DCC and honeypot

Stef mitiste@iit.edu
Tue Mar 2 19:25:08 UTC 2004


I have a honeypot setup with Postfix, a rule to "hold" all emails being 
attempted to relay through it, and a couple of users accounts (local) 
having been used as honeytokens, by putting them on a web site, for 
email address harvesting. My question is: knowing that (based on the 
above description) EVERYTHING hitting this box is SPAM, is there a way 
I can run the hold queue through the DCC, for reporting, before getting 
rid of those messages? Right now my honeypot is simply a research and 
tarpit-sort-of tool, but it be useful if I could have it automatically 
report, also.

If the above is not feasible, does anybody know of any other reporting 
tools/sites/capabilities, I could possibly integrate into a system like 
the above?

NOTE: I have tried razor, but their servers do not seem to respond 
anymore, even for the setup phase.

TIA,
Stef




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.