Originally posted here by R0n1n

So, why would you want to make your mail relay a honeypot???

Unless of course it was a completely fake SMTP relay to begin with. [/B]
Exactly.

As it happens my honeypot was both an SMTP server and a honeypot. That's because it was a server first and because it was easier (and less expensive) to configure the SMTP server to accept but not deliver illicit relay email than it would have been to configure it to not accept illicit relay email. I think I succeeded in stopping delivery of spam to a few million recipients (a tiny drop in the bucket) but that was far, far better than not accepting the same spam so that the spammer would simply have selected another open realy that really was open and get the spam delivered.
Plus at least a few times I got the spammer's account terminated. Twice, for Chris "Rizler" Smith.

It is so much simpler to just run a completely fake SMTP relay that doing so is the method of choice. Then you don't have to filter: it's all abuse email. That's even more so for a proxypot: even the TCP/IP port is illicit for email.