Next Update
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5145
Printed Date: 16 September 2024 at 4:10pm
Topic: Next Update
Posted By: kspare
Subject: Next Update
Date Posted: 29 April 2005 at 5:35pm
| What can we expect to see roberto? Or what are you working on? |
Replies:
Posted By: LogSat
Date Posted: 30 April 2005 at 5:31pm
|
The Antivirus plugin was, even though it's a rather "invisible"
addition, a rather major project to implement. We're currently just
fixing minor bugs here and there, no major additions yet. What would you like to see? Is there's any feature in particular you're looking/wishing for? ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: kspare
Date Posted: 30 April 2005 at 7:54pm
| I think the next thing I would like to see is integration with firewalls. Alot of spam could be reduced if the firewalls were able to simple shun the traffic. |
Posted By: jacksun
Date Posted: 02 May 2005 at 2:23pm
|
Hi Roberto, if I may here is my 2 cents for what I would like to see.
I guess you could call it auto blacklisting. I would think if a user could forward an email they received which is spam (so it got past the filter) to an email address an admin could set up which would result in the original senders email being blacklisted in spamfilter it would be very valuable. I would think this would need to be on an individual basis just like whitelisting.
This functionality could also be implemented in the web interface with a checkbox to blacklist the sender.
This would put some of the blacklist admin work into the hands of the users and cut down on the helpdesk submissions.
Regards,
Wayne
|
Posted By: Desperado
Date Posted: 02 May 2005 at 4:11pm
|
Roberto, How about ... RHSBL support. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: Web123
Date Posted: 03 May 2005 at 12:59am
|
Thumbs up on auto blacklisting!
We currently have this future on our mailserver, and it's GREAT!
When a user gets a Spam mail, he makes a reply on the message and
adds cc to mailto:blacklistadress@domain.com - blacklistadress@domain.com .
When the mailserver receives a message to mailto:blacklistadress@domain.com - blacklistadress@domain.com it
parses all the other addresses from the mail and puts them into a blacklist,
and deletes the message
/Kim
|
Posted By: Desperado
Date Posted: 03 May 2005 at 11:13am
|
Comment on the auto-blacklisting: While I, personally, would like the feature, in the ISP enviroment, this could cause problems. Remember, one users spam is another users entertainment. So if user "A" blacklists email from say ... "hotnurses.com", user "B" may get ticked off. However, the idea may be able to be fined tuned. AOL has implemented this in a way that causes problems. We have a customer that has a fully complient "Double Opt In" mailing list and when an aol user decides he no longer wants the mailings, instead of un-subscribing, he clicks on a button that tells aol that it is spam. If aol gets 12 in an hour (not a large number) ALL email from that IP gets blocked for either 24 or 48 hours. All of a sudden, 3,000 aol users complain that they are NOT getting their mailing list. So, this feature has to be well thought out. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: kspare
Date Posted: 03 May 2005 at 11:26am
| The auto whitelist is on a per email address basis, why couldn't the blacklist be as well? |
Posted By: keizersozay
Date Posted: 03 May 2005 at 2:19pm
| RHSBL and SURBL |
Posted By: Guests
Date Posted: 03 May 2005 at 4:37pm
|
In a silimar vein to the Auto-Blacklisting, how about an option to have
all senders who send to preset honeypot email addresses get
automatically blacklisted. My thought is to block senders who
send email to these "bait" addresses right off the bat. There are some users who get so much spam that they have changed their email address, or an employee is terminated or quits, but their old address is still getting a ton of spam. The using no longer gets any legitament email at the old email address. So any future email going to that address is probably spam. This address would get tagged and all spammers who send to it in the future get auto-blacklisted. This might not work for all, but would be a useful feature for others. |
Posted By: Cire
Date Posted: 04 May 2005 at 11:57am
|
How about creating columns in the quarantine data base for "from domain", "from IP", and etc. By providing this info in seperate columns it would be much easier to work with the database and determine better rules for filtering. Thanx - Cire |
Posted By: Guests
Date Posted: 04 May 2005 at 2:24pm
|
