Denial of service (DoS) and directory harvesting attacks are brute-force attacks that cause a sharp spike in interactions with the mail server. When the mail server's message log activity exceeds specific levels, PureMessage generates a report that is mailed to the "pmx" user.
The pmx-mlog-watch utility is run as a scheduled job that monitors the message_log for anomalous activity. The thresholds at which actions are triggered are set on the Local Services: Perimeter Protection Options page. If anomalies are detected, a report is generated that describes the activity and the envelope sender or relay that was the cause. This report is emailed to an administrator (by default, the "pmx" user). Alternatively, it can be piped into another program such as pmx-mlog-react, which creates entries in the Blacklisted Hosts and Blacklisted Senders lists.
To set the log watch options: