[Dshield] Spam trap code/ virtual machine

Sheehy, Robert Mr CTR USA USAREUR robert.sheehy at EUR.ARMY.MIL
Fri Jun 1 22:26:52 GMT 2007


>From the man page:
> emailrelay is a simple SMTP proxy and store-and-forward 
> message transfer agent.

It was extremely easy to configure and install. 

I run it in server mode to accept and store all incoming messages, but never run the command to forward the mailspool. 

For each incoming message a .envelope file is created that contains metadata about the e-mail message. To pick out all the IP addresses that have sent you a message you can use a command line such as:

find . -name \*.envelope -exec grep  "X-MailRelay-Client" {} \; | cut -f2 -d" " |sort -u

Delete all the files from the emailrelay spool directory after you've pull out the data you need. 

 



> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of 
> Jean-Pierre Schwickerath
> Sent: Monday, May 28, 2007 2:55 PM
> To: list at lists.dshield.org
> Subject: Re: [Dshield] Spam trap code/ virtual machine
> 
> 
> 
> > > Is there any pre-built spam trap stuff out there that 
> would let you 
> > > easily set up a machine that accepts mail from anywhere 
> to anyone, 
> > > routes it to /dev/null, and logs the IP address of the connecting 
> > > host?
> > 
> > I don't know if you'd call it 'pre-built' or not, but Exim can be 
> > rather simply configured to route all non-local 'remote 
> destination ( 
> > as in 'open-relay attempt' ) to dev/null or a specific file...
> 
> I agree. Any decent mailer logs the connecting IP. And it's 
> fairly easy to make your favourite MTA an open-relay that 
> forwards everything to /dev/null. 
> 
> 
> Regards. 
> 
> Jean-Pierre
> 
> --
> HILOTEC Engineering + Consulting AG - Langnau im Emmental 
> Energietechnik und Datensysteme: Server, PCs, Linux, 
> Telefonanlagen, VOIP, Hosting, Datenbanken, Entwicklung, 
> Komplettlösungen für KMUs
> Tel: +41 34 402 74 00 - http://www.hilotec.com/
> 
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 
> Courses taught by our top rated instructors plus a huge 
> vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 



More information about the list mailing list