LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Currently we are using the honeypot blacklist and have accumulated many IP addresses.  Does anyone clear the IP addresses out of the list after a set amount of time?  Basically I am wanting to know if anyone has had problems with letting the IP addresses build up and not deleting any of them.
Also I was wondering what is everyone setting the bayesian filter threshold at, and how is everyone guaging the amount of false positives compared to spam that has slipped through the system?

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Matt Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 03 March 2006 Location: United States Status: Offline Points: 17	Post Options Post Reply Quote Matt Report Post Thanks(0) Quote Reply Topic: Honeypot and Bayesian Question Posted: 19 March 2006 at 11:14pm
	Currently we are using the honeypot blacklist and have accumulated many IP addresses. Does anyone clear the IP addresses out of the list after a set amount of time? Basically I am wanting to know if anyone has had problems with letting the IP addresses build up and not deleting any of them. Also I was wondering what is everyone setting the bayesian filter threshold at, and how is everyone guaging the amount of false positives compared to spam that has slipped through the system?

kspare Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 26 January 2005 Location: Canada Status: Offline Points: 334	Post Options Post Reply Quote kspare Report Post Thanks(0) Quote Reply Posted: 20 March 2006 at 12:59am
	I'm curious what people do with the honeypot as well.... as for bayesian filter, I had to turn mine off, it was catching emails that were obviously legit as 100% spam....many many complaints. However I do still need to send my config to roberto to see if I had something set to sensitive. but I had it set to 99.3 or whatever number roberto said to set it to. Are there any other settings that will affect baysiean?

Marco Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 07 June 2005 Location: Netherlands Status: Offline Points: 137	Post Options Post Reply Quote Marco Report Post Thanks(0) Quote Reply Posted: 20 March 2006 at 4:40am
	every now and then i feed the found ip's into the firewall and shut them off from our network. It reduces spam dramatically. Up untill now i've not had any complaints about people beeing unable to reach us, where they should be able to. I am fortunate to be admin of a small company, and not an ISP, so its manageable. IP blacklist cache is working like a charm btw; honeypot hardly ever catches new ip's anymore :)
	Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams

Matt Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 03 March 2006 Location: United States Status: Offline Points: 17	Post Options Post Reply Quote Matt Report Post Thanks(0) Quote Reply Posted: 20 March 2006 at 4:47pm
	My concern is that a good mail server may be blocked indefinately due to spammers sending mail from a good mail server to a honeypot address. Depending on which mail provider they send the spam through, there would be potential for numerous false positives. I think something along the lines of the IP Blacklist Cache could be applied to the honeypot, with an IP initially being blocked for 30 days or so, and if the IP is not detected again within that time period it is released. If the IP is detected the counter is set back to thirty days.

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Honeypot and Bayesian Question