Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SMTP AUTH and IP CACHE BLACKLIST
  FAQ FAQ  Forum Search   Register Register  Login Login

SMTP AUTH and IP CACHE BLACKLIST

 Post Reply Post Reply
Author
rudaf View Drop Down
Newbie
Newbie


Joined: 04 July 2007
Location: Italy
Status: Offline
Points: 38
Post Options Post Options   Thanks (0) Thanks(0)   Quote rudaf Quote  Post ReplyReply Direct Link To This Post Topic: SMTP AUTH and IP CACHE BLACKLIST
    Posted: 11 May 2009 at 7:48am
Envirnoment
 
SFE 4.1.2.808
DB MSSQLSVR 2000 STD SP4
WIN 2000 SP4
 
We have implemented SMTP AUTHENTICATION feature using UNIX STyle pswd in order to use SFE as SMTP AUTH relay server.
 
Here the architecture
 
Incoming SMTP connection
|
v
SMTP AUTH (SFE3) -> KO -> reject
|
V
OK
|
V
Mail server
|
V
Remote Recipient
 
Now we are facing this problem: according to general rules of SFE governing potential spammers ips, if an user fails to authenticate himself due to an error entering the password in its outlook client, SFE considers him as a potential spammer and its IP is placed in IP CACHE BLACKLIST (temporary). If it come in error for three times the IP is blacklisted for 60 mins.
 
That's really good to fight incoming spam, but is really a curse for SMTP relay purposes. Imagine the scenario:
 
A lan with 200 users. 200 private IPs and 1 public/static IP. Just 1 user fails 3 times to authenticate himself in SMTP AUTH, SFE blacklist such a public IP and 199 users stop to send mail for 1 hour!!!
 
As workaround we added in Spamfilter.ini, "DoNotAddIPToHoneypot = [public IP]" but this is a weak solution.
We are a service provider and we cannot always know any single potential IP SMTP AUTH traffic will come from.
 
What can you suggest? On our side we can suggest to avoid temporary blacklisting when using SMTP AUTH feature.
 
Regards.
 
 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4066
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 May 2009 at 11:41pm
While you could reduce the IP blacklist cache duration from 60 minutes to just about 10 minutes or so, we would actually suggest the following.

Configure your SpamFilter to listen for incoming SMTP traffic on port 25 for regular mail, without implementing SMTP AUTH.

On the same server install another copy of SpamFilter, but configure it to listen for SSL traffic on port 465, and implement SMTP AUTH on this second instance. Configure this SpamFilter to reject all emails (for example either by having a non-existent domain in the "Local Domains", or by adding just one non-existent user to the AuthorizedTO whitelist). Then have your users configure their mail clients to use SSL for SMTP Authentication. This will (1) add increased security as their login information will be encrypted, and (2) will allow them to relay without the blacklist cache issues present on the primary server.

To use SSL you will need to configure an SSL certificate in SpamFilter, we have documentation on how to proceed in the manual.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
rudaf View Drop Down
Newbie
Newbie


Joined: 04 July 2007
Location: Italy
Status: Offline
Points: 38
Post Options Post Options   Thanks (0) Thanks(0)   Quote rudaf Quote  Post ReplyReply Direct Link To This Post Posted: 12 May 2009 at 4:21am
That's sound as a good solution. We will test it not in SSL mode to avoid impact on users settings but only working on firewall rules, and running a new istance of SFE listening on different port then the other one dedicated to SMTP AUTH traffic.
 
This could work.
 
I'll let you know
 
Regards
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.