[plug] [OT] open relay honeypot

Jeff Williams jw at globaldial.com
Sat Jan 18 11:05:33 WST 2003 

What you really need to do now is harvest the IP addresses and set up a 
RBL for them. There couldn't be any legitimate clients connecting.

JEff

Luke Dudney wrote:
> A few weeks ago I set up an smtp open relay honeypot using postfix on 
> the end of my DSL line (set mynetworks to the entire world and disabled 
> the 'smtp' transport).
> It appears to be an open relay but does not actually deliver the message.
> It took less than a day to be found by the spammers, and in the last 
> three days usage on it has gone through the roof (559 different hosts 
> connected to it!)
> The initial connections I got were apparently probes (empty message to a 
> throwaway hotmail/yahoo accounts with my IP as the Subject). I forwarded 
> these on manually to give the spammers false positives.
> 
> It gives me a good feeling to know that there are 248,977 less spam 
> messages in 241,978 less peoples' inboxes!
> I wonder how much spam would be stopped if there were a whole lot more 
> similar honeypots on the net.
> 
> The things I do for fun ;)
> 
> Luke
> 
> 
> Grand Totals
> ------------
> messages
> 
> 190615   received
> 248977   delivered
>      0   forwarded
>      0   deferred
>      0   bounced
>      0   rejected
> 
> 327355k  bytes received
>    614m  bytes delivered
> 118607   senders
>   4829   sending hosts/domains
> 241978   recipients
>   9116   recipient hosts/domains
> 
> smtpd
> 
>    3034   connections
>     559   hosts/domains
>     651   avg. connect time (seconds)
> 548:37:48  total connect time
> 
> 
> Per-Day Traffic Summary
>    date          received  delivered   deferred    bounced     rejected
>    --------------------------------------------------------------------
>    Jan 11 2003       537    Jan 12 2003      1441       1197    Jan 13 
> 2003      1446       1441    Jan 14 2003     19183       1447    Jan 15 
> 2003     82460     107321    Jan 16 2003     84455      93365    Jan 17 
> 2003      1093      44206
> 
> .
> 


-- 
There are 10 kinds of people in the world, those that can do binary
arithmetic and those that can't.
GPG: http://www.globaldial.com/~jeffw/jeffw.gpg

More information about the plug mailing list