All of you must be aware of anti spam tools and know how useful they are. If you are Microsoft Office user, almost every month your spam filters get updated. So do professional services like IronPort etc. SynSpam can be used in addition to those devices!
Consider this – some part of spam never reaches your anti-spam device itself! You wont need to invest in a many devices, plus those you have, wont be loaded with much work. SynSpam can stop most of the spam mails before they get to your mail server by preventing spammers from connecting to your mail server itself! It achieves this by netfilter queues (libipq) which allows a userspace program to drop or accept connections, thereby reducing the amount of spam messages your antispam must process! Best of all this is OPEN SOURCE! It is also designed to consume as few resources as possible! Here is how it works – when a connection is initiated (SYN is received), many tests are performed on the source IP: DNSBL checks, regex applied to the reverse DNS, etc. and the connection attempt is scored. If this score is beyond a threshold value you define, the connection is dropped. You only receive one SYN and you already have blocked the spammer from using your mail server resources!
It has a realtime log analysis page and is designed to consume as few resources as possible! To install synspam you need the following perl modules :
- IPTables::IPv4::IPQueue
- NetPacket
- Sys::syslog
On amd64 architecture, you need a rebuilt version of iptables, iptables-dev and libiptables-ipv4-ipqueue-perl.
Download synspam version 0.2.0 here.
You must log in to post a comment.