Navigation:  Security Menu > Security Settings > Other >

Tarpitting

Print this Topic Previous pageReturn to chapter overviewNext page

Tarpitting is located under the Security menu at: Security » Security Settings » Other » Tarpitting.

Tarpitting makes it possible for you to deliberately slow down a connection once a specified number of RCPT commands have been received from a message's sender. This is to discourage spammers from trying to use your server to send unsolicited bulk email ("spam"). You can specify the number of RCPT commands allowed before tarpitting begins and the number of seconds to delay the connection each time a subsequent command is received from that host during the connection. The assumption behind this technique is that if takes spammers an inordinately long period of time to send each message then that will discourage them from trying to use your server to do so again in the future.

Activate tarpitting

Click this check box to activate MDaemon's tarpitting features.

SMTP EHLO/HELO delay (in seconds)

Use this option to delay the server response to EHLO/HELO SMTP commands. Delaying the responses by even as little as ten seconds can potentially save a significant amount of processing time by reducing the amount of spam received. Frequently spammers depend on rapid delivery of their messages and therefore do not wait long for a response to EHLO/HELO commands. With even a small delay, spam tools will sometimes give up and move on rather than wait for a response. Connections on the MSA port (designated on the Ports screen under Default Domain & Servers) are always exempt from this delay. The default setting for this option is "0", meaning EHLO/HELO will not be delayed.

Authenticated IPs experience a single EHLO/HELO delay per day

Click this check box if you wish to limit the EHLO/HELO delay to once per day for authenticated connections from a given IP address. The first message from that IP address will be delayed, but any subsequent messages sent from the same IP address will not.

SMTP RCPT tarpit threshold

Specify the number of SMTP RCPT commands that you wish to allow for a given host during a mail session before MDaemon will begin tarpitting that host. For example, if this number was set to 10 and a sending host attempted to send a message to 20 addresses (i.e. 20 RCPT commands), then MDaemon would allow the first 10 normally and then pause after each subsequent command for the number of seconds specified in the SMTP RCPT tarpit delay control below.

SMTP RCPT tarpit delay (in seconds)

Once the SMTP RCPT tarpit threshold is reached for a host, this is the number of seconds that MDaemon will pause after each subsequent RCPT command is received from that host during the mail session.

Scaling factor

This value is a multiplier by which the base tarpit delay will be increased over time. When the tarpit threshold is reached and the tarpit delay is applied to a session, each delay will be multiplied by this value to determine to length of the next delay in the session. For example, if the tarpit delay is set to 10 and the scaling factor is set to 1.5 then the first delay will be 10 seconds, the second will be 15 seconds, the third 22.5, then 33.75, and so on (i.e. 10 x 1.5 = 15, 15 x 1.5 = 22.5, etc.). The default Scaling factor is 1, meaning that the delay will not be increased.

Authenticated sessions are exempt from tarpitting

Click this checkbox if you want senders who authenticate their mail session to be exempt from Tarpitting.

White list

Click this button to open the Tarpitting white list. On it you can designate IP addresses that you wish to be exempt from tarpitting.