Hi, >> This type of honeypot can find numerous bad actors and identify >> dictionary attackers. It has excellent merit and many people use this >> type of data. You might find it useful for blocking IPs, finding bad >> URLs, identifying spam for bayes, etc. > > easy to kill legit/ESP bulk and use the rest as bayes fodder...masschecks, > etc, etc
Can anyone share the technique/mechanism they use for specifically collecting the IPs, URLs, etc to put them in a format useful to postfix/spamassassin? I have a few honeypots, but haven't had the time/resources/ability to actually parse the gigabytes of spam I've received and turn it into something useful. Much of it is from domains that were registered long ago and never used where I'm now priming it with a few addresses scattered around the interwebs... Thanks for any ideas. Alex
