Spamd Statistics Script (annoying spammers)


OpenBSD's spamd daemon is a great way to annoy spammers. The idea is a spammer will connect to the spamd daemon and believe it is a sendmail style mail server. They are slowed to a crawl trying to deliver their mail thus reducing the amount of servers they can connect to per hour. By slowing down the rate at which a spammer can deliver their products we can reduce the amount of money they can receive because a spammer gets paid by volume of mail delivered. In this way we can reduce the spammers profit margin.

Getting Started

This script will run though /var/log/daemon and count up all of the spammers' ips' and how much time they have been connected for. I have also added a counter for the bandwidth your connection has used annoying them and a few other statistics. You can find a copy of the output at the bottom of this page.

You can download the Perl script here by doing a "save as" or just clicking on the link and choosing download. Before running the script verify the variables at the top of the script.

You can run the script manually or you can setup a cgi web page to update the spamd stats. The easiest way to update your spamd statistics page is to run the script in a cron job. Even on really large log files the script finishes quickly. This is an example of a cron job set to run once an hour on the 30th minute.

#minute (0-59)
#|   hour (0-23)
#|   |    day of the month (1-31)
#|   |    |   month of the year (1-12 or Jan-Dec)
#|   |    |   |   day of the week (0-6 with 0=Sun or Sun-Sat)
#|   |    |   |   |   commands
#|   |    |   |   |   |
#### Spamd Stats
30   *    *   *   *   /tools/

HELPFUL HINT: For an added layer of protection again spam you can use a bayesian spam filter. Check out our Bogofilter "how to" Anti-Spam Guide. With a little time and understanding you could easily filter up to 99% of any remaining spam.

An example of the results

This is an example of the output of the script. The script will make a HTML page you can put in your web tree or in any directory if you just want to read it with a local browser. The "tarpits" value is how many times we have seen the same ip address and the next column shows the offender's ip. The following columns are the total "time" they have been connected, the average seconds per tarpit, the percent of tarpits we have seen from this ip compared against the total and finally this ips percentage of time connected compared to total time of all spammers. Spamd Stats Spamd Stats on calomel
Script run on: Mon Jan 10 2010 at 10:00 in 0 second(s)
Data Range: Jan 1 08:00:00 to Jan 10 10:00:00

Time spammers wasted: 8.07 hours
Total bandwidth used: 0.74 megabytes
Average time per tarpit: 8.65 minutes
Unique ip addresses tarpitted: 19
Total connections made: 56

Tarpits Source IPTime (s)Ave Sec/Tarpit% of Tarpits% of Time

Questions, comments, or suggestions? Contact