HIDS 3356

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

3356

Status

Active rule currently published.

Alert Message

Multiple attempts to send e-mail from black-listed IP address (blocked).

Description

This rule detects if your antispam email solution has blocked an IP address 10 or more times 120 seconds. When this occurs, if ASL is configured to take Active Response measures it will do so. By default this means the IP address will be blocked by the firewall by 600 seconds.

False Positives

None.


Tuning Guidance

Contact your email antispam vendor for assistance if this IP address is not sending spam.


Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_3356&oldid=5630"
Personal tools