Gordon Ross wrote: > I'm looking to setup a honeypot account with my Exim MTA. A quick google > reveals http://www.hardline.org/SpamHoneypot as one potential way to set > this up. > > Are there any other suggestions as to good ways to do this in exim ? > (latest exim version. There's gonna be an small SQL DB engine on the box > as well - either SQLite or MySql) > > Thanks, > > GTG
You might be better-off to blacklist only the senders of invalid/dictionery-generated spam you already actually see. No need to actively ask for more! Presuming you use something like: deny / warn require verify = recipient And wish to go further.... Try: deny / warn !verify = recipient log_message = $sender_address $sender_host_address <other info> <your code> - then: grep <your code> /var/log/exim/mainlog (Ex: our 'code' is "R4" - our fourth acl clause in the RECPT phase). See what you get in the way of activity, and if it is worthwhile to go further in your particualr environment. If so, consider whether you want to trigger on first hit, allow some grace, whether a periodic script will do for list update, (no load on Exim) or if you want to try an SQL insert or update clause in the 'warn' (load or delay on Exim). We just do it manually, putting a few into an IP-block list, a great deal more into a REGEXP-block list. The worst offenders seem to be more consist w/r using the same bogus HELO than they are as to using the same bogus user address. Most appear to be zombified Winboxen. HTH, Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
