SmarterMail 6.x Help
This documentation is for a product that is no longer supported by SmarterTools.

Abuse Detection

SmarterMail has several methods of preventing abuse and Denial of Service (DoS) attacks. The ones that can be configured are explained below. Any number of detection methods can be added.

To get started, click the Security button on the main toolbar, then select Abuse Detection from the Security folder tree view.

Once you arrive on the Abuse Detection screen, you will see three icons on the actions toolbar—New, Edit, and Delete.

When clicking the New icon on the actions toolbar you will have these options:

Denial of Service (DoS) Prevention - Too many connections from a single IP address can indicate a Denial of Service (DoS) attack. Enable this option to block IPs that are connecting too often to the server. It is recommended that you whitelist any trusted IP addresses that may send out large mailing lists or make many connections if you enable this option.

  • Service Type - Select the service that will be monitored for this type of attack (POP/SMTP/IMAP/LDAP).
  • Time Frame - The period of time in the past that is examined to determine if an IP address should be blocked. Too many connections in this period of time, and a block will be initiated.
  • Connections Before Block - The number of connections before a block is placed. It is common for several connections to be open at once from an IP address. Set this to a relatively high value so that you can catch DoS attacks while not impacting legitimate customers.
  • Time to Block - The number of minutes that a block will be placed once an IP hits the threshold.

Bad SMTP Sessions (Email Harvesting) - A bad session is any connection that ends without successfully sending a message. Many bad sessions usually indicate spamming or email harvesting. Leaving all of these options set to 0 (zero) will disable this type of abuse detection. It is recommended that you whitelist any trusted IP addresses that may send out large mailing lists if you enable this option.

  • Time Frame - The period of time in the past that is examined to determine if an IP address should be blocked. Too many bad sessions in this period of time, and a block will be initiated.
  • Bad Sessions Before Block - The number of bad sessions before a block is placed. A few bad sessions happen once in a while, for instance when a person sends an email to an email account that does not exist. It is not these people that you are targetting, but rather those that are attempting to compromise or harass your customers.
  • Time to Block - The number of minutes that a block will be placed once an IP hits the threshold.

Internal Spammer Detection and Notification - Enabling this feature in SmarterMail will alert an administrator whenever a multiple emails are received on the server of the same size.

  • Time Frame - The period of time in the past that is examined to determine if an alert should be sent. Too many duplicate emails in this period of time, and an alert will be sent.
  • Messages Before Notify - After this many duplicate messages are received within the time period specified, the email notification is sent.
  • Email to Notify - The administrator account to which the notification will be sent.

Edit Icon - Editing and item can be done three ways:

  • Select the item and then choose the Edit icon from the actions toolbar, or
  • Right-click the item and choose Edit from the drop down list, or
  • Double-click the item you would like to edit

Delete Icon - Deleting an item can be done two ways:

  • Select the item and click the Delete icon from the actions toolbar, or
  • Right-click the time and select Delete from the drop down list