Very interesting Thomas. Accepting the mail and then reporting is a fascinating idea! Gotta figure that out on the MTA side. I guess I'll ask for complete honeypotting as a feature request in ASSP now, purely as a pipe-dream, but with the hopes that you'll be so inspired and somehow carve out the time.
Thanks On Wed, Jul 29, 2015 at 9:41 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > I do this in a similar way for years. > > - my group is [dummy] > - I replace all addresses of the honeypot-domain one (every time the same > for each spam domain) valid local address > - nodelay has > 0.0.0.0/1=>[dummy] > 128.0.0.0/1=>[dummy] > > [dummy] is also in hlSpamLovers - helos should never blocked for the > honeypot > > if a mail is detected as spam - fine - stored - nothing wrong - but.. > NOTHING TO LEARN for assp (BAD until the next complete rebuildspamdb was > finished) > if it is not detected as spam, it is delivered to the dummy user - now the > trick - the mailbox of this user has an agent, which spam-reports and > deletes any incomming mail immediatly > because the rebuild is running permanent (if configured) - assp learns > just in time the new reported spam (also for all the other real users) > > >The problem is that the volume of spam is causing the sender Ip to goto > the > >extremePB. > > you should disable this - it is in montor mode (early is disabled) on my > prod system > > Thomas > > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 29.07.2015 15:18 > Betreff: [Assp-test] Fwd: Honeypot addresses, any way to bypass > extremepb? > > > > I sent this in early June to the user list, but it got no play, so I > figured that I'd give here a go. > Thanks > > ---------- Forwarded message ---------- > From: K Post <nntp.p...@gmail.com> > Date: Thu, Jun 4, 2015 at 9:34 AM > Subject: Honeypot addresses, any way to bypass extremepb? > To: For Users of ASSP <assp-u...@lists.sourceforge.net> > > > I've setup a couple honeypot subdomains. My intention is to use them to > gather more and more varied spam messages. > > This might just be a case of ASSP not being intended for this, in which > case I'll just kill the subdomains or donate them to project honeypot. > ..or I could just be doing it wrong. > > I have the subdomains listed in a group like this > [HONEYPOT-ADDRESSES] > @subdomain1.ourcharity.org > @subdomain2.ourcharity.org > > and I have that group listed in SpamAddresses > > The problem is that the volume of spam is causing the sender Ip to goto > the > extremePB. > > in block reports, I see: > spam reason: (score for xxx.xxx.xxx.xxx is 645, surpassing extreme level > of > 601) [--the subject--] > > and as such, the messages aren't being collected. > > Is there a way to tell ASSP to collect mail into the spam folder for > specific addresses? Don't process them, don't block based on IP, just > gobble up the mail, save it in spam, and give the IP a score. Maybe don't > even give the sender an error, but don't use extremepb for mails > exclusively to these addresses --like a honeypot should work. > > Again, if this is a bad idea, counter to ASSP's mission / design, etc, > I'll > just ditch the concept. > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
