Back to Community Threads
2
IDS Internal Spammer Rules
Question asked by Ryan Wittenauer - 5/2/2019 at 11:56 AM
Unanswered
Curious how the community implements their internal spammer IDS rules.

Currently we have rules in place that block anyone that sends over 200 messages in under 10 minutes.
It's been helpful at catching compromised accounts that can quickly bog down our system to a standstill with spam. 

Anyone else in the community have a setup that works well for them in that they don't also catch legitimate traffic? 

4 Replies

Reply to Thread
1
Michael Replied
5/4/2019 at 4:57 PM
We look at 100 in 5 minutes and notify the admin.
1
Employee Replied
5/8/2019 at 3:27 PM
Employee Post
Hi Ryan.  We use 100 within 30 minutes and haven't had a compromised account in years.
1
Michael Replied
5/8/2019 at 7:05 PM
Rod, do you guys Quarantine, Notify, or Block?
1
Employee Replied
5/9/2019 at 7:59 AM
Employee Post
Mike, we just notify.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
SmarterMail Server Performance TuningSmarterMail > Server Configuration and Management
Find a Compromised AccountSmarterMail > Troubleshooting
Message Archiving in SmarterMailSmarterMail > Installation and Configuration