Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Next Update
  FAQ FAQ  Forum Search   Register Register  Login Login

Next Update

 Post Reply Post Reply Page  12>
Author
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Topic: Next Update
    Posted: 29 April 2005 at 5:35pm
What can we expect to see roberto? Or what are you working on?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 30 April 2005 at 5:31pm
The Antivirus plugin was, even though it's a rather "invisible" addition, a rather major project to implement. We're currently just fixing minor bugs here and there, no major additions yet.

What would you like to see? Is there's any feature in particular you're looking/wishing for?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 30 April 2005 at 7:54pm
I think the next thing I would like to see is integration with firewalls. Alot of spam could be reduced if the firewalls were able to simple shun the traffic.
Back to Top
jacksun View Drop Down
Newbie
Newbie


Joined: 24 February 2005
Status: Offline
Points: 31
Post Options Post Options   Thanks (0) Thanks(0)   Quote jacksun Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2005 at 2:23pm
Hi Roberto, if I may here is my 2 cents for what I would like to see.
 
I guess you could call it auto blacklisting. I would think if a user could forward an email they received which is spam (so it got past the filter) to an email address an admin could set up which would result in the original senders email being blacklisted in spamfilter it would be very valuable. I would think this would need to be on an individual basis just like whitelisting.
This functionality could also be implemented in the web interface with a checkbox to blacklist the sender.
 
This would put some of the blacklist admin work into the hands of the users and cut down on the helpdesk submissions.
 
Regards,
Wayne
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2005 at 4:11pm

Roberto,

How about ... RHSBL support.

Regards,

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
Web123 View Drop Down
Newbie
Newbie
Avatar

Joined: 26 January 2005
Location: Finland
Status: Offline
Points: 31
Post Options Post Options   Thanks (0) Thanks(0)   Quote Web123 Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2005 at 12:59am
Thumbs up on auto blacklisting!
 
We currently have this future on our mailserver, and it's GREAT!
 
When a user gets a Spam mail, he makes a reply on the message and
 
When the mailserver receives a message to blacklistadress@domain.com it
parses all the other addresses from the mail and puts them into a blacklist,
and deletes the message
 
/Kim
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2005 at 11:13am

Comment on the auto-blacklisting:

While I, personally, would like the feature, in the ISP enviroment, this could cause problems.  Remember, one users spam is another users entertainment.  So if user "A" blacklists email from say ... "hotnurses.com", user "B" may get ticked off.  However, the idea may be able to be fined tuned.

AOL has implemented this in a way that causes problems.  We have a customer that has a fully complient "Double Opt In" mailing list and when an aol user decides he no longer wants the mailings, instead of un-subscribing, he clicks on a button that tells aol that it is spam.  If aol gets 12 in an hour (not a large number) ALL email from that IP gets blocked for either 24 or 48 hours.   All of a sudden, 3,000 aol users complain that they are NOT getting their mailing list.

So, this feature has to be well thought out.

Regards,



Edited by Desperado
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2005 at 11:26am
The auto whitelist is on a per email address basis, why couldn't the blacklist be as well?
Back to Top
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2005 at 2:19pm
RHSBL and SURBL
Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2005 at 4:37pm
In a silimar vein to the Auto-Blacklisting, how about an option to have all senders who send to preset honeypot email addresses get automatically blacklisted.  My thought is to block senders who send email to these "bait" addresses right off the bat.

There are some users who get so much spam that they have changed their email address, or an employee is terminated or quits, but their old address is still getting a ton of spam.  The using no longer gets any legitament email at the old email address.  So any future email going to that address is probably spam.  This address would get tagged and all spammers who send to it in the future get auto-blacklisted. 

This might not work for all, but would be a useful feature for others.
Back to Top
Cire View Drop Down
Newbie
Newbie


Joined: 24 February 2005
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote Cire Quote  Post ReplyReply Direct Link To This Post Posted: 04 May 2005 at 11:57am

How about creating columns in the quarantine data base for "from domain", "from IP", and etc. By providing this info in seperate columns it would be much easier to work with the database and determine better rules for filtering.

Thanx - Cire

Back to Top
Ric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ric Quote  Post ReplyReply Direct Link To This Post Posted: 04 May 2005 at 2:24pm

Roberto -

How about a method for teaching the Bayesian filter it's false negatives? 

This idea would create additional demand on the database and processor, but would work (as long as the email client doesn't destroy the headers): add a uniqueID to the headers of messages that are not determined to be spam, and copy the raw message to a table with the uniqueID.  If a delivered message is determined by the user as spam, they can forward the message to a special email account that SF can query from periodically (preferrably low priority service - fewer than xx inbound connections) and retrieve the message, scan for the uniqueID, then reprocess the original raw message through the Bayesian engine to properly tag the tokens as SPAM, reducing false negatives in the future...

