Intrusion Prevention
Posted by Gary, Last modified by Marek Puverle on 14 May 2015 07:48 AM

Intrusion prevention

 

Intrusion prevention, formerly called tarpitting, is a great feature, which has one main feature of avoiding spam dictionary attacks, where spammers try to send messages to any addresses they have on their dictionary containing thousands of words.

If remote server sends a message to x wrong recipients, it is blocked for the specific time.

Check the screen below for recommend Intrusion prevention settings, where we block cross session attempts to send mail to up to 5 unknown accounts, and block IPs for 4 hours (240 min).

Intrusion Prevention

Press F1 on the Intrusion Prevention tab for information on each option.

Note the maximum message size of 100 MB. It is important, because usually SMTP cannot block a message due to its file size being over the limit you specified, until it receives it completely. With this option, if someone is sending a message and it reaches 100 MB, that persons IP is also blocked for 4 hours.

Note that most options in Icewarp, including Intrusion Prevention, have a Bypass feature (B button), where you can specify IPs or domains that you do not want to be detected as intruders ever. In Icewarp 9 you have an option in the Bypass button to Bypass all local senders, so that your own customers are not tarpitted. Note also that by using SMTP Auth (or other method that your support such as a Trusted IP or POP before SMTP), your customer should usually not be tarpitted.

 

Updated 15.07.2014, by Valentin