Wpoison?????
perryh at pluto.rain.com
perryh at pluto.rain.com
Tue Apr 27 08:20:55 UTC 2010
John <john at starfire.mn.org> wrote:
> > There are better systems that have a pure honeypot which actually
> > accepts mail (and add the IPs that send mail to a blacklist)
>
> OK - where do we find one of THOSE?
Unfortunately, THOSE may be a bit too simplistic :(
Someone forges an email appearing to come from one of your honeypot
addresses, and sends it to a bogus (or on-vacation) address at a
legitimate site. The bounce (or vacation response) comes to your
honeypot address, causing you to blacklist the legitimate site.
No, I am not making this up. More than once I've discovered one of
my employer's mail servers on the Spamcop blacklist, causing my home
upstream to bounce (as presumed spam) messages I tried to send from
office to home. This seemed to have been the mechanism involved.
More information about the freebsd-questions
mailing list