Back to Community Threads
IDS Rules Default Settings
Problem reported by Bill T - Yesterday at 10:10 PM
Submitted
B
Just checked our IDS rules earlier today and noticed we were still on defaults and the defaults are very gentle.

Are people using the defaults or are you lowering the thresholds and increasing the block times? I'm wondering if maybe I just wasn't paying attention.

We lowered the thresholds and increased the block times substantially today and haven't gotten any tickets yet, so likely will push them even more tomorrow. With our VOIP systems we block IP addresses for weeks or months or even years sometimes if they try to brute force us. I feel like it's worth it to have a few more support tickets then to risk these brute force attacks catching a user with a horrible weak password. 
J
J. LaDow Replied
Yesterday at 10:22 PM
This is what we use - not OEM -- right-click/long-tap and view the image in a new tab / window so the forum doesn't down-scale it --

On top of this, our IDS scans the server logs and any IP that gets caught trying to break into an account is DQ'd 90 days. Same for offensive hosts.
MailEnable survivor / convert --
M
Mark Johnson Replied
Yesterday at 10:33 PM
here's ours, not sure how default they are?
how do they compare
any suggested improvements?
Sabatino Replied
Today at 1:17 AM
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
SmarterMail Server Performance TuningSmarterMail > Server Configuration and Management
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Key Feature and Version Milestones in SmarterMailSmarterMail
SmarterMail and ColdFusion IssuesSmarterMail > Troubleshooting