Ikonoklast
Home » Archives » 2023 » 01  

On the Spam Problem...

[ARCHIVED] Senast uppdaterad av Joe Schaefer den Sun, 29 Jan 2023    källa

 

As I wrote about elsewhere, one of the best open source tools available to a mail administrator’s arsenal of anti-spam tools is qpsmtpd, which is merely a frontend inbound mail server which needs a fully-functional mail server like qmail, sendmail, exim, or postfix for outbound delivery. What qpsmtpd does is very similar to what httpd did for webservers: it introduces customizable hooks into each phase of the SMTP session.

The single best plugin for qpsmtpd, although it is difficult to understand why, is the earlytalker plugin. What earlytalker does is put qpsmtpd to sleep for a configurable amount of time, listening on the socket (via select(2)) for non-RFC-compliant “early” communications coming from the other end of the socket (qpsmtpd typically forks a server for each inbound connection so it’s only that kid process sleeping in select(2)). If it sees any input on the connection it simply drops the connection after issuing an appropriate 4xx or 5xx response, depending on the mail administrator’s tastes.

Why is such a simple tool so powerful in the admin’s arsenal? Because it introduces mandatory delays for each mail connection, which as it turns out hits most spammers where they can measure it, in terms of tying up their mail delivery agent from dealing with the rest of their queue. It is important to realize that spammers are running a business, many of whom have no direct interest in the contents of what they deliver. They get paid for managing a sophisticated, and typically illegal, (zombie) network of sending agents, and will provide delivery services for any client with the cash to cover its use plus profits. Many of them make annual incomes well above mine or yours :-).

There are more sophisticated approaches to be sure, like only delaying messages from “untrusted” senders, but you can go a lot farther than that if your server has that kind of knowledge available to it. But in terms of bang for the buck, running earlytalker with a substantial delay of up to 30 seconds will drive spammers off your servers for good. Promise.

@joe=

#anti-spam   #Apache::Qpsmtpd   #earlytalker   #exim   #postfix   #qpsmtpd   #sendmail  

 

         

Kommentarer

Index

 

- [Roligt med htop](/archives/2023/01/fun-with-htop.html.sv) &mdash; Advanced htop Features on Popular Unix Platforms ... <small><em>Thu, 19 Jan 2023</em></small>

 

- [Git och non repudement](/archives/2023/01/git-and-non-repudiation.html.sv) &mdash; There is a clear distinction between the "commit" history and the "upload" history ... <small><em>Fri, 03 Jan 2025</em></small>

 

- [Informationssäkerhet - introduktion](/archives/2023/01/infosec.html.sv) &mdash; All data originating from a runtime UNIX **system call** should be treated as **tainted** ... <small><em>Thu, 19 Jan 2023</em></small>

 

- [Utskickslistor](/archives/2023/01/mailing-lists.html.sv) &mdash; These temporary addresses are anathema to `ezmlm-idx`'s subscription and moderation systems ... <small><em>Thu, 19 Jan 2023</em></small>

March 2020 COVID-19

- [Exponentiell tillväxt och COVID-19](/archives/2023/01/power.html.sv) &mdash; Take your time with **the math** section &mdash; it's important to being an educated consumer of statistics relevant to the current pandemic ... <small><em>Thu, 06 Mar 2025</em></small>