Autor: Wakko Warner Data: A: Michael Sprague CC: exim-users Assumpte: Re: [exim] Spammers and delays?
Michael Sprague wrote: > Wakko Warner wrote:
> >Actually no I didn't. On the honey machine I might turn off the sync
> >enforcement but noone's hit that yet for some reason.
>
> I turn off pipelining and do delays for certain conditions. For
> example, no rDNS for the incoming server. This has been pretty
> effective and doesn't slow down 'real' email much. But since this is a
> honeypot, I don't suppose you're concerned about that.
I thought about turning off pipelining on my real servers. The idea was to
delay the connection once (once as in a real server sending) to see if it
will actually deliver then never delay again
> In fact, since this is a honeypot, wouldn't you want the spam to get
NOPE! Actually I don't want it, but it was one of those things that I
figured, the IPs are not publicised anywhere and thus any IP connecting to
it has abusive intent and I was going to build a blacklist based upon that.
I'm sure somewhere down the line hotmail,yahoo,aol,etc would get in there
some how but that's of no concern anyway (hotmail has never been able to
curb abuse from past experienced and they should be blacklisted)
> delivered to your file? Or are you going to comb the log as well?
RIght now, it's just to see what abusers are out there. Mostly korea and
china (big surprise, right?) and I've ip blocked the ones that don't give
up. Unfortunately the IPs are over a single 56k dialup and half are listed
as dynamic addresses by sorbs and other DULs (don't care I never intend to
use the IPs for legit purposes)
> Sorry, I'm just curious. I'm not running a honeypot yet but I've been
> toying with the idea of setting one up. :)
Found tons of HTTP abusers so I turned off the service. Oddly enough I
haven't found many SSH abusers. One IP must have been an open proxy and
I've seen tons of relay attempts via HTTP, but this is OT here anyway.
--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???