I do this in a similar way for years. - my group is [dummy] - I replace all addresses of the honeypot-domain one (every time the same for each spam domain) valid local address - nodelay has 0.0.0.0/1=>[dummy] 128.0.0.0/1=>[dummy]
[dummy] is also in hlSpamLovers - helos should never blocked for the honeypot if a mail is detected as spam - fine - stored - nothing wrong - but.. NOTHING TO LEARN for assp (BAD until the next complete rebuildspamdb was finished) if it is not detected as spam, it is delivered to the dummy user - now the trick - the mailbox of this user has an agent, which spam-reports and deletes any incomming mail immediatly because the rebuild is running permanent (if configured) - assp learns just in time the new reported spam (also for all the other real users) >The problem is that the volume of spam is causing the sender Ip to goto the >extremePB. you should disable this - it is in montor mode (early is disabled) on my prod system Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 29.07.2015 15:18 Betreff: [Assp-test] Fwd: Honeypot addresses, any way to bypass extremepb? I sent this in early June to the user list, but it got no play, so I figured that I'd give here a go. Thanks ---------- Forwarded message ---------- From: K Post <nntp.p...@gmail.com> Date: Thu, Jun 4, 2015 at 9:34 AM Subject: Honeypot addresses, any way to bypass extremepb? To: For Users of ASSP <assp-u...@lists.sourceforge.net> I've setup a couple honeypot subdomains. My intention is to use them to gather more and more varied spam messages. This might just be a case of ASSP not being intended for this, in which case I'll just kill the subdomains or donate them to project honeypot. ..or I could just be doing it wrong. I have the subdomains listed in a group like this [HONEYPOT-ADDRESSES] @subdomain1.ourcharity.org @subdomain2.ourcharity.org and I have that group listed in SpamAddresses The problem is that the volume of spam is causing the sender Ip to goto the extremePB. in block reports, I see: spam reason: (score for xxx.xxx.xxx.xxx is 645, surpassing extreme level of 601) [--the subject--] and as such, the messages aren't being collected. Is there a way to tell ASSP to collect mail into the spam folder for specific addresses? Don't process them, don't block based on IP, just gobble up the mail, save it in spam, and give the IP a score. Maybe don't even give the sender an error, but don't use extremepb for mails exclusively to these addresses --like a honeypot should work. Again, if this is a bad idea, counter to ASSP's mission / design, etc, I'll just ditch the concept. ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
