Honeypots |
Post Reply 
|
| Author | |
IKILLSPAM1 
Groupie 
Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: HoneypotsPosted: 12 June 2007 at 1:19pm |
|
I run a list of honeypot email addresses and it works great. My question is when I log into the SFI web quarantine, I can see in the Rejection column "IP blocked by honeypot entry" I want to query the quarantine for all emails blocked for this reason, but it seems that this type of block uses another blacklist's rejection message. I didnt see in the .ini a spot for a custom message when this type of email is blocked. I use the same reject msg for a few blacklist options so I am making it slightly difficult on myself. Could you just specific which custom entry the honeypot option uses? Also how does the web interface dicern this but the actual quarantine doesnt appear to have logged that rejection message? |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 June 2007 at 6:23pm |
|
You're correct. The honeypot filters are outputting the same error code as specified by the "Blacklisted IP" filter, and thus use this customized response from the SpamFilter.ini file:
ResponseBlacklistLocalIP=521 The domain %Domain% is Blacklisted. We'll be making available a customizeable response for this specific filter on the next build, which will be released as soon as we receive a bug report  .The database entries appear correct as there is a dedicated reject code for this filter in the tblRebectCodes in the database. |
|
|
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2007 at 1:25pm |
|
Roberto,
(Possible Bug?)
Little confusion here: I issue the following:
SELECT *
FROM [SpamFilter].[dbo].[tblQuarantine] where rejectid = 18 In about 25% of the rejections I get the following sample rejection:
30352751 meokisuzup@speedy.com.ar danburyusedcarssy@xyz.net This Link comes from Beulah 2007-06-10 13:00:23.000 24504031 18 521 The IP 190.50.156.68 is Blacklisted by zen.spamhaus.org. http://www.spamhaus.org/query/bl?ip=190.50.156.68 -- 0 0 5
Rather than the expected:
30352656 tdotomacf@isisusa.com glr@xyz.net Myles, do you think this is something for Anton 2007-06-10 13:00:04.000 24503973 18 521 5.2 The IP used to deliver this message, (61.129.15.216) is Blacklisted. Contact that IP block's admin. 0 0 5
I am also getting ZERO rejectID 23 though I am getting some attachment blocking.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2007 at 4:29pm |
|
Bug confirmed for the RejectID 23 on the blocked attachments, we were just able to replicate it. We'll have it fixed in the next build.
I'm not sure about the other issue (25%...). Any chance you can find one of those emails belonging to that 25% in your SpamFilter logfile, so we can see what is happening? |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 June 2007 at 4:48pm |
|
Roberto, I will email s "snippet" to you. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.867 seconds.