Introducing ChatKeeper — a new tool from Martian Software that keeps your ChatGPT conversation history safe, searchable, and accessible forever. Try it for free!

TarProxy: a Statistically-Driven SMTP Tarpit

(See this article for an explanation of what I mean by a "statistically-driven SMTP tarpit")

Update 3/13/08: This project is retired.

Update 10/28/04: I'm sorry to say that TarProxy development is currently on hold. There are simply not enough hours in the day to dedicate the time required to do it it right, and as an unpaid endeavor, TarProxy lands fairly far down my list. If you would like to help move TarProxy forward, please contact me.

Update 4/18/04: It's been mighty quiet around here. My thanks to those of you who keep checking back for updates. It's time I write one.

A test version of the new rewrite is nearly complete. TarProxy uses NIO now, with all of the performance benefits of non-blocking IO. I'm quite impressed with what I've seen so far.

TarProxy's name is becoming less accurate as the project progresses. For example, it's not a proxy anymore, but a sort of hybrid proxy/relay that works as follows:

  1. Remote MTA connects to TarProxy
  2. TarProxy handles HELO/EHLO
  3. MAIL FROM and RCPT TO are proxied through a single connection to your protected mailserver (with some caching of request/response pairs).
  4. DATA is handled by TarProxy. When the message has been received in its entirety, it is processed by your spam filters and, if necessary, relayed to your protected mailserver before sending the DATA response.

The result of the new approach is that your protected mailserver isn't bothered unless absolutely necessary. With any decent amount of mail traffic this becomes important, as you otherwise start to tarpit yourself by consuming too much of your mailserver's resources.

Also diminishing the accuracy of TarProxy's name is the fact that the current version in progress, v0.40, does not in fact tarpit. Yet. With the rewrite it's important to establish a performance baseline, so the focus at the moment is on passing mail through unchanged as quickly as possible. Tarpitting will be layered on next... and it's really a minor addition at that point. This will also help with testing and debugging of the core mail handling functionality, which I expect will be much more difficult when we start breaking SMTP intentionally.

And finally, if you're wondering what's been taking so long, this is a purely spare time project. If you have the means to sponsor TarProxy's development (via donation, hiring, etc.), please [contact me](mailto:mlamb at martiansoftware dot com).

Update 1/20/04: The TarProxy presentation from the Spam Conference is now available in PDF and HTML formats.

Update 1/19/04: A webcast of the entire Spam Conference is now online. You can also go directly to the TarProxy presentation (since removed).

Update 1/14/04: This Friday at the 2004 Spam Conference I will speak about TarProxy's progress/redesign and discuss his experience using it in production. The presentation will be available for download by Monday, January 19.

License

Copyright (c) 2004, Martian Software, Inc. All rights reserved.

This license is based upon the OSI-approved BSD License.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Martian Software, Inc. footer logo