The option for block distributed SMTP Logins is very usefull, but is necessary some advanced option to permit the automatic block of one email account involved in "more than X" continous distributed smtp logins.
For example, I have configured the distributed smtp logins detection to 3 diferent IP. Recently i recived from my server over 15 continuous mails alerting for distributed smtp logins for the account "personal.mail@somedomain.com". Example of this mails..
This 3 mails are recived in very short time, every one for 3 diferent IP's.. and a total of 9 diferent IP's.Mail N°1:
Time: Thu Jan 16 17:36:25 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block
IP Addresses Blocked:
188.209.248.11 (MD/Moldova, Republic of/11-248-209-188.globnet.md)
178.123.49.226 (BY/Belarus/-)
95.79.183.21 (RU/Russian Federation/dynamicip-95-79-183-21.pppoe.nn.ertelecom.ru)
Mail N°2:
Time: Thu Jan 16 17:39:51 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block
IP Addresses Blocked:
37.45.119.213 (BY/Belarus/-)
37.215.15.155 (BY/Belarus/-)
176.96.226.65 (RU/Russian Federation/-)
Mail N°2:
Time: Thu Jan 16 17:49:41 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block
IP Addresses Blocked:
109.165.54.194 (RU/Russian Federation/194.54.165.109.donpac.ru)
178.122.195.166 (BY/Belarus/-)
77.66.241.64 (RU/Russian Federation/-)
It would be useful if the system detects three or more consecutive distributed SMTP Logins, proceed to change the password for the email account to prevent other accesses.