Print Page | Close Window

Honeypots and Backup MX records

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6674
Printed Date: 17 October 2017 at 10:56am


Topic: Honeypots and Backup MX records
Posted By: bpogue99
Subject: Honeypots and Backup MX records
Date Posted: 20 May 2009 at 3:40pm
Hello community,
 
Using SF 4.1.2.801 as the main incoming server, I've got a question on how to handle a situation where an offsite backup MX service is used. The scenario is simple:
 
domain.com 600 mx 10 mail.domain.com
domain.com 600 mx 20 mail.backupmx.com
domain.com 600 mx 30 mail.domain.com
 
Spammers regularly hit all 3 of the records. The problem is that the backupmx.com (not it's real name) service quite often gets dumped into the honeypots IP list. Whitelisting the IP of the backup MX is not a reasonable solution since that would open the door for all the spammers. But, having it honeypotted is also bad because it causes rejection of emails based simply on that IP.
 
So, in short, is there a way to use the honeypot features, yet, not honeypot a particular set of IP's, but also not whitelist them? I guess what I want to do is exclude some IP's from ever being honeypotted or blacklisted, but not whitelisted, sort of skip the IP testing.
 
Thanks! Wink



Replies:
Posted By: LogSat
Date Posted: 21 May 2009 at 9:00am
bpogue99,

There sure is a way.

DoNotAddIPToHoneypot – This optional setting is available in the SpamFilter.ini file. It is used to specify any IPs (separated by commas - no wildcards) that you do not wish to be automatically added to the Honeypot IP blacklist. This setting also prevents those IPs to be added to the IP cache blacklist. It is used mainly to specify IPs that you still wish to be filtered for spam, but you do not want to permanently block.
There is no need to restart SpamFilter after making the change in the ini file, it will be reloaded automatically within 60 seconds after you save it.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: bpogue99
Date Posted: 21 May 2009 at 11:05am

Awesome Roberto, I knew it had to already be addressed!! Can I enter entire segments in the list or just individual IP's? Such as 10.0.0.0/24 versus 10.0.0.1 to 10.0.0.254? I'm assuming there is a recommended limit to how many IP's to actually put on this list.



Posted By: LogSat
Date Posted: 21 May 2009 at 12:36pm
sorry, only individual IPs can be added in that list, not networks.
As far as limits are concerned, to be honest we're not sure! The limit here is dependent on the Windows OS itself and how long a line in an .INI file can be - we've never researched this to find out the maximum (if any). A few thousand characters however on that line should be acceptable.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window