Abuse Detection for ActiveSync
Idea shared by Chris Le - September 29, 2014 at 2:25 PM
Proposed
It is becoming an increasing problem of users getting fired from their companies and they have an ActiveSync account on their phone relentlessly trying to login to our server. We would like to see a way to block these phones in the Abuse Detection settings.

3 Replies

Reply to Thread
0
Let me chime in on this one also.  Failed EAS logins will show up as ASP.NET 4.0 errors in the Event Viewer Application log, and they pretty much fill it up.  I have two users hitting this and there are hundreds of Events logged every day.  This is totally undesirable and it must be fixed.

I'm not sure that this should be treated as Abuse, but rather just treat it like anything involving POP3, IMAP and SMTP.  There's absolutely no reason why SmarterMail should be throwing ASP.NET errors on a failed EAS login.  I see no harm in them just being logged in the standard SmarterMail logs when this happens.
0
Yes that is exactly what is happening to us. I have had IIS crash a few times, not sure if its because of this.
0
My issue was fishing through this stuff to try to find the cause of crashes. It's very difficult with just 2 devices doing failed logins because you have to view the contents of each error to find if they are related to this EAS stuff, or something else, with +99% being this garbage. The fact that they are logged as Application Errors could signify an issue as they should be handled without making ASP.NET throw one. My guess is however probably not, but it's hard to find anything but these things in my Event Viewer.

Reply to Thread