Spam Filter ISP Support

Print Page | Close Window

Honeypot ?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5256
Printed Date: 31 July 2025 at 11:15am

Topic: Honeypot ?

Posted By: Guests
Subject: Honeypot ?
Date Posted: 05 July 2005 at 12:40pm

Ok... I may be blind, but I cannot find the honeypot feature in my version of SpamFilter ISP. I am running 2.5.1.441. Should there be a tab for the Honeypot or is this just a name you are giving to another feature under the blacklists?

Replies:

Posted By: JimMeredith
Date Posted: 05 July 2005 at 4:05pm

No, you're not blind... the honeypot feature http://www.logsat.com/sfi-release-notes-and-bug-fixes.asp - was not introduced until 2.5.1.450.

// New to VersionNumber = '2.5.1.450';
{TODO -cNew : Added "Honeypot" feature to automatically block IPs that send emails to specified honeypot addresses}

Posted By: Derek Jeffries
Date Posted: 06 July 2005 at 9:41am

How often is the demo version updated? I am wanting to evaluate SpamFilter but it looks like the demo is quite a few versions behind.

Derek

Posted By: LogSat
Date Posted: 06 July 2005 at 8:05pm

There is no set policy... We try to release a new free version when the number of improvements available in the retail version is such that there are too many features users are not able to see/test. We'll probably release a new free version in a few weeks, a bit after the latest 2.6 versionis officially released.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Marco
Date Posted: 08 July 2005 at 9:09am

short question, do you guys also think that logging the e-mail attempts to invalid mail adresses (not in authorisedToList), together with the number of attempts, would be useful?

Having this feature would help create a nice honeypot mail adress list in my opinion.

Regards,

Marco

-------------
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams

Posted By: LogSat
Date Posted: 08 July 2005 at 3:34pm

Marco,

The logging is already happening, as in the log sample below. Keeping track of the number of attempts however is not, and we'll leave that task for a 3rd party application that parses the logfiles...

07/08/05 15:32:52:921 -- (792) Connection from: 172.27.4.51 - Originating country : N/A
07/08/05 15:32:53:296 -- (792) Resolving 172.27.4.51 - Not found
07/08/05 15:32:53:296 -- (792) - EmailTO is not in AuthorizedTOEmail list...
07/08/05 15:32:53:296 -- (792) 172.27.4.51 - Mail from: roberto@yahoo.com To: test@logsat.com will be rejected
07/08/05 15:32:53:296 -- (792) Disconnect

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Guests
Date Posted: 11 July 2005 at 3:45am

My question wasnt clear enough, i meant logging to a separate file, something like the honeypotblockedip.txt, with a format like this:

rejectedemails.txt

xxx.xxx.xxx.xxx mailto:FROMsender@domain.com - FROMsender@domain.com mailto:TOadress@ourdomain.com - TOadress@ourdomain.com

Granted, it allready IS in the activitylog, but such a txt file would make life a lot easier in finding the bad senders.

Regards,

Marco

Posted By: LogSat
Date Posted: 11 July 2005 at 3:51pm

Sorry Marco, I know that you actually wanted the logging in an external file, but duplicating the logging functionality for some items in a separate log is not currently planned.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Print Page | Close Window