Date: Mon, 26 Apr 2010 11:28:40 -0500 From: John <john@starfire.mn.org> To: Eitan Adler <eitanadlerlist@gmail.com> Cc: John <john@starfire.mn.org>, Aiza <aiza21@comclark.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Wpoison????? Message-ID: <20100426162840.GA76688@elwood.starfire.mn.org> In-Reply-To: <t2ja0777e081004260804w85e2dc71r109571b3c1bafb8b@mail.gmail.com> References: <4BD3E9B8.2030109@comclark.com> <20100426124453.GB74442@elwood.starfire.mn.org> <j2ma0777e081004260643ya31b42d7g29c45348e6c3d85c@mail.gmail.com> <20100426143510.GA75532@elwood.starfire.mn.org> <t2ja0777e081004260804w85e2dc71r109571b3c1bafb8b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 26, 2010 at 06:04:33PM +0300, Eitan Adler wrote: > >> There are better systems that have a pure honeypot which actually > >> accepts mail (and add the IPs that send mail to a blacklist) > > > > OK - where do we find one of THOSE? > I have never researched this topic in depth but > http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Further_reading_and_external_links > seems to have some links. > Setting one up on your own isn't hard. Just create a new mail account > and blacklist anyone who sends mail to that account. Something like taking all the old e-mail accounts in my system that are now going to /dev/null (but which I know from the e-mail logs still get TONS of spam) and make something like a /dev/mailsink that is a named pipe with a PERL script reading it that pulls out the IP addresses and puts them in the pfctl "spammers" blacklist table? I wouldn't need to create a new e-mail account, I've already got lots of them that seem to be pure spam magnates, including "man" (the manual pages psuedo-user) which are getting stuff sent to them all the time. I'm pretty sure that anyone sending to "man@starfire.mn.org" is a spammer... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- John Lind john@starfire.MN.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100426162840.GA76688>