Procedure
- Go to . The Rules screen appears with 4 tabs, one for each type of threat.
- Click the Bounced Mail tab. The Bounced Mail screen appears.
- Select the Enable check box to enable blocking of bounced mail.
- Configure the following:
-
Duration to monitor: The number of hours that IMSS monitors email traffic to see if the percentage of messages signaling bounced mail exceeds the threshold you set.
-
Rate (%): The maximum number of allowable messages signaling bounced mail (the numerator).
-
Total messages: The total number of bounced messages out of which the threshold percentage is calculated (the denominator).
Consider the following example:Duration to monitor: 1 hour at a rate of 20 out of 100During each one-hour period that blocking for bounced mail is active, IMSS starts blocking IP addresses when more than 20% of the messages it receives are bounced messages and the total number of messages exceeds 100.
Note
The LDAP service must be running to check bounced mail. -
- Next to Triggering action, select one of the
following:
-
Block temporarily: Block messages from the IP address temporarily and allow the upstream MTA to try again after the block duration ends.
-
Block permanently: Never allow another message from the IP address and do not allow the upstream MTA to try again.
-
- Optional: If you select Block temporarily, specify the block duration.
- Click Save.