[Dshield] Spam trap code/ virtual machine

Darren Spruell phatbuckett at gmail.com
Fri May 25 18:36:52 GMT 2007


On 5/24/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
> Is there any pre-built spam trap stuff out there that would let you
> easily set up a machine that accepts mail from anywhere to anyone,
> routes it to /dev/null, and logs the IP address of the connecting host?

A fairly easy way to harvest violators would be to add another MX
record to your zone at a higher value (lower preference) and log
connection attempts to that. As a rule, no valid email should be sent
to that MX and any deliveries can be considered violations. Many SPAM
shops intentionally hit lower preference MXs to bypass the filtering
that tends to be on the higher preference hosts. This of course
assuming that you don't have failures in your legitimate MX gateways
that would cause deliveries to fail to your "trap" MX; but if they
failed anyway, you'd have no deliveries of legitimate mail in the
first place.

-- 
Darren Spruell
phatbuckett at gmail.com


More information about the list mailing list