Honeypots
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6104
Printed Date: 09 November 2025 at 11:30pm
Topic: Honeypots
Posted By: IKILLSPAM1
Subject: Honeypots
Date Posted: 12 June 2007 at 1:19pm
|
I run a list of honeypot email addresses and it works great. My question is when I log into the SFI web quarantine, I can see in the Rejection column "IP blocked by honeypot entry" I want to query the quarantine for all emails blocked for this reason, but it seems that this type of block uses another blacklist's rejection message. I didnt see in the .ini a spot for a custom message when this type of email is blocked. I use the same reject msg for a few blacklist options so I am making it slightly difficult on myself. Could you just specific which custom entry the honeypot option uses? Also how does the web interface dicern this but the actual quarantine doesnt appear to have logged that rejection message? |
Replies:
Posted By: LogSat
Date Posted: 12 June 2007 at 6:23pm
|
You're correct. The honeypot filters are outputting the same error code as specified by the "Blacklisted IP" filter, and thus use this customized response from the SpamFilter.ini file: ResponseBlacklistLocalIP=521 The domain %Domain% is Blacklisted. We'll be making available a customizeable response for this specific filter on the next build, which will be released as soon as we receive a bug report  .The database entries appear correct as there is a dedicated reject code for this filter in the tblRebectCodes in the database. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Desperado
Date Posted: 13 June 2007 at 1:25pm
|
Roberto,
(Possible Bug?)
Little confusion here: I issue the following:
SELECT *
FROM [SpamFilter].[dbo].[tblQuarantine] where rejectid = 18 In about 25% of the rejections I get the following sample rejection:
30352751 mailto:meokisuzup@speedy.com.ar - meokisuzup@speedy.com.ar mailto:danburyusedcarssy@xyz.net - danburyusedcarssy@xyz.net This Link comes from Beulah 2007-06-10 13:00:23.000 24504031 18 521 The IP 190.50.156.68 is Blacklisted by zen.spamhaus.org. http://www.spamhaus.org/query/bl?ip=190.50.156.68 - http://www.spamhaus.org/query/bl?ip=190.50.156.68 -- 0 0 5
Rather than the expected:
30352656 mailto:tdotomacf@isisusa.com - tdotomacf@isisusa.com mailto:glr@xyz.net - glr@xyz.net Myles, do you think this is something for Anton 2007-06-10 13:00:04.000 24503973 18 521 5.2 The IP used to deliver this message, (61.129.15.216) is Blacklisted. Contact that IP block's admin. 0 0 5
I am also getting ZERO rejectID 23 though I am getting some attachment blocking. ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: LogSat
Date Posted: 13 June 2007 at 4:29pm
|
Bug confirmed for the RejectID 23 on the blocked attachments, we were just able to replicate it. We'll have it fixed in the next build. I'm not sure about the other issue (25%...). Any chance you can find one of those emails belonging to that 25% in your SpamFilter logfile, so we can see what is happening? ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Desperado
Date Posted: 13 June 2007 at 4:48pm
|
Roberto, I will email s "snippet" to you. ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |