Wpoison?????
John
john at starfire.mn.org
Mon Apr 26 16:28:48 UTC 2010
On Mon, Apr 26, 2010 at 06:04:33PM +0300, Eitan Adler wrote:
> >> There are better systems that have a pure honeypot which actually
> >> accepts mail (and add the IPs that send mail to a blacklist)
> >
> > OK - where do we find one of THOSE?
> I have never researched this topic in depth but
> http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Further_reading_and_external_links
> seems to have some links.
> Setting one up on your own isn't hard. Just create a new mail account
> and blacklist anyone who sends mail to that account.
Something like taking all the old e-mail accounts in my system that
are now going to /dev/null (but which I know from the e-mail logs
still get TONS of spam) and make something like a /dev/mailsink that
is a named pipe with a PERL script reading it that pulls out the
IP addresses and puts them in the pfctl "spammers" blacklist table?
I wouldn't need to create a new e-mail account, I've already got
lots of them that seem to be pure spam magnates, including "man"
(the manual pages psuedo-user) which are getting stuff sent to them
all the time. I'm pretty sure that anyone sending to "man at starfire.mn.org"
is a spammer...
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
John Lind
john at starfire.MN.ORG
More information about the freebsd-questions
mailing list