Thoughts?

-Ric

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 04 May 2005 at 11:15pm
All,

Thanks for the comments/suggestions. Here's our own 2 cents:

The "Honeypot" idea was great, thanks Alan. We just uploaded in the registered user are build 2.5.1.250, which does have this feature. In this new version there is an additional blacklist: "Honeypot". It contains a list of email addresses to be used as honeypots. Any emails sent to an address in this list will cause the sender's IP to be permanently blocked. The list of auto-blocked IPs is saved in the file "HoneypotBlockedIPs.txt".

We will be hopefully implementing RHSBL and SURBL next.

As far as teaching the statistical filter about the "false negatives", this would require storing "good" messages along with spam in the database. Additional interfaces must be developed to allow end users match the spam they receive to the "good" email that was stored in the database. This feature will require major changes/development, and has so far been set aside.

We're very hesitant in having SpamFilter control firewalls, as that can potentially cause disastrous situation in case there are "hiccups", so that will be set aside as well - too much liability there....
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Posted: 04 May 2005 at 11:19pm
You rock Roberto!
Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 06 May 2005 at 5:03pm
Hey thanks for putting that into a build so quick Roberto.

Another minor request: a way to add comments and to disable line items in the text lists.  Maybe an apostrophy as the first line item to ignore the rest of the line as comments?

I guess I would like them to work more like script that can be well annotated with comments with the ability to temporarily disable certain portions.

Originally posted by LogSat LogSat wrote:

All,

Thanks for the comments/suggestions. Here's our own 2 cents:

The "Honeypot" idea was great, thanks Alan. We just uploaded in the registered user are build 2.5.1.250, which does have this feature. In this new version there is an additional blacklist: "Honeypot". It contains a list of email addresses to be used as honeypots. Any emails sent to an address in this list will cause the sender's IP to be permanently blocked. The list of auto-blocked IPs is saved in the file "HoneypotBlockedIPs.txt".

We will be hopefully implementing RHSBL and SURBL next.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 08 May 2005 at 6:08pm
Sorry Alan, that request has been asked for many times, but we've always had to reject it :-)

The reason is that many users have rather large (MBs...) lists. SpamFilter is very efficient in processing incoming emails, and adding a parsing engine to filter out comments in the text files will impact performance quite a bit. We've tried in the past, and since the performance loss was noticeable, we opted againts it.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2005 at 12:02pm
Ok just thought I would ask again.
As far as the honeypot, I have entered a number of old defunct email addresses that are apparantly on a lot of spammer lists and have had it running for the weekend, but have not logged a single entry in the IP list yet.  Could it be because the emails were snagged or blocked by one of the other filters?
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2005 at 12:27pm

Hmmm,

I have a single entry in the address list and have accumulated 81 IP addresses so far.

Regards,

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2005 at 12:34pm

Originally posted by kspare kspare wrote:

The auto whitelist is on a per email address basis, why couldn't the blacklist be as well?

I think this is a great idea. Especially for those of us who are hosting multiple domains. We use the the autowhitelist extensivley and allow our customer to whitelist their own customers via a form as well as the quarantine db. Once that domain is no longer with us, we just remove any references to that domain in the autowhitelist text file.

If you had an option that worked the same for blacklisting, I think your sales to ISP's and web hosting companies would increase quite a bit.

Any engineering reasons why this could not be done?

Thanks for listening.

Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 09 May 2005 at 1:38pm
Hmm, looks like the problem was these addresses were on the blocked recipients list.  Taking them off has started adding to the honeypot IP list now.

Originally posted by Desperado Desperado wrote:

Hmmm,

I have a single entry in the address list and have accumulated 81 IP addresses so far.

Regards,

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 12 May 2005 at 12:52am

   I used to gather my own IP's to block with a honeypot mechanism I devised but eventually had to scrap it because zombie PC's on networks like Comcast and SBC were being used to send spam which would of course cause my honeypot system to block the IP's of valid mail servers.

 

 

http://www.webguyz.net
Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2005 at 12:18pm
Roberto, another request. 

Currently the :NULL tag can be added to cause an email to be discarded even if on a list that is set for quarantine. 

Can you create another tag that allows an email to be quarantined even though it on a list set for "Do not quarantine"  This makes handling exceptions easier.  (or does this exist already?)

