HIDS 3351

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

3351

Status

Active rule currently published.

Description

This rule detects multiple relaying attempts of spam through postfix. The default settings are to detect 6 attempts from the same IP, within 90 seconds. The IP is then blocked by default for 600 seconds.

False Positives

This rule can be falsely triggered if a user is attempting to relay mail through the system, but it not authorized to do so.

Tuning Recommendations

None.

Personal tools