JP Vossen on 24 Mar 2010 12:49:10 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux SMTP honeypots?

> Date: Wed, 24 Mar 2010 08:40:56 -0400
> From: Mike Sheinberg <>
> Anyone have any suggestions for Linux-based SMTP honeypots? Specifically, I
> am trying to capture malicious attachments for analysis so I'm looking for
> something that does more than just slow down spammers (like a tarpit). I'm
> running into a lot of honeypot projects that simply stall attackers and
> mimic infected machines but having difficulty finding ones which save files
> that they try to send. Anyways, let me know if anyone has any good tips on
> where to start.

I'd think this would be very easy to do with Postfix.  Lock it down so 
it's not a relay, maybe even disable outgoing mail.  Then either create 
some users that Postfix will accept mail for, or set up a wildcard 
address, then post the trap addresses around.

Or did I misunderstand?  As I re-read, maybe I did.  Above I am assuming 
you just want to capture any/all incoming mail (ideally with evil 
attachments), but now I think maybe you are wanting to *pretend* to be 
an open relay or something, and simply capture rather than send?

Perhaps some clarification is in order?

Sounds interesting,
JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --