пн, 23 окт. 2023 г. в 09:11, kasak <kasakof...@gmail.com>: > > пт, 20 окт. 2023 г. в 19:52, Юрий Иванов <format_...@outlook.com>: > > > > Sorry for off top... > > ...but thanks for your OpenBSD PF book Peter :-) > > ________________________________ > > От: kasak <kasakof...@gmail.com> > > Отправлено: 20 октября 2023 г. 8:48 > > Кому: Peter N. M. Hansteen <pe...@bsdly.net> > > Копия: misc@opensmtpd.org <misc@opensmtpd.org> > > Тема: Re: need help with honeypot > > > > чт, 19 окт. 2023 г. в 19:52, Peter N. M. Hansteen <pe...@bsdly.net>: > > > > > > On Thu, Oct 19, 2023 at 09:05:56AM +0300, kasak wrote: > > > > In traps file I have list of spoiled addresses for example > > > > aa...@tvema.ru > > > > But mail is not accepted :( > > > > > > This sounds like you are more or less trying to imitate the greytrapping > > > feature of OpenBSD spamd. > > > > Yes, it is something similar, but not quite. I'm no need of > > greytrapping, I want to teach rspamd. > > Hope I can do this without spamd. > > > > > You might want to read this article of mine (gosh, it's been 11 years) > > > and links therein for inspiration: > > > https://bsdly.blogspot.com/2012/05/in-name-of-sane-email-setting-up-spamd.html > > > (also newly available trackerless but with even uglier formatting as > > > https://nxdomain.no/~peter/in_the_name_of_sane_email.html), > > > assuming, as usual that your system runs OpenBSD (also applicable with > > > minor adjustments on FreeBSD or NetBSD) > > > > > > - Peter > > > > > > -- > > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > > > "Remember to set the evil bit on all malicious network traffic" > > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > I did some experiment here, and looks like this is not "match" > problem, this is "action" problem. > If I change action "trap" to some real delivery method, it works. > So, I need to fix it with rspamc somehow.
If someone interested, I have figured out how to do what I wanted to do. Here is howto: At first, collect spoiled email addresses to some list, for example /etc/mail/traps. Second, we must map these addresses to some local user, because otherwize, smtpd will not know where to put them. To do this, we must make another table, with mapping all addresses to _rspamd user. You can do this with a simple sed pattern: cat /etc/mail/traps | sed 's/$/ _rspamd/' > /etc/mail/virtualtraps Now we have two tables, traps for matching and virtualtraps for action. add something like this to smtpd.conf: ---- table traps file:/etc/mail/traps table virtualtraps file:/etc/mail/virtualtraps action "trap" mda "/usr/local/bin/rspamc -f 1 -w 10 fuzzy_add" virtual <virtualtraps> match from any for rcpt-to <honeypot> action "trap" ---- The match directive should be placed above the main domain match. And voila! You can monitor teaching with grep: grep -F -f /etc/mail/traps /var/log/maillog
