Honey Pot Update
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5165
Printed Date: 31 July 2025 at 11:14am
Topic: Honey Pot Update
Posted By: kspare
Subject: Honey Pot Update
Date Posted: 16 May 2005 at 11:43am
| Could it be possible to setup the ip block list to not block certain ips? |
Replies:
Posted By: lead
Date Posted: 16 May 2005 at 11:53am
what like logsats IP?  I thought there might be difficulties with the honey pot in that regard. With bounced email that has been faked from your domain (which I seem to be getting a lot of lately) it can lead to a hit on the honeypot from delivery failures. I still think it is a great tool, just needs to be managed a bit. kspare what difficulties have you noticed? |
Posted By: Alan
Date Posted: 16 May 2005 at 1:05pm
|
This is something I had asked about in another thread. In my case
it was so spam sent directly to secondary MX servers don't end up on
the honeypot IP blacklist. I am thinking that a tag like "IGNORE"
or something added to the specific IP's in HoneypotBlockedIPs would do
it. Not sure where this falls on Roberto's list though. Lead, no problems with spoofing domains since the IP that gets blacklisted is still the real IP, not a spoofed one. |
Posted By: lead
Date Posted: 17 May 2005 at 6:49am
|
I see it. I am guessing that your ISP is the second MX, which just
forwards everything to your primary MX. Spam tends to be sent to all
your MX records, so that can be a real big problem. I had to drop the
ISP's backup as my second MX because of this, if my line goes down both
MXs are out and I have to rely on the sending server doing the right
thing by retrying. You wouldn't want to whitelist the ISP's backup MX,
but don't want it on the honeypot blacklist as well, even though it is
going to forward email to those addresses. With the spoofing domains, I was saying that if the spam looks like its coming from you (because your address was spoofed as the sender and is the honeypot address) then you are going to get a lot of returns from non-spamming email servers which end up blacklisted. Not a massive problem, just something to be aware of. |
Posted By: kspare
Date Posted: 29 May 2005 at 12:51pm
|
my concern on this is that I have a 3rd offsite server that checks for spam and then forwards ALL mail to my primary server. So when the primary server sees that it is spam, it starts to block EVERYTHING from my backup server. We need to be able to allow an ip no matter what.... |
Posted By: Desperado
Date Posted: 30 May 2005 at 1:30pm
|
Kevin, What I do is whitelist the IP of my backup server and live with the fact that the primary can not detect some ot the communication related blocks. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: kspare
Date Posted: 30 May 2005 at 1:53pm
| But if I whitelist that server, any spam it catches won't be caught.... |
Posted By: Desperado
Date Posted: 30 May 2005 at 2:14pm
|
Doesn't the Secondary quarantine to the database? das ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: kspare
Date Posted: 30 May 2005 at 8:04pm
|
No. And it doesn't do this because it's a 3rd backup server that is offsite. So if our main office goes down it queues up good and bad mail for the main server at our office to commit to the database. We had to do it that way because of the fact that if the main office goes down, the vpn goes down, so any spam found would get dropped and we can't risk that some spam can be false positives and we could loose customer emails. I'm not using it for the time being until we can figure something out or roberto can fix this glitch. It would be nice to have everything on the remote site comitted to database and I tried this out before but it was more of a problem. So I just tag all the email and forward it to the primary spamfilter gateway. But now with the honeypot which works VERY well it is catching some emails. I want to be able to whitelist certain ips from the honeypot only. It would help out alot. |