Re: [exim] Setting up Honeypot

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Setting up Honeypot
Gordon Ross wrote:

> I'm looking to setup a honeypot account with my Exim MTA. A quick google
> reveals http://www.hardline.org/SpamHoneypot as one potential way to set
> this up.
>
> Are there any other suggestions as to good ways to do this in exim ?
> (latest exim version. There's gonna be an small SQL DB engine on the box
> as well - either SQLite or MySql)
>
> Thanks,
>
> GTG


You might be better-off to blacklist only the senders of
invalid/dictionery-generated spam you already actually see.

No need to actively ask for more!

Presuming you use something like:

deny / warn
require verify = recipient

And wish to go further....

Try:

deny / warn
!verify = recipient
log_message = $sender_address $sender_host_address <other info> <your code>

- then:

grep <your code> /var/log/exim/mainlog

(Ex: our 'code' is "R4" - our fourth acl clause in the RECPT phase).

See what you get in the way of activity, and if it is worthwhile to go further
in your particualr environment.

If so, consider whether you want to trigger on first hit, allow some grace,
whether a periodic script will do for list update, (no load on Exim) or if you
want to try an SQL insert or update clause in the 'warn' (load or delay on Exim).

We just do it manually, putting a few into an IP-block list, a great deal more
into a REGEXP-block list.

The worst offenders seem to be more consist w/r using the same bogus HELO than
they are as to using the same bogus user address. Most appear to be zombified
Winboxen.

HTH,

Bill