RubyGems - spamchronic - Versions diffs - 0.0.2 - Mend

spamchronic 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

data/LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2011-2012 Matt Jezorek
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,14 @@
+# MailPot
+MailPot is a simple SMTP honeypot that will catch email and save it to a database
+MailPot works to gain some automatic analysis and probe detection
+## Features
+* Catches all email and stores it
+* Works with Attachements
+* Runs as a daemon in the background
+* Written in EventMachine
+## How
+1. `gem install mailpot`
+2. `mailpot`

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.0.2

data/bin/spamchronic ADDED Viewed

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require "rubygems"
+require "bundler/setup"
+require 'mailpot'
+Mailpot.run!

data/lib/mailpot/events.rb ADDED Viewed

@@ -0,0 +1,4 @@
+require 'eventmachine'
+module Mailpot::Events
+ MessageAdded = EventMachine::Channel.new
+end

data/lib/mailpot/mail.rb ADDED Viewed

@@ -0,0 +1,72 @@
+require 'eventmachine'
+require 'yaml'
+require 'base64'
+require 'socket'
+require 'zlib'
+require 'digest/md5'
+require 'aws'
+require 'mail'
+require 'net/smtp'
+module Mailpot::Mail
+module_function
+ @initialized = false
+ # setup connections etc
+ def initialize
+  config = Mailpot.get_config
+  yml = YAML.load_file config[:key_file]
+  @bucket = yml['bucket']
+  @queue = yml['queue']
+  @s3 = AWS::S3.new(yml)
+  @sqs = AWS::SQS.new(yml)
+  @initialized = true
+ end
+ def add_message(message)
+  if !@initialized
+   initialize
+  end
+  msg = Hash.new
+  msg[:source] = message[:source]
+  msg[:sender] = message[:sender]
+  msg[:source_ip] = message[:ip]
+  msg[:recipients] = message[:recipients]
+  msg[:probe] = detect_probe(message)
+  # we must at this point detect probes because we need them to be sent
+  encoded_message = Base64.encode64(msg.to_json)
+  deflate_encoded_message = gzdeflate(encoded_message)
+  digest = Digest::MD5.hexdigest(deflate_encoded_message)
+  store_message(digest, deflate_encoded_message)
+ end
+ def detect_probe(msg)
+  config = Mailpot.get_config
+  mail = Mail.new(msg[:source])
+  # First rule we want to detect is when the ip of the honeypot is in the subject
+  if mail.subject.include? config[:smtp_ip]
+   return [true, forward_probe(msg)]
+  end
+  return [false, false]
+ end
+ def forward_probe(msg)
+  Net::SMTP.start('localhost') do | smtp|
+   smtp.send_message msg[:source], msg[:sender], msg[:recipients]
+  end
+ end
+ def store_message(key, value)
+  Thread.new {
+   mail = @s3.buckets[@bucket].objects[key]
+   mail.write(value)
+   q = @sqs.queues[@queue]
+   msg = q.send_message(key)
+  }
+ end
+ def gzdeflate(s)
+  Zlib::Deflate.new(nil, -Zlib::MAX_WBITS).deflate(s, Zlib::FINISH)
+ end
+end

data/lib/mailpot/smtp.rb ADDED Viewed

@@ -0,0 +1,66 @@
+require 'eventmachine'
+require 'socket'
+require 'yaml'
+class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
+ def current_message
+  @current_message ||= {}
+ end
+ def receive_reset
+  @current_message = nil
+  true
+ end
+ def get_server_greeting
+  c = Mailpot.get_config
+  yml = YAML.load_file c[:key_file]
+  host = get_server_domain
+  t = DateTime.now.strftime('%a, %d %b %Y %H:%M:%S %z')
+  banner = yml['banner']
+  banner = banner.gsub('{host}', host)
+  banner = banner.gsub('{date}', t)
+  return banner
+ end
+ def get_server_domain
+  Socket.gethostbyname(Socket.gethostname).first
+ end
+ def receive_sender(sender)
+  current_message[:sender] = sender
+ end
+ def receive_recipient(recipient)
+  current_message[:recipients] ||= []
+  current_message[:recipients] << recipient
+  true
+ end
+ def receive_data_chunk(lines)
+  current_message[:source] ||= ""
+  current_message[:source] += lines.join("\n")
+  true
+ end
+ def receive_message
+  port, ip = Socket.unpack_sockaddr_in(get_peername)
+  current_message[:ip] = ip
+  current_message[:port] = port
+  Mailpot::Mail.add_message current_message
+  puts "==> SMTP: Received message from '#{current_message[:sender]}' (#{current_message[:source].length} bytes)"
+  true
+ rescue
+  puts "*** Error receiving message: #{current_message.inspect}"
+  puts "    Exception: #{$!}"
+  puts "    Backtrace:"
+  $!.backtrace.each do |line|
+   puts "      #{line}"
+  end
+  puts "    Please submit this as an issue at https://github.com/mjezorek/Mailpot/issues"
+  false
+ ensure
+  @current_message = nil
+ end
+end

