Anomaly Detection
- 'Anomaly Detection' will alert you if a user has sent messages from multiple IP addresses within a set time period.
- You can choose to block these users if the outgoing mail IP addresses exceed the number set in this tab.
- This value cannot be '0'. Set a value between 1 and 10,000 to block users, IP addresses or SMTP auth requests.
- Click 'SMTP' > 'SMTP-AUTH' > 'Anomaly Detection' to open this area.
Anomaly Detection Settings – Table of Parameters |
|
---|---|
Parameter |
Description |
Enable Anomaly Detection |
Enable the feature with the parameters listed directly below this setting. Anomaly detection is disabled by default. |
Enable monitoring mode |
If enabled, the SMTP-AUTH controller monitors authorization requests from the specified IP addresses. By default this setting is disabled. |
Interval (min) |
The auditing time period for anomaly detection. To use the default settings as an example, a user will be blocked if detected IP addresses exceed 100 in any 30 minute period. Administrators will receive an alert if more than 30 IPs are detected in 30 minutes. |
Number of failed SMTP-AUTH requests from a same IP to block that IP |
Number of failed SMTP-AUTH requests from a particular IP before it is rejected. |
Number of users from the same IP that makes failed SMTP-AUTH requests |
The minimum number of users with same IP address that can make failed SMTP-AUTH requests. Any request beyond the threshold set will not be processed. |
Number of different IP addresses that makes successful SMTP-AUTH requests with same username |
The minimum number of different IP addresses that can make successful SMTP-AUTH requests with the same username. Any request beyond the threshold set will not be processed. |
- Click 'Save' to apply your changes.