Penguin
Note: You are viewing an old revision of this page. View the current version.

TeerGrube1? is the name of an anti-Spam measure for which the MTA deliberately holds up all SMTP transactions by replying to client commands with SMTP status replies that make the client wait for more data from the server. To make this more effective, the server can send the replies with long delays, but not enough so that the client would time the connection out.

The idea is that by making mail delivery in itself more expensive, you'll make those who send the most mail suffer the most. The basic assumption is that normal traffic won't be hurt much if a single mail takes 20 rather than 0.2 seconds to deliver. However, spammers that try to deliver hundreds or even tens of thousands of mails to the same MailServer will run into serious trouble offloading their trash if it suddenly takes 100 times longer. Thus, it is usually desirable to apply this measure to all connecting hosts indiscriminately.

In addition to the delay, a TeerGrube might cause even more trouble for spammers because they usually deliver to many hosts at once. By avoiding to let the connection time out, MTAs force spamming clients to keep a very large amount of TCP/IP connections open simultaneously, which is prohibitive in terms of resources. (One hard limit is that TCP does not provide for more than 65535 (2^16) open Ports at a time, per remote IP.)

Of course, there are many ways to refine the concept. You could punish a client with progressively longer delays the more mails it tries to deliver (but make sure you consider the possibility of a spammer reconnecting for every mail as a countermeasure). You could also exempt certain hosts with bulk traffic from the delays, so trusted mailhubs don't grind to a halt.

mtaproxy.py is a Free teergrubing wrapper for any MTA.

1? A German word that roughly translates as "tar pit".