Spey: a greylisting SMTP proxy

New! v1.0.pre2 released! Another milestone on the much-anticipated road to a real 1.0 version. A bugfix release correcting a hang on incoming TLS sockets with some versions of GNUTLS.

All users are recommended to upgrade.

What?

Spey is a smart SMTP proxy that provides an easy way to add greylisting to your mail setup. This can dramatically reduce the amount of spam you get, which is generally considered to be a Good Thing.

It's simple to set up, efficient to use, and extremely effective.

Why?

Why use Spey?

Mainly because it's really easy. Spey is simple to set up, does not require any knowledge of your mail server's usually obtuse configuration system, is small, fast and Just Works(TM).

Why use greylisting?

Because it's an ideal way of dealing with your spam. Greylisting is easy to set up, practically self-maintaining, fast and extremely effective. It requires the sender to verify that it's a real mail server in a way that is RFC-compliant and invisible to normal users, while at the same time punishing abusers of the email system. In addition, it blocks the spam before the message body is sent, preserving your bandwidth.

It works on email viruses too. Spey has reduced the author's spam intake from several hundred messages a day to about 10.

How?

It is a simple daemon that listens on the SMTP port. When a remote server connects to it, Spey connects to your real mail server and starts relaying the SMTP transaction. While it does so, it monitors the SMTP conversation. Once it has collected enough information to decide whether to greylist the message or allow it to proceed, it will either hijack the connection, rejecting the message, or allow the conversation to proceed and the message to be transferred.

Spey is written in Posix-standard C++, using the Sqlite embedded SQL library to store its address database. It should run on most systems, although it has been developed on Linux, and uses very few system resources.

Documentation is provided; currently it's a bit patchy, but reasonably complete. If you have any problems, please join the mailing list.

Why not?

Spey is beta software. It works for me; that's all I can vouch for.

The main thing you should be aware of is this: spey is designed to spot spammers because they use badly written and misconfigured mail software. Unfortunately, sometimes, very occasionally, the good guys use badly written and misconfigured mail software too, and spey will treat them just like it does the spammers and reject all their mail.

Do be aware that if you use spey, you may be preventing yourself from receiving important mail. It shouldn't ever happen. Sometimes, due to human error and computer cockups, it does.

Where?

Spey is hosted on SourceForge.

SourceForge.net Logo

You can get the most recent version of Spey from the project download page.

What's new?

Version 1.0.pre2, 2011-08-27: Fixed a bug where on some versions of GNUTLS the connection would hang immediately after handshake. Also, now if TLS is compiled in but not enabled the STARTTLS command is rejected rather than being passed to the downstream server (which doesn't work).

Version 1.0.pre1, 2011-01-25: Reengineered speyctl to be part of the spey binary to avoid the nasty mawk dependency. Fix serious bug where dropping root privileges wasn't working properly (thanks to Achim Latz for this). Corrected bugs in TLS certificate handling and compilation on 64-bit systems. Several documentation updates and improvements. Added the LSB init script and cron script.

Version 0.5.pre1, 2008-10-10: Added external auth support. Switched build system to Prime Mover because make was getting just too annoying. Fixed a few nasty race condition issues. Assorted rearrangement, tidying and bugfixing.

Version 0.4.2.1, 2007-11-06: Added a missing file to the 0.4.2 distribution that was preventing it from building.

Version 0.4.2, 2007-10-27: Finally fixed that horrible random-lockup-on-startup problem that was manifesting itself on some libc/pthread combinations. Thanks go to Wojtek Swiatek for helping test this. Domain verification now no longer happens on trusted or authenticated sessions (which means it will now accept submissions from Outlook and Outlook Express, which are buggy). SSL sessions are no longer considered automatically authenticated. A few other minor tweaks.

Version 0.4.1, 2007-04-19: Security and stability fixes. Fixed yet *another* random-crash-at-infrequent- intervals (this one related to the new TLS support). Fixed an SQL injection issue; thanks to Frederic Vander Elst for pointing this out. Fixed a number of minor documentation issues. Fixed a race condition on threadlet destruction that could have led to yet more random crashes. REUSEADDR is now used correctly, so the 'connection in use' errors when restarting spey should have gone. A few other minor tweaks.

Version 0.4.0, 2007-02-11: Lots of new features! SMTP AUTH proxying, TLS support, greet-pause support, better whitelisting, and RBL lookups. The Linux 2.4 glibc incompatibility is now gone forever after rewriting the threadlet code to use pthreads instead. Many other minor bug fixes and tweaks. Lots of documentation typo fixing.

Version 0.3.3, 2005-11-08: Fixed the untraceable scheduler bug that was causing Spey to very occasionally crash silently --- thanks to Markus Madlener for help with this one. Fixed some other embarassing security holes; thanks to Joshua Drake for pointing these out. Also added support for dropping root privileges. Fixed an issue with using qmail as the internal mail server. Documented the incompatibility with Linux 2.4 glibc.

Version 0.3.2, 2004-11-21: Tracing now works correctly on gcc 3.3 and thereabouts; Spey should now work on, hopefully, all versions of gcc that support a modern iostreams implementation. Also fixed a problem where SIGPIPE would occasionally be received, causing spey to silently shut down.

Version 0.3.1, 2004-06-30: No longer shuts down prematurely if the downstream SMTP server can't be contacted; added hardening against DoS attacks by flooding spey with incoming connections. This also has the side effect of making spey a bit more efficient in dealing with erroneous (or malicious) connections from non-SMTP devices.

Version 0.3.0, 2004-06-22: Added whitelist and blacklist support. Now compiles under gcc 3.3. Several minor bugfixes.

Version 0.2.9, 2004-05-30: Concurrent message processing support added.

Version 0.2.1, 2004-05-19: Maintenance releasing fixing a small bug in 0.2's speyctl.

Version 0.2, 2004-05-15: many bug fixes and performance enhancements. Addition of inetd mode, proper daemon support, decent relay checking, logging via syslog, rewritten speyctl in awk, general tidying.

Version 0.1, 2004-05-01: first working version.

Who?

Spey was written by David Given. The program is freely distributable under the terms of the GNU General Public License v2 .