However, we have another site that my wife’s internet services company hosts that needed to be optimized for Digg/Slashdot-style surges, and it does use TimThumb – extensively in fact.

The Problem

TimThumb does have a caching engine built in which will, if your permissions are set up correctly, prevent the thumbnail from having to be re-generated each request. However, it does require the PHP script to run each time to return the cached file (in fact, the PHP script simply takes all the arguments, concatenates them together, generates an MD5 hash, then looks for that file).

If you’re using mod_php, this probably isn’t a huge deal… it’s not going to be the bottleneck for surges of traffic – mod_php and your heavy-weight Apache processes will be. If you’re using php-cgi or php-fcgi, however, having quite a few thumbnails on the page (such as themes like Arthemia) is going to cause you quite a headache. You could have at least 10 or 15 extra php processes per page load… even required to just answer an If-Modified-Since request!

Proposed Solution: Hack TimThumb

I don’t know if this is the greatest idea, but it seems to work. Our idea was simply to make TimThumb cache files in the same manner that Donncha’s WP-Super-Cache plugin does, and then the web server can simply fling out pre-thumbnailed images all day long without invoking php at all.

The first thing we had to do was modify TimThumb to save cached thumbnails in this manner, for which you can find a rough patch here:

• Patch for TimThumb to enable path-based caching

It’s not perfect, because it requires you to edit the script and point it at your thumbnails directory. We made ours /thumbs in the website’s root directory, and you have to point it at the operating system’s fully-qualified path to that directory. We then saved the modified version of the script into our /thumbs/ directory so we could access it easily.

The format is then /thumbs/<width>/<height>/<path/to/image>. A quick check of the file system shows it’s caching the files properly and finding the cached versions okay. Now to remove PHP from the equation.

Rewrite Rules

%cat .htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([0-9]+)/([0-9]+)/(.+)$ /thumbs/timthumb.php?src=$3&w=$1&h=$2&zc=1&q=100 [L]

I stole this rewrite rule from WP-Super-Cache, basically it just checks if the file isn’t a file, and it isn’t a directory, and then passes it in an argument to TimThumb. You can edit the zoom/crop and quality settings globally here – if you want them adjustable on a per-image basis you’ll need to hack the script to include those in the cache path instead.

If the file exists (which it will, if it’s been cached) Apache can simply pass that file out as a static file, PHP is never invoked for that image. When combined with nginx as a reverse proxy, we’ve found this resulted in a dramatic increase in performance for just one page-view alone. Because of our WP-Super-Cache rules for nginx will also work for these cached images, nginx can hand out upwards of around 7,000 thumbnails a second – more than enough to saturate a gigabit pipe on reasonable hardware.

Editing the Theme

Next up is editing the theme to call our new thumbnail URL – unfortunately, there’s no way around this process… it’s tedious. Replace:

<p><img src="<?php echo bloginfo('template_url'); ?>/scripts/timthumb.php?src=<?php echo get_option('home'); ?>/<?php
$values = get_post_custom_values("Image"); echo $values[0]; ?>&amp;w=<?php echo $width; ?>&amp;h=<?php echo $height; ?>&amp;zc=1&amp;q=100"
alt="<?php the_title(); ?>" width="<?php echo $width; ?>px" height="<?php echo $height; ?>px"  /></p>

with:

<p><img src="/thumbs/<?php echo $width; ?>/<?php echo $height; ?>/<?php
$values = get_post_custom_values("Image"); echo $values[0]; ?>"
alt="<?php the_title(); ?>" width="<?php echo $width; ?>px" height="<?php echo $height; ?>px"  /></p>

Caveats

There are a couple of downsides to this… first of all, there’s no automatic garbage collection. I don’t suppose it’s that big of a deal, because realistically you’re probably going to want to keep the thumbnailed images around anyway.

As mentioned above, unless you want to hack your URL scheme to include those arguments – you lose the ability to control the quality and the zoom/crop arguments on a per-image basis.

Related Links

• Patch for TimThumb to enable path-based caching

You will need:

• Visual Basic 6 (there’s probably better ways to do this in newer versions)
• Microsoft XML (I used v6, who knows what they’re up to now)
• Microsoft Internet Transport Control
• Google’s Cooperation

First thing you need to do is dig up some data you want to use. Google provides XML access to it’s weather data which you can select by passing it a zip code, for example the weather for Sacramento, CA is available from http://www.google.com/ig/api?weather=95820.

Now start a VB6 project. In the Project menu, select “References” and select the newest Microsoft XML library you can find. Right click on the controls toolbox and pick components, and add the Microsoft Internet Transport Control. Drag one onto your project, I named mine inet.

Create a new textbox, I named mine debugXML, and made it multiline and stretched it out a bit so I could see the data. You’ll need to declare the following:

Dim xml_document As New DOMDocument
Dim xml_node As IXMLDOMNode

You can name them something a little more appropriate to your project, I just picked names out of the sky. xml_document holds the entire XML document, parsed and unparsed. xml_node is used for picking out nodes by their path (more on that later).

