108 Chapter 7 Security recommendations4 Enter the phone number (DN) you would like to monitor in theInternal or External box and click Add.5 Click Save.Result: The entered DN is now activated and will be monitored.—End—Monitoring suspicious SMTP activityYou can use one of the following to monitor suspicious SMTP and VPIMnetworking activity:• the event log (automatic monitoring)If you choose to use the event log as your monitoring method, no actionis required from you to initiate SMTP/VPIM monitoring.• the Security Administration screen in CallPilot Manager (manualmonitoring)Automatic monitoringAutomatic monitoring alerts you to suspicious SMTP activity, blocks accessto the system, and provides sufficient information for further investigation.No configuration is required for automatic SMTP/VPIM monitoring. Youcan use information collected by monitoring suspicious SMTP and VPIMnetworking activity to• Investigate the source of the suspicious activity.• Enable manual hacker monitoring for the user ID, FQDN, or IP address.How monitoring worksWhen CallPilot detects repeated unsuccessful authentication attempts (forexample, an incorrect password is presented), the following occurs:IF the sender is a THENlocal user After the specified number of unsuccessful attempts, thatuser’s mailbox is disabled and an event is logged. Refer tothe online Help topic Configuring the authentication optionson the local server.Nortel CallPilotAdministrator GuideNN44200-601 01.11 Standard5.0 9 November 2007Copyright © 2007, Nortel Networks.