Recommended settings for Tarpitting

GilbertoOchoa
GilbertoOchoa used Ask the Experts™
on
Hello,

We are using Desknow as our mail server solution for 350 users; this product has an integrated antispam module and there is a section named “Tarpitting” with the following settings:

Delay SMTP greeting:  [0] (seconds)
Delay RCPT TO response: [0] (seconds)

How many seconds do you think it's a good starting point?

Thanks,
Gilberto
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Network Operations Manager
Top Expert 2009
Commented:
I has been a while since I last had to configure this for a customer. I'm not even sure if the new versions have this setting.
As per Antispamkill: A greeting delay is a deliberate pause introduced by an SMTP server before it sends the SMTP greeting banner to the client. The client is supposed to wait until it has received this banner before it sends any data to the server. (per RFC2821 3.1). Many spam-sending applications do not wait to receive this banner, and instead start sending data once the TCP connection is complete. The server can detect this, and drop the connection.
A 5-10 second delay should be more than enough and will not hinder legitimate mail.
As per Wikipedia: Authentication procedures increase response times as users attempt invalid passwords. SMTP authentication is no exception. However, server-to-server SMTP transfers, which is where spam is injected, require no authentication. Various methods have been discussed and implemented for SMTP tarpits, systems that plug into the Mail Transfer Agent (MTA, i.e. the mail server software) or sit in front of it as a proxy.
One method increases transfer time for all mails by a few seconds by delaying the initial greeting message ("greet delay"). The idea is that it will not matter if a legitimate mail takes a little longer to deliver, but due to the high volume, it will make a difference for spammers. The downside of this is that mailing lists and other legitimate mass-mailings will have to be explicitly whitelisted or they will suffer too.
 I hope this helps...
Bits ...

Author

Commented:
Thanks for your help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial