Re: Honeywall with some problems

["Krzysztof Cabaj" <kcabaj () gmail com>]

Hello,

> Third, i what to use this honeypot to catch spam. How can i set snort
> to extract me the mails that exit from honeypot? Is there another
> method to catch them, other than tcpdump logs?

You should load to Snort signature like this

log  tcp <<your honeypots'a network adress >> any <> any 25 (session:printable;)

This rule dump all SMTP sessions to ascii files.

Regards,
Krzysztof  (Christopher) Cabaj