I've just considered the cases we have to handle:
ASSP needs a traffic shaper (is this possible in Perl without causing high
load? Otherwise we have to implement a interface to a system included one).
For recognition of spammers we should implement two mechanisms:
1.) Check if a remote-SMTP tries to contact a lot adresses which do not exist
2.) setting up random addresses with common usernames for the domains. That
way we get honeypots to analyze spam mails. From that we can create md5sums
for Razor and Vipul, which we can use to filter mails from trusted
remote-SMTPs (e.g. big providers).
1.) Trusted hosts - which means white-listed ones or hosts providing fixed IP,
SPF (and in future DNSsec) should not have any restrictions.
2.) Unknown hosts and hosts from 1.) which deliver more than 25% spam mail
should be throttled to a speed which is still usable for Email but slows down
3.) Verified Spammers (RBL, honeypots, ...) should be throttled to 500
Bytes/sec and tar-pitted for 72 hours (by tuning SMTP-headers).
The Honeypot client should run on workstations as a daemon and emulate a open
SMTP-relay. As workstations usually have dynamic IPs, the spammers cannot
blacklist them ;-) Hahaha! So they strike themself (If you fight an enemy,
never waste your own resources but use his!).
It should throttle any incoming connection on port 25 to 500 Bytes/second and
tar-pit it like described for ASSP. But as spammers test the open relays, the
single mails - lets say 20 per 180 seconds from a remote host, should not be
restricted but sent and hashed with md5sum for Vipul and Razor.
And when the big spamming starts from a remote SMTP-host, it get's tar-pitted
for 72 hours! :-)
Additionally there could be an option to pre-warn an ASSP-host when a
spam-attack is starting.
The client should be in Java to run it on every machine. This also allows the
users to inspect the source code and proof we do not distribute trojan horses
Ok, and now the golden question:
Who volunteers - except Chris - to work on the ASSP-features (maybe some
code-knowing ASSP freak out there ;-) ) and who volunteers to work on the
Honeypot-client in Java?