|Alert Message||Rapid SMTP password incorrect events from the same IP source.|
ASL has detected multiple failed SMTP login attempts from a single IP within a short period of time. This specifically looks for 6 failures in 8 seconds.
If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off. This will of course allow this attacker to continue to brute force accounts in your mail server.
 False Positives
Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:
 Additional Information
 Similar Rules
 Knowledge Base Articles
 External Articles