Print Page | Close Window

Monitoring Connections to Spam Filter ISP remotely

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6695
Printed Date: 17 December 2017 at 4:40pm


Topic: Monitoring Connections to Spam Filter ISP remotely
Posted By: bstroba
Subject: Monitoring Connections to Spam Filter ISP remotely
Date Posted: 26 June 2009 at 3:31pm
Hello Everyone,
 
I wanted to ask a general question to see if anyone has done this yet.
We use this Spam Guard ISP software on 2 servers that function as our spam filter solution.
I need to be able to monitor the service remotely for the Spam Gaurd ISP, and remotely monitor the connections that it handles.
 
Too many time s have we been hit with DOS attackts and I have to log in and fix the issue.
Can the connections be monitored with an SNMP Trap?
 
Thank-you
Ben



Replies:
Posted By: yapadu
Date Posted: 27 June 2009 at 1:26am
I don't think there is a way to get any stats via remote, never seen it documented anyway.

I am interested in the denial of service aspect of your post however. What do you do when you are under attack?

I wonder if Roberto has any suggestion of software for Windows that can assist in preventing a DDOS type of attack against Windows/SF in general.


Posted By: LogSat
Date Posted: 27 June 2009 at 10:18am
The connections cannot be readily monitored remotely. The activity logfile can be parsed by 3rd party tools to provide reports, but this capability is not present out-of-the-box.

Please do note however that SpamFilter has built-in failsafes to prevent DDOS attacks. The "blacklist IP cache" filter will drop any TCP connections from IPs that have attempted to send more than a certain amount of spam emails (3 by default) in a certain timeframe (10 minutes by default) will be automatically blocked for some time (60 minutes by default). All these values can be customized. This feature greatly reduces the DDOS risk.
In addition, implementing the greylist filter (which is disabled by default however as it introduces a small email delay during the first few hours after it has been enabled) will also drop TCP connections for all IPs that attempt to send emails to SpamFilter, until they have successfully retried after a few minutes.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window