g_breakin_white can be a wild card 209.85.* or cidr block.

     ChrisP.


On 1/11/2019 5:38 AM, Jim Lohiser wrote:
> NetWin,
>
> We had an unusual circumstance today. A customer was attempting to send an email through a mailbox on our system using Gmail. Not the app but the actual Gmail service (according to the customer).  In the security logs for this user, we see number of different Google IP addresses that are trying to log in (see excerpt below).
>
> I know that I can whitelist a user using g_breakin_white.  Is there a way to whitelist an IP block from trigging g_breakin_white?  I would like to simply add these subnets so it does not trip g_breakin for any users.
>
> 2019-10-23 09:52:02.00 smtp: Spammer sending detected on 209.85.217.53 from multiple ip addresses (8)
> 2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.51 from multiple ip addresses (8)
> 2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.47 from multiple ip addresses (8)
> 2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.45 from multiple ip addresses (8)
> 2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.49 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.43 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.49 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.41 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.52 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.44 from multiple ip addresses (8)
> 2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.52 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.52 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.48 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.46 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.46 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.51 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.42 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.41 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.51 from multiple ip addresses (8)
> 2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.43 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.222.48 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.52 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.210.44 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.51 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.51 from multiple ip addresses (8)
> 2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.219.181 from multiple ip addresses (8)
>
>
> Jim Lohiser
> N2Net
>