Hi, I was hoping it was okay to resurrect a thread from a few months ago and ask a few questions regarding creating some type of honeypot for spammers.
> Just search your /var/log/maillog for user unknown messages, and > create email addresses for the unknown users which are showing up > multiple times over multiple days. It's a great trick because it gets > spammers who already have email addresses in their > spamlists and who are too lazy to remove them when they get a > user unknown message from the mailserver. I have an old domain with a number of dormant accounts that I'd like to use. The domain also uses several RBLs, so a majority of the spam is rejected before it's ever received, so it's less than effective. I'm also wondering what exactly you're taking from these messages that are received? Are you blocking based on IP? Creating header/body rules? Those are usually transferable to other systems, but what about bayes? How can you use it for bayes when that doesn't transfer very easily to other systems? Or are you only limited to gathering info based on the 'user unknown' messages, as you said? Do you have scripts that parse your maillog? Do you have any type of revocation ability, to keep track of when they were added so they can be removed after some time? Some tips were mentioned in this thread for seeding a user account to receive spam, but there was a lot of back-and-forth, and it was unclear to me which were really advisable. Is it advisable to use 'unsubscribe' links in spam sent to some address? How about using a domain specifically for creating a honeypot, of sorts? Would you create a basic webpage and populate that with email addresses? Then set up the mail system to accept all mail... I don't think I'm asking for anything that could cause spammers to alter their tactics, but please do tell me if otherwise. Sure appreciate any ideas. Thanks, Alex
