Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Auto Ban IP Feature Request
  FAQ FAQ  Forum Search   Register Register  Login Login

Auto Ban IP Feature Request

 Post Reply Post Reply
Author
fdickey View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote fdickey Quote  Post ReplyReply Direct Link To This Post Topic: Auto Ban IP Feature Request
    Posted: 09 December 2004 at 2:45pm

I was wondering if it would be possible to have the spamfilter auto-ban an IP address after X number of sequential invalid recipient errors.  I have my simultaneous sessions limited to a max of 10 and my simultaneous sessions from a single IP limited to 3 to help thwart this...but I have had two cases in the past couple of days of a single SMTP session flooding the spam filter with 2 or more email threads per second in the same session...all of which are getting rejected.  After awhile, we notice in the logs this nice long series of rejects from the same IP address and go to our firewall and ban all inbound packets from that particular IP address.

I'm not sure if there is some nasty new virus out or not...of course...there is always a nasty new virus out...lol...but it would be nice if the spam filter would recognize this form of abuse and terminate all sessions with the culprit IP address rather than continuing to waste valuable time and resources rejecting each thread from what is obviously a bogus source of SMTP traffic.

In other words....instantly drop connection from an auto-banned IP that was auto-banned for the above such scenario and not even giving in the time of day much less bothering with whatever SMTP session it tries sending our way.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 09 December 2004 at 7:38pm
Fred,

We've been evaluating the possibilities of implementing not only what you're requesting, but exapanding it to auto-banning IPs being blocked by other filters as well. This would also help in reducing resources used to perform DNS queries to MAPS servers and reverse DNS entries.

All of this will be implemented in a future release of SpamFilter, but we do not have any timeframes of when.

Roberto F. LogSat Software
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 10 December 2004 at 9:02am

Roberto, I even have some source code for ya :)

http://www.snortsam.com

 

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 December 2004 at 5:53pm
Kevin,

Thanks for the info (believe the link should be the one with .net rather than .com). I don't believe we can take open-source code and include it in a commercial package however :) and in any case, we use Delphi rather than C as a compiler, which most of the times allows us to use a single file and *way* less code than the equivalent multitude of files and cryptic code if using C.

Roberto F. LogSat Software
Back to Top
Fred Dickey View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Fred Dickey Quote  Post ReplyReply Direct Link To This Post Posted: 16 April 2005 at 1:12am
Originally posted by LogSat LogSat wrote:

Fred,

We've been evaluating the possibilities of implementing not only what you're requesting, but exapanding it to auto-banning IPs being blocked by other filters as well. This would also help in reducing resources used to perform DNS queries to MAPS servers and reverse DNS entries.

All of this will be implemented in a future release of SpamFilter, but we do not have any timeframes of when.

Roberto F. LogSat Software


Did anything ever come of this?  Watching the logs...an auto-ban IP feature for max invalid recipients sure would be nice.  Thanks.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 16 April 2005 at 4:38pm
Not yet...
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.195 seconds.