On the Spam Problem...

As I wrote about elsewhere, one of the best open source tools available to a mail administrator’s arsenal of anti-spam tools is qpsmtpd, which is merely a frontend inbound mail server which needs a fully-functional mail server like qmail, sendmail, exim, or postfix for outbound delivery. What qpsmtpd does is very similar to what httpd did for webservers: it introduces customizable hooks into each phase of the SMTP session.

The single best plugin for qpsmtpd, although it is difficult to understand why, is the earlytalker plugin. What earlytalker does is put qpsmtpd to sleep for a configurable amount of time, listening on the socket (via select(2)) for non-RFC-compliant “early” communications coming from the other end of the socket (qpsmtpd typically forks a server for each inbound connection so it’s only that kid process sleeping in select(2)). If it sees any input on the connection it simply drops the connection after issuing an appropriate 4xx or 5xx response, depending on the mail administrator’s tastes.

Why is such a simple tool so powerful in the admin’s arsenal? Because it introduces mandatory delays for each mail connection, which as it turns out hits most spammers where they can measure it, in terms of tying up their mail delivery agent from dealing with the rest of their queue. It is important to realize that spammers are running a business, many of whom have no direct interest in the contents of what they deliver. They get paid for managing a sophisticated, and typically illegal, (zombie) network of sending agents, and will provide delivery services for any client with the cash to cover its use plus profits. Many of them make annual incomes well above mine or yours :-).

There are more sophisticated approaches to be sure, like only delaying messages from “untrusted” senders, but you can go a lot farther than that if your server has that kind of knowledge available to it. But in terms of bang for the buck, running earlytalker with a substantial delay of up to 30 seconds will drive spammers off your servers for good. Promise.

$Date: 2020-08-03 13:07:11 -0400 (Mon, 03 Aug 2020) $