IDS Rules for Email Brute Force / Version 8580
Question asked by Schroeder Robert - 7/7/2023 at 9:56 PM
Hi all
Since a week I wake up and one of my accounts is blocked due to the IDS Rules for Email Brute Force. The only thing I changed on the rule is that I have put the blocking to 5000 days. May be it is ok but I want not to block the email but the IP who break the rule.
How dou you handle such fails with email ?
By the way It would be nice to have a build in filter which can block login attemps from non authorized countries. Example if IP is from Vietnam, this is real impossible as my users are all in EU. 
Best regards

1 Reply

Reply to Thread
Andrew Barker Replied
Employee Post Marked As Answer
If you want to block by IP instead of by email address, you'll want to create a Password Brute Force by IP rule. Brute Force by Email rules look for multiple failed attempts to log into a specific account and lock the targeted account, while Brute Force by IP rules look for multiple failed attempts coming from the same IP address and block that IP.

As for blocking authentication from a specific country, that capability is available in the current version of SmarterMail. As a domain or system administrator, go to a domain's General settings page. There is a card labeled Block Authentication by Country. You can adjust the settings there to either allow or block authentication from specific countries.
Andrew Barker Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Reply to Thread