I wrote a small smtpd (mta) proxy that checks and logs sasl attempts and
that _if not authorized_ pretends to delivery email at the same time
slowing down smtp responses to the spam client. If authorized it
forwards the message to postfix.
It:
1. Reads postfix main.cf to get some params (like sasl config, and
sender and recipient requirements)
2. Presents an smtp greeting
3. handles setting up tls if requested
4. handles (requires) sasl plain or sasl login
5. if sasl fails it logs it and increases response delay time AND
pretends Authentication succeeded
if sasl suceeds it sets response delay to 0
6. If auth failed it drops message, but says it was delivered
If auth success it delivers the message to postfix for processing.
It's written in c and is fast and small (50k exe).
I couldn't find a way to pretend to deliver messages and also
incrementally slow down the smtp handshakes using milter or anything
else so I wrote this for me. (I know I can use fail2ban, and that works
great to just block the spam client, but I wanted to slow them down
moving to some other system -- as a service to the community. Kinda of
like keeping scammers on the line wasting their time.)
This is still a work in progress for me (took some learning about doing
sasl).
I find it amazing that only 24 hours after setting it up on a brand new
ip address at port 587 I am already getting sasl auth brute force
attempts from about 15 different servers.
If a tool like this already exists, could someone point me at it. I'm
planning to open source this after a few more refinements.
Geoff
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
