The idea we've been discussing is basically using traffic shaping within ASSP.
As in, any unknown SMTP server connects at an administratively set throttle. As the session progresses, ASSP would make a determination if the server is friend or foe. Tarpitting, but sort of up from. I jokingly called it honeypitting.
The principle is that if the server earns a Bayesian score based upon emails sent. The higher the spam score, the harder the throttle.
White listed SMTP servers, domains, and from addresses immediately open up.
As well, ASSP would monitor existing connections, and drop off the offending connections as needed.
All thresholds would be administratively set.
As well, we discussed SMTP agents. Basically, any non SMTP machine connected to on port 25 would report to a master server, and the ip would be "flagged." Perhaps for a time period, but that should be administratively set also.
We talked about using a private IM network, so SMTP servers (ASSP being the one of discussion) would get real time "heads up" alerts that someone is trying to spam.
Ultimately, either we have to absorb the spammers efforts, or throw our own resources at solving the problem.
Tarpitting is extremely interesting, and if used on a grand scale could be very effective.
But with a guilty until proven innocent, it's not much different than caller ID. Anyone can connect, but it's going to be slow until I'm sure I like you, then I'll hustle you through.
If it's legitimate email, adding an additional 30 or 45 seconds to transmission time shouldn't matter. If it does, then your users are spoiled and you should throttle their connection anyway. (just kidding)
Too easily foiled, but fun to think about, is if we all "pre-emptively" sent unsubscribe / abuse / postmaster complaint emails. Imagine if when a spammer tried to spam my server, me and 65,000 of my friends all connected back @ 1kbps to "unsubscribe". Too bad they don't use SMTP servers and firewalls could block it. It's a DOS of spammers. My servers would say: a.b.c.d is spamming me, here's the body of the msg: <text>. And if it scores .9 on your server, you could connect and say "I don't want to receive email from you, thanks anyway!" Basically "shouting down" the UCE sender. No DOS really, if he's legitimate, he's whitelisted or will remove me from his list. If the spammer doesn't put in the infrastructure for massive response from this target audience, it's not my fault. That's business. It's like having a site and getting slashdotted.
he heh <evil grin>
Maybe we pull via real expression any email addresses and send automatically send an unsubscribe email, or one for every possible dictionary iteration for our domain? [EMAIL PROTECTED] Subject "UNSUBSCRIBE" through [EMAIL PROTECTED] Subject "UNSUBSCRIBE" ?
I'd like to see them parse those out. Have a database of "unsubscribe" letters, perhaps randomly generated? ROFL!
Or robots that constantly request more information, and use the email addresses from other spammers? That's an interesting thought..
Ok, now I'm just getting sadistic.
Best and happy hunting, Chris
Ralph Gerstmann wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi,
i have thought abought spam-fighting since a long time. One of the best tools i found was http://labrea.sourceforge.net/. but you can only use it for tarpeting spammers on ip-adresses NOT running productive SMTP-Servers. (I advise enybody to use this tool on free IP-Adresses, NOT running SMTP Servers. This should slow down Spammers.)
But since i am running a productive service, i decided to use ASSP some months ago. since 2 weeks i have a running proxy. its really great. thx a lot, john. ... but i wanted to do more. i wanted to marry features of both of them. So what i first needed, was a multithreaded version of ASSP. I checked the source. This can't be done in a trivial way. So i just made one function use a subprocess - the function that sends the error-message to the spammer. using just simple 60 sec. delay proved me, that spammers are not willing to wait more than a view seconds for us to respond to their spam.
so i ended in adding 2x1 seconds of delay. you can try 2x2 seconds. this is not much, but at least a bit, it should lower their throuput a lot, if this delay is integrated in the next version of ASSP. 2x5 seconds is definetely too much, they will drop the line, before they receive our smtp-error.
just modify function error and/or the function rejecting unwanted relay-mails like this:
# ignore what's sent & give reason at the end. sub error { my($fh,$l)[EMAIL PROTECTED]; d(29); my $this=$Con{$fh}; if( $l=~/^\.[\r\n]*$/ || defined($this->{bdata}) && $this->{bdata}<=0) { { my $pid; if (!defined($pid = fork)) { mlog("fork not possible: $!"); } elsif ($pid) { done2($fh); wait; return; } done2($this->{friend}); sleep(1); print $fh $this->{error}."\r\n"; sleep(1); done2($fh); exit(0); } } }
I also wrote a small Plugin for http://www.squirrelmail.org/ to allow the end-user to switch between normal and spamlover-mode
just ask me for this. for now its just a nasty hack, without internationalization. but if you ask for it, i might make this a real nice and documented plugin...
i have written a german documentation for endusers of SQ. http://gerstmann.net/nospam.php maybe s.o. wants to translate it and feed id back into SQ? (i am too busy the next 2 months) (doesn't make much sense, since its dependent on local law (fuck lawers and politicians))
Best regards. Ralph Gerstmann
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAMUyxMC85GhrzSjURAn5dAJ4wpXhHhtrHx62uE5tRGwadG9nutACfUFiC +6YweLcIdEMqzB2o5ZQuih4= =A+FK -----END PGP SIGNATURE-----
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Assp-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
