IP blocked
Question asked by ram - 10/29/2019 at 7:17 AM
10/29/19 10:07 AM Rule Name -- 300 SMTP connections within 10 minutes (Denial of Service DOS) IP Address -- xxx.xx.xxx.xxx

What is means? How I can get more details as email address, PC name or is it virus?

2 Replies

Reply to Thread
ram Replied
More details from log section:

[2019.10.29] 08:06:20.508 [xxx.xx.xxx.xxx ][11417115] connected at 10/29/2019 8:06:20 AM
[2019.10.29] 08:06:20.508 [xxx.xx.xxx.xxx ][11417115] "421 Server is busy, try again later." response returned.
[2019.10.29] 08:06:20.508 [xxx.xx.xxx.xxx ][11417115] IP blocked by bad SMTP sessions (email harvesting) abuse detection rule
[2019.10.29] 08:06:20.508 [xxx.xx.xxx.xxx ][11417115] disconnected at 10/29/2019 8:06:20 AM
Kyle Kerst Replied
Employee Post Marked As Answer
Hello Ram, these log entries indicate an IP address or user was blocked by the Intrusion Detection System due to the number of connection attempts or bad password attempts. These rules are found/configured under Settings>Security>IDS Rules and you can unblock the IP by navigating to Manage>IDS Blocks from a system administrator account. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278

Reply to Thread