Recommended IDS Rules for SmarterMail 16.x
Question asked by ram - July 4, 2017 at 4:49 PM
Unanswered
Somebody can recommend IDS rules for new SmarterMail 16.x to protect the server and email accounts?

1 Reply

Reply to Thread
2
This is a good thread as there isn't much guidance on IDS blocks.  Here is what we are doing with 8,000 users:
 
Password Brute Force (All Services)
50 failures in 10 minutes and we kill for 30 days
 
Bad SMTP Sessions (SMTP)
100 bad sessions in 10 minutes and we kill for 30 days
 
Denial of Service (All Services)
1000 connections in 10 minutes and we kill for 24 hours
 
Internal Spammer
1000 messages in 10 minutes and we notify ourselves only
 
Any suggestions for improvement?  Too strong or too lenient?  We have been running this for one year and never had a user complain that they were locked out.  Feedback is always appreciated.
 
Thanks!
Ron

Reply to Thread