Honeypot relaying requests

Honeypot relaying requests

am 09.06.2007 13:23:26 von Alan Clifford

Is there any way I could honeypot these to /dev/null? I have an old
computer that could be put to use sending spam to oblivion whilst
absorbing spam sending time.

Jun 9 12:20:24 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied
Jun 9 12:20:24 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied
Jun 9 12:20:25 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied
Jun 9 12:20:26 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied
Jun 9 12:20:27 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied
Jun 9 12:20:27 malander sm-mta[15907]: l59BJchw015907:
ruleset=check_rcpt, arg1=,
relay=p5481d6d2.dip.t-dialin.net [84.129.214.210], reject=550 5.7.1
... Relaying denied





--
Alan

( If replying by mail, please note that all "sardines" are canned.
However, unless this a very old message, a "tuna" will swim right
through. )

Re: Honeypot relaying requests

am 10.06.2007 14:16:59 von Garen Erdoisa

Alan Clifford wrote:
>
> Is there any way I could honeypot these to /dev/null? I have an old
> computer that could be put to use sending spam to oblivion whilst
> absorbing spam sending time.
>
> [SNIP]

IMHO, This is probably not a good idea. Pretending to be an open relay,
could eventually have you relaying legitimate email to /dev/null as well
with the trace lines showing the last relay that accepted such emails
being the problem point, ie: your relay server.

It's better to just reject and forget open relay attempts. Also, open
relay testers would eventually discover the apparent open relay, and
would possibly end up with botnets consuming a good share of your
bandwidth in the long run, even if it is a redirect to /dev/null.

Way more trouble than it's worth for the goal of consuming bandwidth.
--
Garen