DonotAddIPToHoneypot |
Post Reply 
|
| Author | |
jacksun 
Newbie 
Joined: 24 February 2005 Status: Offline Points: 31 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: DonotAddIPToHoneypotPosted: 27 July 2005 at 8:28pm |
|
Hi Roberto, I noticed this new addition to the spamfilter.ini file in the changes list but I am unable to find it in the spamfilter.ini after a upgrade. I am assuming one must add this manually. Any particular place it needs to be in the spamfilter.ini? Is the item entered like this: DoNotAddIPToHoneypot=x.x.x.x,x.x.x.x,x.x.x.x Thanks |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2005 at 10:08pm |
|
Wayne,
If it's missing, that entry "should" be added to the ini file once you click on the "Save Settings" button. If it's not, as with all the optional ini values we document in the reademe.html help file, you can always add it manually under the [server settings] section of SpamFilter. IPs should be separated with commas (even though semicolons will work as well...). |
|
|
|
|
vrspock
Guest Group 
|
Post Options
Thanks(0)
Quote Reply
Posted: 22 December 2005 at 12:55pm |
|
I had a false positive the other day from a sender who was coming in from bellsouth.net Looks like our honeypot list tagged one of their mail servers. I know you can use the donotaddiptohoneypot feature to prevent a trusted IP from being added to this list, my question is what's the best policy for determining what a "trusted" server is? Should this be just your own internal relays or is it ok to add a major ISP's mail server to this list? I'm like everyone else in that I don't want a semi-permanent surge of false positives from a specific ISP because someone cracked a password on their mail server. Also, if it is a good practice to place major ISP's in the donotaddiptohoneypot list, is there a trusted list of major ISP mail servers out there we can add to this list? The intent of the honeypot list should be to block all those zombie pc's out there and lame mail servers that are poorly configured. I've only had a couple of false positives as a result of the honeypots list since we implemented it, but would like for our server to know who's a major source of email and thus should be allowed to continue on through the remaining filter list and who's not and should be scrutinized with extreme prejudice. |
|
|
|
|
Simone
Groupie 
Joined: 06 July 2005 Status: Offline Points: 42 |
Post Options
Thanks(0)
Quote Reply
Posted: 19 January 2006 at 9:06am |
|
2 stupid questions: - i cannot find the way to add ips by guy - could it possible to store the ips in a separated text file and not in the .ini one? Thanks, Simone |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 19 January 2006 at 10:32pm |
|
Simone,
SpamFilter has many settings that are only available via options in the SpamFilter.ini file, and this is one of them. There is no GUI front end, sorry. Currently the list of IPs is only available by adding it to the ini file, we do not have an external file for it. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.236 seconds.