mailpot 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/VERSION +1 -1
  2. data/lib/mailpot.rb +2 -1
  3. data/lib/mailpot/mail.rb +20 -2
  4. data/lib/mailpot/smtp.rb +10 -1
  5. metadata +22 -8
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.1
1
+ 0.0.2
data/lib/mailpot.rb CHANGED
@@ -16,7 +16,8 @@ module_function
16
16
  :smtp_port => '1025',
17
17
  :verbose => false,
18
18
  :daemon => true,
19
- :key_file => '/etc/mailpot/keys.yml'
19
+ :key_file => '/etc/mailpot/keys.yml',
20
+ :banner => '{host} ESMTP'
20
21
  }
21
22
 
22
23
  def parse! arguments=ARGV, defaults=@@defaults
data/lib/mailpot/mail.rb CHANGED
@@ -5,6 +5,8 @@ require 'socket'
5
5
  require 'zlib'
6
6
  require 'digest/md5'
7
7
  require 'aws'
8
+ require 'mail'
9
+ require 'net/smtp'
8
10
 
9
11
  module Mailpot::Mail
10
12
  module_function
@@ -30,14 +32,30 @@ module_function
30
32
  msg[:sender] = message[:sender]
31
33
  msg[:source_ip] = message[:ip]
32
34
  msg[:recipients] = message[:recipients]
33
- # worried about dedupe here and need to come up with a way at 1M messages
34
- # a day this could be a lot of storage
35
+ msg[:probe] = detect_probe(message)
36
+ # we must at this point detect probes because we need them to be sent
35
37
  encoded_message = Base64.encode64(msg.to_json)
36
38
  deflate_encoded_message = gzdeflate(encoded_message)
37
39
  digest = Digest::MD5.hexdigest(deflate_encoded_message)
38
40
  store_message(digest, deflate_encoded_message)
39
41
  end
40
42
 
43
+ def detect_probe(msg)
44
+ config = Mailpot.get_config
45
+ mail = Mail.new(msg[:source])
46
+ # First rule we want to detect is when the ip of the honeypot is in the subject
47
+ if mail.subject.include? config[:smtp_ip]
48
+ return [true, forward_probe(msg)]
49
+ end
50
+ return [false, false]
51
+ end
52
+
53
+ def forward_probe(msg)
54
+ Net::SMTP.start('localhost') do | smtp|
55
+ smtp.send_message msg[:source], msg[:sender], msg[:recipients]
56
+ end
57
+ end
58
+
41
59
  def store_message(key, value)
42
60
  Thread.new {
43
61
  mail = @s3.buckets[@bucket].objects[key]
data/lib/mailpot/smtp.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  require 'eventmachine'
2
2
  require 'socket'
3
+ require 'yaml'
4
+
3
5
  class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
4
6
  def current_message
5
7
  @current_message ||= {}
@@ -11,7 +13,14 @@ class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
11
13
  end
12
14
 
13
15
  def get_server_greeting
14
- "ESMTP Sendmail 8.12.9/8.12.9;"
16
+ c = Mailpot.get_config
17
+ yml = YAML.load_file c[:key_file]
18
+ host = get_server_domain
19
+ t = DateTime.now.strftime('%a, %d %b %Y %H:%M:%S %z')
20
+ banner = yml['banner']
21
+ banner = banner.gsub('{host}', host)
22
+ banner = banner.gsub('{date}', t)
23
+ return banner
15
24
  end
16
25
 
17
26
  def get_server_domain
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mailpot
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 27
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 1
10
- version: 0.0.1
9
+ - 2
10
+ version: 0.0.2
11
11
  platform: ruby
12
12
  authors:
13
13
  - Matt Jezorek
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-02-15 00:00:00 Z
18
+ date: 2012-02-16 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: activesupport
@@ -62,7 +62,7 @@ dependencies:
62
62
  type: :runtime
63
63
  version_requirements: *id003
64
64
  - !ruby/object:Gem::Dependency
65
- name: rake
65
+ name: mail
66
66
  prerelease: false
67
67
  requirement: &id004 !ruby/object:Gem::Requirement
68
68
  none: false
@@ -73,10 +73,10 @@ dependencies:
73
73
  segments:
74
74
  - 0
75
75
  version: "0"
76
- type: :development
76
+ type: :runtime
77
77
  version_requirements: *id004
78
78
  - !ruby/object:Gem::Dependency
79
- name: rdoc
79
+ name: rake
80
80
  prerelease: false
81
81
  requirement: &id005 !ruby/object:Gem::Requirement
82
82
  none: false
@@ -89,7 +89,21 @@ dependencies:
89
89
  version: "0"
90
90
  type: :development
91
91
  version_requirements: *id005
92
- description: " MailPot is a simple SMTP server honeypot that will catch emails and store\n them deduplicated in a database. This will extract links from emails and do \n other analysis on it. Once probes can be identified they will be passed.\n"
92
+ - !ruby/object:Gem::Dependency
93
+ name: rdoc
94
+ prerelease: false
95
+ requirement: &id006 !ruby/object:Gem::Requirement
96
+ none: false
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ hash: 3
101
+ segments:
102
+ - 0
103
+ version: "0"
104
+ type: :development
105
+ version_requirements: *id006
106
+ description: " MailPot is a simple SMTP server honeypot that will catch emails and store\n them in S3 and then pop a message into SQS for later processing\n"
93
107
  email: mjezorek@gmail.com
94
108
  executables:
95
109
  - mailpot