Ok, I wrote a Honeypot in perl. It listens on port 25 and acts as a crude SMTP server.
It responds to the most basic commands(helo, mail from, rcpt to, data) needed for sending mail.
It has no way of closing the socket from the client side, so it acts also as a tarpit by not allowing automatic spam mailers to disconnect from it.
It does not actually send any mail, but simulates the situation.
Problems I'm having:
1.
The last step in sending mail, is to put a "." on an empty line and press enter. But I cannot match ($message =~ '.'). What are the alternatives?
2. When I run the script and I connect to the port, it displays
for me and
for the client. After i disconnect the client and reconnect, it doesn't display neither of them.
How can I fix this?
3. How could I log the IP of the client?
Thank you for your replies :)
It responds to the most basic commands(helo, mail from, rcpt to, data) needed for sending mail.
It has no way of closing the socket from the client side, so it acts also as a tarpit by not allowing automatic spam mailers to disconnect from it.
It does not actually send any mail, but simulates the situation.
Problems I'm having:
1.
Code:
#elsif ($message =~ '.') {print $client "250 Ok: queued as 6AB5150038\n";}
2. When I run the script and I connect to the port, it displays
Code:
print "Connection received\n";
Code:
print $client "220 mail.kuratkull.pri.ee ESMTP\n";
How can I fix this?
3. How could I log the IP of the client?
Thank you for your replies :)
Code:
#!/usr/local/bin/perl
use IO::Socket;
my $client;
my $socket;
my $message;
$socket = IO::Socket::INET->new(
"Proto" => "tcp",
"Reuse" => "1",
"LocalPort" => "25",
"Listen" => 1) or die "ERROR: $!\n";
$client = $socket->accept();
print "Connection received\n";
print $client "220 mail.kuratkull.pri.ee ESMTP\n";
while ($message = <$client>) {
# the commands and the simulated anwsers to them. This is all static data.
if ($message =~ "helo") {print $client "250 mail.kuratkull.pri.ee, How can I help you?\n";}
elsif ($message =~ "mail from:") {print $client "250 ok\n";}
elsif ($message =~ "rcpt to:") {print $client "250 ok\n";}
elsif ($message =~ "data") {print $client "354 go ahead and end data with .\n";}
elsif ($message =~ "HELO") {print $client "250 mail.kuratkull.pri.ee, How can I help you?\n";}
elsif ($message =~ "MAIL FROM:") {print $client "250 ok\n";}
elsif ($message =~ "RCPT TO:") {print $client "250 ok\n";}
elsif ($message =~ "DATA") {print $client "354 go ahead and end data with .\n";}
#elsif ($message =~ '.') {print $client "250 Ok: queued as 6AB5150038\n";}
#else {print $client "500 Command not recognized: $message.";}
print "$message";
$out = "/home/httpd/html/smtpserv.txt";
open OUT, ">>$out" or die "Cannot open $out for append :$!";
print OUT "\n", $message, scalar(localtime);
close OUT;
print "Disconnected...\n";
}
#this keeps the script running after the client disconnects
my $new_sock = $socket->accept();
while(<$new_sock>) {
print $_;
}
close($sock);
Comment