I'm looking to build an SMTP honeypot. Well...sort of. This won't be a honeypot that's exposed to the internet. Most of the email honeypots I've found (there aren't all that many!) fall short or have been defunct for several years and are designed to emulate open relays. An open relay concept works, but basically I need an email server that will accept and store all email sent to ANY user at ANY domain. Have any ideas?
I appreciate any help...
Originally Posted by theantiphish
I think THIS may be what you're looking for..
smtp-sink listens on the named host (or address) and port.
It takes SMTP messages from the network and throws them
away. The purpose is to measure client performance, not
smtp-sink may also be configured to capture each mail
delivery transaction to file. Since disk latencies are
large compared to network delays, this mode of operation
can reduce the maximal performance by several orders of
Found that courtesy of a post from Wietse Venema (creator of Postfix) Original post: http://archives.neohapsis.com/archiv...7-11/0882.html
While that will probably answer your basic question.. the reverse would be ... why would you want to do this?
Unless you are running this on an IP that has once had a known MX associated, then the only traffic you're likely to see is random worm/virus scanning, or the potential test scan from your ISP or from a group like abuse.net or one of the old timey sorbs/orbs/relay searchers.
You're far more likely to catch spam/spammers in action if you seed a slightly complex email address into some site or web page ... or to use the address to post to newsgroups and see the email address make the rounds into sold address lists ... as the activity picks up, you'll know the address was put into more lists..
ie. jenny2255b ... seems like a plausible email address @somedomain .. and if you've never had a "jenny2255b@" your domain before .... you could set it up, use it on a few popular message boards, and before you know it the trolls will have that address..
Eitherway ... good luck, and if you can, remember to post back about anything you've tried or found that solved the problem ... that's how we as the first two w's in www learn.