Incident Response: Abuse Detection in SmarterMail 8 and above

Expand / Collapse

Subject: Incident Response: Abuse Detection in SmarterMail 8 and above

Type of Security Control: Detective | Corrective

Purpose:

The purpose of this procedure is to define the actions to turn on abuse detection in SmarterMail 8 and above.

Impact: Medium

Applies to: External 

Description: How to turn on abuse detection in SmarterMail.

Applicable Compliance Statements: 

  • NIST SP800-53R4 SI-8
  • Prerequisites: 

    • Administrative access to SmarterMail

    Service Level Agreements: N/A

    Process:

      1. Log into SmarterMail admin as the domain administrator user.  This is typically located at http://<server_ip_address>:9998 or http://mail.domain.com (depending on how the server is configured).
      2. Once logged in as the domain user, click Security on the left side toolbar. 
      3. Expand Advanced Settings > Abuse Detection and click New.
      4. The system administrator will have the option of automatic blocking for DOS attacks on SMTP, IMAP, and POP services; likewise for SMTP harvesting and internal spammer notification, which is useful when any user receives more than a specified number of emails in a specified time frame.  This will then alert the administrator to something potentially malicious happening and it can then be investigated.

    Owner: Chief Information Security Officer
    Questions: Chief Information Security Officer
    Effective Date: 01/01/2016
    Last Reviewed Date: 09/10/2018
    Last Reviewed by: DataBank Security
    Next Review Date: 09/2019



    Rate this Article:


    Details
    Category: E-Mail

    Last Modified:Monday, September 10, 2018 2:07 PM

    Type: HOWTO

    Level: Intermediate

    Article not rated yet.

    Article has been viewed 2,222 times.

    Options
    Email Article Email Article


    Social Bookmarks Social Bookmarks