Le 10/06/2013 17:38, David F. Skoll a écrit :
That's an interesting honeypot. I've seen spammers crack SMTP AUTH passwords, but in most cases the first thing they do is send an email to a freemail account with a subject like:192.168.33.55,user,passwd and if they don't get the round-trip confirmation that they're able to relay mail out, they don't attempt to send mail using the server. Still... I bet not all spammers are as sophisticated and I'd be interested to see your results. Another thing you could try is to pretend to be an open relay. Don't even bother with AUTH, just accept RCPT TO:<foo@anywhere>
Theoretically you could detect such confirmation messages (logically the first message from a given user,password pair) and actually deliver them, then harvest the rest! But you'd have to be really careful not to become a spam relay in the process!
John. -- -- Over 5000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr
