Has anyone gotten a newer version of OpenBSD's spamd than the one in ports going? I'm cvsupping my ports tree now but since I didn't see an update on the cvs server I'm assuming 3.7 is the latest version. Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or stutter at all connections for a configurable period of time. I understand that stuttering for the first few seconds of the SMTP dialog causes many spammers to go away before even generating a greylisting tuple. It's something I'd like to try and see for myself and it will be fairly easy since my primary MX is behind an OpenBSD firewall. However, my secondary MX is a FreeBSD box with no such protection and I fear that the spammers will just take advantage of the fact that my secondary MX has weaker protections than my primary. -- Chris
--- Christopher Hilton <chris@vindaloo.com> wrote:> Has anyone gotten a newer version of OpenBSD's spamd than the one in > ports going? I'm cvsupping my ports tree now but since I didn't see > an > update on the cvs server I'm assuming 3.7 is the latest version. > > Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or > stutter at all connections for a configurable period of time. I > understand that stuttering for the first few seconds of the SMTP > dialog > causes many spammers to go away before even generating a greylisting > tuple. It's something I'd like to try and see for myself and it will > be > fairly easy since my primary MX is behind an OpenBSD firewall. > However, > my secondary MX is a FreeBSD box with no such protection and I fear > that > the spammers will just take advantage of the fact that my secondary > MX > has weaker protections than my primary.Yes, best practice is to configure all MX servers in the same way. Especially so if you plan to give spam servers a punch in the face (stuttering, greylisting, etc). I am also interested in spamd but will not use it because I do not have control of the other mailservers. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Christopher Hilton <chris@vindaloo.com> wrote:
> Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or
> stutter at all connections for a configurable period of time. I
> understand that stuttering for the first few seconds of the SMTP dialog
> causes many spammers to go away before even generating a greylisting
> tuple.
What does stuttering mean? Is it similar to sendmail's
"greet_pause" feature?
The greet_pause feature is quite useful. It causes sendmail
to wait for a configurable amount of time (5 seconds is a
good value) between accepting the connection and sending its
initial SMTP greeting line. If it receives _anything_ from
the remote side during that time, no mail is accepted from
this connection.
Many spammers use botnets with very simple software that
doesn't really speak SMTP, but simply opens connections to
port 25 and sends fixed strings without paying attention to
what the server responds. Those are catched and disabled by
the "great_pause" feature. Indeed, no greylisting tuples
are generated because no MAIL/RCPT is accepted from the
connection.
> It's something I'd like to try and see for myself and it will be
> fairly easy since my primary MX is behind an OpenBSD firewall. However,
> my secondary MX is a FreeBSD box with no such protection and I fear that
> the spammers will just take advantage of the fact that my secondary MX
> has weaker protections than my primary.
In fact, it seems that spammers prefer sending to secondary
MX servers because they assume that they're less protected
that the primary MX servers.
For that reason you should always put the same protection
on both primary and secondary servers. If you use a backup
MX that doesn't do greylisting, then spam will leak through
it to your primary (which has to trust the secondaries).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"FreeBSD is Yoda, Linux is Luke Skywalker"
-- Daniel C. Sobral
Christopher Hilton wrote:> Has anyone gotten a newer version of OpenBSD's spamd than the one in > ports going? I'm cvsupping my ports tree now but since I didn't see an > update on the cvs server I'm assuming 3.7 is the latest version. > > Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or > stutter at all connections for a configurable period of time. I > understand that stuttering for the first few seconds of the SMTP dialog > causes many spammers to go away before even generating a greylisting > tuple. It's something I'd like to try and see for myself and it will be > fairly easy since my primary MX is behind an OpenBSD firewall. However, > my secondary MX is a FreeBSD box with no such protection and I fear that > the spammers will just take advantage of the fact that my secondary MX > has weaker protections than my primary. >A casual attempt to compile a fresher copy of the software shows that spamd is using the OpenBSD's reentrant syslog functions (syslog_r, openlog_r, etc) Is FreeBSD's syslog already reentrant? -- Chris