We have implemented additionally log information for SMTP, POP, IMAP, and XMPP disconnects due to blacklisting.  For example, the log will reflect the following:

 

[2014.11.18] 08:27:10 [70.x.x.x][56396980] connected at 11/18/2014 8:27:10 AM
[2014.11.18] 08:27:10 [70.x.x.x][56396980] on blacklist; dropping session...
[2014.11.18] 08:27:10 [70.x.x.x][56396980] disconnected at 11/18/2014 8:27:10 AM

 

It should be in the next minor release of SM 13.

Scott, any IP that violates the Abuse Detection policies automatically is added to the temporary blacklist (found under System Admin | Manage | Current IDS Blocks).  This is probably the reason why you are seeing this in the log without any permanent entry under Security | Blacklist.

I am new to email servers with Smartermail 13 and have set up Smartermail using the ChicagoNet suggestions. Checking my SMTP logs I was seeing my own IP (webserver and email on the same IP) trying to authenticate live email addresses. Checking the ids block I also find my own IP indicated as DOS and Brute Force. 

 

I have checked the Online Users in User Activity and I find IP's from China and me as system admin. I don't have any Chinese users, in fact there are only 36 users in total. The IP my be spoofed from Baidu the Chinese search engine so I have blacklisted their entire IP range as a trial.

 

Initially the server SMTP logs showed thousands of rejections which were blacklisted so I thought I had resolved the issue. Now I am not so sure as checking the IDS Blocks I find my IP address in there again.

I just found this.

This is awesome !

 

Question. We are using

• SmarterMail Enterprise Edition
• Version 14.4.5801