With two attempts from 10.16 we experienced the same both times.

Sounds like a good idea. Currently we are just keeping an eye on the ME Audit daily file, \Mail Enable\Config\Audit\ , and dumping it into a database file for review of excessive IP violators. Then sending an email to the IP owner and sometimes to IC3. So far it's working for us but automating it in...

Well again today another ISP has requested the same information. Ian, could you please help if possible.

Thank you in advance!
Bob

You can go under filters and create a filter that any sender (From) that has ".attorney" and then set the action to "delete". I've done it and it works well. You are correct and we have tried that but found it unpractical with the quantity we need to block. Our vb script contains 273 domain extensi...

Our biggest spam are what we call the junk domains like .attorney so we updated a script within ME and what a DIFFERENCE!!!. Open the smtp service properties. Go to Advanced SMTP. Click on Configure under External Script. Check the box to enable script function for mail from. Click Edit Script. ////...

Is there a way that the audit logs can include the failed password that was used in each attempt? A recent complaint from us to an ISP has yielded in them requesting the full audit log that includes the failed passwords.

We have been using MagicSpam for spam and have been VERY satisfied. As for virus we are using ClamAV installed within ME.

http://www.magicspam.com/

I must agree that EWS would be a good feature/function as MANY of my clients are also moving away from Outlook to Em client.

Hello Ian,

Thank you for the quick reply and addressing it in the next version! Interestingly enough I just ran some quick calculations between yesterdays Audit and SMTP logs, 76% of the dictionary attacks were coming in with the *.* ehlo client.

Thank you again!

Just now added the "*.*" string to the SMTP "EHLO Blocking" option and it blocks all inbound traffic.

We have noticed within our AUDIT logs unusually high activity as compared to in the past. One common denominator with all has been the E hello as "HELO *.*", below is a snippet from our SMTP logs. Also login attempts, for the most, have been with username in alphabetical sequence. 07/16/17 23:58:50 ...

Ian,

I submitted a support request as requested but for got to mention, as of now the only attachments attempted by clients and myself were PDF's.

Bob

Still needed please.

Our users are having the same error regardless of the browser used. Tested browsers: Edge, IE, Chrome and Firefox. The work around is using the "Attachment" link. The error only happens when using "Browse" button.