Easier report to find a hosted email account blocked via IDS
Idea shared by Jay Altemoos - August 11, 2017 at 10:24 AM
Proposed
So I got a call today from one of my users that cannot email out in their webmail account. They get the red bar at the top specifying "Outbound messages have been temporarily blocked due to spam behavior  detected on your account." So her account tripped one of the security check we have enabled, which is a good thing.
 
Now on to the bad, looking at the current IDS block section (SMTP) we always have a huge list of spammers attempting to impersonate someones account. All that's include included in this list is IP, Location, Detection Type, and Rule. The issue I have there is no date or time. This would be a huge help when I am trying to track down an issue like this. Plus when I look through the logs, the delivery log is useless in determining what the IP was for this user when the block happened,
 
this is all I get in the log:
[2017.08.10] 17:19:44 [24446] Outgoing SMTP is not allowed. Reason: IDS block.
[2017.08.10] 17:19:44 [24446] Outgoing SMTP is not allowed. Reason: IDS block.
[2017.08.10] 17:19:44 [24446] Outgoing SMTP is not allowed. Reason: IDS block.
[2017.08.10] 17:19:44 [24446] Outgoing SMTP is not allowed. Reason: IDS block.
 
How is this helpful? Can we at least get an IP address put in the log? Our SMTP IDS block is a mile long and trying to figure out what happened when right now is absolutely impossible. So the quick fix would be to restart the smartermail service which halts email for all my clients and is very incovenient especially in the middle of everyone's workday.
 
My proposals are this:
 
1. Can we add a date and time to the SMTP Current IDS block screen?
2. Either add the IP address to the delivery log
3. If we could get a separate report for IDS blocks or a security report of sorts that we can sort by our rules sets setup in Abuse detection section that would also make this efficient at troubleshooting
 
Right now trying to get this resolved for my client is not only wasting my time trying to find it in the IDS screen to release it, but it's also holding up their day because they can't email out to the people they need to. Thankfully this is not an occurrence that happens all that often but when it does it takes a toll on the rest of our customers if the only quick way to resolve it is restart the SmarterMail service.

Reply to Thread