OpenBSD Journal

bsdtalk068: Interview with OpenBSD developer Bob Beck

Contributed by sean on from the sometimes you just need to <b>hear</b> about it dept.

Bob Beck talks about spamd and his history with OpenBSD and UNIX on Will Backman's bsdtalk. Bob gives us a look into his work on OpenBSD and gives us amusing stories of how spamd works and how it actually fares in 'the wild.' The podcast lasts a whole 25 minutes, 59 seconds so it's long enough to occupy a meal or a small commute.

http://bsdtalk.blogspot.com/2006/09/bsdtalk068-interview-with-openbsd.html

(Comments are closed)

Comments

  1. By Anonymous Coward (75.132.114.37) on

    First thing I do is make spamd look like an Exchange 2003 server. If I knew what I was doing, I'd add fortune(1)-style randomization so it could mimic different SMTP servers, though I have no objective evidence it would actually help matters.....

    /usr/src/libexec/spamd/spamd.c (3.9)

    - snprintf(cp->obuf, cp->osize, "220 %s ESMTP %s; %s\r\n",
    - hostname, spamd, tmp);
    + snprintf(cp->obuf, cp->osize, "220 %s Microsoft ESMTP Mail Service, Version: 6.0.3790.1830 ready at %s\r\n",
    + hostname, tmp);
    - snprintf(cp->obuf, cp->osize, "221 %s\r\n", hostname);
    + snprintf(cp->obuf, cp->osize, "221 2.0.0 %s Service closing transmission channel\r\n", hostname);
    - "250 Ok to start over.\r\n");
    + "250 2.0.0 Resetting\r\n");
    - "250 Hello, spam sender. "
    - "Pleased to be wasting your time.\r\n");
    + "250 %s Hello [%s]\r\n", hostname, cp->addr);
    - "250 You are about to try to deliver spam. "
    - "Your time will be spent, for nothing.\r\n");
    + "250 2.1.0 Sender OK\r\n");
    - "250 This is hurting you more than it is "
    - "hurting me.\r\n");
    + "250 2.1.5 Recipient OK\r\n");
    - "354 Enter spam, end with \".\" on a line by "
    - "itself\r\n");
    + "354 Start mail input; end with <CRLF>.<CRLF>\r\n");

    Comments

    1. By Sean (65.174.122.201) on

      > First thing I do is make spamd look like an Exchange 2003 server.
      Why?

      Comments

      1. By Anonymous Coward (75.132.114.37) on

        >>First thing I do is make spamd look like an Exchange 2003 server.

        >Why?

        Why not? Confound the enemy. I don't use the greylisting at all; I use spamd to tie up connections as long as possible (published as lowest priority MX's). As I said, I have no objective evidence that it helps anything at all, but I would be incredibly curious to see if there would be any change in traffic patterns based on who the server is pretending to be.

        Just found:
        beck@: http://www.openbsd.org/papers/bsdcan05-spamd/mgp00023.html

        Comments

        1. By Anonymous Coward (82.195.149.9) on

          > >>First thing I do is make spamd look like an Exchange 2003 server.
          > >Why?
          >
          > Why not? Confound the enemy. I don't use the greylisting at all; I use spamd to tie up connections as long as possible (published as lowest priority MX's). As I said, I have no objective evidence that it helps anything at all, but I would be incredibly curious to see if there would be any change in traffic patterns based on who the server is pretending to be.
          >
          > Just found:
          > beck@: http://www.openbsd.org/papers/bsdcan05-spamd/mgp00023.html
          >
          >

          Some spammers disconnect when they see the headers, some disconnect when they realise they are being stuttered. Either way, leaving it as is will provide the best anti-spam results.

    2. By djm@ (206.59.235.113) on

      > First thing I do is make spamd look like an Exchange 2003 server.
      > If I knew what I was doing, I'd add fortune(1)-style randomization
      > so it could mimic different SMTP servers, though I have no objective
      > evidence it would actually help matters.....

      A little while ago I hacked mine to return random strings from theo.c instead of its standard responses to see if spammers cared about the difference. IIRC they didn't (based on a very unscientific visual review of a gnuplot of disconnect times).

      Comments

      1. By Bob Beck (129.128.11.43) beck@openbsd.org on

        > > First thing I do is make spamd look like an Exchange 2003 server.
        > > If I knew what I was doing, I'd add fortune(1)-style randomization
        > > so it could mimic different SMTP servers, though I have no objective
        > > evidence it would actually help matters.....
        >
        > A little while ago I hacked mine to return random strings from theo.c instead of its standard responses to see if spammers cared about the difference. IIRC they didn't (based on a very unscientific visual review of a gnuplot of disconnect times).

        The only thing I've noticed matters is occasionally the header, but
        more often the fact that you stutter at them. They definately notice
        the stuttering.

        -Bob

  2. By Matthias Kilian (84.134.30.21) on

    I like this one: "Porn is the power of greytrapping."

    BTW: the interview Bob mentioned is probably this one:
    http://www.onlamp.com/pub/a/bsd/2005/05/19/openbsd_3_7.html

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]