Anomaly Detection
- 'Anomaly Detection' will alert you if a user has sent messages from multiple IP addresses within a set time period.
- You can choose to block these users if the outgoing mail IP addresses exceed the number set in this tab.
- This value cannot be '0'. Set a value between 1 and 10,000 to block users, IP addresses or SMTP auth requests.
- Click 'SMTP' > 'SMTP-AUTH' > 'Anomaly Detection' to open this area.

| Anomaly Detection Settings – Table of Parameters | |
|---|---|
| Parameter | Description | 
| Enable Anomaly Detection | Enable the feature with the parameters listed directly below this setting. Anomaly detection is disabled by default. | 
| Enable monitoring mode | If enabled, the SMTP-AUTH controller monitors authorization requests from the specified IP addresses. By default this setting is disabled. | 
| Interval (min) | The auditing time period for anomaly detection. To use the default settings as an example, a user will be blocked if detected IP addresses exceed 100 in any 30 minute period. Administrators will receive an alert if more than 30 IPs are detected in 30 minutes. | 
| Number of failed SMTP-AUTH requests from a same IP to block that IP | Number of failed SMTP-AUTH requests from a particular IP before it is rejected. | 
| Number of users from the same IP that makes failed SMTP-AUTH requests | The minimum number of users with same IP address that can make failed SMTP-AUTH requests. Any request beyond the threshold set will not be processed. | 
| Number of different IP addresses that makes successful SMTP-AUTH requests with same username | The minimum number of different IP addresses that can make successful SMTP-AUTH requests with the same username. Any request beyond the threshold set will not be processed. | 
- Click 'Save' to apply your changes.
 

 
                                 
                                                    