Stopping Spam before the Gateway: Honeypots
There's more than one way to stop a spammer. Our author discovers that like pesky flies, spammers just can't resist the allure of honey.
Honeypots are an ancient, but still effective security tool. Traditionally a honeypot is a server that looks like it has very attractive files and has a security hole in it. Crackers will then break into the honeypot in search of pirated copies of games, trade secrets or such.
In reality, there's nothing of any real value in the honeypot. By watching who breaks into the honeypot, you can audit would-be attackers as they hunt for the goodies until you know exactly who they are and you can then put the cuffs on them.
Some black-list administrators, notably Ron Guilmette, has taken this basic idea and turned it into an anti-spam approach. It works in exactly the same way. Since a spammer doesn't know what proxies or relays are open to abuse by spammers, they are constantly testing sites for new and vulnerable relays. In fact, a spammer probably has no idea what sites he is using to spread spam. Most simply rely on automatic scripts to find new sites as old open relays are either fixed or knocked off the net by being listed on a blacklist.
If you're well past the point of needing such tools, you may be ready to try to nail spammers with a honeypot. The most basic way to do it is to simply set up an insecure mail server, aka relay, and wait for the spammers to come to you.
Then, one simply reads your incoming log for visitor's IP address, looks up what ISP owns that IP address and report to the ISP that they have a spammer at X IP addresses as a member. Or, as Brad Spencer, a retired systems manager for the University of Wisconsin and honeypot advocate puts it, "Boom! There went the much-exaggerated 'anonymity' of the spammers."
If you don't want to build your own open relay honeypot, you can simply download a complete package like Jackpot, which is a ready-to-run Simple Mail Transport Protocol (SMTP) relay honeypot, Bubblegum Proxypot. Bubblegum is written in Perl and runs on Linux, but its developer believes that it should run on most Perl-friendly systems.
Page 2: With Rewards Come Risks