/usr/share/thpot/lib/smtp.pl is in tinyhoneypot 0.4.6-10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 | sub smtp {
$saidhelo = 0;
$saidmail = 0;
$now = strftime("%a, %B %d %Y %T GMT", gmtime(time));
open (HTAB, "$thpdir/lib/smtptab") ;
if ( $? ne 0 ) {
print ERRORLOG "$now\tCannot open smtptab in $thpdir: $!\n";
closeout();
}
my @keys = qq(
state
Command
regex
newstate
continue
response
assignment
);
$cnt = 0;
while (<HTAB>) {
unless ( /^$|^#/ ) {
chomp;
my $key;
$cnt++;
$strcnt = sprintf (qq(%0.2d), $cnt);
@_ = split(/\t/, $_, 7);
foreach $key (@keys){
$rules{"$strcnt$key"} = shift @_;
}
}
}
foreach $k (sort keys %rules) {
print "$k => $rules{$k}\n";
}
close HTAB;
%smtphash = (
start => "220 $hostname.$domain $smtpver; $now\x0d\x0a",
helo => "250 $hostname.$domain Hello $dom [$saddr], pleased to meet you\x0d\x0a",
err501 => "501 5.0.0 Invalid domain name\x0d\x0a",
ehlo => qq (250 $hostname.$domain Hello $dom [$saddr], pleased to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250-AUTH GSSAPI
250 HELP
),
err503 => "503 5.0.0 $hostname.$domain Duplicate HELO/EHLO\x0d\x0a",
mail => "250 2.1.0 $rpath... Sender ok\x0d\x0a",
already => "503 5.5.0 Sender already specified\x0d\x0a",
bogs => "500 5.5.1 Command unrecognized: \"$cmd\"\x0d\x0a",
err553 => "553 5.1.0 ... prescan: token too long\x0d\x0a",
norp => "503 5.0.0 Need MAIL command\x0d\x0a",
nofp => "503 5.0.0 Need RCPT (recipient)\x0d\x0a",
lrcpt => "250 2.1.5 $lrcpt... Recipient ok\x0d\x0a",
rrcpt => "250 2.1.5 $rrcpt... Recipient ok (will queue)\x0d\x0a",
data => "354 Enter mail, end with \".\" on a line by itself\x0d\x0a",
eof => "250 2.0.0 $qid Message accepted for delivery\x0d\x0a",
help => qq (214-2.0.0 This is sendmail version 8.11.2
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0 sendmail-bugs\@sendmail.org.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info\x0d\x0a),
ehlohlp => qq (214-2.0.0 EHLO <hostname>
214-2.0.0 Introduce yourself, and request extended SMTP mode.
214-2.0.0 Possible replies include:
214-2.0.0 SEND Send as mail [RFC821]
214-2.0.0 SOML Send as mail or terminal [RFC821]
214-2.0.0 SAML Send as mail and terminal [RFC821]
214-2.0.0 EXPN Expand the mailing list [RFC821]
214-2.0.0 HELP Supply helpful information [RFC821]
214-2.0.0 TURN Turn the operation around [RFC821]
214-2.0.0 8BITMIME Use 8-bit data [RFC1652]
214-2.0.0 SIZE Message size declaration [RFC1870]
214-2.0.0 VERB Verbose [Allman]
214-2.0.0 ONEX One message transaction only [Allman]
214-2.0.0 CHUNKING Chunking [RFC1830]
214-2.0.0 BINARYMIME Binary MIME [RFC1830]
214-2.0.0 PIPELINING Command Pipelining [RFC1854]
214-2.0.0 DSN Delivery Status Notification [RFC1891]
214-2.0.0 ETRN Remote Message Queue Starting [RFC1985]
214-2.0.0 STARTTLS Secure SMTP [RFC2487]
214-2.0.0 AUTH Authentication [RFC2554]
214-2.0.0 XUSR Initial (user) submission [Allman]
214-2.0.0 ENHANCEDSTATUSCODES Enhanced status codes [RFC2034]
214 2.0.0 End of HELP info\x0d\x0a),
quit => qq (221 2.0.0 $hostname.$domain closing connection\x0d\x0a)
);
print STDERR $smtphash{start};
while (my $commands = <STDIN>) {
%smtphash = (
auth => "503 AUTH mechanism not available.\x0d\x0a",
badrcpt => "503 5.0.0 Need MAIL before RCPT\x0d\x0a",
badhelo => "503 5.0.0 Polite people say HELO first\x0d\x0a",
data => "354 Enter mail, end with \"\.\" on a line by itself\x0d\x0a",
dataerr => "503 5.0.0 Need MAIL command\x0d\x0a",
