The following programs are not directly related to proxypot, but may be useful:
Takes a bunch of packets and separates the TCP streams by matching the port numbers and IP addresses, puts the data within each stream in proper order by sequence number, and outputs 3 files for each stream: one which contains the data that was sent by the initiator of the connection, one which contains the data that was sent by the other end of the connection, and one which contains both, with escape codes to display the initiator's data in bold when the file printed on a VT100-ish terminal. The packet input can be a saved libpcap dump file (created by tcpdump for example), or it can be taken in real time from a network interface. This is a lot like the "Follow TCP stream" function in ethereal, but it works in bulk on all TCP streams at once, rather than one by one with manual selection. tcpstream can invoke a backend for further processing at the close of each connection. The Net::Pcap perl module is required.
A backend for tcpstream that watches a specific port for SOCKS and HTTP CONNECT proxy connections that lead to SMTP servers, and delivers the mail to a Maildir, with a Received header in proxypot format so the Maildir can be analyzed by spamstat. Sample usage:
tcpstream -l eth0 tmpdir stream2maildir 1080 /home/spamdump/Maildir
tcpstream capfile tmpdir stream2maildir 1080 /home/spamdump/Maildir
With this you can get proxypot-style evidence reports from an actual open proxy, if you have the ability to capture its packets. This should only be done for a short time - if you have a real open proxy on your network you are part of the problem and you should be correcting yourself by shutting it off quickly.