[Gllug] Spam

Russell Howe rhowe at siksai.co.uk
Mon Oct 17 12:07:44 UTC 2005


On Sat, Oct 15, 2005 at 12:33:48PM +0100, Robert Newson wrote:
> [spam] still has to cross the i/net to get to your smtp server, eating up 
> that bandwidth, and processing power on the relays on the way.

>From what I've seen, most spam (and virtually all virii) don't relay
themselves via intermediaries, instead sending themselves directly to
the MX listed for the domain, so this (currently) doesn't seem like much
of an issue (not that I'm saying it isn't worth thinking about).

It's unfortunate, however, that creating and sending spam is much
quicker than checking a message's spamminess. Tarpitting is probably
useful here to try and reduce the rate of spam hitting a mail server.
i.e. if a message looks like spam, instead of refusing it and closing
the connection, slow down the rate of data transfer in order to hold the
connection open as long as possible. This will eat resources on both
sides (maintaining a TCP connection requres some work in the kernel -
maintaining thousands/tens of thousands requires quite a lot, I'd
imagine).

Assuming (and this is possibly an invalid assumption) that a spam bot
will only open a certain number of concurrent connections to a mail
server, this should reduce the transmission rate of spam quite
significantly (both in numbers of messages, and bandwidth consumed).
The only problem I can see is where a legitimate host (e.g. your backup
MX) is relaying significant quantities of spam, being tarpitted as a
result and is reaching its connection limit.

Really, the best method at the moment would seem to be for as many mail
servers as you can, get them to refuse spammy mail at SMTP time, and try
to share as much information as possible between them to help them learn
about new messages (be it fodder for the bayesian filters or whatever).

-- 
Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list