Honeypots and Backup MX records |
Post Reply 
|
| Author | |
bpogue99 
Groupie 
Joined: 26 January 2005 Status: Offline Points: 59 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Honeypots and Backup MX recordsPosted: 20 May 2009 at 3:40pm |
|
Hello community,
Using SF 4.1.2.801 as the main incoming server, I've got a question on how to handle a situation where an offsite backup MX service is used. The scenario is simple:
domain.com 600 mx 10 mail.domain.com
domain.com 600 mx 20 mail.backupmx.com
domain.com 600 mx 30 mail.domain.com
Spammers regularly hit all 3 of the records. The problem is that the backupmx.com (not it's real name) service quite often gets dumped into the honeypots IP list. Whitelisting the IP of the backup MX is not a reasonable solution since that would open the door for all the spammers. But, having it honeypotted is also bad because it causes rejection of emails based simply on that IP.
So, in short, is there a way to use the honeypot features, yet, not honeypot a particular set of IP's, but also not whitelist them? I guess what I want to do is exclude some IP's from ever being honeypotted or blacklisted, but not whitelisted, sort of skip the IP testing.
Thanks!
 |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2009 at 9:00am |
|
bpogue99,
There sure is a way. DoNotAddIPToHoneypot – This optional setting is available in the SpamFilter.ini file. It is used to specify any IPs (separated by commas - no wildcards) that you do not wish to be automatically added to the Honeypot IP blacklist. This setting also prevents those IPs to be added to the IP cache blacklist. It is used mainly to specify IPs that you still wish to be filtered for spam, but you do not want to permanently block. There is no need to restart SpamFilter after making the change in the ini file, it will be reloaded automatically within 60 seconds after you save it. |
|
|
|
|
bpogue99
Groupie
Joined: 26 January 2005 Status: Offline Points: 59 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2009 at 11:05am |
|
Awesome Roberto, I knew it had to already be addressed!! Can I enter entire segments in the list or just individual IP's? Such as 10.0.0.0/24 versus 10.0.0.1 to 10.0.0.254? I'm assuming there is a recommended limit to how many IP's to actually put on this list. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2009 at 12:36pm |
|
sorry, only individual IPs can be added in that list, not networks.
As far as limits are concerned, to be honest we're not sure! The limit here is dependent on the Windows OS itself and how long a line in an .INI file can be - we've never researched this to find out the maximum (if any). A few thousand characters however on that line should be acceptable. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.094 seconds.