Print Page | Close Window

SMTP AUTH and IP CACHE BLACKLIST

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6669
Printed Date: 16 October 2017 at 8:34pm


Topic: SMTP AUTH and IP CACHE BLACKLIST
Posted By: rudaf
Subject: SMTP AUTH and IP CACHE BLACKLIST
Date Posted: 11 May 2009 at 7:48am
Envirnoment
 
SFE 4.1.2.808
DB MSSQLSVR 2000 STD SP4
WIN 2000 SP4
 
We have implemented SMTP AUTHENTICATION feature using UNIX STyle pswd in order to use SFE as SMTP AUTH relay server.
 
Here the architecture
 
Incoming SMTP connection
|
v
SMTP AUTH (SFE3) -> KO -> reject
|
V
OK
|
V
Mail server
|
V
Remote Recipient
 
Now we are facing this problem: according to general rules of SFE governing potential spammers ips, if an user fails to authenticate himself due to an error entering the password in its outlook client, SFE considers him as a potential spammer and its IP is placed in IP CACHE BLACKLIST (temporary). If it come in error for three times the IP is blacklisted for 60 mins.
 
That's really good to fight incoming spam, but is really a curse for SMTP relay purposes. Imagine the scenario:
 
A lan with 200 users. 200 private IPs and 1 public/static IP. Just 1 user fails 3 times to authenticate himself in SMTP AUTH, SFE blacklist such a public IP and 199 users stop to send mail for 1 hour!!!
 
As workaround we added in Spamfilter.ini, "DoNotAddIPToHoneypot = [public IP]" but this is a weak solution.
We are a service provider and we cannot always know any single potential IP SMTP AUTH traffic will come from.
 
What can you suggest? On our side we can suggest to avoid temporary blacklisting when using SMTP AUTH feature.
 
Regards.
 
 



Replies:
Posted By: LogSat
Date Posted: 11 May 2009 at 11:41pm
While you could reduce the IP blacklist cache duration from 60 minutes to just about 10 minutes or so, we would actually suggest the following.

Configure your SpamFilter to listen for incoming SMTP traffic on port 25 for regular mail, without implementing SMTP AUTH.

On the same server install another copy of SpamFilter, but configure it to listen for SSL traffic on port 465, and implement SMTP AUTH on this second instance. Configure this SpamFilter to reject all emails (for example either by having a non-existent domain in the "Local Domains", or by adding just one non-existent user to the AuthorizedTO whitelist). Then have your users configure their mail clients to use SSL for SMTP Authentication. This will (1) add increased security as their login information will be encrypted, and (2) will allow them to relay without the blacklist cache issues present on the primary server.

To use SSL you will need to configure an SSL certificate in SpamFilter, we have documentation on how to proceed in the manual.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: rudaf
Date Posted: 12 May 2009 at 4:21am
That's sound as a good solution. We will test it not in SSL mode to avoid impact on users settings but only working on firewall rules, and running a new istance of SFE listening on different port then the other one dedicated to SMTP AUTH traffic.
 
This could work.
 
I'll let you know
 
Regards



Print Page | Close Window