Projects / synspam


Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it (RBL check, regexp on the reverse name, etc.) before forwarding the connection to the MTA. In order to have as few false positives as possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.

Operating Systems

Last announcement

mailing lists available 25 Mar 2010 21:52

Hello subscribers ! I've created 2 mailing lists for the synspam project : users and dev ML. Feel free to subscribe :

Recent releases

  •  29 Apr 2010 21:06

    Release Notes: A new configuration parser. A new format: you can use XML-like configuration and attribute negative scores when a DNSBL doesn't match a source IP address. The old configuration style is still supported.

    •  17 Mar 2010 07:23

      Release Notes: Synspam now uses the Netfilter xt_osf module. If your kernel is Linux 2.6.31 or later, this module can probably be loaded and used. A score is attributed to Windows boxes, and it should not be changed, otherwise you might get false positives with some Exchange servers. The script has been added, which is in charge of loading and unloading iptables rules. Arguments can be passed through the command line. A EUID check was added.

      •  08 Feb 2010 09:13

        Release Notes: Synspam now checks both A and PTR records to be sure that the source IP address doesn't have a reverse which belongs to another network. This is a technique used by spammers to bypass some spam filters. The INSTALL file was updated with information about the kernel support needed for synspam.

        •  01 Feb 2010 09:15

          Release Notes: The connections filtering code was refactored; further targets may be added in the future. New functions were added to the synspam-report script for average reject score and average accept score, and it no longer makes correlation between spamassassin and synspam. An extra check was added at startup to prevent success messages from being printed when synspam segfaults.

          •  19 Jan 2010 15:49

            Release Notes: The user can choose between dropping packets or rejecting them. That means that instead of simply discarding packets, synspam can send a TCP RST to the source IP so that port 25 won't appear filtered, but closed. Be aware that iptables rules have changed. It's possible to start synspam in foreground or daemon mode. The default is daemon mode.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.