Spam Challenge-Response system

Andy Bradford amb-plugg at bradfords.org
Fri Apr 10 12:53:45 MDT 2009


Thus said Michael Torrie on Thu, 09 Apr 2009 14:44:19 MDT:

> I have noticed, though,  that over the last year or  two more and more
> spam bots are calling back and delivering their spam. Maybe we need to
> combine greylisting with some kind of  tarpit idea. Where we hold onto
> their connection for 30-60 seconds before saying, "try back later."

There are  a number  of things  that help  out in  this respect.  If you
really want to slow down spammers try using something like this:

telnet 166.70.45.22 25

Try talking SMTP to that if you can. :-)

A variant of your holding the connection idea has already been proven to
work:

http://www.armory.com/~spcecdt/spamware/

For example, impose a 10 second wait  for all hosts and a 30 second wait
for all hosts that don't have proper reverse DNS. In addition, there are
other tricks,  like sending an  error if any data  is sent prior  to the
SMTP 220 greeting banner (aka greetdelay). Like this:

telnet 166.70.45.18 25

If you send HELO  before you see the 220 banner you will  not be able to
send me email.

Andy
--
[-----------[system uptime]--------------------------------------------]
 12:50pm  up 52 min,  1 user,  load average: 1.08, 1.02, 1.01



More information about the PLUG mailing list