Spamd Statistics Script (annoying spammers)

Home

OpenBSD's spamd daemon is a great way to annoy spammers. The idea is a spammer will connect to the spamd daemon and believe it is a sendmail style mail server. They are slowed to a crawl trying to deliver their mail thus reducing the amount of servers they can connect to per hour. By slowing down the rate at which a spammer can deliver their products we can reduce the amount of money they can receive because a spammer gets paid by volume of mail delivered. In this way we can reduce the spammers profit margin.

Getting Started

This script will run though /var/log/daemon and count up all of the spammers' ips' and how much time they have been connected for. I have also added a counter for the bandwidth your connection has used annoying them and a few other statistics. You can find a copy of the output at the bottom of this page.

You can download the calomel_spamd_stats.pl Perl script here by doing a "save as" or just clicking on the link and choosing download. Before running the script verify the variables at the top of the script. calomel_spamd_stats.pl

You can run the calomel_spamd_stats.pl script manually or you can setup a cgi web page to update the spamd stats. The easiest way to update your spamd statistics page is to run the script in a cron job. Even on really large log files the script finishes quickly. This is an example of a cron job set to run calomel_spamd_stats.pl once an hour on the 30th minute.

#minute (0-59)
#|   hour (0-23)
#|   |    day of the month (1-31)
#|   |    |   month of the year (1-12 or Jan-Dec)
#|   |    |   |   day of the week (0-6 with 0=Sun or Sun-Sat)
#|   |    |   |   |   commands
#|   |    |   |   |   |
#### Calomel.org Spamd Stats
30   *    *   *   *   /tools/calomel_spamd_stats.pl

HELPFUL HINT: For an added layer of protection again spam you can use a bayesian spam filter. Check out our Bogofilter "how to" Anti-Spam Guide. With a little time and understanding you could easily filter up to 99% of any remaining spam.

An example of the results

This is an example of the output of the calomel_spamd_stats.pl script. The script will make a HTML page you can put in your web tree or in any directory if you just want to read it with a local browser. The "tarpits" value is how many times we have seen the same ip address and the next column shows the offender's ip. The following columns are the total "time" they have been connected, the average seconds per tarpit, the percent of tarpits we have seen from this ip compared against the total and finally this ips percentage of time connected compared to total time of all spammers.

Calomel.org Spamd Stats

Calomel.org Spamd Stats on calomel
Script run on: Mon Jan 10 2010 at 10:00 in 0 second(s)
Data Range: Jan 1 08:00:00 to Jan 10 10:00:00

Time spammers wasted: 8.07 hours
Total bandwidth used: 0.74 megabytes
Average time per tarpit: 8.65 minutes
Unique ip addresses tarpitted: 19
Total connections made: 56

Tarpits	Source IP	Time (s)	Ave Sec/Tarpit	% of Tarpits	% of Time
9	212.100.250.214	9970	1108	16	34
8	88.248.15.95	24	3	14	0
8	24.136.136.120	24	3	14	0
6	125.5.40.3	6644	1107	11	23
5	125.5.40.4	5540	1108	9	19
5	85.207.189.26	15	3	9	0
2	125.225.15.180	15	8	3	0
2	83.27.166.27	6	3	3	0

Questions, comments, or suggestions? Contact Calomel.org