spamchronic 0.0.2 → 0.0.3

data/README.md

@@ -1,7 +1,7 @@
-# MailPot
+# Spam Chronic 
 
-MailPot is a simple SMTP honeypot that will catch email and save it to a database
-MailPot works to gain some automatic analysis and probe detection
+Spam Chronic is a simple SMTP honeypot that will catch email and save it to a database
+Spam Chronic works to gain some automatic analysis and probe detection
 
 ## Features
 * Catches all email and stores it
@@ -10,5 +10,5 @@ MailPot works to gain some automatic analysis and probe detection
 * Written in EventMachine
 
 ## How
-1. `gem install mailpot`
-2. `mailpot`
+1. `gem install spamchronic`
+2. `spamchronic`

data/VERSION

@@ -1 +1 @@
-0.0.2
+0.0.3

data/bin/spamchronic

@@ -2,4 +2,58 @@
 require "rubygems"
 require "bundler/setup"
 require 'mailpot'
+ Mailpot::Configuration.config do
+  parameter :smtp_ip, :smtp_port, :verbose, :daemon, :key_file, :banner
+ end
+ 
+ Mailpot::Configuration.config do
+  smtp_ip '127.0.0.1'
+  smtp_port '1025'
+  verbose false
+  daemon  true
+  key_file  '/etc/mailpot/keys.yml'
+  banner '{host} ESMTP'
+ end
+ 
+ 
+opt_parse = OptionParser.new do |parser|
+   parser.banner = "Usage: mailpot [options]"
+   parser.version = File.open(File.expand_path("../../VERSION", __FILE__), 'rb') { |f| f.read }
+   
+   parser.on("--ip IP", "Set the ip address of the smtp server") do |ip|
+    Mailpot::Configuration.config do
+	 smtp_ip ip
+	end
+   end
+   
+   parser.on("--keys KEYFILE", "Set the key file that contains AWS creds") do |f|
+    Mailpot::Configuration.config do 
+     key_file f
+    end
+   end
+   
+   parser.on("--port PORT", Integer, "Set the port of the smtp server") do |port|
+    Mailpot::Configuration.config do
+     smtp_port port
+    end
+   end
+   
+   parser.on('-f', '--foreground', 'Run in forground') do
+    Mailpot::Configuration.config do
+     daemon ""
+    end
+   end
+   
+   parser.on('-v', '--verbose', 'Be more verbose') do
+    Mailpot::Configuration.config do
+     verbose  true
+    end
+   end
+   
+   parser.on('-h', '--help', 'Display help information') do
+    puts parser
+    exit!
+   end
+  end
+ opt_parse.parse!
 Mailpot.run!

data/lib/mailpot/configuration.rb

@@ -0,0 +1,25 @@
+require "rubygems"
+require "bundler/setup"
+require 'active_support/all'
+
+module Mailpot::Configuration
+ extend self
+ 
+ def parameter(*names)
+    names.each do |name|
+      attr_accessor name
+
+      # For each given symbol we generate accessor method that sets option's
+      # value being called with an argument, or returns option's current value
+      # when called without arguments
+      define_method name do |*values|
+        value = values.first
+        value ? self.send("#{name}=", value) : instance_variable_get("@#{name}")
+      end
+    end
+  end
+ 
+ def config(&block)
+  instance_eval &block
+ end
+end

data/lib/mailpot/mail.rb

@@ -7,6 +7,7 @@ require 'digest/md5'
 require 'aws'
 require 'mail'
 require 'net/smtp'
+require 'json/pure'
 
 module Mailpot::Mail
 module_function
@@ -14,8 +15,9 @@ module_function
  @initialized = false
  # setup connections etc
  def initialize
-  config = Mailpot.get_config
-  yml = YAML.load_file config[:key_file]
+  yml = File.open("#{Mailpot::Configuration.key_file}") do |f|
+   YAML::load(f)
+  end
   @bucket = yml['bucket']
   @queue = yml['queue']
   @s3 = AWS::S3.new(yml)
@@ -41,10 +43,18 @@ module_function
  end
  
  def detect_probe(msg)
-  config = Mailpot.get_config
   mail = Mail.new(msg[:source])
-  # First rule we want to detect is when the ip of the honeypot is in the subject
-  if mail.subject.include? config[:smtp_ip]
+  puts msg[:recipients].length
+  # Probes only have one recipient
+  if msg[:recipients].length > 1
+   return [false, false]
+  end
+  # probes are short
+  if msg[:source].length > 1024
+   return [false, false]
+  end
+  # ip address will be in the subject sometimes
+  if mail.subject.include? Mailpot::Configuration.smtp_ip
    return [true, forward_probe(msg)]
   end
   return [false, false]

data/lib/mailpot/smtp.rb

@@ -13,8 +13,7 @@ class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
  end
  
  def get_server_greeting
-  c = Mailpot.get_config 
-  yml = YAML.load_file c[:key_file]
+  yml = File.open(Mailpot::Configuration.key_file) { |f| YAML::load(f) }
   host = get_server_domain
   t = DateTime.now.strftime('%a, %d %b %Y %H:%M:%S %z')
   banner = yml['banner']
@@ -24,7 +23,11 @@ class Mailpot::Smtp < EventMachine::Protocols::SmtpServer
  end
  