Roberto - How about a method for teaching the Bayesian filter it's false negatives? This idea would create additional demand on the database and processor, but would work (as long as the email client doesn't destroy the headers): add a uniqueID to the headers of messages that are not determined to be spam, and copy the raw message to a table with the uniqueID. If a delivered message is determined by the user as spam, they can forward the message to a special email account that SF can query from periodically (preferrably low priority service - fewer than xx inbound connections) and retrieve the message, scan for the uniqueID, then reprocess the original raw message through the Bayesian engine to properly tag the tokens as SPAM, reducing false negatives in the future... Thoughts? -Ric |
Posted By: LogSat
Date Posted: 04 May 2005 at 11:15pm
|
All, Thanks for the comments/suggestions. Here's our own 2 cents: The "Honeypot" idea was great, thanks Alan. We just uploaded in the registered user are build 2.5.1.250, which does have this feature. In this new version there is an additional blacklist: "Honeypot". It contains a list of email addresses to be used as honeypots. Any emails sent to an address in this list will cause the sender's IP to be permanently blocked. The list of auto-blocked IPs is saved in the file "HoneypotBlockedIPs.txt". We will be hopefully implementing RHSBL and SURBL next. As far as teaching the statistical filter about the "false negatives", this would require storing "good" messages along with spam in the database. Additional interfaces must be developed to allow end users match the spam they receive to the "good" email that was stored in the database. This feature will require major changes/development, and has so far been set aside. We're very hesitant in having SpamFilter control firewalls, as that can potentially cause disastrous situation in case there are "hiccups", so that will be set aside as well - too much liability there.... ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: keizersozay
Date Posted: 04 May 2005 at 11:19pm
| You rock Roberto! |
Posted By: Guests
Date Posted: 06 May 2005 at 5:03pm
|
Hey thanks for putting that into a build so quick Roberto. Another minor request: a way to add comments and to disable line items in the text lists. Maybe an apostrophy as the first line item to ignore the rest of the line as comments? I guess I would like them to work more like script that can be well annotated with comments with the ability to temporarily disable certain portions.
|
LogSat wrote:Posted By: LogSat
Date Posted: 08 May 2005 at 6:08pm
|
Sorry Alan, that request has been asked for many times, but we've always had to reject it :-) The reason is that many users have rather large (MBs...) lists. SpamFilter is very efficient in processing incoming emails, and adding a parsing engine to filter out comments in the text files will impact performance quite a bit. We've tried in the past, and since the performance loss was noticeable, we opted againts it. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Alan
Date Posted: 09 May 2005 at 12:02pm
|
Ok just thought I would ask again. As far as the honeypot, I have entered a number of old defunct email addresses that are apparantly on a lot of spammer lists and have had it running for the weekend, but have not logged a single entry in the IP list yet. Could it be because the emails were snagged or blocked by one of the other filters? |
Posted By: Desperado
Date Posted: 09 May 2005 at 12:27pm
|
Hmmm, I have a single entry in the address list and have accumulated 81 IP addresses so far. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: Guests
Date Posted: 09 May 2005 at 12:34pm
|
I think this is a great idea. Especially for those of us who are hosting multiple domains. We use the the autowhitelist extensivley and allow our customer to whitelist their own customers via a form as well as the quarantine db. Once that domain is no longer with us, we just remove any references to that domain in the autowhitelist text file. If you had an option that worked the same for blacklisting, I think your sales to ISP's and web hosting companies would increase quite a bit. Any engineering reasons why this could not be done? Thanks for listening. |
Posted By: Alan
Date Posted: 09 May 2005 at 1:38pm
Hmm, looks like the problem was these addresses were on the blocked
recipients list. Taking them off has started adding to the
honeypot IP list now.
|
Posted By: WebGuyz
Date Posted: 12 May 2005 at 12:52am
|
I used to gather my own IP's to block with a honeypot mechanism I devised but eventually had to scrap it because zombie PC's on networks like Comcast and SBC were being used to send spam which would of course cause my honeypot system to block the IP's of valid mail servers.
