Honeypot not always catching emails - ORF Forums

@thomas.waterhouse: Hello Thomas,

Accoring to SMTP standards, Delivery Status Notifications (or NDRs) must be sent with a blank sender address. Not surprisingly, spammers often try to exploit this rule and send their spam without sender address in an attempt to fool poorly configured filtering software. Of course, spammers make mistakes as well, but more often than not they do this intentionally.

As for your second question, the Honeypot test is always performed before the Recipient Validation test, so - by default - the IP should have been banned by the Honeypot test. Exceptions, however, can be configured in the ORF Administration Tool, so I would appreciate if you could send us (to ) the following for analysis:

• The ORF configuration file called orfent.ini. It can be found in the ORF program directory (default: \Program Files (x86)\ORF Fusion).

• The .log file from the day of the incident (e.g. orf-2015-12-12). It can be found on the configured ORF logging path (default: \Program Files (x86)\ORF Fusion).

• The recipient address that should have triggered the Honeypot ban.

@thomas.waterhouse: That is correct Thomas, the purpose of the "$" entry on the Honeypot IP Exception list is to avoid blacklisting legitimate mail servers. If the only emails that get blacklisted by Recipient Validation test instead of the Honeypot test are the ones that arrive without a sender address, then there is nothing to worry about. However, should you find other emails sent to the honeypot/spam-trap address avoiding the IP ban, I would be more than happy to review your ORF configuration and logs in order to identify possible technical issues.