So I have a question maybe someone can answer, I got a call from one of my users today specifying they cannot email out of their email account from webmail. They are getting the "Outbound messages have been temporarily blocked due to spam behavior  detected on your account." What I found out was they sent a mass email and got several bounced emails back to them. We have a rule setup for this to trap an email account that may have been compromised to stop a spammer from landing our mail server on a blacklist. So the rule is set to trip if 10 bounces come back within 1 minute. So this user's account tripped the rule set to fire off, all well and good that it works, but I can't find where I release this users account. Checking the Current IDS SMTP block list, it's a mile long. I cleared all the IP's for the United States but none of them released this user's account. We still couldn't send. I did a quick text search through the SmarterTools folder to find her account anywhere and all I turned up were regular log files. I used AgentRansack text search.

 

So my question is this, where does SmarterMail store this information? There's no text file I can see that has a flag set, so it must be stored in memory correct? The only way I could clear this is restart the SmarterMail service which I really think is backwards. Plus restarting SM is a major inconvenience to all the rest of our users we host and this type of thing really should be stored in a file or a database file somewhere so we can manually release the account. Better yet give us another area like dashboard to manually clear the entry out like the Current IDS section has. Thankfully the issue doesn't crop up all that often, but when it does it's a huge issue to reboot the SM service just to clear something like this out, when all we need is an area where we can check like we already have with the Current IDS blocks, just add an extra section for local domains or whatever.

 

If there's something I am missing please let me know. Anyone else have a run in with this?