  def get_server_domain
-  Socket.gethostbyname(Socket.gethostname).first
+  begin
+   Socket.gethostbyname(Socket.gethostname).first
+  rescue Exception => e
+   puts e.inspect
+  end
  end
  
  def receive_sender(sender)

data/lib/mailpot.rb

@@ -8,70 +8,19 @@ require 'rbconfig'
 module Mailpot extend ActiveSupport::Autoload
  autoload :Smtp
  autoload :Mail
+ autoload :Configuration
  
 module_function
-
- @@defaults = {
-  :smtp_ip => '127.0.0.1',
-  :smtp_port => '1025',
-  :verbose => false,
-  :daemon => true,
-  :key_file => '/etc/mailpot/keys.yml',
-  :banner => '{host} ESMTP'
- }
- 
- def parse! arguments=ARGV, defaults=@@defaults
-  @@defaults.dup.tap do |options|
-   OptionParser.new do |parser|
-    parser.banner = "Usage: mailpot [options]"
-    parser.version = File.read(File.expand_path("../../VERSION", __FILE__))
-    
-    parser.on("--ip IP", "Set the ip address of the smtp server") do |ip|
-     options[:smtp_ip] = ip
-    end
-    
-    parser.on("--keys KEYFILE", "Set the key file that contains AWS creds") do |f|
-     options[:key_file] = f
-    end
-    
-    parser.on("--port PORT", Integer, "Set the port of the smtp server") do |port|
-     options[:smtp_port] = port
-    end
-    
-    parser.on('-f', '--foreground', 'Run in forground') do
-     options[:daemon] = false
-    end
-    
-    parser.on('-v', '--verbose', 'Be more verbose') do
-     options[:verbose] = true
-    end
-    
-    parser.on('-h', '--help', 'Display help information') do
-     puts parser
-     exit!
-    end
-   end.parse!
-  end
- end
- 
- def get_config
-  options &&= @@defaults.merge options
-  options ||= parse!
- end
  
- def run! options=nil
-  #options &&= @@defaults.merge options
-  #options ||= parse!
-  #@config = options
-  options = get_config
+ def run!
   puts "Starting MailPot"
   EventMachine.run do
-   rescue_port options[:smtp_port] do
-    EventMachine.start_server options[:smtp_ip], options[:smtp_port], Smtp
-    puts "==> smtp://#{options[:smtp_ip]}:#{options[:smtp_port]}"
+   rescue_port Mailpot::Configuration.smtp_port do
+    EventMachine.start_server Mailpot::Configuration.smtp_ip, Mailpot::Configuration.smtp_port, Smtp
+    puts "==> smtp://#{Mailpot::Configuration.smtp_ip}:#{Mailpot::Configuration.smtp_port}"
    end
-   
-   if options[:daemon]
+   puts "Daemon #{Mailpot::Configuration.daemon}"
+   if Mailpot::Configuration.daemon === true
     EventMachine.next_tick do
      puts "*** Mailpot now runs as a daemon by default"
      Process.daemon

metadata

@@ -1,160 +1,124 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: spamchronic
-version: !ruby/object:Gem::Version 
-  hash: 27
+version: !ruby/object:Gem::Version
+  version: 0.0.3
   prerelease: 
-  segments: 
-  - 0
-  - 0
-  - 2
-  version: 0.0.2
 platform: ruby
-authors: 
+authors:
 - Matt Jezorek
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-02-16 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-02-17 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &81440310 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        version: "3.0"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: eventmachine
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *81440310
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: &81430870 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 0
-        - 12
-        version: "0.12"
+      - !ruby/object:Gem::Version
+        version: '0.12'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: aws-sdk
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *81430870
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: &81430460 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: mail
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *81430460
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: &81429640 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *81429640
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &81429150 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: rdoc
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *81429150
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: &81428640 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id006
-description: "  MailPot is a simple SMTP server honeypot that will catch emails and store\n  them in S3 and then pop a message into SQS for later processing\n"
+  prerelease: false
+  version_requirements: *81428640
+description: ! "  MailPot is a simple SMTP server honeypot that will catch emails
+  and store\n  them in S3 and then pop a message into SQS for later processing\n"
 email: mjezorek@gmail.com
-executables: 
+executables:
 - spamchronic
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.md
 - LICENSE
-files: 
+files:
 - README.md
 - LICENSE
 - VERSION
 - bin/spamchronic
+- lib/mailpot.rb
 - lib/mailpot/events.rb
 - lib/mailpot/mail.rb
 - lib/mailpot/smtp.rb
-- lib/mailpot.rb
+- lib/mailpot/configuration.rb
 homepage: http://mattjezorek.com/
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.7.2
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: Runs an SMTP Server and catches emails, will pass probes when identified as a probe
+summary: Runs an SMTP Server and catches emails, will pass probes when identified
+  as a probe
 test_files: []
-