LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   We're currently using SpamFilter with an Authorised To list, that has dramatically cut down on the amount of spam in the quarantine. 
I realise that an authorised to list isnt the best solution for everyone and after pouring over the logs for a while I came up with an idea.
(please bare with me if this has been suggested previously)
I noticed that a lot of the fake addresses the spammers try to send to at our domain were the same, and repeated many many times over. 
What if there was an option that instead of rejecting emails not on the Authorised To list, that it logged repetitive attempts to the same address. If the number of attempts exceeds a certain number (set by the user) within a certain period, then that address is added to the Honeypot, so if it gets tried again, it will black list the sender.
I know that it already looks out for lots of attempts from a specific address, but im not sure if there is currently a way to block multiple attempts to a specific address. 
Let me know what you think. Thanks.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
superbug73 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 02 August 2006 Status: Offline Points: 2	Post Options Post Reply Quote superbug73 Report Post Thanks(0) Quote Reply Topic: HoneyPot Implementation Posted: 08 August 2006 at 4:55pm
	We're currently using SpamFilter with an Authorised To list, that has dramatically cut down on the amount of spam in the quarantine. I realise that an authorised to list isnt the best solution for everyone and after pouring over the logs for a while I came up with an idea. (please bare with me if this has been suggested previously) I noticed that a lot of the fake addresses the spammers try to send to at our domain were the same, and repeated many many times over. What if there was an option that instead of rejecting emails not on the Authorised To list, that it logged repetitive attempts to the same address. If the number of attempts exceeds a certain number (set by the user) within a certain period, then that address is added to the Honeypot, so if it gets tried again, it will black list the sender. I know that it already looks out for lots of attempts from a specific address, but im not sure if there is currently a way to block multiple attempts to a specific address. Let me know what you think. Thanks.

sgeorge Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 August 2005 Status: Offline Points: 178	Post Options Post Reply Quote sgeorge Report Post Thanks(0) Quote Reply Posted: 09 August 2006 at 2:57pm
	Well, SpamFilter does have the ip blacklist limbo & cache system working, which does effectively put a temporary ban the ip that repeatidly tries to send to the same bad address. With your suggestion, I would consider the conequences of someone mis-typing the valid recipient's email address. If for any reason their sending email server ignores SpamFilter's response that "you are not allowed to send to that [bogus] email address", it may try to re-send a 2nd, 3rd, & 4th time... eventually they would be added to the honeypot simply for trying to re-send the same message. I try to save my honeypot usage for i.p.s that I suspect are solely used for sending spam - should a user from that honeypotted i.p. try to send me a message I would never know. ...My 2 c's. Stephen

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

HoneyPot Implementation