From 89e610336cab46113ffcb37b13a42db362fe3381 Mon Sep 17 00:00:00 2001
From: Muzyka <dmitriy.myz+git@livetex.ru>
Date: Mon, 25 Apr 2016 15:12:26 +0300
Subject: [PATCH] smtp forward to 127.1:12525

---
 cowrie/ssh/forwarding.py | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/cowrie/ssh/forwarding.py b/cowrie/ssh/forwarding.py
index 2038b9c..3f2fed8 100644
--- a/cowrie/ssh/forwarding.py
+++ b/cowrie/ssh/forwarding.py
@@ -14,13 +14,20 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
     """
     """
     remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
-    log.msg(eventid='cowrie.direct-tcpip.request', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s',
-            dst_ip=remoteHP[0], dst_port=remoteHP[1])
-    return CowrieConnectForwardingChannel(remoteHP,
-       remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
-       avatar=avatar)
-
-
+    log.msg(eventid='cowrie.direct-tcpip.request', format='direct-tcp connection request
+     to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
+            dst_ip=remoteHP[0], dst_port=remoteHP[1],
+            src_ip=origHP[0], src_port=origHP[1])
+    if remoteHP[1] == 25:
+        log.msg(eventid='cowrie.direct-tcpip.request',format='found smtp, forwarding to local honeypot')
+        remoteHPLocal = ('127.0.0.1', 12525)
+        return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
+            remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
+            avatar=avatar)
+    else:
+        return CowrieConnectForwardingChannel(remoteHP,
+           remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
+           avatar=avatar)
 
 class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel):
     """