I)ruid, C˛ISSP

home papers projects code e-zines speaking social gaming files cau
Contact
druid (@) caughq (.) org ( GPG Key )
602.466.6006 x2600

Chat

IRC: FreeNode: I}ruid
IRC: EFNet: I}ruid
SILC: CompSec: I)ruid
AIM: CAUDruid

spamhole - The Fake Open SMTP Relay

News

Date News
2003.12.10 Reference Implementation Version 0.5 is now available!

This is almost a complete code rewrite. The reference implementation now behaves much closer to spec. The SMTP traffic is no longer passed through to a real SMTP server, spamhole emulates a lightweight SMTP server itself. Also, there is no longer an option to redirect the spam messages to a defined address. I was primarily using this feature for statistics collection, and I plan to implement a more elegant way to do this than by redirecting the message. If you prefer the older behavior, grab 0.4 from the FTP site.

2003.12.10 Reference Implementation Version 0.4 is now available!

This version includes a patch provided by Kees Cook @ Open Source Development Lab which added support for binding to a defined network address as well as cleaned up the compiler warnings. Also included is a startup script provided by John Delisle for RedHat-ish distro users. It can be found in the contrib directory in the distribution package.

2003.12.09 We've been slashdotted! Although maybe a bit prematurely. We've still got many design issues and implementation issues to tweak before spamhole will be as effective as it can be. For example, we may have been giving the spammers too much credit thinking they'll test open relays before using them. Setting your 'good' session threshold to 0 seems to work just as well, and this prevents ALL messages from being propely delivered.

To address some of the issues I've seen in the slashdot thread:

* If you don't want to allow any messages to get through, set your threshold to 0. This has now become the default due to the observation noted above.
* The proper way for a spamhole to act is to drop the message as the spamhole recieves it, and not redirect it anywhere. This cuts down on wasted bandwidth and legitimate mail server load. My reference implementation piggy-backs on a real smtp server because it is meant to be a proof-of-concept and was hacked together in about 3 hours.
* A common misconception seems to be that this is indended to be a real mail server or a kind of spam-detection or content filter. It is NOT. spamhole is intended to be a FAKE open relay, and it should never have anything at all to do with legitimate email services. It's akin to a honeypot.

spamhole Implementations

Implementation Author Platform(s) Download
spamhole - Reference Implementation I)ruid Linux, possibly others SourceForge.net

A Short Message About This Project

spamhole is an open project. Hopefully, through user's and developer's contributions, we will amass a collection of spamhole implementations spanning all commonly used platforms, programming languages, etc. Ease of configuration and use are the primary objectives, for the easier to use by the non-techical layperson the implementations are, the more widely adopted and used spamhole will become. Users should feel that they can do their part in the fight against spam by running an easy to use and configure spamhole. Of secondary importance are additional features which may or may not be common to all implementations. Please join the developer mailing list for further discussion!

Theory & Methodology

Many spammers constantly search for open SMTP relays, or mail servers that will allow anyone to send e-mail through them. Using these servers, they send mass amounts of unsolicited bulk mail (SPAM). Most diligent mail admins on the Internet these days do not run open relays, however there are many out there that still do. Many viruses and trojans are beginning to appear that turn an unsuspecting cablemodem or DSL user's computer into an open relay without the user's knowledge. The most common way for spammers to find these open relays is for the virus or trojan to report it's existance directly to them, or by methodically scanning netowrks looking for them. This project hopes to make the latter method a waste of time and effort.

To accomplish our goal, we take the chaff approach. By creating as many false 'open relays' on the Internet as possible, we hope to make the detection and use of a real open relay as much of a chore as we can, as well as waste as much time and effort as we can of any spammers that find and use our spamholes as if they were real open relays. To accomplish this, we take a rather simple approach:

When an SMTP client connects to our spamhole, the spamhole will emulate an SMTP open relay, happily accepting any email messages that the client wishes to send to it, however rather than actually delivering the messages, it will silently drop them.

Mailing Lists

List Description Subscribe
spamhole Announce Low-volume list for new implementation and version announcements. spamhole-announce @ lists.sourceforge.net
spamhole Development List for developer and user discussion. spamhole-devel @ lists.sourceforge.net

Related Links

Name Description URL
BubbleGum ProxyPot Want to do the exact same thing spamhole does except for open proxy servers? Here's the tool! http://world.std.com/~pacman/proxypot.html
Friday April 19, 2024

© 1996-2024 I)ruid
All Rights Reserved
druid (at) caughq (dot) org