Like to collect all "IP Limbo/Blacklist c |
Post Reply 
|
| Author | |
samsung 
Newbie 
Joined: 26 October 2006 Status: Offline Points: 3 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Like to collect all "IP Limbo/Blacklist cPosted: 09 November 2006 at 5:56pm |
|
Hi there, Yes - i like to collect in real time all Limbo IPs "IP cache Blacklist" into a text file as spamfilter is running. Anyone doing this? if it is not simple, then is there a way to do it offline from logs? my second question: how can i filter IPs based on keywords that RDNS of IP reports? I mean, how can i RegEX any IP number of sender server which has a PTR string with *.dhcp.* or *.dynamic.* and so on... lastly, I get a lot of IPs in limbo cache, but they very very seldom ever go over 3 strike. So figure spammer is smarter. Can i safely lower the block IP threshold in limo list? is anyone using two or one?? Any help is much appreciated. Many Thanks S. |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 November 2006 at 12:27am |
|
samsung,
The IP cache blacklist is stored in memory only, and can't be retrieved. You can however, as you probably already know, display its content in the "Statistics" tab in SpamFilter. Unfortunately even the 2nd question will have a negative answer. SpamFilter does not perform any filtering on the RDNS of an IP. We'd recommend againsta lowering the cahce limit, as the risk in blocking legitimate emails would be too high. |
|
|
|
|
dcook
Senior Member 
Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 November 2006 at 4:18pm |
|
Let me throw an idea into the frey ... we have done quite a bit of experimenting with the IP Cache values. We struck upon: IPCacheLimboCountTrigger=6 This has worked well at protecting the Spamfilter with the periodic email phishing attacks we get. The low time trigger makes it quick to respond to abuse. The 30 minute time period allows for retries of valid email. If the spammer is persistant then they simply end up blacklisted a minute after the duration has expired. Anybody else try this? |
|
|
Dwight
www.vividmix.com |
|
|
|
|
mbrusl
Groupie 
Joined: 05 December 2005 Location: Thunder Bay Ont Status: Offline Points: 61 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 July 2007 at 7:39pm |
Roberto, Would you consider entertaining the thought of allowing the option to write to a log file? As most of us have a good reason on why we want to have this information. |
|
|
|
|
atifghaffar
Senior Member
Joined: 31 May 2006 Location: Switzerland Status: Offline Points: 104 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 August 2007 at 6:23pm |
|
Roberto,
I would also like access to this information so that this information can be sent to the firewall and it blocks the access completely instead of managing this information on each spamfilter node. Even better if SFE can write this info in the db. |
|
|
best regards
Atif |
|
|
|
Topic Options
LogSat wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.129 seconds.