SM 17 Beta: problem with IDS Blocks - Webmail
Problem reported by Gabriele Maoret - November 22 at 9:03 AM
Submitted
Since the latest 3 or 4 updates we started to have a issue with Webmail IDS Blocks.
Every so often, one or more WEBMAIL blocks appear and they remain for a long time (even days), blocking users who have not had any problems. 
Unfortunately, from the IDS BLOCKS - WEBMAIL screen you do not understand what the blocking is because there are no useful details.

8 Replies

Reply to Thread
0
Gabriele Maoret Replied
There's an example of the info that I see:
 




IP Address Time LeftCountryProtocolTypeRule Description



alxxxxx@xxxx.it00N/AWebmailLogin Brute Force by Email



mxxxx@brexxxxxi.it30N/AWebmailLogin Brute Force by Email












0
Gabriele Maoret Replied
No info on that?

0
Gabriele Maoret Replied
I believe that in the latest releases of SM 17 the IDS BLOCKS system has a big BUG.

This keeps signaling me blocks in the WEBMAIL of various boxes (randomly ...) and after a while my clients who download mail with POP3 from those mailboxes are blocked.

Restarting the SamrterMail service the POP3 is unlocked and works for a while.

After a while (several hours), however, it starts to blocked mailboxes again (even completely different from the one before) and again other customers are blocked in the POP3 protocol.

0
Robert Emmett Replied
Employee Post
What version of SmarterMail 17 are you running?  Also, do you have your administrative logs set to Detailed?  If so, can you provide those logs that cover the timeframe in which the accounts are being blocked?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Gabriele Maoret Replied
SmarterMail Enterprise
Version: 6898 (nov 20, 2018)



0
Gabriele Maoret Replied
This below is an example of today.

All the users of domain XXXXXX.IT where blocked and listed in WEBMAIL BLOCKS (in the log appear thet they failed the login from IP address 95.XXX.98.XXX).

They have Kerio Connect on premise in their office that download email via POP3.

After restart "SmarterMail Service" the log report succesful login for all the users from the same IP address (that is the IP address of their office).

The only operation that I made was restart SmarterMail Service.


This issue is appearing randomly on all domains in SmarterMail.


***LOG DELETED FOR PRIVACY***
0
Gabriele Maoret Replied
Updated to the latest version today, the issue is not resolved.
0
Gabriele Maoret Replied
With the latest version 6913 this issue SEEMS to be resolved.

I would like to keep an eye on the system for a few more days, then I will let you know if everything is OK

Reply to Thread