HIDS 3351

From Atomicorp Wiki
Jump to: navigation, search

Rule ID



Active rule currently published.


This rule detects multiple relaying attempts of spam through postfix. The default settings are to detect 6 attempts from the same IP, within 90 seconds. The IP is then blocked by default for 600 seconds.

False Positives

This rule can be falsely triggered if a user is attempting to relay mail through the system, but it not authorized to do so.

Tuning Recommendations


Personal tools