From owner-freebsd-questions@FreeBSD.ORG Mon Apr 26 16:28:47 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF9ED106566C for ; Mon, 26 Apr 2010 16:28:47 +0000 (UTC) (envelope-from john@starfire.mn.org) Received: from elwood.starfire.mn.org (starfire.skypoint.net [173.8.102.29]) by mx1.freebsd.org (Postfix) with ESMTP id B5A0B8FC0A for ; Mon, 26 Apr 2010 16:28:47 +0000 (UTC) Received: from elwood.starfire.mn.org (john@localhost [127.0.0.1]) by elwood.starfire.mn.org (8.14.3/8.14.3) with ESMTP id o3QGSfJJ076730; Mon, 26 Apr 2010 11:28:42 -0500 (CDT) (envelope-from john@elwood.starfire.mn.org) Received: (from john@localhost) by elwood.starfire.mn.org (8.14.3/8.14.3/Submit) id o3QGSeqR076729; Mon, 26 Apr 2010 11:28:40 -0500 (CDT) (envelope-from john) Date: Mon, 26 Apr 2010 11:28:40 -0500 From: John To: Eitan Adler Message-ID: <20100426162840.GA76688@elwood.starfire.mn.org> References: <4BD3E9B8.2030109@comclark.com> <20100426124453.GB74442@elwood.starfire.mn.org> <20100426143510.GA75532@elwood.starfire.mn.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: John , Aiza , FreeBSD Questions Subject: Re: Wpoison????? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2010 16:28:48 -0000 On Mon, Apr 26, 2010 at 06:04:33PM +0300, Eitan Adler wrote: > >> There are better systems that have a pure honeypot which actually > >> accepts mail (and add the IPs that send mail to a blacklist) > > > > OK - where do we find one of THOSE? > I have never researched this topic in depth but > http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Further_reading_and_external_links > seems to have some links. > Setting one up on your own isn't hard. Just create a new mail account > and blacklist anyone who sends mail to that account. Something like taking all the old e-mail accounts in my system that are now going to /dev/null (but which I know from the e-mail logs still get TONS of spam) and make something like a /dev/mailsink that is a named pipe with a PERL script reading it that pulls out the IP addresses and puts them in the pfctl "spammers" blacklist table? I wouldn't need to create a new e-mail account, I've already got lots of them that seem to be pure spam magnates, including "man" (the manual pages psuedo-user) which are getting stuff sent to them all the time. I'm pretty sure that anyone sending to "man@starfire.mn.org" is a spammer... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- John Lind john@starfire.MN.ORG