datasent => "250 2.0.0 g8684xUD014698 Message accepted for delivery\x0d\x0a",
ehloout => "501 5.0.0 helo requires domain address.\x0d\x0a",
err => "500 5.5.1 Command unrecognized: $commands\x0d\x0a",
etrn => "500 5.5.2 Parameter required\x0d\x0a",
expn => "502 5.7.0 Sorry, we do not allow this operation.\x0d\x0a",
heloerr => "501 5.0.0 Invalid domain name\x0d\x0a",
heloout => "501 5.0.0 helo requires domain address.\x0d\x0a",
heloin => "250 $hostname.$domain Hello $commands[1], pleased to meet you.\x0d\x0a",
mailfrom => "553 5.5.4 $commands[1]... Domain name required for sender address $commands[1]\x0d\x0a",
mailto => "250 2.1.0 $maildata... Sender ok\x0d\x0a",
mail => "501 5.5.2 Syntax error in parameters scanning \"$commands[1]\"\x0d\x0a",
noop => "250 2.0.0 OK.\x0d\x0a",
quit => "220 2.0.0 $hostname.$domain closing connection..\x0d\x0a",
rcptto => "250 2.1.5 $commands[2]... Recipient ok\x0d\x0a",
reset => "250 2.0.0 Reset state.\x0d\x0a",
rset => "250 2.0.0 Reset state\x0d\x0a",
starttls => "454 4.3.3 TLS not available after start..\x0d\x0a",
vrfy => "252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger).\x0d\x0a",
help => qq(214-2.0.0 $smtpver
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use \"HELP <topic>\".
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info.\x0d\x0a),
ehlo => "250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP.)\x0d\x0a",
);
open(LOG, ">>$sesslog");
print LOG $commands;
select LOG;
$|=1;
chomp $commands;
$commands =~ s/\r//;
@commands=split /\s+/,($commands);
if ($commands[0] =~ /helo/i){
if($commands[1] eq ''){
print STDERR $smtphash{heloout};
}elsif($commands[1] =~ /[\!\@\#\$\%\^&\*\(\)\|\\,>?\/\"\':;\{\}]/) {
print STDERR $smtphash{heloerr};
}else{
print STDERR $smtphash{heloin};
$saidhelo = 1;
}
}
elsif ($commands[0] =~ /help|reset|noop|auth|starttls|vrfy|expn|etrn|rset/i) {
$commands[0] =~ tr/A-Z/a-z/;
print STDERR $smtphash{$commands[0]};
sleep 1;
}
elsif($commands[0] =~ /ehlo/i){
if($commands[1] eq ''){
print STDERR $smtphash{ehloout};
}else{
print STDERR $smtphash{heloin};
print STDERR $smtphash{ehlo};
$saidhelo = 1;
}
}
elsif($commands[0] =~ /exit\b|quit\b/i) {
print STDERR $smtphash{quit};
return;
}
elsif($commands[0] =~ /mail/i) {
$maildata = $commands[2];
if($commands[2] eq '') {
$maildata = $commands[1];
if ($commands[1] =~ m@.*from:<(.*)>@i) {
$maildata = $1;
}
}
if($saidhelo == 0) {
print STDERR $smtphash{badhelo};
}elsif($commands[1] =~ /from:/i) {
if($commands[2] =~ /\@/ || $commands[1]=~ /\@/) {
$saidmail = 1;
print STDERR "250 2.1.0 $maildata... Sender ok\x0d\x0a";
}else{
print STDERR "553 5.5.4 $maildata... Domain name required for sender address $maildata\x0d\x0a";
}
}elsif($saidhelo == 1) {
print STDERR $smtphash{mail};
}
}
elsif($commands[0] =~ /rcpt/i) {
$maildata = $commands[2];
if ($commands[1] =~ m@.*to:<(.*)>@i || $commands[2] =~ m@<(.*)>@ ) {
$maildata = $1;
}
if($saidmail == 0) {
print STDERR $smtphash{badrcpt};
}else{
if($commands[1] =~ /to:/i && $maildata ne '' ) {
print STDERR "250 2.1.5 $maildata... Recipient ok\x0d\x0a";
}else{
print STDERR $smtphash{mail};
}
}
}
elsif($commands[0] =~ /data/i) {
if($saidmail == 1) {
print STDERR $smtphash{data};
while (<STDIN>) {
last if /^\.\x0d$/;
}
print STDERR $smtphash{datasent};
}else{
print STDERR $smtphash{dataerr};
}
}
else {
print STDERR $smtphash{err};
}
close LOG;
}
}
|