What is fakehermes?
fakehermes is a companion program to hermes that implements a fake (and very simple) SMTP server.
Why would I want to run a fake SMTP server?
The main use of fakehermes is to configure it as a secondary MX server. Some spammers will try to send spam directly to your least prefered SMTP server, because some secondary SMTP servers are badly configured and will relay spam to the main SMTP server without any check. Placing fakehermes as a secondary SMTP server will receive (but not proccess) those spammers connections. Legitimate connections will retry sooner or later on the main SMTP server.
fakehermes will also log all attempts to send email through it with a very detailed log that will log not only who sent the email but also what tricks did they try to send it.
from origin(ehlo-string) to destination processed. SR: 3 FH_HELO FH_NOT_SPF_PASS FH_LISTED_IN_RBL
from origin(ehlo-string) to destination processed. SR: 1 FH_HELO
fakehermes will log all connections, but will identify the ones with these characteristics:
- Data before banner (FH_DATA_BEFORE_BANNER)
- The remote server started sending data before the SMTP banner is displayed.
- helo instead of ehlo (FH_HELO)
- The remote server is trying to identify as SMTP even though we are ESMTP. This in itself is not "illegal", but spammers usually announce themselves as SMTP instead of ESMTP.
- Identifies as localhost (FH_LOCALHOST)
- The remote server identified as localhost. Again, this by itself is legal, although lots of spammers identify as localhost to try to trick the server that they are whitelisted.
- Sending data before we answer (FH_DATA_BEFORE_ANSWER)
- Probably the remote server is asuming that we are using pipelining, and is using it to send spam faster. We haven't announced it, so it's illegal.
- Mail from the same domain (FH_SAME_DOMAIN)
- The spammer is tricking us into thinking that the email comes from the same domain.
- Mail from the same address (FH_SAME_ADDRESS)
- The spammer wants us to belive we are sending email to ourselves.
- Identifies as same destination (FH_HELO_EQUALS_TO_DOMAIN)
- When spammer said helo, they wanted to make us belive that we are ourselves.
- No helo (FH_NO_HELO)
- Remote server didn't identify. How rude...
- Slow remote (FH_SLOW)
- The remote server is answering really slowly. Probably from overworked spambot.
- Indetifies as a number (FH_HELO_IS_NUMBER)
- The helo identification is a number. This certainly is a spammer.
- SPF entry is incorrect (FH_NOT_SPF_PASS)
- The from domain has SPF configured and this host is not matching.
- Listed in RBL (FH_LISTED_IN_RBL)
- The machine that is sending email is listed in an RBL (configurable at runtime, defaults to zen.spamhaus.org). This lists usually includes dialup lines and known spammers.
fakehermes has no configuration. Yep, that's it, you can't configure it. And that is not going away, as it is intentional. The only configuration options are the port, domain and things like that are specified in a config.h file at compile-time and CANNOT be changed at run-time.
Is it effective?
Well, it mostly depends on your spammer's quality. We have some domains with 300+ spam messages trapped daily by fakehermes and some domains (in similar conditions) with ~30 spam messages trapped daily.
What do I need to run it?
You need the following:
- An IP address with a free SMTP port
- You have to run fakehermes on a computer without an already running SMTP server.
- A Linux or Unix-like operating system
- fakehermes is designed to run on Linux. It won't work in other systems like Windows. That being said, it's fairly standard C code, so it should be easily portable to other systems. Before you try, keep in mind that it's designed as a "classic" unix server, using fork(), write() & read(), syslog(), wait(), etc.
- A domain configured to use this server as a secondary SMTP server
- You have to add your server as a secondary SMTP server to your domains. To do so, you have to add it as an MX record to your dns entry.
What fakehermes is NOT
fakehermes does NOT implement a full SMTP server. It will NOT deliver ANY mail, so DO NOT try to use it as your main SMTP server.
Downloads are on the same page as the hermes downloads