OK, I just ran a test where I created an internal spammer test rule for max 3 messages in 5 mins...
..and then broke it by sending 4 messages, generating rejects....
...and also the expected notification...
..and then went to the Manage->IDS page while logged in as sysadmin, and I could not find this block under either my IP address or my username...
My SMTP sending IP...
...all the currently listed blocks...
121.33.247.107 02:39 China SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
77.40.17.59 01:58:02 Russian Federation SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
185.234.216.140 01:40:35 Ireland SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
106.58.210.27 01:38:27 China SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
197.160.12.161 01:28:57 Egypt SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
5.196.217.177 01:26:34 France SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
185.234.219.98 01:20:00 Ireland SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
78.128.113.124 01:18:15 Bulgaria SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
45.227.253.212 01:09:36 Panama SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
120.192.81.226 58:16 China SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
45.82.153.136 54:23 Russian Federation SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
218.4.239.146 01:33:31 China SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
77.40.62.3 42:00 Russian Federation SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
45.82.153.79 46:53 Russian Federation SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
92.118.38.38 04:49 Romania SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
51.83.71.72 19:48 France SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
115.85.213.217 24:11 China SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
46.105.209.40 17:12 France SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
79.129.202.15 25:29 Greece SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
185.234.217.66 34:02 Ireland SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
213.97.127.117 38:42 Spain SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
46.105.209.45 24:59 France SMTP Password Brute Force by Protocol Default SMTP Password Brute Force strict rule
216.24.225.33 01:40:30 Canada Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
204.152.95.127 01:03:19 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
216.24.225.37 01:25:26 Canada Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
38.64.68.157 01:25:08 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
69.94.155.42 01:19:18 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
185.173.235.131 01:07:08 Netherlands Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
91.149.210.169 01:00:43 Poland Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
181.41.216.140 35:25 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
45.133.39.150 52:36 Turkey Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
85.93.5.231 40:38 United Arab Emirates Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
69.94.155.41 37:33 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
216.24.225.32 05:02 Canada Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
168.235.229.196 01:08 Canada Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
176.28.27.144 01:44:47 Germany Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
216.24.225.35 58:50 Canada Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
181.41.216.139 01:49:51 United States Email Harvesting Bad SMTP Sessions (Harvesting) Default email harvesting strict rule
I tried send an additional email after checking the IDS blocks page to be 100% sure my account was still blocked, and this additional email was also rejected as expected.
Where else can I look to find this block?
Thanks!
-josh