Comodo Help
Find the desired product help
Xcitium Secure Email Gateway Enterprise

Xcitium Secure Email Gateway Enterprise

Admin Guide Version 6.7

English

Print Help Download Help
SMTP Configuration > Secure Email Gateway SMTP AUTH Connector > Anomaly Detection
  • Introduction To Comodo Secure Email Gateway
    • Login To The Secure Email Gateway Module
    • Get Started
      • Cloud Customers
      • On-premise Customers
    • The Main Interface
  • The Dashboard
    • System Usage Graphics
    • About Software
  • System Configurations
    • Services
    • Licenses
    • Configure System Settings
      • System General Settings
      • Cache Settings
      • Session Settings
      • GUI Customization
      • System Backup
      • System Restore
      • Log Upload Settings
      • Postmaster Settings
      • Web UI SSL
      • SMTP TLS Settings
      • Update Database
      • Syslog Server
    • Logs
      • Log Files
      • Purge Files
    • Tools
      • Check Connectivity
      • Clear SMTP Queue
    • Session Reports
    • System Usage Statistics
  • SMTP Configuration
    • SMTP (Send E-Mail Protocol) Settings
      • General Settings
      • Advanced Settings
      • Outbound Delivery Queue
    • Manage Domains
      • Manage Domain Names
      • Manage Domain Routes
      • Manage Smart Hosts
      • Default Domain Routing
    • Secure Email Gateway SMTP AUTH Connector
      • SMTP Authentication Settings
      • Block Users
      • Anomaly Detection
    • LDAP/Local DB/My SQL User Database
      • LDAP Profile
      • Local DB Users
      • My SQL User Database
    • Greylist
      • Greylist Ignored IP Addresses/Domains
    • Manage RBL Servers
    • Disclaimer
    • SMPT Relay
    • DomainKeys Identified Mail (DKIM)
    • Outgoing SMTP Limits
    • Incoming SMTP Limits
  • Modules
    • Anti-spam
      • Anti-spam General Settings
      • Authorized Trainers
      • Advanced Anti-spam Settings
      • Bayesian Training
      • Content Filter
      • Signature Whitelist
      • Attachment Filter
    • Anti-Virus
      • Anti-Virus General Settings
      • Advanced Anti-Virus Settings
    • Korumail Reputation Network (KRN)
    • Anti-Spoofing
    • SMTP IPS/FW
      • SMTP IPS General Settings
      • Whitelist IP Addresses
      • Blocked IP Addresses
      • Rate Control
    • Auto Whitelist
    • Containment System
    • Data Leak Prevention (DLP)
    • Attachment Verdict System
  • Profile Management
    • Add And Configure A New Profile
      • Edit A Profile
      • Delete A Profile
  • Reports
    • Mail Logs Report
    • SMTP Queue Report
    • Delivery Logs Report
    • SMTP-AUTH Logs Report
    • Summary Reports
    • Domain Reports
    • Attachment Verdict Reports
    • Original Mail Request
  • Quarantine & Archive
    • Quarantine & Archive Settings
      • Quarantine & Archive General Settings
      • Email Reports Settings
      • Admin E-mail Reports Settings
    • Quarantine Logs
    • Archived Mails
  • About Comodo Security Solutions

Anomaly Detection


  • 'Anomaly Detection' will alert you if a user has sent messages from multiple IP addresses within a set time period.
  • You can choose to block these users if the outgoing mail IP addresses exceed the number set in this tab.
  • This value cannot be '0'. Set a value between 1 and 10,000 to block users, IP addresses or SMTP auth requests.
  • Click 'SMTP' > 'SMTP-AUTH' > 'Anomaly Detection' to open this area.


 

Anomaly Detection Settings – Table of Parameters

Parameter

Description

Enable Anomaly Detection

 Enable the feature with the parameters listed directly below this setting. Anomaly detection is disabled by default.

Enable monitoring mode

If enabled, the SMTP-AUTH controller monitors authorization requests from the specified IP addresses. By default this setting is disabled.

Interval (min)

The auditing time period for anomaly detection. To use the default settings as an example, a user will be blocked if detected IP addresses exceed 100 in any 30 minute period. Administrators will receive an alert if more than 30 IPs are detected in 30 minutes.

Number of failed SMTP-AUTH requests from a same IP to block that IP

Number of failed SMTP-AUTH requests from a particular IP before it is rejected.

Number of users from the same IP that makes failed SMTP-AUTH requests

The minimum number of users with same IP address that can make failed SMTP-AUTH requests. Any request beyond the threshold set will not be processed.

Number of different IP addresses that makes successful SMTP-AUTH requests with same username

The minimum number of different IP addresses that can make successful SMTP-AUTH requests with the same username. Any request beyond the threshold set will not be processed.

  • Click 'Save' to apply your changes.

    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2024. All rights reserved.