Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Addition of an SMTP honeypot stack #235

Closed
SecuriLee opened this issue Feb 22, 2023 · 4 comments
Closed

Feature request: Addition of an SMTP honeypot stack #235

SecuriLee opened this issue Feb 22, 2023 · 4 comments
Labels
enhancement

Comments

@SecuriLee
Copy link

I believe it would be extremely interesting to add SMTP on TCP/25 to this project.
The expectation is that certain objects could be collected via this method, namely emails (phishing) and binaries (malware). It would be great to be able to save the objects into different folders and (in my case) add to a folder-watching process that uploads the malware to VirusTotal via API.

Ideally the config would also allow for the retention of a volume (size or number of objects) so that my OC does not fill (but I could also do this from the command line).

Background: I have an OC sitting open on the Internet and this feature would be excellent for the research usage I'm putting it to.
@tonoitp
Copy link

tonoitp commented Mar 15, 2023
edited
Loading

I agree!
Or even better, a way go configure some services self.
I wanted to make a a few honeypots that looks natural, so one to look like a mailserver i'd like to open 25, 465, 993
A printserver with 80,443,9100, but also a tacacs/radius server.

And there are even more custom ports one likes to monitor

@jayjb
Copy link
Contributor

jayjb commented Mar 24, 2023

Hey @SecuriLee,

Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks.

Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it.

@tonoitp
Copy link

tonoitp commented Mar 26, 2023 via email

@SecuriLee
Copy link
Author

Hey @SecuriLee,

Its a good thought (thanks for raising it). To be honest, initially I thought we did have it 🙈 😆 I've raised it internally and we are going to add it to the list of services to add. Thanks so much for raising folks.

Of course, if you want to add to this opensource project, I'd be happy to work with you on building this service and adding it.

Hi Jay, sorry but I am a CISO, former mail system guy and my last experience of coding was supporting an SMTP gateway being developed for Notes 2.1a on OS/2. I could help verify the functionality according to the SMTP protocol but not coding.

Tonny has some interesting input especially talking about TLS. Since TLS is the norm, bringing some ACME into play and working with Certbot and other ACME tooling would be useful to "appear" more modern.

I have two OpenCanaries facing the Internet and feeding Splunk with most ports and protocols open. It's brilliantly informative and a great indicator of how dirty the Internet is.

@thinkst thinkst locked and limited conversation to collaborators Aug 1, 2023
@jayjb jayjb converted this issue into discussion #278 Aug 1, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tonoitp @jayjb @SecuriLee