How to prevent Incoming Gateway from being blocked
Question asked by Scarab - July 2, 2015 at 3:36 PM
We have Smartermail Abuse Detection set as follows:
Denial of Service SMTP:  100 connections in 10 minutes Block 60 minutes
Bad SMTP Sessions (Harvesting): 30 connections in 60 minutes Block 60 minutes
Our SmarterMail Incoming Gateway is repeatedly being blocked by our primary SmarterMail Server lately. We are running our Incoming Gateway in SmartMail Gateway Mode.
Our Incoming Gateway is doing all Spam Checks on inbound email before handing it to our primary SmarterMail Server to deliver.
Is there a setting I should set to prevent it from being blocked by Abuse Detection rules? I assume that Whitelisting would defeat the purpose of the Gateway doing Anti-Spam checks if we did Whitelist it.
Weirder thing is I don't believe that it was ever getting blocked prior to upgrading to v14. Now it is happening almost every hour during peak hours (8am-4pm).

5 Replies

Reply to Thread
Any ideas at all? Anyone? Our Incoming Gateway is getting blocked every 7 minutes now during peak hours. I'm beginning to get desperate as I have to spend my entire day manually unblocking it from the Current IDS Blocks screen and I really don't want to roll back to v13.
Employee Replied
Employee Post
Hi Scarab,
Do you have the IP added to the "Bypass Gateways" tab on the "Antispam Administration" page?
Ever since I put an Event Notification on our Primary for IDS Blocks against our Incoming Gateway they have all been for "Abuse detection rule (Denial of Service) has been triggered by". The detailed SMTP Logs show dozens of the following entries every time the Abuse Detection is triggered:
[2015.07.13] 13:09:50 [][10420181] connected at 7/13/2015 1:09:50 PM
[2015.07.13] 13:09:50 [][10420181] "421 Server is busy, try again later." response returned.
[2015.07.13] 13:09:50 [][10420181] IP is blacklisted
Below is a screenshot of our Bypass Gateways settings on our Primary SmarterMail Server [] that is repeatedly blocking []:
Bypass Gateways
I can confirm that it has also triggered the Harvesting Abuse Detection "Abuse detection rule Major (EmailHarvesting) has been triggered by" on numerous occasions as well. However, this happens far less frequently (as in once in a week as opposed to once every 7 minutes for Denial of Service).
Matt Petty Replied
Employee Post
We have sent you a logging build in an attempt to get more information on the issue.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
Was this ever addressed? We have the same issues in the latest v15 release.


Reply to Thread