Bug? |
Post Reply 
|
| Author | |
kspare 
Senior Member 
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Bug?Posted: 18 June 2005 at 3:14pm |
|
I may have found a bug in the black/whitelist order... My backup mailserver has the same honeypot email address' as all my servers. But being offsite it does not have access to the sql server. So it just takes the message as spam and forwards it to one of the primrary servers, and adds the ip to the honeypot blocks ips list. When the message gets to the main server, it too sees that the honeypot email address is coming through and now blocks the backup gateways ip address. So two things need to happen to fix this. 1. Allow us to whitelist in the hotpot certain ips so the honey pot does not catch them. 2. Move the honeypot email address black list behind the subject tag black list... Kevin |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 June 2005 at 7:01pm |
|
Kevin,
This is not a bug, but just the way emails and filters are processed. We posted more info on this issue at http://logsat.com/spamfilter/forums/forum_posts.asp?TID=5217 #6068 as follows: ============================== SpamFilter should really see the original IP of the sender when procesing emails. If SpamFilter handles emails that are being relayed by a "friendly" server, then things are bound to go wrong, not just with the honeypot file. Think about the SPF filter for example... If the IP of the server connecting to SpamFilter is not listed in the SPF DNS record of the sender, the email will be rejected. And if your secondary is forwarding emails to SpamFilter, that *will* cause a big issue. The mains solutions that come to mind are to: (1) place SpamFilter (or any other antispam software) in front of all the servers listed as MX records, or (2) forward the email from the secondaries directly to your main SMTP server, bypassing the main spam filter. or (3) install a second SpamFilter on a separate IP or separate server, configure it skip ALL IP-based tests (reverse-DNS, country, SPF, MAPS-RBL, IP blacklists, MX checks etc.), and have the secondary forward emails to this lesser-featured SpamFilter. ========================================= |
|
|
|
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 June 2005 at 7:33pm |
|
Server #3 DOES run spamfilter, infact spamfilter forwards the mail directly to the primary server. It has already tagged the email as spam, but the honeypot still picks it up. Basically all i'm asking for is that the honeypot detection be after the tagged line detection. Being that server #3 is already spamfilter and has already detected a honeypot email, it tags the subject line and sends the email to server #1 to be put into the quaruntine database. But Server#1 sees the honeypot email address and blocks server #3. When really it should see that it has already tagged the subject line and just quaruntine the email.... |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.086 seconds.