-
Notifications
You must be signed in to change notification settings - Fork 358
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Addition of an SMTP honeypot stack #235
Comments
I agree! And there are even more custom ports one likes to monitor |
Hey @SecuriLee, Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks. Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it. |
Hi Jay,
"I'd be happy to work with you on building this service and adding it."
Well....
Though i'm not a programmer by profession, I do have some knowledge on
programming. I surely won't mind to help out.
//Tonny
…On 24/03/2023 19:05, Jay wrote:
Hey @SecuriLee <https://github.com/SecuriLee>,
Its a good thought (thanks for raising it). To be honest, initially I
thought we did have it 🙈 😆 I've raised it internally and we are
going to add it to the list of services to add. Thanks so much for
raising folks.
Of course, if you want to add to this opensource project, I'd be happy
to work with you on building this service and adding it.
—
Reply to this email directly, view it on GitHub
<#235 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJHMJJZJCHWEB6HSUOPTP33W5XO7BANCNFSM6AAAAAAVEAZGBU>.
You are receiving this because you commented.Message ID:
***@***.***>
|
Hi Jay, sorry but I am a CISO, former mail system guy and my last experience of coding was supporting an SMTP gateway being developed for Notes 2.1a on OS/2. I could help verify the functionality according to the SMTP protocol but not coding. Tonny has some interesting input especially talking about TLS. Since TLS is the norm, bringing some ACME into play and working with Certbot and other ACME tooling would be useful to "appear" more modern. I have two OpenCanaries facing the Internet and feeding Splunk with most ports and protocols open. It's brilliantly informative and a great indicator of how dirty the Internet is. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
I believe it would be extremely interesting to add SMTP on TCP/25 to this project.
The expectation is that certain objects could be collected via this method, namely emails (phishing) and binaries (malware). It would be great to be able to save the objects into different folders and (in my case) add to a folder-watching process that uploads the malware to VirusTotal via API.
Ideally the config would also allow for the retention of a volume (size or number of objects) so that my OC does not fill (but I could also do this from the command line).
Background: I have an OC sitting open on the Internet and this feature would be excellent for the research usage I'm putting it to.
The text was updated successfully, but these errors were encountered: