Reducing Spam with SMTP Validation on Postfix 2

Posted by Bill McGonigle Wed, 06 May 2009 14:50:00 GMT

This is a neat enhancement to postfix for reducing spam by attacking its economics: making sure it speaks SMTP properly.

A spammer gets paid by the message delivered. So, it's in his interest to flood them out as quickly as possible. Because of this, they rarely implement mailers which negotiate the SMTP connection politely - they simply open the TCP connection and start sending.

When an SMTP client doesn't respect the proper-back-and forth postfix expects, it'll flag it as unauthorized 'pipelining' - for example when multiple messages are sent in succession, but which would otherwise be OK.

We can take advantage of this by forcing the issue, and increasing the odds a spammer will make this mistake by waiting just a second between establishing the TCP connection and telling the spammer we're ready to take mail. A loaded mail server may behave this way anyway, so it's not outside the norm and the resource consumption is minimal, but it attacks the economics of spamming.

In your main.cf file, you would add to smtpd_client_restrictions something like this:

          smtpd_client_restrictions =
                  permit_sasl_authenticated,
                  permit_mynetworks,
                  check_client_access hash:/etc/postfix/access-client,
                  sleep 1,
                  reject_unauth_pipelining

We accept all of our own users' connections (interactive ones, perhaps) right away, and if the sender is totally unknown to us, we wait for just a second. Then we reject any unauthorized pipelining. The log will show something like this:

May 6 10:49:00 mailhub postfix/smtpd[8965]: NOQUEUE: reject: RCPT from unknown[10.1.2.3]: 403 4.5.0 spamtarget@example.com: Recipient address rejected: Improper use of SMTP command pipelining

when the spammer attempts to just send.

It's worth noting that this method may not scale to very large installations, as those one second delays may be too much. But for the average-sized postfix install, it can make yet another dent in the spam deluge. Where it does consume 'too many' resources, one must weight the cost of computing resources vs. the time cost of dealing with yet another spam.

del.icio.us:Reducing Spam with SMTP Validation on Postfix digg:Reducing Spam with SMTP Validation on Postfix reddit:Reducing Spam with SMTP Validation on Postfix spurl:Reducing Spam with SMTP Validation on Postfix wists:Reducing Spam with SMTP Validation on Postfix simpy:Reducing Spam with SMTP Validation on Postfix newsvine:Reducing Spam with SMTP Validation on Postfix blinklist:Reducing Spam with SMTP Validation on Postfix furl:Reducing Spam with SMTP Validation on Postfix fark:Reducing Spam with SMTP Validation on Postfix blogmarks:Reducing Spam with SMTP Validation on Postfix Y!:Reducing Spam with SMTP Validation on Postfix smarking:Reducing Spam with SMTP Validation on Postfix magnolia:Reducing Spam with SMTP Validation on Postfix segnalo:Reducing Spam with SMTP Validation on Postfix
Trackbacks

Use the following link to trackback from your own site:
http://blog.bfccomputing.com/articles/trackback/4806

Comments

Leave a response

  1. glen.page@thet.net 36 minutes later:

    Would TA fit your definition of an "average-sized postfix install"? If yes, is this something we might implement in addition to or in place of the grey-listing?

  2. Bill McGonigle about 2 hours later:

    'Large' is probably north of 10 messages a second.

Comments