Like to collect all "IP Limbo/Blacklist c
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5867
Printed Date: 22 February 2025 at 5:36pm
Topic: Like to collect all "IP Limbo/Blacklist c
Posted By: samsung
Subject: Like to collect all "IP Limbo/Blacklist c
Date Posted: 09 November 2006 at 5:56pm
|
Hi there, Yes - i like to collect in real time all Limbo IPs "IP cache Blacklist" into a text file as spamfilter is running. Anyone doing this? if it is not simple, then is there a way to do it offline from logs? my second question: how can i filter IPs based on keywords that RDNS of IP reports? I mean, how can i RegEX any IP number of sender server which has a PTR string with *.dhcp.* or *.dynamic.* and so on... lastly, I get a lot of IPs in limbo cache, but they very very seldom ever go over 3 strike. So figure spammer is smarter. Can i safely lower the block IP threshold in limo list? is anyone using two or one?? Any help is much appreciated. Many Thanks S. |
Replies:
Posted By: LogSat
Date Posted: 14 November 2006 at 12:27am
|
samsung, The IP cache blacklist is stored in memory only, and can't be retrieved. You can however, as you probably already know, display its content in the "Statistics" tab in SpamFilter. Unfortunately even the 2nd question will have a negative answer. SpamFilter does not perform any filtering on the RDNS of an IP. We'd recommend againsta lowering the cahce limit, as the risk in blocking legitimate emails would be too high. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: dcook
Date Posted: 14 November 2006 at 4:18pm
|
Let me throw an idea into the frey ... we have done quite a bit of experimenting with the IP Cache values. We struck upon: IPCacheLimboCountTrigger=6 This has worked well at protecting the Spamfilter with the periodic email phishing attacks we get. The low time trigger makes it quick to respond to abuse. The 30 minute time period allows for retries of valid email. If the spammer is persistant then they simply end up blacklisted a minute after the duration has expired. Anybody else try this? ------------- Dwight www.vividmix.com |
Posted By: mbrusl
Date Posted: 01 July 2007 at 7:39pm
Roberto, Would you consider entertaining the thought of allowing the option to write to a log file? As most of us have a good reason on why we want to have this information. |
LogSat wrote:Posted By: atifghaffar
Date Posted: 04 August 2007 at 6:23pm
|
Roberto, I would also like access to this information so that this information can be sent to the firewall and it blocks the access completely instead of managing this information on each spamfilter node. Even better if SFE can write this info in the db. ------------- best regards Atif |