mailpot 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/VERSION +1 -1
  2. data/lib/mailpot.rb +2 -1
  3. data/lib/mailpot/mail.rb +20 -2
  4. data/lib/mailpot/smtp.rb +10 -1
  5. metadata +22 -8
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.1
1
+ 0.0.2
data/lib/mailpot.rb CHANGED
@@ -16,7 +16,8 @@ module_function
16
16
  :smtp_port => '1025',
17
17
  :verbose => false,
18
18
  :daemon => true,
19
- :key_file => '/etc/mailpot/keys.yml'
19
+ :key_file => '/etc/mailpot/keys.yml',
20
+ :banner => '{host} ESMTP'
20
21
  }
21
22
 
22
23
  def parse! arguments=ARGV, defaults=@@defaults
data/lib/mailpot/mail.rb CHANGED
@@ -5,6 +5,8 @@ require 'socket'
5
5
  require 'zlib'
6
6
  require 'digest/md5'
7
7
  require 'aws'
8
+ require 'mail'
9
+ require 'net/smtp'
8
10
 
9
11
  module Mailpot::Mail
10
12
  module_function
@@ -30,14 +32,30 @@ module_function
30
32
  msg[:sender] = message[:sender]
31
33
  msg[:source_ip] = message[:ip]
32
34
  msg[:recipients] = message[:recipients]
33
- # worried about dedupe here and need to come up with a way at 1M messages
34
- # a day this could be a lot of storage
35
+ msg[:probe] = detect_probe(message)
36
+ # we must at this point detect probes because we need them to be sent
35
37
  encoded_message = Base64.encode64(msg.to_json)
36
38
  deflate_encoded_message = gzdeflate(encoded_message)
37
39
  digest = Digest::MD5.hexdigest(deflate_encoded_message)
38
40
  store_message(digest, deflate_encoded_message)
39
41
  end
40
42
 
43
+ def detect_probe(msg)
44
+ config = Mailpot.get_config
45
+ mail = Mail.new(msg[:source])
46
+ # First rule we want to detect is when the ip of the honeypot is in the subject
47
+ if mail.subject.include? config[:smtp_ip]
48
+ return [true, forward_probe(msg)]
49
+ end
50
+ return [false, false]
51
+ end
52
+
53
+ def forward_probe(msg)
54
+ Net::SMTP.start('localhost') do | smtp|
55
+ smtp.send_message msg[:source], msg[:sender], msg[:recipients]
56
+ end
57
+ end
58
+
41
59
  def store_message(key, value)
42
60
  Thread.new {
43
61
  mail = @s3.buckets[@bucket].objects[key]
data/lib/mailpot/smtp.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  require 'eventmachine'
2
2
  require 'socket'
3
+ require 'yaml'
4
+
3
5
  class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
4
6
  def current_message
5
7
  @current_message ||= {}
@@ -11,7 +13,14 @@ class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
11
13
  end
12
14
 
13
15
  def get_server_greeting
14
- "ESMTP Sendmail 8.12.9/8.12.9;"
16
+ c = Mailpot.get_config
17
+ yml = YAML.load_file c[:key_file]
18
+ host = get_server_domain
19
+ t = DateTime.now.strftime('%a, %d %b %Y %H:%M:%S %z')
20
+ banner = yml['banner']
21
+ banner = banner.gsub('{host}', host)
22
+ banner = banner.gsub('{date}', t)
23
+ return banner
15
24
  end
16
25
 
17
26
  def get_server_domain
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mailpot
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 27
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 1
10
- version: 0.0.1
9
+ - 2
10
+ version: 0.0.2
11
11
  platform: ruby
12
12
  authors:
13
13
  - Matt Jezorek
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-02-15 00:00:00 Z
18
+ date: 2012-02-16 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: activesupport
@@ -62,7 +62,7 @@ dependencies:
62
62
  type: :runtime
63
63
  version_requirements: *id003
64
64
  - !ruby/object:Gem::Dependency
65
- name: rake
65
+ name: mail
66
66
  prerelease: false
67
67
  requirement: &id004 !ruby/object:Gem::Requirement
68
68
  none: false
@@ -73,10 +73,10 @@ dependencies:
73
73
  segments:
74
74
  - 0
75
75
  version: "0"
76
- type: :development
76
+ type: :runtime
77
77
  version_requirements: *id004
78
78
  - !ruby/object:Gem::Dependency
79
- name: rdoc
79
+ name: rake
80
80
  prerelease: false
81
81
  requirement: &id005 !ruby/object:Gem::Requirement
82
82
  none: false
@@ -89,7 +89,21 @@ dependencies:
89
89
  version: "0"
90
90
  type: :development
91
91
  version_requirements: *id005
92
- description: " MailPot is a simple SMTP server honeypot that will catch emails and store\n them deduplicated in a database. This will extract links from emails and do \n other analysis on it. Once probes can be identified they will be passed.\n"
92
+ - !ruby/object:Gem::Dependency
93
+ name: rdoc
94
+ prerelease: false
95
+ requirement: &id006 !ruby/object:Gem::Requirement
96
+ none: false
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ hash: 3
101
+ segments:
102
+ - 0
103
+ version: "0"
104
+ type: :development
105
+ version_requirements: *id006
106
+ description: " MailPot is a simple SMTP server honeypot that will catch emails and store\n them in S3 and then pop a message into SQS for later processing\n"
93
107
  email: mjezorek@gmail.com
94
108
  executables:
95
109
  - mailpot