spamhole - The Fake Open SMTP Relay
News
Date |
News |
2003.12.10 |
Reference Implementation Version 0.5 is now available!
This is almost a complete code rewrite. The reference implementation now behaves much closer to spec. The SMTP traffic is no longer passed
through to a real SMTP server, spamhole emulates a lightweight SMTP server itself. Also, there is no longer an option to redirect the spam
messages to a defined address. I was primarily using this feature for statistics collection, and I plan to implement a more elegant way to
do this than by redirecting the message. If you prefer the older behavior, grab 0.4 from the FTP site.
|
|
|
2003.12.10 |
Reference Implementation Version 0.4 is now available!
This version includes a patch provided by Kees Cook @ Open Source Development Lab which added support for binding to a defined network address
as well as cleaned up the compiler warnings. Also included is a startup script provided by John Delisle for RedHat-ish distro users. It can be
found in the contrib directory in the distribution package.
|
|
|
2003.12.09 |
We've been slashdotted! Although maybe
a bit prematurely. We've still got many design issues and implementation issues to tweak before spamhole will be as effective as it can be. For
example, we may have been giving the spammers too much credit thinking they'll test open relays before using them. Setting your 'good' session
threshold to 0 seems to work just as well, and this prevents ALL messages from being propely delivered.
To address some of the issues I've seen in the slashdot thread:
* If you don't want to allow any messages to get through, set your threshold to 0. This has now become the default due to the observation noted
above.
* The proper way for a spamhole to act is to drop the message as the spamhole recieves it, and not redirect it anywhere. This cuts down on wasted bandwidth
and legitimate mail server load. My reference implementation piggy-backs on a real smtp server because it is meant to be a proof-of-concept and
was hacked together in about 3 hours.
* A common misconception seems to be that this is indended to be a real mail server or a kind of spam-detection or content filter. It is NOT.
spamhole is intended to be a FAKE open relay, and it should never have anything at all to do with legitimate email services. It's akin to a honeypot.
|
|
|
spamhole Implementations
Implementation |
Author |
Platform(s) |
Download |
spamhole - Reference Implementation |
I)ruid |
Linux, possibly others |
SourceForge.net |
|
|
|
|
A Short Message About This Project
spamhole is an open project. Hopefully, through user's and
developer's contributions, we will amass a collection of
spamhole implementations spanning all commonly used platforms,
programming languages, etc. Ease of configuration and use
are the primary objectives, for the easier to use by the
non-techical layperson the implementations are, the more
widely adopted and used spamhole will become. Users should
feel that they can do their part in the fight against spam by
running an easy to use and configure spamhole. Of secondary
importance are additional features which may or may not
be common to all implementations. Please join the developer
mailing list for further discussion!
Theory & Methodology
Many spammers constantly search for open SMTP relays, or mail
servers that will allow anyone to send e-mail through them.
Using these servers, they send mass amounts of unsolicited bulk
mail (SPAM). Most diligent mail admins on the Internet these
days do not run open relays, however there are many out there
that still do. Many viruses and trojans are beginning to appear
that turn an unsuspecting cablemodem or DSL user's computer
into an open relay without the user's knowledge. The most common
way for spammers to find these open relays is for the virus or
trojan to report it's existance directly to them, or by
methodically scanning netowrks looking for them. This project
hopes to make the latter method a waste of time and effort.
To accomplish our goal, we take the chaff approach. By creating
as many false 'open relays' on the Internet as possible, we hope
to make the detection and use of a real open relay as much of a
chore as we can, as well as waste as much time and effort as we
can of any spammers that find and use our spamholes as if they
were real open relays. To accomplish this, we take a rather
simple approach:
When an SMTP client connects to our spamhole, the spamhole will
emulate an SMTP open relay, happily accepting any email messages
that the client wishes to send to it, however rather than
actually delivering the messages, it will silently drop them.
Mailing Lists
Related Links
|