data/lib/mailpot.rb ADDED Viewed

@@ -0,0 +1,101 @@
+require "rubygems"
+require "bundler/setup"
+require 'active_support/all'
+require 'eventmachine'
+require 'optparse'
+require 'rbconfig'
+module Mailpot extend ActiveSupport::Autoload
+ autoload :Smtp
+ autoload :Mail
+module_function
+ @@defaults = {
+  :smtp_ip => '127.0.0.1',
+  :smtp_port => '1025',
+  :verbose => false,
+  :daemon => true,
+  :key_file => '/etc/mailpot/keys.yml',
+  :banner => '{host} ESMTP'
+ }
+ def parse! arguments=ARGV, defaults=@@defaults
+  @@defaults.dup.tap do |options|
+   OptionParser.new do |parser|
+    parser.banner = "Usage: mailpot [options]"
+    parser.version = File.read(File.expand_path("../../VERSION", __FILE__))
+    parser.on("--ip IP", "Set the ip address of the smtp server") do |ip|
+     options[:smtp_ip] = ip
+    end
+    parser.on("--keys KEYFILE", "Set the key file that contains AWS creds") do |f|
+     options[:key_file] = f
+    end
+    parser.on("--port PORT", Integer, "Set the port of the smtp server") do |port|
+     options[:smtp_port] = port
+    end
+    parser.on('-f', '--foreground', 'Run in forground') do
+     options[:daemon] = false
+    end
+    parser.on('-v', '--verbose', 'Be more verbose') do
+     options[:verbose] = true
+    end
+    parser.on('-h', '--help', 'Display help information') do
+     puts parser
+     exit!
+    end
+   end.parse!
+  end
+ end
+ def get_config
+  options &&= @@defaults.merge options
+  options ||= parse!
+ end
+ def run! options=nil
+  #options &&= @@defaults.merge options
+  #options ||= parse!
+  #@config = options
+  options = get_config
+  puts "Starting MailPot"
+  EventMachine.run do
+   rescue_port options[:smtp_port] do
+    EventMachine.start_server options[:smtp_ip], options[:smtp_port], Smtp
+    puts "==> smtp://#{options[:smtp_ip]}:#{options[:smtp_port]}"
+   end
+   if options[:daemon]
+    EventMachine.next_tick do
+     puts "*** Mailpot now runs as a daemon by default"
+     Process.daemon
+    end
+   end
+  end
+ end
+ def quit!
+  EventMachine.next_tick {EventMachine.stop_event_loop}
+ end
+protected
+module_function
+ def rescue_port port
+  begin
+   yield
+  rescue RuntimeError
+   if $!.to_s =~ /\bno acceptor\b/
+    puts "~~> ERROR: Somethings using port #{port}. Are you already running MailPot"
+    exit -1
+   else
+    raise
+   end
+  end
+ end
+end

metadata ADDED Viewed

@@ -0,0 +1,160 @@
+--- !ruby/object:Gem::Specification
+name: spamchronic
+version: !ruby/object:Gem::Version
+  hash: 27
+  prerelease:
+  segments:
+  - 0
+  - 0
+  - 2
+  version: 0.0.2
+platform: ruby
+authors:
+- Matt Jezorek
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2012-02-16 00:00:00 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        hash: 19
+        segments:
+        - 0
+        - 12
+        version: "0.12"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: mail
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency
+  name: rake
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 3
+        segments:
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+description: "  MailPot is a simple SMTP server honeypot that will catch emails and store\n  them in S3 and then pop a message into SQS for later processing\n"
+email: mjezorek@gmail.com
+executables:
+- spamchronic
+extensions: []
+extra_rdoc_files:
+- README.md
+- LICENSE
+files:
+- README.md
+- LICENSE
+- VERSION
+- bin/spamchronic
+- lib/mailpot/events.rb
+- lib/mailpot/mail.rb
+- lib/mailpot/smtp.rb
+- lib/mailpot.rb
+homepage: http://mattjezorek.com/
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 57
+      segments:
+      - 1
+      - 8
+      - 7
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+requirements: []
+rubyforge_project:
+rubygems_version: 1.7.2
+signing_key:
+specification_version: 3
+summary: Runs an SMTP Server and catches emails, will pass probes when identified as a probe
+test_files: []