Ok, I wrote a Honeypot in perl. It listens on port 25 and acts as a crude SMTP server.
It responds to the most basic commands(helo, mail from, rcpt to, data) needed for sending mail.
It has no way of closing the socket from the client side, so it acts also as a tarpit by not allowing automatic spam mailers to disconnect from it.
It does not actually send any mail, but simulates the situation.
Problems I'm having:
1.
- #elsif ($message =~ '.') {print $client "250 Ok: queued as 6AB5150038\n";}
The last step in sending mail, is to put a "." on an empty line and press enter. But I cannot match ($message =~ '.'). What are the alternatives?
2. When I run the script and I connect to the port, it displays
- print "Connection received\n";
for me and
- print $client "220 mail.kuratkull.pri.ee ESMTP\n";
for the client. After i disconnect the client and reconnect, it doesn't display neither of them.
How can I fix this?
3. How could I log the IP of the client?
Thank you for your replies :)
- #!/usr/local/bin/perl
-
-
use IO::Socket;
-
-
my $client;
-
my $socket;
-
my $message;
-
-
$socket = IO::Socket::INET->new(
-
"Proto" => "tcp",
-
"Reuse" => "1",
-
"LocalPort" => "25",
-
"Listen" => 1) or die "ERROR: $!\n";
-
-
$client = $socket->accept();
-
-
print "Connection received\n";
-
-
print $client "220 mail.kuratkull.pri.ee ESMTP\n";
-
-
while ($message = <$client>) {
-
-
# the commands and the simulated anwsers to them. This is all static data.
-
if ($message =~ "helo") {print $client "250 mail.kuratkull.pri.ee, How can I help you?\n";}
-
elsif ($message =~ "mail from:") {print $client "250 ok\n";}
-
elsif ($message =~ "rcpt to:") {print $client "250 ok\n";}
-
elsif ($message =~ "data") {print $client "354 go ahead and end data with .\n";}
-
elsif ($message =~ "HELO") {print $client "250 mail.kuratkull.pri.ee, How can I help you?\n";}
-
elsif ($message =~ "MAIL FROM:") {print $client "250 ok\n";}
-
elsif ($message =~ "RCPT TO:") {print $client "250 ok\n";}
-
elsif ($message =~ "DATA") {print $client "354 go ahead and end data with .\n";}
-
#elsif ($message =~ '.') {print $client "250 Ok: queued as 6AB5150038\n";}
-
#else {print $client "500 Command not recognized: $message.";}
-
-
print "$message";
-
-
$out = "/home/httpd/html/smtpserv.txt";
-
-
open OUT, ">>$out" or die "Cannot open $out for append :$!";
-
print OUT "\n", $message, scalar(localtime);
-
close OUT;
-
-
print "Disconnected...\n";
-
}
-
-
#this keeps the script running after the client disconnects
-
my $new_sock = $socket->accept();
-
while(<$new_sock>) {
-
print $_;
-
}
-
close($sock);
