Spamd is a small, non-forking minimal smtp implementation used for spam
deferral. It can be used both to blacklist connections to a tarpit for
known spam sources, or greylist smtp connections from previously seen MTA's.
Like many common greylisting implementations, spamd will greylist
based the incoming tuple of connecting IP address, envelope-from, and
envelope-to addresses. Unlike many other greylisting implementations,
spamd uses the packet filtering mechansims in pf to control the
greylisting of mail connections, and whitelists known MTA's, once seen.
Best of all it's MTA independant, so you don't need to either run
it on your MTA, or take a load for doing greylisting on your MTA box.
All you need do is put it on a firewall in front of it. As such in
typical setups we have found it will reduce the amount of mail that
will need to be recieved by a mailserver by 60% or more in practice,
with practically no collateral damage.
This paper will cover the concepts of greylisting and blacklisting,
compare spamd to other implementations, and cover current and future
feature sets. It will also discuss the setup of a large mail cluster
using spamd and pf, as well as various statistics seen for various
spam blocking tactics in the wild (including Caller-ID/SPF), particularly
to address why spamd does and does not implement certain tactics for
speaker: Bob Beck
location: SITE G0103