LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

I've been looking at the honeypot option today, considering making it available to users.

I have found a few items by trial and error, manual, and these forums, and would like to confirm my findings:

Addresses placed in the honeypot blacklist have no effect if the email is not also added to the authorized to whitelist, due to filter order.
You can put email addresses on the TO blacklist, with the :honeypot option and it basically has the same effect except it does not need to be on the TO whitelist.  So basically the honeypot tab is not needed at all.
You can not use both a :honeypot and :null option on a single email address, only one option per email?
When an IP is added to the honeybotblockedIP list, it affects only the domain using the black listed email.  Other domains would not be effected.
Once an IP is added to the honeypotblockedips, it never expires (never is a long time!)

I can just see some company adding former employees to the honeypot list, then the former employee get his daily email from CNN and CNN ends up getting blacklisted and blocks CNN for all domains on the server.  That type of thing would be bad.

Does anyone see any errors with my findings? 

Edited by yapadu - 13 March 2009 at 4:08am

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
yapadu Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 12 May 2005 Status: Offline Points: 297	Post Options Post Reply Quote yapadu Report Post Thanks(0) Quote Reply Topic: Honeypot usage findings Posted: 13 March 2009 at 3:50am
	I've been looking at the honeypot option today, considering making it available to users. I have found a few items by trial and error, manual, and these forums, and would like to confirm my findings: Addresses placed in the honeypot blacklist have no effect if the email is not also added to the authorized to whitelist, due to filter order. You can put email addresses on the TO blacklist, with the :honeypot option and it basically has the same effect except it does not need to be on the TO whitelist. So basically the honeypot tab is not needed at all. You can not use both a :honeypot and :null option on a single email address, only one option per email? When an IP is added to the honeybotblockedIP list, it affects only the domain using the black listed email. Other domains would not be effected. Once an IP is added to the honeypotblockedips, it never expires (never is a long time!) I can just see some company adding former employees to the honeypot list, then the former employee get his daily email from CNN and CNN ends up getting blacklisted and blocks CNN for all domains on the server. That type of thing would be bad. Does anyone see any errors with my findings? Edited by yapadu - 13 March 2009 at 4:08am

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Honeypot usage findings