The way the SMTP protocol is constructed, the client opens a connection and waits for a welcome banner before sending data. If the connection is tarpitted immediately, then the client never receives the welcome banner and never gets tarpitted, and will (presumably) exit after a short wait for the banner.
True, any sane SMTP client would work this way. The one I was facing had gotten past that point and was at the RCPT TO phase.
The interesting thing about the TARPIT netfilter target is that it can be applied to an existing connection. It doesn't need to be part of a custom application. The one cost I'd have is a stalled sendmail child (presumably swapped out), but for low-frequency stuff like this I could live with that.
