KristofT
Posts: 77
Status: offline
|
Hello,
I was thinking to catch some more spam. Maybe it's worth thinking about the following:
Isn't it possible to set up a "local honeypot system"?
I'll explain it any further.
The directory harvesting module is cathing all e-mails send to addresses that don't exist. There are 3 types of e-mails catched by this module:
* First of all the real spam mails send to random addresses
* Second, misstyped e-mails
* Third, e-mails send to addresses that existed, but not anymore.
When I have a look at the logfiles of the directory harvesting module, I notice that there are some reciptient e-mailadresses, type 1, that keeps returning.
It would be possible to make a list of such addresses.
So we know, when an e-mail arrives at one of these addresses, it is spam for 100% sure.
When the same e-mail arrives at a existant e-mailaddress, we know also that it is spam and can be wiped out.
One step further:
1/ E-mails catched by our honeypot could feed for example the bayesian module. (This is maybe the easiest way to implement!!)
=> IF e-mail arrives at honeypot address AND not recognized as spam THEN add to "THIS IS SPAM". This won't require a lot of programming, I guess. Also for processing it is very easy and won't take lots of processing time (no need for lookups to DNS or similar)
2/ E-mails catched by the honeypot can also be analysed.
eg: If more than a certain number of e-mails are received at the honeypot within a certain timeframe from the same mailserver, the IPaddress of that e-mailserver can be placed temporary on the IP Blacklist for a few hours/days/until manual removal...
3/ I guess more options must be possible.
|
Printable Version
Local Honeypot - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread