I'm not sure I want to do "true" tarpitting, I want the spam to get through eventually (just in case its not), just way after the legitimate stuff.
True tarpitting will allow the E-mail through. The idea is that it will have to wait a long, long time -- something that a legitimate mailserver will do, but most spammers will not.
If you're looking at under a minute per SMTP command, non-traditional tarpitting (simple delays) will work. But after about 30 seconds or so, some legitimate mailservers will disconnect.
For hours/days, traditional tarpitting would be required.
I use Netscreen firewalls and their technical info says throttling to less than 10kbps risks dropping the connection. The idea would be to slow it down enough to:
Hmmm... 10kbps is just slightly less fast than a 14.4Kbps modem. At 10kbps, at 1400 byte packet (close to the maximum packet size usually seen) would take about a second and a half to transfer. That isn't going to cause any timeouts in SMTP.
On the other hand, that isn't going to cause any real delays, either. A short text spam could be transferred in less than 5 seconds at 10kbps. I don't think that short of a delay would cause the spammer any problems, and I doubt it would provide you with any benefit.
1) Give priority to non spam
2) Push spam back in time to momment of low server load
3) Make spammers sending less effecient
Would throttling to 15kbps be slow enough to still make a difference?
Unfortunately, I think that it would have to go down to about 1kbps to start to make a difference (at that rate, it would take perhaps 30 seconds to transfer a short spam, or 10+ minutes for a large HTML spam). Even at a minute or so, you really aren't tying up much of the spammers resources.
The original idea behind tarpitting was that the sending server (probably an open relay, when the idea came about) was that if a lot of people were doing tarpitting, it would tie up enough of the resources on the sending server to significantly slow down the spam for others. For example, if an IMail server was used to send spam, and it hit 30 servers running tarpitting, it would almost entirely block the outgoing spam.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
