A long time ago I used and collaborated with the ASSP project. It is a PERL SMTP proxy with a zillion features. The most important being, blacklist, whitelists, SPF, bayesian filters, greylisting, etc...
The software had basically two problems.
- It is single threaded, with a huge loop which does a SelectIO to select the socket. This leads to a horrible performance, and it just collapses above 50k mails per day.
- It is programmed in a horrible (old perlish) style, making any change or bugfix extremely hard to do.
The software did not work when loaded... and while it worked when not loaded I realized that by having greylisting and perhaps one or two more features, I was already blocking all the SPAM without false positives. So in short I neded something with a lot less features, and a lot more robust. Specially without Bayesian Filters which are the biggest possibility of a false positives and what takes more resources.
So I ended up writting my own proxy from a scratch using PERL Threads.
- MultiThreaded The most important feature!
- Greylisting: The first delivery tries within N minutes (embargo time) are rejected temporally. After that time the email is accepted and the IP is whitelisted for D days. Typically SPAM senders do not retry the emails if they fail, while SMTP server must do it as per specs.
- SPF: Sender Policy Framework
- Tarpit: If an IP fails to deliver M emails in T time, every command it sends, gets delayed for S seconds.
- AutoBlacklist: If an IP fails to send M emails in T time (like wrong TO addresses), it gets blocked for N hours
- Traps: If certain honeypot emails receive an email from a given IP, this IP gets blocked for N hours.
- PCRE Filters: Perl Compatible Regular Expressions for Subject, Headers and Body
- Attachment filtering
- Dynamic PTR detection: To avoid receiving emails from dynamic IPs
- HELO FQDN validation
- Logs to MySQL
- SMTPAuth recognition
- Multiple Domains and IPs
- Telnet administration: OK, it is not as easy as a webpage, but I had no time to implement it as a webpage.
For sure, there are more features that I don't remember right now. I had it working for about 2 years now and I am REAAAAALY happy with it.
Some stats relative to all email attempts (for a 10 day period):
- 24.98% Blocked by SPAM Trap
- 23.62% HELO Invalid
- 15.78% Tarpit/Autoblacklist
- 15.78% Unknown User
- 5.94% Delaying/Greylisting
- 3.87% Connection aborted
- 1.09% Relay attempt
- 0.56% SPF Fail & Softfail
- 1.72% Other
- 6.66% Legitimate (Delivered)
I used to get hundreds of SPAM per day. Today I only get 1 or 2 per day.
As soon as I have some time I plan to post the software here. For enquiries, just email me from the contact page.
|< Prev||Next >|