What's worse (for spammers) is that spamd, after wasting all that time, never does allow the spam email through to the real SMTP server. Instead, it sends back a 450 "mailbox busy" message. The spammer retries, and retries, and retries, getting stuck in the tarpit every time. I had one spammer that kept retrying -- and repeatedly getting stuck in my trap -- for a day and a half, and never once was that spammer able to actually transmit the spam message to me.
Tarpitting can be implemented for senders on the same SPEWS/Spamhaus blacklist that you're likely using with a different antispam tool. Spamd's default configuration automatically tarpits the following IP addresses:
* any IP netblocks in either the SPEWS Level 1 or SPEWS Level 2 lists
* any IP netblocks in China
* any IP netblocks in Korea
The reason for the SPEWS lists is obvious. China and Korea are blocked because so many spam email servers are located in those two countries, and their ISPs and governments don't seem to have any interest in getting rid of them. I also have added all of Russia's IP netblocks to my configuration, for the same reasons.
If you need to direct non-spammers who are in a blacklisted network past spamd, you can add their mail servers to a permanent whitelist that gets processed before any greylisting or blacklisting occurs. This allows their mail servers to bypass the greylisting and blacklisting functions and go straight to your real mail server.
There's one other handy thing that spamd can do for us. Spamd can optionally monitor your mail logs and automatically whitelist the destination email servers of anyone to whom you send email.
Another additional optional feature of greylisting with OpenBSD is something called greytrapping. Spammers "harvest" anything that looks like an email address from Web pages throughout the Internet, looking for potential victims. If you post a fake email address on your site that does not actually exist on your real email server, you'll know that if someone tries to send email to that fake email address, it's a spammer. Spamd checks the recipient in the SMTP "RCPT TO:" information against a list of fake recipient email addresses that you've previously told it to watch for. If it sees fakeaddress@mydomain.com, it immediately tarpits the mail server's IP address.
There's not much not to like in spamd. How do you get it to work? We'll tackle that tomorrow.
阅读(943) | 评论(0) | 转发(0) |
