Auto-Blacklist
Automatically block IPs that exhibit malicious behavior.
How It Works
When an IP shows malicious behavior (spam, brute force, etc.), SecZim can automatically add it to the blacklist for a configurable duration.
Trigger Conditions
IPs are auto-blacklisted when they:
- Send more than X spam emails in Y minutes
- Fail authentication more than X times
- Trigger security policies repeatedly
- Are listed on multiple RBLs
- Show clear bot/attack patterns
Configure Rules
In Settings → Auto-Blacklist:
- Spam Threshold: Number of spam emails before blocking
- Auth Failure Threshold: Failed logins before blocking
- Block Duration: How long IPs remain blocked (1 hour to permanent)
- Escalation: Increase duration for repeat offenders
Default Settings
By default, IPs are blocked for 24 hours after 5 spam attempts. You can adjust these thresholds based on your needs.
View Blocked IPs
Go to ACL → Auto-Blacklist to see:
- Currently blocked IPs
- Reason for blocking
- Time remaining until unblock
- Option to manually unblock
Whitelist Protection
IPs in your whitelist are never auto-blacklisted. This prevents accidental blocking of trusted partners.
Notifications
Configure alerts to be notified when:
- New IP is auto-blacklisted
- IP is blocked for the first time
- Repeat offender is blocked again
Manual Override
- Unblock: Remove IP from blacklist immediately
- Permanent Block: Make the block permanent
- Whitelist: Add to whitelist to prevent future blocks