Inbound Frequent Emails
Seeing several of the following on the circuit which mail comes over:
1:2002087 ET POLICY Inbound Frequent Emails - Possible Spambot Inbound
I am getting this on legitimate messages as well as messages from suspicious sources.
I have added the alerts to the suppress list. It helped only temporarily.
I've white-listed the mx IPs of the mail servers we want to receive messages from. Still their messages are being blocked.
I have forced disabled the rule. I'm still getting the error.