|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Linux SMTP honeypots?
|
> Date: Wed, 24 Mar 2010 08:40:56 -0400
> From: Mike Sheinberg <m.sheiny@gmail.com>
>
> Anyone have any suggestions for Linux-based SMTP honeypots? Specifically, I
> am trying to capture malicious attachments for analysis so I'm looking for
> something that does more than just slow down spammers (like a tarpit). I'm
> running into a lot of honeypot projects that simply stall attackers and
> mimic infected machines but having difficulty finding ones which save files
> that they try to send. Anyways, let me know if anyone has any good tips on
> where to start.
I'd think this would be very easy to do with Postfix. Lock it down so
it's not a relay, maybe even disable outgoing mail. Then either create
some users that Postfix will accept mail for, or set up a wildcard
address, then post the trap addresses around.
Or did I misunderstand? As I re-read, maybe I did. Above I am assuming
you just want to capture any/all incoming mail (ideally with evil
attachments), but now I think maybe you are wanting to *pretend* to be
an open relay or something, and simply capture rather than send?
Perhaps some clarification is in order?
Sounds interesting,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|