Knowledgebase
Mail Server Security
The Mail Security contains the following System Administrator resources:
Abuse Detection rules
Through the use of Abuse Detection rules, SmarterMail includes several methods for preventing abuse and denial of service (DoS) attacks on your mail server. For example, rules can be configured to monitor a variety of activity on the mail server, including the number of connections coming from a single IP address, the number of messages sent within a specific timeframe, the number of login attempts and more. These rules allow SmarterMail to alert System Administrators of suspicious behavior or take action to prevent the attack.
We activated the following rules:
Denial of Service (DOS) - monitored for this type of attack: SMTP, IMAP, POPToo many connections from a single IP address can indicate a Denial of Service (DOS) attack. Enable this option to block IPs that are connecting too often to the server.
50 number of connections for 5 minutes will block the IP for 5 minutes
Bad SMTP Sessions (Harvesting)
A bad session is any connection that ends without successfully sending a message. Many bad sessions usually indicate spamming or email harvesting.
20 bed sessions for 5 minutes period of time will block the IP for 5 minutes
Password Brute Force by Protocol - monitored for this type of attack: SMTP, IMAP, POP
A common ploy by spammers and hackers is attempting to guess passwords for users. Many times this entails continual log in attempts to an account using different passwords, each a bit different than the one before it. This thereby brute forcing the password.
50 number of connections for 10 minutes will block the IP for 30 minutes
Blacklists
System administrators are able to control the IP addresses that are blacklisted or whitelisted from accessing mail services. Blacklisting an IP address prevents it from making incoming connections, while whitelisting an IP address adds the IP as a trusted source, allowing connections to bypass relay restrictions that may be imposed.