A good way to improve efficiency against spammers is to use early talking detection:

  1. you own a SMTP relay platform and you want to improve its efficiency on spam fighting
  2. your current MTA has no early talking detection feature and you want to be able to add one.
  3. you want to offload the early talking detection feature from your SMTP server to an other device in your architecture.

What is early talking detection?

The picture below shows the SMTP “hello phase”, in 4 steps:

  • Step 1: the client gets connected to the SMTP server
  • Step 2: the server acknowledge the SMTP connection by a “220 service ready” message
  • Step 3: the client sends his identity (basicaly his domain name)
  • Step 4: the server welcomes the client and the client is now allowed to send a mail

Usually, spammers have no time to waste, so they do the TCP connection then send directly the HELO packet to the server.
The Aloha can hold the connection on the client side and monitors it for a few seconds.
Then you have 2 options:

  1. If the client “speaks” first, it means it’s a spammer, so the connection can be closed safely. No need to bother the server with it.
  2. If the client waits for the SMTP banner during the observation period, it means it looks to be a regular user. So we may accept its connection and let the client and server speaks together.

This way of listening on the connection to detect if client talks first is called early talking detection.


In order to use the Aloha in front of a public SMTP relay platform, it’s recommanded to configure it in reverse-proxy transparent mode, also known as Destination NAT.
That way, the SMTP servers will be aware of the client IP address.
In that mode, the default gateway of the server must be the Aloha, or you must configure Policy Based Routing to redirect traffic from the SMTP server source port 25 to the Aloha.


In the Aloha, use the Layer7 (HAProxy) load-balancing tab and apply the configuration below:
[sourcecode language=”text”]
frontend ft_smtp
mode tcp
bind :25
source usesrc clientip
log global
option tcplog
# reject SMTP connection if client speaks first before 30s
tcp-request inspect-delay 30s
acl content_present req_len gt 0
tcp-request content reject if content_present
default_backend bk_smtp

backend bk_smtp
mode tcp
balance roundrobin
log global
option tcplog
# SMTP health check
option smtpchk HELO
default-server inter 3s rise 2 fall 3
server smtp1 check
server smtp2 check


(1) renaming and updating the article to describe early talking detection and not grey listing