How To: Blackhole Email Server
Sometimes you just need a machine that you can throw email at and have it dissappear into the ether. Maybe you want a honeypot, or maybe you want to load test email lists without annoying people. My last email blackhole was on a linux box running qmail, but unfortunately that box was rooted and reformated. Now all of my systems are running postfix, so it was time for a little updating.
The first step is to get postfix installed. This will vary from system to system, but it’s known to work on most unixen, including OSX. You want to set it up as a normal internet mail host operation if given the choice.
Then you need the following things:
A shell script null.sh in an accessible directory with the contents:
#! /bin/bash echo 0;
Edit /etc/postfix/transport to include the following line, which sends all domains to the null transport. This even redirects the local mailer to your null script, so nothing gets delivered.
* null:
Run the following command to rebuild the transport map:
postmap /etc/postfix/transport
Add the following lines to /etc/postfix/master.cf. This is the definition of the null transport. Substitute your path to the null shell script for [[PATH]]
null unix - n n - - pipe
user=nobody argv=[[PATH]]/null.sh ${user}
And finally, you need the following line in /etc/postfix/main.cf, which gives the path to the transport map that we defined above.
transport_maps = hash:/etc/postfix/transport
You should now be able to restart postfix using:
sudo postfix reload
Test sending some mail while watching the mail log, and you should see lines like:
Jun 11 22:02:03 cabbage postfix/cleanup[5449]: 548BA27227:
message-id=<20020612050203.548BA27227@cabbage>
Jun 11 22:02:03 cabbage postfix/qmgr[2799]: 548BA27227:
from=<foo@example.com>, size=1346, nrcpt=1 (queue active)
Jun 11 22:02:03 cabbage postfix/pipe[5451]: 548BA27227:
to=<bar@example.com>, relay=null, delay=0, status=sent (*)
The last line shows that the message was sent to the null transport, and since the null transport has no way of going anywhere, that’s where it ends.
This is a basic blackhole for email. As with all things associated with email, it’s easy to embarass yourself if you make a mistake. Some other good things to do to an email black hole are block outgoing connections to port 25 with firewalling rules and removing the default route from the routing tables. You may even want to use an external firewall to prevent all outgoing connections.
***Update
For some unknown reason, the transport map isn’t picked up on OSX when postfix is built from source. (It works on Debian though). Setting default_transport = null in main.cf works in a similar manner, with the exception of local delivery.
No comments