spamd FTW

A while back, I discovered spamd. It’s essentially a fake mailserver whose purpose is to tie up spammers. It throttles down the connection which makes the spammer wait a very long time to actually pass on their message. Once the spammer sends the email to spamd, it then responds to the spammer that there was a problem and to try again later.

It used to be that spammer programs didn’t retry in cases like that. They would just write it off as a failure and move on to the next target. People used this fact against spammers and graylisting was born. In general valid mailservers would retry and spammers wouldn’t, so the trick was just to have your mailserver tell everyone to try again. Valid mailservers would try again in a few minutes and the email would be delivered, while the spammers would simply give up. Email was delayed a few minutes, but it stopped a lot of spam.

In the continual cat and mouse game, spammers realized this and made their programs smarter. They made it so that their spam programs would also retry just like a real mailserver, getting around graylisting. However, that makes them even more vulnerable to spamd. After the spammer finally hands off his message to spamd, he’s told to try again later. Rather than giving up, the spam program tries again later, once again getting caught in the spamd trap.

Annoying spammers with pf and spamd explains how you can set up a pretty fancy system to cause questionable traffic to get routed into a spamd trap, while legitimate mailservers are allowed to deliver mail directly to you. Hitting back at spammers with OpenBSD and spamd is similar, but describes how to set up a blacklist-only spamd to trap connections made to a non-mailserver. You don’t use any filtering or classification, because it’s at an address that shouldn’t get any mail (therefore all connections are spam).

Anyway, spamd has been ported to FreeBSD. I have a FreeNAS box, which is a minimal version of FreeBSD. I was able to get spamd installed on my FreeNAS with those two pages, plus a little Googling. I have to say, it’s pretty neat. I’ll try to get a more complete tutorial up soon, so that others can do this as well. Rather than just neutralizing spam by filtering it, this actually hurts spammers by sucking up their time and keeping them from sending other spam. In the example above, a spammer spent over two hours trying to send a single email. For comparison, bulk emailers brag about being able to send hundreds of emails per minute (one program showed almost 1500 emails sent in 3 minutes). At 500 spams/minute, his spamd just stopped 60,000 spams.

Here is a video (4.4MB, codec) of just how long it takes to send an email to spamd. Because it throttles down the connection, spamd is never really dealing with much of a load. Despite putting a huge dent in the spamming operation, it won’t stress your system. If you have the means to run it, I suggest you do. For spam to stop, it must be made unprofitable. This is a great way to cut into spammer profits.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Note: This post is over 5 years old. You may want to check later in this blog to see if there is new information relevant to your comment.