3
Internal spammer notification not working
Problem reported by Neal Culiner - 7/10/2018 at 9:55 AM
Submitted
I had an issue a few days ago of a compromised service that was sending thousands of emails, around 5000 in 5 minute periods. I had an internal spammer test (IDS rule) in place to notify me of 100 in 1 minute. Please ensure these rules are working. 

3 Replies

Reply to Thread
0
Linda Pagillo Replied
Hi Neal. I do not know why the rule did not work. Hopefully ST will chime in here and give an answer.
 
I wanted to let you know that we offer a program called Declude which works very well with SM and it's 100% FREE of charge. Declude includes a program called Hijack which will prevent mass amounts of spam email from leaving your server in the event of a compromised account or service. It's super easy to set up and configure. I thought I should mention it since you said you had a compromised service which caused thousands of emails to be sent. If you have any questions, please let me know and I will be happy to help you. You can download Declude from the following link if you would like to have the extra layer of Hijack protection: http://mailsbestfriend.com/downloads/. I hope this helps. Thanks!
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Employee Replied
Employee Post
Hello Neal,
 
Were these messages sent from an account on the server to other accounts on the server? The name may be a bit confusing as it does say internal but our help docs do state that the internal spammer rule only applies to external deliveries.
I did do a test locally of a rule set to notify at 50 messages within 5 minutes and it did notify me as expected. 
0
Neal Culiner Replied
It was sent outbound and should have gotten caught. I'll review my settings. Thanks for verifying.

I did not get an email notification of your reply. And it's not in junk mail which I cleared out last night.

Reply to Thread