Spam Blocking in BSD: Part Five (Trap Lists)

trap listIn the previous articles in this series, I discussed spam blocking in BSD, how to configure the spamd daemon, greylisting, and how to use spamlogd and spamdb. In the final article of this series, I will cover some additional details involved in setting up a trap list.

Configuring Trap Lists

The purpose of the trap list is to provide a list of e-mail addresses in domains your servers handle e-mail for but will never receive any legitimate e-mails. There is no upper limit on the number of e-mail addresses on the trap list, but you need to have at least one. When spamd is run in greylisting mode, if a client tries to send an e-mail to an address on your traplist, the client will simply greylist the client, just like any other client we have not exchanged e-mail with before.

If the same machine tries again later, either trying to deliver to the same bogus address or to a different bogus address on your trap list, the greytrap is triggered. The offender is then put into a temporary blacklist, and for the next 24 hours, any SMTP traffic from the greytrapped host will be stuttered at with one-byte replies. Generally, clients that continue spamming after 24 hours will spam again, and return to the tarpit.

To implement greytrapping, you need a trap list, and one example is Bob Beck’s ghosts of usenet postings past trap list, which rarely contains less than 20,000 addresses. His trap list can be downloaded here. Peter Hansteen also posted his own trap list at

To set up a trap list, use spamdb. The following command adds an entry:

sudo spamdb -T -a <e-mail-address>

For example, to add to the list, we would type:

sudo spamdb -T -a

Per the spamdb man page, -T specifies that the action being undertaken involves the trap list, and -a adds or updates the entry for

Additional Trap List Options

There are a few more noteworthy spamdb options. The -T option combined with -d lets you delete trap list entries, while the -t (lowercase) option combined with -a or -d lets you add or delete trapped IP address entries from the database.

Starting with OpenBSD 4.1, spamd can keep the greylisting databases in sync across any number of cooperating greylisting gateways. It is implemented via a set of spamd command-line options. The -Y option specifies a sync target that is the IP address(es) or other spamd-running gateways you want to inform of updates to your greylisting information. On the receiving end, the y-option specifies a sync listener, which is the address or interface where the spamd instance is prepared to receive greylisting updates from other hosts.

Thus the spamd options will have to be modified as follows:

-Y -y <sync-target> <sync-listener>

spamd also supports shared-secret authentication between the synchronization partners. If you create the file /etc/mail/spamd.key and distribute copies of that file to all synchronization partners, the contents of that file will be used to calculate the necessary checksums for authentication. The file itself can be any kind of data, such as random data harvested from /dev/arandom.

Another feature introduced with OpenBSD 4.1 was spamd’s ability to detect out-of-order MX use. Contacting a secondary e-mail exchanger first instead of trying the main one is a common tactic of spammers and it is a practice that runs contrary to the behavior we expect from ordinary e-mail clients. If someone tries the e-mail exchangers in the wrong order, we can be pretty sure that they are trying to deliver spam. For example, if our main mail server has the IP address and the backup has the address, adding -M to spamd’s startup options would mean that any host that tries to contact before contacting the main mail server at would be added to the local spamd-greytrap list for the next 24 hours.

External Links:

spamdb man page at


Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy