Intrusion prevention basics

Intrusion prevention, formerly called tarpitting, is a great feature, which has one main feature of avoiding spam dictionary attacks, where spammers try to send messages to any addresses they have on their dictionary containing thousands of words.

If remote server sends a message to x wrong recipients, it is blocked for the specific time.

Check the screen below for recommend Intrusion prevention settings, where we block cross session attempts to send mail to up to 5 unknown accounts, and block IP’s for 4 hours (240 min).

Press F1 on the Intrusion Prevention tab for information on each option.

Note the maximum message size of 100 MB. It is important, because usually SMTP cannot block a message due to it’s file size being over the limit you specified, until it receives it completely. With this option, if someone is sending a message and it reaches 100 MB, that person’s IP is also blocked for 4 hours.

Note that most options in Icewarp, including Intrusion Prevention, have a Bypass feature (B button), where you can specify IP’s or domains that you do not want to be detected as intruders ever. In Icewarp 9 you have an option in the Bypass button to Bypass all local senders, so that your own customers are not tarpitted. Note also that by using SMTP Auth (or other method that your support such as a Trusted IP or POP before SMTP), your customer should usually not be tarpitted.

More information can be find in FAQ:How to configure AntiSpam and mail server security