Now, in a timer or whatever you think is best, put the following:

' download xml from server
debugXML.Text = inet.OpenURL("http://www.google.com/ig/api?weather=95820", icString)
' parse as xml
xml_document.loadXML debugXML.Text

We should now be able to download and parse the XML that Google spits out. You can check xml_document.parseError to see if it’s valid XML, I didn’t bother for the purposes of my playing. If parseError is non-zero and you try to use any of the XML functions VB will throw an exception.

Next up, let’s show the user where we’re looking at the weather. We use the XML path to dig up the city tag. If you cut out all the irrelevant crap, you’ll see the structure is something like:

<xml_api_reply><weather><forecast_information><city data="Sacramento, CA" />

So we can use selectSingleNode() method, passing it an XML path which will give us a node. We then drag the text property of the attribute “data” and stuff it in the form’s caption:

Set xml_node = xml_document.documentElement.selectSingleNode("//xml_api_reply/weather/forecast_information/city")
Form1.Caption = "Weather Report: " + xml_node.Attributes.getNamedItem("data").Text

The same exact method can be used to extract the current conditions temperature:

Set xml_node = xml_document.documentElement.selectSingleNode("//xml_api_reply/weather/current_conditions/temp_f")
txtTemp.Caption = xml_node.Attributes.getNamedItem("data").Text

Going through the forecast days is a little tougher, because as far as I know XML paths won’t allow you to distinguish between multiple elements who are siblings and have the same names. You’ll probably have to walk through the nodes using nextNode and keep looking for the data you want. For this reason, and my own laziness, it’s left as an exercise for the reader.

This HOWTO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ©2008 Strykar

The lowdown

I hate spammers; I mean I really hate their kind. It stems from a crevasse deep inside me since Sabir Bhatia sold Hotmail.

There are plenty of excellent methods for spam-control, none of them fool-proof, and almost all the good ones need you to ‘train’ the filters to differentiate between what’s spam and what’s not.

I am not going to delve into this here, suffice to say, that I use the same RBLs that sendmail.org does and some selective country/host based filtering keeps out most of the spam from my mail-servers. If you use Windows, try this: www.cloudmark.com/desktop – it’s by the author of Vipul’s Razor.

The subject of today’s rant is the burning desire we all have to smack a spammer, or bludgeon his gonads with a 9 Iron. We all wanna get back at spammers, and let’s face it, there’s very little chance that we actually will.

Here’s why YOU and I won’t:

• They hijack misconfigured mail-servers shifting identity and location.
• Tracking them takes time and effort and isn’t trivial, ask Spamhaus.
• It gets boring unlike watching Mplayer compile in Linux.
• The enemy only knows the system because Bruce Schneier wants him to know the system.

We typically secure our mail servers to relay using AUTH or whatever else takes your fancy. They still bombard us nagging your MTA to send email, VRFY email addresses and bloat our logs with useless details.

That’s in the past – It’s payback time.

Well, a start at least, remember that the concept of RBLs started with a bunch of SF email administrators sharing spammer host IP lists. I have no illusions that this will kick off like that, but take a gander, if it brings you the same joy it has brought me; follow the simple instructions to set it up yourself. At the end of the article, take a minute and imagine a 100’000 people running spamd and slowing spammers. Who would mind getting back at spammers?

This will only work on *BSD, the few Linux hacks floating around simply don’t work. This is NOT a method to prevent SPAM. This is NOT a How-to on using spamd and relaydb to gray-list spammers. This is intended for machines that have a public IP address and receive no external mail. You can be running Sendmail/Postfix/Exim locally for system mails etc. This typically means your MTA listens only on localhost.

If you’re not familiar with spamd, read these and come back:

All about spamd from the horse’s mouth – Daniel Hartmeier

Wikipedia – spamd

Read the spamd and spamd.conf manuals and my setup below will make sense to you. Edit spamd.conf to use your own blacklist file. If you’re not listed as an MX record anywhere, the ONLY people speaking to your SMTP port are spammers and zombies.

$ cat /etc/mail/spamd.conf
# spamd.conf for machine having no MX record.
#
all:\
:myblack:

# List everyone specifying 0.0.0.0/0 in /var/db/myblack.txt
#
myblack:\
:black:\
:msg="I'm not listed as an MX record anywhere. You are a zombie\n\
or a spammer. Die a slow stuttered death %A":\
:method=file:\
:file=/var/db/myblack.txt:


We ensure every IP address is included by using this CIDR notation.

$ cat /var/db/myblack.txt
0.0.0.0/0

Setup spamd to run from /etc/rc.conf The switches -bvh mean blacklist, log verbose and ‘display hostname as’.

$ cat /etc/rc.conf|grep spam
spamd_flags="-b -v -h tarpit.spamtrap.host" # for normal use: "" and see spamd-setup(8)
spamd_black=YES # set to YES to run spamd without greylisting
spamlogd_flags="" # use eg. "-i interface" and see spamlogd(8)


Now comes the easiest part. We tell pf not to send anything from our public/external interface to the SMTP port at localhost. This is a fail-safe for those running a mailserver locally. We also tell pf to route incoming connections to our SMTP port on the public interface to spamd running on localhost.

