IDS Blocks

System administrators can use this section to review all IP addresses that have been blocked by the mail server as a result of any IDS (abuse detection) rules that have been configured in SmarterMail's Security area. As a result of these rules, SmarterMail will monitor the server and keep track of all IP addresses that are currently being blocked for SMTP, IMAP, POP, LDAP, XMPP, Webmail or for potential email harvesting abuse. System administrators can view a list of blocked IPs by abuse type or view all blocked connections at one time.

The following information is displayed for each block:

• Source - The IP address that tripped the IDS rule. NOTE: The use of VPNs and proxies mean that the Source of the intrusion may not be the actual origination of the intrusion.
• Time Left - The time remaining for the specific block. When setting up IDS rules, system administrators can attach time limits for each type of block. Time Left offers a countdown timer based on what is set by the system administrator.
• Country - The country of origin for the Source IP.
• Type - The type of intrusion detection rule that was triggered.
• Rule Description - The description of the Rule Type as provided by the system administrator when the Rule was created.
• Blocks in 30 Days - The number of times a particluar source has triggered an IDS rule in the previous 30 days.

System adminstrators can remove the selected Source IP(s) from the list by selecting the IP(s) and selecting Unblock from the Actions (⋮) menu. However, this does not affect the abuse detection rule that blocked the IP in the first place; it only removes the block from the IP. If the system administrator feels the block is warranted, and should be enforced past the Time Left, they can Blacklist the IP.