sorry for the more or less off-topic but i think here are the people with most expierience
what i would like to do is: * setup whatever software listeing on port 25 * any IP connecting to that machine feed into a dns-zone file for a DNSBL currently i have a stripped down CentOS6 listening on all unsued IP's in a /24 network on standard ports with xinedt answering to ping and response with a dash-script "creep away" assuming that only infected machines part of a botnet are trying to connect on random IP's to port 25 i would say the same machines likely are used to spread spam so feed any connection to a automatically maintained RBL may stop recent spam waves targeting the own network long before the big RBL's react nad if you achive to remove IP's on that auto-feeded RBL after 48 hours there should be little to no bad impact
