're looking at the Milter interface for other reasons, such as less resource usage, so if it's possible we'll do it.
Technical Support support@rollernet.us
Roller Network LLC
Post Reply