A teergrube appears to be an SMTP server which runs very slowly. The idea is to direct spammers to this server, and let them waste their time talking to it. There are variations on this tactic, and I'm going to talk about them, but the real purpose of this article is to solicit information.
My goals are (1) to lose no email, and (2) to slow connections from suspected spam sources without stopping them. Apparently, my goals are rare since I'm having trouble finding software which meets them.
The FAQ linked previously links to a program which will listen on a port and slow down connections from specified IP addresses (while not slowing others). When the conversation is over, it delivers the mail normally. It uses an obscure feature of the SMTP protocol to cause the delay.
When using that program, the problem I encountered was that some clients thought they'd failed. I'd get two or three copies of one email because (and I'm guessing a little here) the sender couldn't understand the oddities of this program's protocol usage, thought delivery had failed, and tried again.
OpenBSD has spamd, which will tar pit the spammer, but it always fails the delivery. You can choose temporary or permanent failure codes depending on whether you want the spammer to come back for more. Since spamd listens on a port and always rejects mail, you're supposed to direct clients to it with firewall rules.
I have it in my head that a RBL full of IPs is bad, that I can't just reject all that mail. I want to let it through, but with a delay. I don't want to lose a legitimate mail, but I don't mind holding it up a few hours.
BTW, I gather that spamd works well with relaydb, which you train to recognize IPs as spam sources or not. There's a nice description of how to use them together that I haven't fully read. I'm using home brew scripts to gather IPs from my suspicious emails.
There was a project called LaBrea which might have suited my needs, but its page has been taken down because it's illegal under Illinois law. It makes me wonder if any spam filtering is considered illegal under the same law, but that's beside the point.
There's a current project called TarProxy, but it's written in Java. I might go to this as a last resort if I find I have a lot of time to fight with it. Otherwise, I still have burns from other projects that use Java, and I don't want to cause myself more headaches than the spammers I'm trying to antagonize.
There's a Linux kernel patch which adds a TARPIT target, but it halts a connection rather than slowing it down. I seem to remember some kind of rate limiting features in the Linux firewalling code, but I remember it being more for limiting the logs it produces than the packets.
There are all kinds of things that'll listen on port 25 and disallow mail from given IPs. It would be easy to simply reject those connections with a firewall rule also.
I've thought about somehow using trickle on a real Postfix process, but I'd have to worry about having too many of them going at a time. Postfix has some features for slowing down bad clients, but they appear to be aimed at clients that cause errors. If an open relay is otherwise well-behaved, they'll never hit a snag.
To summarize a little, these are the options I've thought of but haven't explored:
So, does anyone know of software that meets the goals I'm aiming for? Remember, those goals are (1) to lose no email, and (2) to slow connections from suspected spam sources without stopping them.
Thanks in advance for any answers.
Votes: 1