------------- http://www.webguyz.net |
Posted By: Alan
Date Posted: 13 May 2005 at 12:18pm
|
Roberto, another request. Currently the :NULL tag can be added to cause an email to be discarded even if on a list that is set for quarantine. Can you create another tag that allows an email to be quarantined even though it on a list set for "Do not quarantine" This makes handling exceptions easier. (or does this exist already?) Specifically this is in reference to the honeypot IP list. I have a couple of backup MX IP's that are being used by spammers that I need to be able to quarantine, but the rest on the honeypot IP's can all be discarded as "Do not quarantine". I need a way to tag those couple of IP's |
Posted By: _Eric
Date Posted: 13 May 2005 at 3:21pm
|
configurable logging options in the ini ?
great product ! the sawmill template was great, for my brain dead management, a webtrends template would also be great. -eric- (user/admin of since version 1.0) version SpamFilter ISP v2.5.1.450 logs a little too much ... |
Posted By: LogSat
Date Posted: 13 May 2005 at 9:58pm
|
Alan, If I understood correctly, are your secondary MX servers forwarding emails to SpamFilter? If so, you may want to reconsiders, as since many of SpamFilter's rules work on the spammer's IP. IF SpamFilter sees your secondary's IP instead of the real sender, many tests will be unreliable and SpamFilter's actions will be inaccurate. I would see your request for an exception, but there may be other quirks with that configuration. Eric, Logging is "fixed" and can't be changed. We'd rather keep it that way, as often problems occur ones and are not repeated. If logging was not there, we (and the admins) would not be able to find eventual problems for which the logs will provide an answer. Often all that is needed is just a few day's worth of logs, an automated script to purge old logs is "safer" than performing less logging (and helps us tremendously in providing support!) ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Desperado
Date Posted: 13 May 2005 at 10:11pm
|
Eric, I feel the you can never log "too much". I have a script to "split" the logs on servers where they get too large. Dan ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: _Eric
Date Posted: 14 May 2005 at 6:23pm
|
//Eric,
Logging is "fixed" and can't be changed// --yes off course but i ment modes, like debug level logging, advanced, and normal. (spamfilter.ini loglevel 1,2,3 ...) personally, the reload message in the logs is not so important, and even that value might be configurable in a feature version, we now handle 2,6 million mails a day, our company grows and grows through europe, and logfiles are now on a spare u360 scsi drive, in order to keep performance in a normal level. the earlier (~timer-minute-timer) problem was caused by the pci latency and extreme high i/o load which a dell 2850 with perc4-raid (3 drives) could no longer handle. (busmastering problem between nic and scsi adapter) i mean, i know logsat works great, and beyond that, but with these loads, you want to have something to spare, and not extra informational logging in huge files. (our max mailsize is 40480kb and 50% of our users use that daily and receive it through logsat also ..) |
Posted By: _Eric
Date Posted: 15 May 2005 at 7:13am
|
//and logfiles are now on a spare u360 scsi drive, in order to keep performance in a normal level. //
this drive is mounted as \logfiles in %drive%\%logsatrootdir% -eric- |
Posted By: LogSat
Date Posted: 15 May 2005 at 11:52am
|
"System" messages, as reloading of files, are usually independend on
the number of emails received, and will cause a fixed amount of entries
per day. The bulk of the logs are caused by entries related to incoming
emails. Each incoming email will usually generate about a dozen log
entries, so the more email traffic, the more logs. PS - there's an ini option to relocate the logfile directory if needed. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Alan
Date Posted: 18 May 2005 at 5:32pm
Although there may be some quirks depsnding on how it is used, it would
really be a useful feature for others who want to have the
redundancy. Others who do not want to use could simple not do
so. What are the chances you can put this into a build?
|
Posted By: Terry
Date Posted: 18 May 2005 at 7:06pm
| Roberto, you mention that there is now a HoneyPot setting....I have 2.5.1.441 installed but do not see a tab or setting for this feature. Can you tell me where this is set? |
Posted By: LogSat
Date Posted: 18 May 2005 at 10:45pm
|
Terry, Right now this feature is available in the 2.5.2.x pre-release versions that are available in the registered user's download area. We'll be probably releasing the latest build officially (to registered users only for now) this weekend. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |