info.mailtraq.com > Anti-Spam > Connection Management Connection ManagementSimple and effective Spam Control by exploiting spammers impatience Mailtraq already imposes a brief delay on all SMTP incoming connections before displaying its "220 banner." If the SMTP client sends data before receiving Mailtraq's banner, Mailtraq refuses the connection. This is designed to prevent pipelineing, where 'spammers' try to insert the complete client session into a queue of TCP packets without waiting for Mailtraq to respond.
I implemented this and set the wait time to 15 seconds, and am amazed at the difference. Even with SA and other defenses running, we were seeing around 400 spam emails get through every 24 hours. We're down to about 40 now, so a nice reduction indeed. Thank you very much for this. Mailtraq user |
That helps to protect Mailtraq from rogue SMTP clients which pipeline the entire protocol exchange, ie they insert the entire client session into a queue of TCP packets without waiting for any of the server responses, but it doesn't help with clients that implement pipelining after the server's banner response without negotiating it properly during EHLO. F 
Introduce a slight delay Mailtraq now (2.12.0.2332) allows mail-administrators to exploit a major difference in behavior between spammers and legitimate senders when encountering a 'slow response'. Simply imposing a slight delay in the SMTP response results in the spammer disconnecting before their message is sent - the economics of bulk-spamming mean that the spammer cannot afford to wait for the response, they must move on. Tests show that about 90% of spammers will disconnect if there is a 10-15 second delay imposed on the response - and no legitimate sender would disconnect in that time frame. How to ... To implement this control simply: Open the Mailtraq Console, , Then select Services, Select the SMTP Service, and right-click - Properties. The SMTP Service Properties dialog will open.
Set the 'Delay banner for' to say, [10] seconds for non-LAN clients
The delay will be imposed on any connection from an IP address other than the whitelist and the LAN definition. |