$ cat /etc/pf.conf|grep smtp -A 1
no rdr on $ext_if proto tcp from any to 127.0.0.1 port smtp
rdr pass log on $ext_if proto tcp from any to any port smtp \
-> 127.0.0.1 port spamd


Setup syslog to log spamd to /var/log/spamd so we have one log to rule them all.

$ touch /var/log/spamd
$ cat /etc/syslog.conf|grep spamd
!!spamd
daemon.err;daemon.warn;daemon.info;daemon.debug /var/log/spamd


Now you’re all set to waste spammer processor cycles. kill -HUP spamd and syslog; reload pf rules. Watch with unabated joy as the bastards get stuck in your tarpit by: $ tail -f /var/log/spamd

Conclusion

Here are some snipped results from my /var/log/spamd:

$ tail -f /var/log/spamd
Sep 17 18:22:27 barge spamd[14558]: listening for incoming connections.
Sep 18 11:24:04 barge spamd[14558]: 218.167.76.111: connected (1/0)
Sep 18 11:24:07 barge spamd[14558]: 218.167.76.111: disconnected after 3
seconds.
Sep 18 15:00:15 barge spamd[14558]: 211.74.105.53: connected (1/0)
Sep 18 15:04:35 barge spamd[14558]: (GREY) 211.74.105.53: gdnrpt@289.95.17.232
- abcc.1234@gmail.com
Sep 18 15:06:20 barge spamd[14558]: 211.74.105.53: From: gdnrpt@289.95.17.232
gdnrpt@59.95.17.232
Sep 18 15:06:20 barge spamd[14558]: 211.74.105.53: Subject:
289.95.17.232,25,webmaster,webmaster,,-SMTP-Dx1784E
Sep 18 15:06:20 barge spamd[14558]: 211.74.105.53: To: abcc.1234@gmail.com
Sep 18 15:06:20 barge spamd[14558]: 211.74.105.53: Body:
ULHs9076819R%webmaster#webmaster%289$95$17$232%PAVO5204412G
Sep 18 15:07:09 barge spamd[14558]: 211.74.105.53: disconnected after 414
seconds.


Now let’s see what and by how much.

# grep disconnected /var/log/spamd | awk '{print $9}' \
> | sort -rn | uniq -c | head
1 55574
1 40390
1 8888
1 909
1 898
1 872
7 805
1 803
2 801
1 800


The first at 55574 seconds took over 15.43 hours trying to finish delivering a single email! The second at 11 hours.

Hah haaa, bastards! Say EHLO to my personal spam decelerator.

Lookup my sendmail article for its default SMTP protocol timers. By seeing how much time each attempt took to finish the SMTP dialogue, we can make educated guesses as to which mailserver the spammer machine is running. Most run dowdy FreeSMTP or SmartSMTP on Windows. The rest are misconfigured *NIX SMTP servers being abused as open relays. Of course, you need to know the default configuations that they ship with.

All of the above is on a P-200Mhz with 32MB of EDO RAM and repeated top / vmstat runs with and without spamd showed absolutely no extra resources used. That’s how well it’s written. For those of you running BSD on a machine not as archaic as mine, you’ll have zero worries running spamd and resource hogging. You’ll forget you have it running, I have.

To sum up, just watch one spammer connect and waste time. The pleasure of watching is almost, ahem, anal. 50 bucks says you’ll keep it running.

All this is for personal machines. You definitely want to use spamd in front of mailservers, it doesn’t matter what it’s running, yes, even Exchange. The links at the bottom will get you up and doing that in no time.

Read Steve Williams’ October 20th, 2006 message to the OpenBSD-misc mailing list where he reports that a pure greylisting configuration immediately rid his company of approximately 95% of their spam load.

Video of OpenBSD spamd in action

(AVI 15m:19s 4.38MB)

The video shows you how spamd stutters the conversation with the spammer, backing up his mail queue. Spamd sets its socket receive buffer size to one character, forcing the sender to send one TCP packet for each byte of data, even if it’s a non-compliant “dump and disconnect” mailer, so the spammer wastes CPU cycles and network bandwidth in addition to a delayed queue.

The video link is me telnetted into a spamd install. The SMTP transaction is recorded at real-time speeds to show what a tarpitted, stuttered, SMTP conversation looks like. Download it and scroll ahead – you get the drift.

If the video seems dodgy, and you use Windows, download the MSU screen capture codec. Alternatively, you can download the larger DivX here.

TODO:

1. Use addresses logged by spamd to setup my own RBL. Have sendmail use it from our DNS servers as a private and guaranteed spammer-only list. Nobody should be talking SMTP to a dynamic home IP netblock!

2. Document the process to setup and test a private RBL with the required steps for BIND so this writeup can be a walkthrough for the process.

Additional reading:

• Wikipedia – Tarpitting
• Peter N. M. Hansteen – PF and spamd
• ONLamp.com – Greylisting with PF and spamd
• Andy Valencia’s ghetto method of fooling spammers.
• Project Honey Pot – No response to my registration. If anyone works with them, please drop me a line.