Ikonoklast
Home » Archives » 2024 » 04  

On the Spam Problem...

[ARCHIVED] Zuletzt aktualisiert von Joe Schaefer auf So., 29 Jan. 2023    Quelle

 

As I wrote about elsewhere, one of the best open source tools available to a mail administrator’s arsenal of anti-spam tools is qpsmtpd, which is merely a frontend inbound mail server which needs a fully-functional mail server like qmail, sendmail, exim, or postfix for outbound delivery. What qpsmtpd does is very similar to what httpd did for webservers: it introduces customizable hooks into each phase of the SMTP session.

The single best plugin for qpsmtpd, although it is difficult to understand why, is the earlytalker plugin. What earlytalker does is put qpsmtpd to sleep for a configurable amount of time, listening on the socket (via select(2)) for non-RFC-compliant “early” communications coming from the other end of the socket (qpsmtpd typically forks a server for each inbound connection so it’s only that kid process sleeping in select(2)). If it sees any input on the connection it simply drops the connection after issuing an appropriate 4xx or 5xx response, depending on the mail administrator’s tastes.

Why is such a simple tool so powerful in the admin’s arsenal? Because it introduces mandatory delays for each mail connection, which as it turns out hits most spammers where they can measure it, in terms of tying up their mail delivery agent from dealing with the rest of their queue. It is important to realize that spammers are running a business, many of whom have no direct interest in the contents of what they deliver. They get paid for managing a sophisticated, and typically illegal, (zombie) network of sending agents, and will provide delivery services for any client with the cash to cover its use plus profits. Many of them make annual incomes well above mine or yours :-).

There are more sophisticated approaches to be sure, like only delaying messages from “untrusted” senders, but you can go a lot farther than that if your server has that kind of knowledge available to it. But in terms of bang for the buck, running earlytalker with a substantial delay of up to 30 seconds will drive spammers off your servers for good. Promise.

@joe=

#anti-spam   #Apache::Qpsmtpd   #earlytalker   #exim   #postfix   #qpsmtpd   #sendmail  

 

         

Kommentare

Index

 

  • Die Bewegung DevOps — The big idea behind the “movement” is not simply giving developers more rope … Fr., 15 Dez. 2023

 

  • Spaß mit htop — Advanced htop Features on Popular Unix Platforms … Do., 19 Jan. 2023

 

  • Git und Non Repudation — There is a clear distinction between the “commit” history and the “upload” history … Fr., 03 Jan. 2025

 

 

  • Verteilerlisten — These temporary addresses are anathema to ezmlm-idx‘s subscription and moderation systems … Do., 19 Jan. 2023

 

  • Anwendungsperformance — Many developers fall in to the trap of thinking performance optimization is about making each line of code as as efficient as possible … Di., 23 Apr. 2024

March 2020 COVID-19

  • Exponentielles Wachstum und COVID-19 — Take your time with the math section — it’s important to being an educated consumer of statistics relevant to the current pandemic … Mo., 30 Jan. 2023

NonFunctional Tests