Internal spammer notification not working
Problem reported by Neal Culiner - July 10 at 9:55 AM
Submitted
I had an issue a few days ago of a compromised service that was sending thousands of emails, around 5000 in 5 minute periods. I had an internal spammer test (IDS rule) in place to notify me of 100 in 1 minute. Please ensure these rules are working. 

2 Replies

Reply to Thread
0
Hi Neal. I do not know why the rule did not work. Hopefully ST will chime in here and give an answer.
 
I wanted to let you know that we offer a program called Declude which works very well with SM and it's 100% FREE of charge. Declude includes a program called Hijack which will prevent mass amounts of spam email from leaving your server in the event of a compromised account or service. It's super easy to set up and configure. I thought I should mention it since you said you had a compromised service which caused thousands of emails to be sent. If you have any questions, please let me know and I will be happy to help you. You can download Declude from the following link if you would like to have the extra layer of Hijack protection: http://mailsbestfriend.com/downloads/. I hope this helps. Thanks!
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Matthew Kides Replied
Employee Post
Hello Neal,
 
Were these messages sent from an account on the server to other accounts on the server? The name may be a bit confusing as it does say internal but our help docs do state that the internal spammer rule only applies to external deliveries.
I did do a test locally of a rule set to notify at 50 messages within 5 minutes and it did notify me as expected. 
Matthew Kides
Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread