IDS Internal Spammer Rules
Question asked by Ryan Wittenauer - May 2 at 11:56 AM
Unanswered
Curious how the community implements their internal spammer IDS rules.

Currently we have rules in place that block anyone that sends over 200 messages in under 10 minutes.
It's been helpful at catching compromised accounts that can quickly bog down our system to a standstill with spam. 

Anyone else in the community have a setup that works well for them in that they don't also catch legitimate traffic? 


4 Replies

Reply to Thread
1
Michael Breines Replied
We look at 100 in 5 minutes and notify the admin.
1
Rod Lasky Replied
Employee Post
Hi Ryan.  We use 100 within 30 minutes and haven't had a compromised account in years.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Michael Breines Replied
Rod, do you guys Quarantine, Notify, or Block?
1
Rod Lasky Replied
Employee Post
Mike, we just notify.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread