Honeypot don’t work if AuthorizedToEmail |
Post Reply 
|
| Author | |
Simone 
Groupie 
Joined: 06 July 2005 Status: Offline Points: 42 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Honeypot don’t work if AuthorizedToEmailPosted: 17 February 2006 at 9:26am |
|
I noticed that if i put an email in the honeypot email list, but this email is not in the authorized to email, the ip of the sender wont be considered as honeypot ip. Is this correct for you? I think that it should be considered as spammer ip as the others. Don't you think so? Thank you, Edited by Simone |
|
 |
|
|
Lee
Groupie
Joined: 04 February 2005 Location: United States Status: Offline Points: 50 |
Post Options
Thanks(0)
Quote Reply
Posted: 19 February 2006 at 11:04am |
|
Simone I agree that is the way it should work but others have made the argument against this. Regardless yes you do have to put the illegal email address in the Authorized To before it will make it to the honeypot. The authorized to filter is checked before many of the other filters. The process I have used is to review my quarantine and look for the most common bogus email names used. I then enter those into the Authorized To: and into the honeypot. This seems to catch most of spammers. Lee |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 19 February 2006 at 4:39pm |
|
Sorry for the delay in responding. Lee is absolutely correct. Originally we had the honeypot exactly as Simone was expecting, but shortly after we were asked by a "crowd" of users to change it as it's working now. We are in a democracy... thus SpamFilter is now behaving as Lee described!
|
|
|
|
|
Roman
Newbie 
Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 April 2007 at 4:52pm |
|
oops, found this topic and moved my question here:
So, if i don't want to poison my "Authorized TO EMails" list with bogus addresses, I should use :honeypot suffix in BlackTo list? The other question is how long the honeypot-blacklisted-ip will stay black listed? Forever or just like IPs in temporary cache (I personnaly would prefer the second - there is a chance that IP owner will fix his problems sooner or later)? |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 05 April 2007 at 7:13am |
|
Roman,
The filtering order (http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID =5171#7776) shows that the "Local Emails TO Blacklist" filter is checked before the "Not in Authorized TO Emails" filter. So you have a valid point, and you could indeed use the :honeypot option to do that. In regards to how long the IPs remain in that list, currently they stay there permanently. |
|
|
|
|
Roman
Newbie
Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
Post Options
Thanks(0)
Quote Reply
Posted: 05 April 2007 at 9:05am |
|
Thank you, Roberto.
I think, I'll just write a script to rotate these IPs and expire them in several days. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.078 seconds.