Incident Response: Abuse Detection in SmarterMail 8 and above
Detective | Corrective
The purpose of this procedure is to define the actions to turn on abuse detection in SmarterMail 8 and above.
How to turn on abuse detection in SmarterMail.
NIST SP800-53R4 SI-8
- Administrative access to SmarterMail
- Log into SmarterMail admin as the domain administrator user. This is typically located at http://<server_ip_address>:9998 or http://mail.domain.com (depending on how the server is configured).
- Once logged in as the domain user, click Security on the left side toolbar.
- Expand Advanced Settings > Abuse Detection and click New.
- The system administrator will have the option of automatic blocking for DOS attacks on SMTP, IMAP, and POP services; likewise for SMTP harvesting and internal spammer notification, which is useful when any user receives more than a specified number of emails in a specified time frame. This will then alert the administrator to something potentially malicious happening and it can then be investigated.
Owner: Chief Information Security Officer
Questions: Chief Information Security Officer
Effective Date: 01/01/2016
Last Reviewed Date: 09/10/2018
Last Reviewed by: DataBank Security
Next Review Date: 09/2019