IDS Blocks

System Administrators can use this section to review all IP addresses that have been blocked by the mail server as a result of any IDS (abuse detection) rules that have been configured in SmarterMail's Security area. As a result of these rules, SmarterMail will monitor the server and keep track of all IP addresses that are currently being blocked for SMTP, IMAP, POP, LDAP, XMPP, Webmail or for potential email harvesting abuse. System admins can view a list of blocked IPs by abuse type or view all blocked connections at one time.

Each IDS category has its own tab, and on each tab is displayed the number of sources blocked within that category. These categories include:

• All Blocks
• SMTP
• IMAP
• POP
• Delivery
• LDAP
• XMPP
• Webmail
• Email Harvesting

Clicking on a tab displays the following information:

• Source - The IP address that tripped the IDS rule. NOTE: The use of VPNs and proxies mean that the Source of the intrusion may not be the actual origination of the intrusion.
• Time Left - The time remaining for the specific block. When setting up IDS rules, System Administrators can attach time limits for each type of block. Time Left offers a countdown timer based on what is set by the System Admininstrator.
• Country - The country of origin for the Source IP.
• Protocol - The protocol used for the intrusion.
• Type - The type of intrusion detection rule that was triggered.
• Rule Description - The description of the Rule Type as provided by the System Administrator when the Rule was created.

System adminstrators can remove the selected Source IP(s) from the list by selecting the IP(s) and clicking Unblock. However, this does not affect the abuse detection rule that blocked the IP in the first place; it only removes the block from the IP. If the System Administrator feels the block is warranted, and should be enforced past the Time Left, they can Blacklist the IP.