My org had an event last week where a false positive IPS alert was being thrown. This caused over 1400 email alerts within 20 minutes before anyone could get to it and shut it down. When I looked at the email logs it looks like it was sending 3-4 emails every MILISECOND.
We never had this kind of email flood before 19.5, so I'm not sure if its just a bug in this firmware or what. When looking for a solution to this issue, I noticed the "SMTP DoS Settings" in the Email Settings, which seems to be disabled by default. I can't find much info about these settings, so my question is, would enabling SMTP DoS and setting a low "Maximum recipients/email" or "Email Rate (per minute)" affect these internal alerts, or do these settings only affect inbound emails?
This thread was automatically locked due to age.
