[plug] [OT] open relay honeypot

[Luke Dudney]

A few weeks ago I set up an smtp open relay honeypot using postfix on the end of my DSL line (set mynetworks to the entire world and disabled the 'smtp' transport).
It appears to be an open relay but does not actually deliver the message.
It took less than a day to be found by the spammers, and in the last three days usage on it has gone through the roof (559 different hosts connected to it!)
The initial connections I got were apparently probes (empty message to a throwaway hotmail/yahoo accounts with my IP as the Subject). I forwarded these on manually to give the spammers false positives.

It gives me a good feeling to know that there are 248,977 less spam messages in 241,978 less peoples' inboxes!
I wonder how much spam would be stopped if there were a whole lot more similar honeypots on the net.

The things I do for fun ;)

Luke


Grand Totals
------------
messages

 190615   received
 248977   delivered
      0   forwarded
      0   deferred
      0   bounced
      0   rejected

 327355k  bytes received
    614m  bytes delivered
 118607   senders
   4829   sending hosts/domains
 241978   recipients
   9116   recipient hosts/domains

smtpd

    3034   connections
     559   hosts/domains
     651   avg. connect time (seconds)
 548:37:48  total connect time


Per-Day Traffic Summary
    date          received  delivered   deferred    bounced     rejected
    --------------------------------------------------------------------
    Jan 11 2003       537 
    Jan 12 2003      1441       1197 
    Jan 13 2003      1446       1441 
    Jan 14 2003     19183       1447 
    Jan 15 2003     82460     107321 
    Jan 16 2003     84455      93365 
    Jan 17 2003      1093      44206