Gradual Epiphany

Botnet Annoyances

The past few weeks, the Xen VM that stpeter and I share has been inundated with spam from a botnet. A few times it’s taken postfix out, or caused other services to die via second-order effects. When the botnet is active, we’ll see 5-10 spam (or rather, attempted spam) a second. Of course, with spam originating from all over the ‘Net, there is no way to simply IP block the source.

It’s a troubling trend, as noted here. One possibility to deal with this problem (specifically bot-spam), is to use a “tar pit” and slow down the SMTP processing drastically. The theory is that by doing this, most bot-spammers will not bother to keep spamming your domain, as the opportunity cost increases drastically; i.e. if they are getting paid by the number of spam sent, slowing down transmit time will cause them to make less money. A good writeup of this approach can be found here.