Honeypots are really cool. The strategy is this: make up an email address on your server that doesn't exist (and probably won't in the future), say “honeypot@example.com” (where “example.com” is your domain). Now purposefully PLACE this email address in HIDDEN places on your websites (I mean hidden from human viewers). I have a hidden link on every page! Yes, let it be harvested. The following link works for me:
<a href="mailto:honeypot@example.com"><font color="white">haha</font></a>
Here “white” is my background color, so this is invisible (it might be better to put a 1-pixel picture in). Any email coming to this account will be spam (for sure), so you can use this information to locally blacklist certain hosts.
First configure /etc/exim4/exim4.conf.template to set up a local filter. Somewhere in that file (I put mine at the top of the “main/config-options” section you should put the following stanza:
# Setup HONEYPOT filters (fake email addresses used as bait). system_filter = "/etc/exim4/system.filter" system_filter_user = Debian-exim system_filter_group = Debian-exim system_filter_pipe_transport = address_pipe
Whatever sender IP address ends up in “/etc/exim4/local_host_blacklist” is denied. However, in the stanza
deny message = Sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster. !acl = acl_whitelist_local_deny hosts = ${if exists{CONFDIR/local_host_blacklist}\ {CONFDIR/local_host_blacklist}\ {}}
I like to change the “message” to
message = 550 Unrouteable address : User unknown\n\ Write "postmaster" for questions
Again, maybe if you send a “user unknown” then you'll be removed from their list.
Now you'll need to set up the filter itself. Create a file called “/etc/exim4/system.filter” and place the following lines in there (with the appropriate changes):
if $recipients contains "sosweet@example.com" then pipe "/etc/exim4/blacklist-me $sender_host_address" endif
Obviously this refers to a shell script called “/etc/exim4/blacklist-me”, so create it with the following lines:
#!/bin/sh BLACKLIST=/etc/exim4/local_host_blacklist BLACKLISTDATES=/etc/exim4/local_host_blacklist_dates echo $* >> $BLACKLIST echo $* `date +"%Y-%m-%d %H:%M:%S"` >> $BLACKLISTDATES
Make this file executable
chmod +x /etc/exim4/blacklist-me
Now, in the “/etc/exim4” directory you need to touch two files:
touch /etc/exim4/local_host_blacklist touch /etc/exim4/local_host_blacklist_date
Change the ownership of both of these files to “Debian-exim”
chown Debian-exim:Debian-exim /etc/exim4/local_host_blacklist chown Debian-exim:Debian-exim /etc/exim4/local_host_blacklist_date
Now for the final step: add an alias (see above) for our fake user “honeypot@example.com”. In “/etc/exim4/aliases.virtual” add the line
honeypot@example.com: :blackhole:
That's IT! Now just sit and trap evil spammers!