[exim] Spamtrap harvesting idea using fake authentication

Inizio della pagina
Questo messaggio è parte di questo thread:
M--\il thread completo ordinato per data
M-\M 
M\MMJan Ingvoldstad at ->
Delete this message
Reply to this message
Autore: Marc Perkel
Data:  
To: exim-users@exim.org >> Exim-users
Oggetto: [exim] Spamtrap harvesting idea using fake authentication
Here's an idea I'm working on. Wondering if anyone else is interested in
participating.

As you all know there are a lot of SMTP servers (inbound) where there is
o authentication option. And we all know that there are lots of hackers
and hack viruses that work on authenticated smtp servers looking for
weak passwords so they can authenticate and send spam.

Suppose we reconfigured servers with no authentication configuration to
advertise that they take authentication and that you have a fake
authenticator that accepts any password. Something like this:

fixed_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = true
server_set_id = $auth2

Of course you know that anyone authenticating to the server is spamming.
But we can harvest the IP and add them to a blacklist.

Does anyone find this interesting?

If you do I'm still experimenting but once I like the setup I can send
you code that will allow me to collect IP addresses of people hacking
your system.





Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [exim] remote_smtp defer (110): Connection timed out on AWS EC2 InstanceRe: [exim] remote_smtp defer (110): Connection timed out on AWS EC2 Instance->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)