Hiding the true identity of spamd
This is a discussion on Hiding the true identity of spamd within the mailing.openbsd.tech forums, part of the OpenBSD category; --> Hi! The current version of spamd is rather easy to identify by a spammer. To begin with, spamd identifies ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:00 AM
| ||||
| ||||
 Hiding the true identity of spamd Hi! The current version of spamd is rather easy to identify by a spammer. To begin with, spamd identifies itself as "spamd IP-based SPAM blocker". Even if you change the version banner (using the -n option), it is easy to recognize the daemon by looking at the responses it spits out. The identification is especially easy to do when greylisting is used, and the remote host is not listed on any blacklist: as spamd does not stutter graylisted hosts, a greylisted spammer can easily determine (at the first delivery attempt) that he is talking with spamd. This again makes it easy for the spammer to retry the delivery, causing his IP to be added to the whitelist. To make spammer's lives a bit darker, I made some changes to the spamd daemon (version 1.75), making it mimic qmail. I'll attach a diff of the changes I made to this message. Please note that I am *not* a skilled programmer, so I may have done some stupidities. Anyway, the modified version has been working fine, at least for me. Please note, that the changes on line 591 make the "-n" option obsolete. A further enhancement would be adding some randomness to the stutter delay. A spammer could be able to identify spamd knowing that the delay is always exactly the same. My programming skills are really limited, so I don't think I can implement this feature myself. Anyone interested? Also, it would probably be good to make spamd give (seemingly) reasonable answers to common SMTP commands, so that a spammer could not identify spamd by sending it a command it does not recognize. This is something I believe I can do myself. If I get anything done, I'll post the diff here. Cheers! - Jyri ################################################## ###################### --- libexec/spamd/spamd.c Mon Aug 22 19:25:54 2005 +++ libexec/spamd/spamd.c Mon Aug 22 19:27:30 2005 @@ -507,7 +507,7 @@ nomatch: nreply, cp->addr, nreply, nreply); else asprintf(&cp->obuf, - "451 Temporary failure, please try again later.\r\n"); + "451 qq temporary problem (#4.3.0)\r\n"); if (cp->obuf != NULL) cp->osize = strlen(cp->obuf) + 1; else @@ -588,8 +588,8 @@ initcon(struct con *cp, int fd, struct s err(1, "malloc"); tmp[strlen(tmp) - 1] = '\0'; /* nuke newline */ snprintf(cp->obuf, cp->osize, - "220 %s ESMTP %s; %s\r\n", - hostname, spamd, tmp); + "220 %s ESMTP\r\n", + hostname); free(tmp); cp->op = cp->obuf; cp->ol = strlen(cp->op); @@ -651,7 +651,7 @@ void nextstate(struct con *cp) { if (match(cp->ibuf, "QUIT") && cp->state < 99) { - snprintf(cp->obuf, cp->osize, "221 %s\r\n", hostname); + snprintf(cp->obuf, cp->osize, ""); cp->op = cp->obuf; cp->ol = strlen(cp->op); cp->w = t + cp->stutter; @@ -662,7 +662,7 @@ nextstate(struct con *cp) if (match(cp->ibuf, "RSET") && cp->state > 2 && cp->state < 50) { snprintf(cp->obuf, cp->osize, - "250 Ok to start over.\r\n"); + "250 flushed\r\n"); cp->op = cp->obuf; cp->ol = strlen(cp->op); cp->w = t + cp->stutter; @@ -684,8 +684,7 @@ nextstate(struct con *cp) if (match(cp->ibuf, "HELO") || match(cp->ibuf, "EHLO")) { snprintf(cp->obuf, cp->osize, - "250 Hello, spam sender. " - "Pleased to be wasting your time.\r\n"); + "250 %s\r\n", hostname); cp->op = cp->obuf; cp->ol = strlen(cp->op); cp->laststate = cp->state; @@ -707,8 +706,7 @@ nextstate(struct con *cp) if (match(cp->ibuf, "MAIL")) { setlog(cp->mail, sizeof cp->mail, cp->ibuf); snprintf(cp->obuf, cp->osize, - "250 You are about to try to deliver spam. " - "Your time will be spent, for nothing.\r\n"); + "250 ok\r\n"); cp->op = cp->obuf; cp->ol = strlen(cp->op); cp->laststate = cp->state; @@ -730,8 +728,7 @@ nextstate(struct con *cp) if (match(cp->ibuf, "RCPT")) { setlog(cp->rcpt, sizeof(cp->rcpt), cp->ibuf); snprintf(cp->obuf, cp->osize, - "250 This is hurting you more than it is " - "hurting me.\r\n"); + "250 ok\r\n"); cp->op = cp->obuf; cp->ol = strlen(cp->op); cp->laststate = cp->state; @@ -774,8 +771,7 @@ nextstate(struct con *cp) case 50: if (match(cp->ibuf, "DATA")) { snprintf(cp->obuf, cp->osize, - "354 Enter spam, end with \".\" on a line by " - "itself\r\n"); + "354 go ahead\r\n"); cp->state = 60; if (window && setsockopt(cp->fd, SOL_SOCKET, SO_RCVBUF, &window, sizeof(window)) == -1) { @@ -784,7 +780,7 @@ nextstate(struct con *cp) } } else { snprintf(cp->obuf, cp->osize, - "500 5.5.1 Command unrecognized\r\n"); + "502 unimplemented (#5.5.1)\r\n"); cp->state = cp->laststate; } cp->ip = cp->ibuf; ################################################## ###################### ################################################## ### This message has been checked for viruses and spam. www.turvamies.fi info@turvamies.fi ################################################## ###      |
Linear Mode
