/usr/share/thpot/lib/smtp.pl.ref is in tinyhoneypot 0.4.6-10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | sub smtp {
$now = strftime("%a, %B %d %Y %T GMT", gmtime(time));
open (HTAB, "/usr/local/thp/lib/smtptab");
my @keys = qw(
State
Command
regex
newstate
continue
response
assignment
);
$cnt = 0;
while (<HTAB>) {
unless ( /^$|^#/ ) {
chomp;
my $key;
$cnt++;
$strcnt = sprintf (qq(%0.2d), $cnt);
@_ = split(/\t/, $_, 7);
foreach $key (@keys){
$rules{"$strcnt$key"} = shift @_;
}
}
}
foreach $k (sort keys %rules) {
print "$k => $rules{$k}\n";
}
close HTAB;
%smtp = (
start => "220 $hostname.$domain ESMTP Sendmail 8.11.2/8.11.2; $now\x0d\x0a",
helo => "250 $hostname.$domain Hello $dom [$saddr], pleased to meet you\x0d\x0a",
err501 => "501 5.0.0 Invalid domain name\x0d\x0a",
ehlo => qq (250 $hostname.$domain Hello $dom [$saddr], pleased to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250-AUTH GSSAPI
250 HELP
),
err503 => "503 5.0.0 $hostname.$domain Duplicate HELO/EHLO\x0d\x0a",
mail => "250 2.1.0 $rpath... Sender ok\x0d\x0a",
already => "503 5.5.0 Sender already specified\x0d\x0a",
bogs => "500 5.5.1 Command unrecognized: \"$cmd\"\x0d\x0a"
err553 => "553 5.1.0 ... prescan: token too long\x0d\x0a"
norp => "503 5.0.0 Need MAIL command\x0d\x0a",
nofp => "503 5.0.0 Need RCPT (recipient)\x0d\x0a",
lrcpt => "250 2.1.5 $lrcpt... Recipient ok\x0d\x0a",
rrcpt => "250 2.1.5 $rrcpt... Recipient ok (will queue)\x0d\x0a",
data => "354 Enter mail, end with \".\" on a line by itself\x0d\x0a",
eof => "250 2.0.0 $qid Message accepted for delivery\x0d\x0a",
help => qq (214-2.0.0 This is sendmail version 8.11.2
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0 sendmail-bugs@sendmail.org.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info\x0d\x0a),
ehlohlp => qq (214-2.0.0 EHLO <hostname>
214-2.0.0 Introduce yourself, and request extended SMTP mode.
214-2.0.0 Possible replies include:
214-2.0.0 SEND Send as mail [RFC821]
214-2.0.0 SOML Send as mail or terminal [RFC821]
214-2.0.0 SAML Send as mail and terminal [RFC821]
214-2.0.0 EXPN Expand the mailing list [RFC821]
214-2.0.0 HELP Supply helpful information [RFC821]
214-2.0.0 TURN Turn the operation around [RFC821]
214-2.0.0 8BITMIME Use 8-bit data [RFC1652]
214-2.0.0 SIZE Message size declaration [RFC1870]
214-2.0.0 VERB Verbose [Allman]
214-2.0.0 ONEX One message transaction only [Allman]
214-2.0.0 CHUNKING Chunking [RFC1830]
214-2.0.0 BINARYMIME Binary MIME [RFC1830]
214-2.0.0 PIPELINING Command Pipelining [RFC1854]
214-2.0.0 DSN Delivery Status Notification [RFC1891]
214-2.0.0 ETRN Remote Message Queue Starting [RFC1985]
214-2.0.0 STARTTLS Secure SMTP [RFC2487]
214-2.0.0 AUTH Authentication [RFC2554]
214-2.0.0 XUSR Initial (user) submission [Allman]
214-2.0.0 ENHANCEDSTATUSCODES Enhanced status codes [RFC2034]
214 2.0.0 End of HELP info\x0d\x0a),
quit => qq (221 2.0.0 $hostname.$domain closing connection\x0d\x0a)
);
$login = 0;
print STDERR $smtphash{start};
while (my $commands = <STDIN>) {
open(LOG, ">>$sesslog");
print LOG $commands;
chomp $commands;
$commands =~ s/\r//;
@commands=split /\s+/,($commands);
close LOG;
}
}
|