Back to Community Threads
2
Ability to automatically add Dos Notification IP address to blacklists
Idea shared by Jon Eastwood - 11/4/2014 at 2:32 PM
Under Consideration
I have dos notifications set up and I get such emails on a regular basis:
 
Abuse detection rule SMTP Password Brute Force Protection (BruteForceBySession) has been triggered by xxx.xxx.xxx.xxx
 
and 
 
Abuse detection rule Denial of Service - POP 50 in 10Min (DenialOfService) has been triggered by xxx.xxx.xxx.xxx
 
is there not such a way that instead of gettign these emaisl I can simply if they fire they add the ip address reported in the email added to the black list to stop it?
 
make sense?
 

4 Replies

Reply to Thread
0
Employee Replied
11/4/2014 at 3:15 PM
Employee Post
Currently, whenever a DOS or password brute force attempts are detected, the offending IP by protocol are temporary blocked (or blacklisted) for the specified minutes in "Time to Block."
 
Are you wanting an option to permanently add the IP to the blacklist?
0
yes please
btw - where is the time to block setting I forget
0
Employee Replied
11/5/2014 at 7:54 AM
Employee Post
yes please
btw - where is the time to block setting I forget
 
I will add this to our feature request list for further consideration with the dev team.  As for the "Time to Block" setting, it is under System Admin -> Security -> Advanced Settings -> Abuse Detection. All of the abuse detection types have that field available.
0
Hi Robert, I posted a question yesterday about whether it is possible to determine if there was a way to determine the source IP address of any DoS's that are identified in the Abuse Detection reports, but so far I haven't had anyone get back to me with an answer so I though I would ask here seeing as this is a related topic that has been engaged by a ST employee. I have tried to look in the logs but with so much to wade through I couldn't find anything obvious so just wanted to know if it was possible to track DoS causing IPs down in any way or not with SM 13.x?
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Create Community Based EventsSmarterTrack > Events
Unblock / Allow Browser Notifications in SmarterMailSmarterMail > Domain/User Configuration and Management
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Windows Mail and SmarterMailSmarterMail > Desktop and Mobile Synchronization