Auto Ban IP Feature Request |
Post Reply |
Author | |
fdickey
Guest Group |
Post Options
Thanks(0)
Posted: 09 December 2004 at 2:45pm |
I was wondering if it would be possible to have the spamfilter auto-ban an IP address after X number of sequential invalid recipient errors. I have my simultaneous sessions limited to a max of 10 and my simultaneous sessions from a single IP limited to 3 to help thwart this...but I have had two cases in the past couple of days of a single SMTP session flooding the spam filter with 2 or more email threads per second in the same session...all of which are getting rejected. After awhile, we notice in the logs this nice long series of rejects from the same IP address and go to our firewall and ban all inbound packets from that particular IP address. I'm not sure if there is some nasty new virus out or not...of course...there is always a nasty new virus out...lol...but it would be nice if the spam filter would recognize this form of abuse and terminate all sessions with the culprit IP address rather than continuing to waste valuable time and resources rejecting each thread from what is obviously a bogus source of SMTP traffic. In other words....instantly drop connection from an auto-banned IP that was auto-banned for the above such scenario and not even giving in the time of day much less bothering with whatever SMTP session it tries sending our way. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Fred,We've been evaluating the possibilities of implementing not only what you're requesting, but exapanding it to auto-banning IPs being blocked by other filters as well. This would also help in reducing resources used to perform DNS queries to MAPS servers and reverse DNS entries.All of this will be implemented in a future release of SpamFilter, but we do not have any timeframes of when.Roberto F.
LogSat Software
|
|
kspare
Senior Member Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Kevin,Thanks for the info (believe the link should be the one with .net rather than .com). I don't believe we can take open-source code and include it in a commercial package however :) and in any case, we use Delphi rather than C as a compiler, which most of the times allows us to use a single file and *way* less code than the equivalent multitude of files and cryptic code if using C.
Roberto F.
LogSat Software
|
|
Fred Dickey
Guest Group |
Post Options
Thanks(0)
|
Did anything ever come of this? Watching the logs...an auto-ban IP feature for max invalid recipients sure would be nice. Thanks. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Not yet...
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.195 seconds.