Hi, Came up with a cool trick that seems to be working well after running for > several months. > > I have several servers that are used for spam filtering and no > authenticated connections for sending email. However I advertise that I > have authentication just to attract those who would try to hack passwords. > All user password combinations are accepted. > > And it's working. All authenticated email is harvested as spam and the IP > is blacklisted and spam is analyzed. And it helps waste hackers resources. > I have a list of about 250,000 IP addresses of hackers. >
Very interesting. Is this a modified postfix+dovecot config? Can you document how you did this so we may try it also? What happens after they're authenticated? How do you keep it from becoming a mail gateway once the user has authenticated? When you say "advertise", do you just mean you accept any user+password combo, or do you actually promote it in some way? Do you do anything with the user+password combination that can maybe be used to determine if perhaps your other systems are being probed by spammers as well? Thanks, Alex
