At 11:20 AM 4/4/2003 -0500, you wrote:
Process question. How do you become a relay honeypot without being
blacklisted?
Hold on - I didn't answer your question (I answered a different question.)
You avoid being blacklisted just as everyone else does: deliver no spam. I
like Jackpot but it can occasionally leak a single-recipient spam
message. So I run it in accept-only mode, no deliveries. At "work" (I
retired but still have root access) I run a standard MTA with the output
queue stopped. Nothing gets delivered unless I make it get delivered. If
the queue somehow got restarted it would still run as a combined
server/honeypot, one designed to recognize and deliver (saving a copy)
relay test messages. Right now it would deliver spam, too - a simple
change would put it back in its original non-spam-delivery form. There's
no reason for the current managers to start the queue - I'm almost alone on
that system these days. I'ts hopelessly archaic for any calculations and
its email function has been turned off (the output queue is stopped, the
input is MX'd elsewhere.) Spammers don't pay attention to MX - they
typically go by IP number.
For the honeypot to work all you need deliver are the spammer test
messages. The spammers don't nominate you for DNSBL's if you do - you're
safe. If you deliver the test messages then you intend to receive and hold
the spam. Do that and you won't get blacklisted. Not that you care,
unless you're concerned about SPEWS-like over-zealous blocking that could
spill over.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg