Javier Albinarrate - LU8AJA

  • Increase font size
  • Default font size
  • Decrease font size

ThASSP: Threaded AntiSpam SMTP Proxy

Thursday, 24 July 2008 22:25 Javier Albinarrate
Print

A long time ago I used and collaborated with the ASSP project. It is a PERL SMTP proxy with a zillion features. The most important being, blacklist, whitelists, SPF, bayesian filters, greylisting, etc...

The software had basically two problems.

  • It is single threaded, with a huge loop which does a SelectIO to select the socket. This leads to a horrible performance, and it just collapses above 50k mails per day.
  • It is programmed in a horrible (old perlish) style, making any change or bugfix extremely hard to do.

The software did not work when loaded... and while it worked when not loaded I realized that by having greylisting and perhaps one or two more features, I was already blocking all the SPAM without false positives. So in short I neded something with a lot less features, and a lot more robust. Specially without Bayesian Filters which are the biggest possibility of a false positives and what takes more resources.

So I ended up writting my own proxy from a scratch using PERL Threads.

Features:

  • MultiThreaded The most important feature! 
  • Blacklist
  • Whitelist
  • Greylisting: The first delivery tries within N minutes (embargo time) are rejected temporally. After that time the email is accepted and the IP is whitelisted for D days. Typically SPAM senders do not retry the emails if they fail, while SMTP server must do it as per specs.
  • SPF: Sender Policy Framework
  • Tarpit: If an IP fails to deliver M emails in T time, every command it sends, gets delayed for S seconds.
  • AutoBlacklist: If an IP fails to send M emails in T time (like wrong TO addresses), it gets blocked for N hours
  • Traps: If certain honeypot emails receive an email from a given IP, this IP gets blocked for N hours.
  • PCRE Filters: Perl Compatible Regular Expressions for Subject, Headers and Body
  • Attachment filtering
  • Dynamic PTR detection: To avoid receiving emails from dynamic IPs
  • HELO FQDN validation
  • Logs to MySQL
  • SMTPAuth recognition
  • Multiple Domains and IPs
  • Telnet administration: OK, it is not as easy as a webpage, but I had no time to implement it as a webpage.

For sure, there are more features that I don't remember right now. I had it working for about 2 years now and I am REAAAAALY happy with it.

Some stats relative to all email attempts (for a 10 day period):

  • 24.98%  Blocked by SPAM Trap
  • 23.62%  HELO Invalid
  • 15.78%  Tarpit/Autoblacklist  
  • 15.78%  Unknown User          
  •   5.94%  Delaying/Greylisting  
  •   3.87%  Connection aborted    
  •   1.09%  Relay attempt         
  •   0.56%  SPF Fail & Softfail   
  •   1.72%  Other                 
  •   6.66%  Legitimate (Delivered) 

I used to get hundreds of SPAM per day. Today I only get 1 or 2 per day.

As soon as I have some time I plan to post the software here. For enquiries, just email me from the contact page.

 

< Prev   Next >
Last Updated on Tuesday, 11 November 2008 13:09  

Google Translate

English French German Italian Portuguese Spanish