Specifically this is in reference to the honeypot IP list.  I have a couple of backup MX IP's that are being used by spammers that I need to be able to quarantine, but the rest on the honeypot IP's can all be discarded as "Do not quarantine".  I need a way to tag those couple of IP's
Back to Top
_Eric View Drop Down
Newbie
Newbie


Joined: 13 May 2005
Location: Netherlands
Status: Offline
Points: 14
Post Options Post Options   Thanks (0) Thanks(0)   Quote _Eric Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2005 at 3:21pm
configurable logging options in the ini ?
great product !

the sawmill template was great, for my brain dead management, a webtrends template would also be great.

-eric-
(user/admin of since version 1.0)

version SpamFilter ISP v2.5.1.450 logs a little too much ...
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2005 at 9:58pm
Alan,

If I understood correctly, are your secondary MX servers forwarding emails to SpamFilter? If so, you may want to reconsiders, as since many of SpamFilter's rules work on the spammer's IP. IF SpamFilter sees your secondary's IP instead of the real sender, many tests will be unreliable and SpamFilter's actions will be inaccurate. I would see your request for an exception, but there may be other quirks with that configuration.


Eric,

Logging is "fixed" and can't be changed. We'd rather keep it that way, as often problems occur ones and are not repeated. If logging was not there, we (and the admins) would not be able to find eventual problems for which the logs will provide an answer. Often all that is needed is just a few day's worth of logs, an automated script to purge old logs is "safer" than performing less logging (and helps us tremendously in providing support!)
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2005 at 10:11pm

Originally posted by _Eric _Eric wrote:

configurable logging options in the ini ?
great product !

the sawmill template was great, for my brain dead management, a webtrends template would also be great.

-eric-
(user/admin of since version 1.0)

version SpamFilter ISP v2.5.1.450 logs a little too much ...

Eric,

I feel the you can never log "too much". I have a script to "split" the logs on servers where they get too large.

Dan



Edited by Desperado
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
_Eric View Drop Down
Newbie
Newbie


Joined: 13 May 2005
Location: Netherlands
Status: Offline
Points: 14
Post Options Post Options   Thanks (0) Thanks(0)   Quote _Eric Quote  Post ReplyReply Direct Link To This Post Posted: 14 May 2005 at 6:23pm
//Eric,

Logging is "fixed" and can't be changed//

--yes off course but i ment modes,
like debug level logging, advanced, and normal.
(spamfilter.ini loglevel 1,2,3 ...)

personally, the reload message in the logs is not so important, and even that value might be configurable in a feature version, we now handle 2,6 million mails a day,
our company grows and grows through europe, and logfiles are now on a spare u360 scsi drive, in order to keep performance in a normal level.

the earlier (~timer-minute-timer) problem was caused by the pci latency and extreme high i/o load which a dell 2850 with perc4-raid (3 drives) could no longer handle.
(busmastering problem between nic and scsi adapter)

i mean, i know logsat works great, and beyond that, but with these loads, you want to have something to spare,
and not extra informational logging in huge files.

(our max mailsize is 40480kb and 50% of our users use that daily and receive it through logsat also ..)
Back to Top
_Eric View Drop Down
Newbie
Newbie


Joined: 13 May 2005
Location: Netherlands
Status: Offline
Points: 14
Post Options Post Options   Thanks (0) Thanks(0)   Quote _Eric Quote  Post ReplyReply Direct Link To This Post Posted: 15 May 2005 at 7:13am
//and logfiles are now on a spare u360 scsi drive, in order to keep performance in a normal level. //

this drive is mounted as \logfiles in
%drive%\%logsatrootdir%

-eric-
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 15 May 2005 at 11:52am
"System" messages, as reloading of files, are usually independend on the number of emails received, and will cause a fixed amount of entries per day. The bulk of the logs are caused by entries related to incoming emails. Each incoming email will usually generate about a dozen log entries, so the more email traffic, the more logs.

PS - there's an ini option to relocate the logfile directory if needed.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Alan View Drop Down
Groupie
Groupie


Joined: 06 May 2005
Location: United States
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 18 May 2005 at 5:32pm
Although there may be some quirks depsnding on how it is used, it would really be a useful feature for others who want to have the redundancy.  Others who do not want to use could simple not do so.  What are the chances you can put this into a build?

Originally posted by LogSat LogSat wrote:

Alan,

If I understood correctly, are your secondary MX servers forwarding emails to SpamFilter? If so, you may want to reconsiders, as since many of SpamFilter's rules work on the spammer's IP. IF SpamFilter sees your secondary's IP instead of the real sender, many tests will be unreliable and SpamFilter's actions will be inaccurate. I would see your request for an exception, but there may be other quirks with that configuration.

Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 18 May 2005 at 7:06pm
Roberto, you mention that there is now a HoneyPot setting....I have 2.5.1.441 installed but do not see a tab or setting for this feature.  Can you tell me where this is set?
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.