This page links to an extract of the logs generated by the spamd instance running at bsdly.net.

NOTE: 2010-02-21: Due to a hardware failure and lack of time to fix it, the detailed log extract reports are no longer generated. It is not known when the report generating will be back online. If you're desperate for data on any specific hosts currently in the list of trapped hosts, please send me an email and I will be able to extract the relevant data. The main item remains the list of trapped hosts (currently 19781 hosts), dumped and published ten past every full hour.

If you want this service back online, please let me know.

We started actively greytrapping and publishing our list of greytrap addresses (almost exclusively addresses generated or made up elsewhere and harvested from our logs) during July 2007. The list of greytrap addresses is published on the Traplist page along with some commentary. You can find related comments in this blog post and its followups.

One byproduct of the greytrapping is a list of IP addresses that has tried to deliver mail to one or more of our greytrap addresses during the last 24 hours. The reasoning is, none of these addresses are valid, and any attempts at delivering to those addresses is more likely than not spam. You can download that list here (or the faster mirror) as a raw list of IP addresses (do note the ## commented block at the top), or as a DNS zone file intended as a DNS blacklist here. The script that dumps both versions starts at ten past every full hour, and the copying to the NUUG site starts at a quarter past. Fetching more often than once per hour will not improve the quality of your data set.

In early August 2008, I wrote a small script that copies (rsyncs, actually) the current list of trapped IP addresses as well as the spamd log off the firewall and for each IP address collects all log entries from the spamd log. The resulting file is rsynced to the webserver, and you can view the latest version here (actually, much better to use the much faster mirror here).

The material here is useful mainly to the system administrators responsible for the machines that appear in it, or people who are interested in studying spammer or spambot behavior. Times are given according to the Europe/Oslo time zone (CET or CEST according to season), and if a date appears several times for an IP address entry, the reason is simply that the log data spans several years. The default syslog configuration does not record the year in log entries.

In the data you will find several kinds of entries, most of them are pretty obvious and straightforward, others less so. The likely FAQ is, "what are the entries with no log data?". The answer is, the spamd here synchronizes with a spamds at other sites. The entries without log data entered our traplist through a sync operation, but the host did not attempt direct contact here.

The other likely question is, "what is that becks list?". It's what the rest of the world refers to as uatraps. I copied the data for that list into my config from Bob Beck's message on OpenBSD-misc and didn't notice that the list had an official name until much later.

Please note that this is not an up-to-the minute list. Depending on the number of hosts currently in the list of trapped addresses, the script's run time could be anything up to several hours. For that reason, the script starts at the time stated at the beginning of the report file and runs until it finishes generating. The last thing the script does is to rsync the report file to the webserver. For the time being, I archive older versions off-line.

This is now a totally hands-off, automated operation. The report is currently generated on a Pentium IV-class computer with few and only occasional other duties. If you have any comments or concerns, the address in the next sentence is the one I use for day to day email. If you find this data useful, donations of faster hardware or money (paypal to peter@bsdly.net (eg via the button below) or contact me for bank information) is of course welcome.

Oh, yes - below you will find messages from Google-supplied sponsors:

---