StopITTM for MIMEsweeperTM MIMEsweeper for SMTP ReleaseITTM StopITTM LDAPtITTM SecureITTM MIMEsweeper for Exchange MIMEsweeper for Domino IMAGEmanager MIMEsweeper for Web What StopITTM does StopITTM for MIMEsweeperTM allows you to smooth out peaks in mail traffic volume and to protect internal mail systems from volume based denial of service attacks. StopITTM gives you all the benefits of MIMEsweeper but with: Improved Traffic Volume Management by providing filtering based on volume and message numbers transmitted in nominated time intervals. Increased Resilience by providing management of incorrectly constructed SMTP transmissions. StopITTM can operate in Monitor Only mode: Let StopITTM monitor the traffic through your MIMEsweeper SMTP gateway to establish accurate representative maxima for normal message volume and numbers for all sending users and domains. Then use this information to protect your site from abnormal traffic patterns. Possible uses of StopITTM are when: Your mail system users create very high volumes of low priority mail by mailing large messages to large mailing lists. StopITTM can identify unusual volume patterns, tag messages for parking by MIMEsweeper, and for release by MIMEsweeper at off peak times. You want a report of the typical maximum volume or number of messages sent by a user or from a domain in a specified period of time (e.g. minute, hour, day). Macro virus infection at one of your business partner’s sites results in large numbers of infected messages hitting your site, constituting an attempted denial of service attack. How StopITTM works StopITTM examines every mail message received by MIMEsweeper to determine the size and the address of origin. If a message conforms to StopITTM’s volume rules, then it is allowed to pass on for content checking by MIMEsweeper. StopITTM allows you to set the maximum volume (in Mbytes) and maximum number of messages sent from an origin (a specific user or domain) in a nominated time period. This is known as a StopITTM threshold for that origin. A specific user’s number of messages and traffic volume can be included or excluded from the accumulated domain totals. An example of a StopITTM threshold is as follows: first.last@domain.com can send a maximum of 100 messages, totalling no more than 50 Mbytes per 60 minutes and include in domain total. When a StopITTM threshold is exceeded, a single inform message is sent to the system administrator advising which threshold has been exceeded. Messages from the origin can be tagged and processed using standard MIMEsweeper functions or can be detained. StopITTM continues to monitor message traffic and offers two options for action when volume drops below an exceeded threshold. It can allow mail from the origin to flow again without StopITTM tagging or detaining it or it can keep blocking mail until an administrator intervenes. StopITTM is quite different to MIMEsweeper’s Park facility in two important respects; it operates on messages received over a period of time rather than on an individual message, and, it operates on message numbers not just size. Combine StopITTM with MIMEsweeper’s Park facility to get better control. Software Prerequisites MIMEsweeperTM for SMTP version 4.1, 4.2 and above. Further Information © Copyright 2002 Scientific Software and Systems Limited