Print Page | Close Window

Auto Ban IP Feature Request

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=4721
Printed Date: 23 October 2017 at 4:07am


Topic: Auto Ban IP Feature Request
Posted By: Guests
Subject: Auto Ban IP Feature Request
Date Posted: 09 December 2004 at 2:45pm

I was wondering if it would be possible to have the spamfilter auto-ban an IP address after X number of sequential invalid recipient errors.  I have my simultaneous sessions limited to a max of 10 and my simultaneous sessions from a single IP limited to 3 to help thwart this...but I have had two cases in the past couple of days of a single SMTP session flooding the spam filter with 2 or more email threads per second in the same session...all of which are getting rejected.  After awhile, we notice in the logs this nice long series of rejects from the same IP address and go to our firewall and ban all inbound packets from that particular IP address.

I'm not sure if there is some nasty new virus out or not...of course...there is always a nasty new virus out...lol...but it would be nice if the spam filter would recognize this form of abuse and terminate all sessions with the culprit IP address rather than continuing to waste valuable time and resources rejecting each thread from what is obviously a bogus source of SMTP traffic.

In other words....instantly drop connection from an auto-banned IP that was auto-banned for the above such scenario and not even giving in the time of day much less bothering with whatever SMTP session it tries sending our way.




Replies:
Posted By: LogSat
Date Posted: 09 December 2004 at 7:38pm
Fred,

We've been evaluating the possibilities of implementing not only what you're requesting, but exapanding it to auto-banning IPs being blocked by other filters as well. This would also help in reducing resources used to perform DNS queries to MAPS servers and reverse DNS entries.

All of this will be implemented in a future release of SpamFilter, but we do not have any timeframes of when.

Roberto F. LogSat Software


Posted By: kspare
Date Posted: 10 December 2004 at 9:02am

Roberto, I even have some source code for ya :)

http://www.snortsam.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.snortsam.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.snortsam.com

 

 



Posted By: LogSat
Date Posted: 11 December 2004 at 5:53pm
Kevin,

Thanks for the info (believe the link should be the one with .net rather than .com). I don't believe we can take open-source code and include it in a commercial package however :) and in any case, we use Delphi rather than C as a compiler, which most of the times allows us to use a single file and *way* less code than the equivalent multitude of files and cryptic code if using C.

Roberto F. LogSat Software


Posted By: Guests
Date Posted: 16 April 2005 at 1:12am
Originally posted by LogSat LogSat wrote:

Fred,

We've been evaluating the possibilities of implementing not only what you're requesting, but exapanding it to auto-banning IPs being blocked by other filters as well. This would also help in reducing resources used to perform DNS queries to MAPS servers and reverse DNS entries.

All of this will be implemented in a future release of SpamFilter, but we do not have any timeframes of when.

Roberto F. LogSat Software


Did anything ever come of this?  Watching the logs...an auto-ban IP feature for max invalid recipients sure would be nice.  Thanks.


Posted By: LogSat
Date Posted: 16 April 2005 at 4:38pm
Not yet...

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window