[plug] anti-spam: anyone using tarpitting successfully?

Wed May 21 15:25:51 WST 2003

> Teergrubing
>
http://www.iks-jena.de/mitarb/lutz/usenet/antispam.html
> 
> qmail patches
> http://www.iidea.pl/~paweln/proj/qmail-patches/
> 
> bogofilter
> http://bogofilter.sourceforge.net/
> 
>
http://www.martiansoftware.com/tarproxy/doc/plugin-api.html
> 
> *amavisd-new, which integrates SpamAssassin (with
> the Bayesian filter)
> as well as virus scanning, as a Postfix
> content-filter in a large system
> http://www.bluestream.org/Networking/LinuxSpam.htm

Hmm, I'll have to investigate some of those. Thanks.

> I think the theory is very interesting, but I have
> some concerns about the practice making not just the
> spammers machine ineffective, but your own as well
> (am I right?).  Anyway I look forward to finding out
> how successful any trial is.

In terms of performance, I wouldn't have thought
there'd be too much trouble. The one I linked to has a
limit that you can specify (default 100 or something)
after which the 100 "spammiest" connections stay
tarpitted, and the rest just go through as normal.

I know that I used to run the LaBrea HTTP tarpit (back
in the CodeRed/Nimda days) on a 2/3s-free /24 with no
noticable performance hit, although granted it doesn't
do anything except answer the initial connection,
whereas this is constantly analysing the incoming
mail.

(Wonder if you could shuffle the actual analysis off
to another (faster) machine in real-time, and if it
would be worth it?)

Andrew

=====
Linux supports the notion of a command line or a shell for the same
reason that only children read books with only pictures in them.
Language, be it English or something else, is the only tool flexible
enough to accomplish a sufficiently broad range of tasks.
                          -- Bill Garrett

http://mobile.yahoo.com.au - Yahoo! Mobile
- Check & compose your email via SMS on your Telstra or Vodafone mobile.