Internal spammer notification not working
Problem reported by Neal Culiner - 7/10/2018 at 9:55 AM
I had an issue a few days ago of a compromised service that was sending thousands of emails, around 5000 in 5 minute periods. I had an internal spammer test (IDS rule) in place to notify me of 100 in 1 minute. Please ensure these rules are working. 

3 Replies

Reply to Thread
Linda Pagillo Replied
Hi Neal. I do not know why the rule did not work. Hopefully ST will chime in here and give an answer.
I wanted to let you know that we offer a program called Declude which works very well with SM and it's 100% FREE of charge. Declude includes a program called Hijack which will prevent mass amounts of spam email from leaving your server in the event of a compromised account or service. It's super easy to set up and configure. I thought I should mention it since you said you had a compromised service which caused thousands of emails to be sent. If you have any questions, please let me know and I will be happy to help you. You can download Declude from the following link if you would like to have the extra layer of Hijack protection: http://mailsbestfriend.com/downloads/. I hope this helps. Thanks!
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
Employee Replied
Employee Post
Hello Neal,
Were these messages sent from an account on the server to other accounts on the server? The name may be a bit confusing as it does say internal but our help docs do state that the internal spammer rule only applies to external deliveries.
I did do a test locally of a rule set to notify at 50 messages within 5 minutes and it did notify me as expected. 
Neal Culiner Replied
It was sent outbound and should have gotten caught. I'll review my settings. Thanks for verifying.

I did not get an email notification of your reply. And it's not in junk mail which I cleared out last night.

Reply to Thread