AegisCommand

Agents -

Online -

Alerts -

Critical -

Deliveries -

Queued -

Opened -

Events -

Rate Limits -

Shaping -

Relay Nodes -

Service Health

API healthUnknown

API readinessUnknown

Relay profilePostfix + Rspamd + ClamAV

Provider Admin

Cluster health, throughput, delivery rates, threat rates, tenant risk

Delivery rate-No delivery data

Threat rate-No threat data

Queue health-No relay queues

Throughput-Messages per minute

Action Queue

Priority	Signal	Scope	Action

Tenant Risk

Tenant	Risk	Critical	Alerts	Traffic

Managed-Service Access

Role	Scope	Permissions	Troubleshooting	Status

Infrastructure

Node	Status	Queue	Connections	Region

Operations Snapshot

Agents online: -
Relay nodes active: -
Policy rules: -
Audit events: -

Customer Portal

Domains, sending access, suppressions, quarantine, delivery, alerts, and usage

Delivery rate-No delivery data

Sender domains-Observed and policy-scoped domains

Suppressions-Blocked recipients, senders, and domains

Quarantine-Held or suspicious submissions

Alerts-Tenant-scoped security signals

Usage-Total messages in current view

Sender Domains

Domain	Messages	Delivery	Verification	Policy

SMTP and API Access

Type	Name	Scope	Status	Controls

Suppression Lists

Target	Scope	Action	Status	Reason

Quarantine

Message	Verdict	Score	Release	Created

Delivery Logs

Status	Message	Sender	Recipient	Logged

Alerts

Severity	Type	Scope	Description	Created

Usage

Metric	Total	Delivered	Deferred	Failed

API Sending

Asset	Name	Status	Detail	Updated

Enforcement

Agent actions, firewall blocks, WHM/cPanel suspension, and bypass blocking

Pending-Waiting for agent pull

Completed-Agent acknowledged

Failed-Action failed or blocked

Enforce mode-Queued enforce actions

Plan Action

Agent Source IP Sender WHM/cPanel account Tenant Risk score Mode Block direct-to-MX bypass Queue plan for agent pull Reason

Action Queue

Action	Agent	Target	Mode	Status	Command	Updated	Ack

Agents

Filtered by id, node, version, mode

Agent	Node	Mode	Status	Events	Last Seen

Agent Events

Filtered by type, source, sender, action

Type	Agent	Node	Source	Sender	Risk	Action	Time

First-Run Setup

Checking setup state

Docs

Admin and customer operating reference

Administrators

Login: Use the super-admin account with 2FA enabled. API tokens are for agents, automation, and smoke checks.
Transparent relay: Set tenant posture to Transparent relay to observe, score, log, and alert without sender or recipient visible changes.
VPS and bare metal abuse: Watch outbound events, delivery failures, queue growth, direct-to-MX attempts, and sender reputation. Use rate limits and traffic shaping to reduce abusive senders to zero throughput.
Enforcement: Start with dry-run plans. Move to enforce only after the alert, tenant, source IP, and sender evidence match the abuse policy.
Production access: Use HTTPS on port 443 through Traefik. Direct API and web container ports are local-only for health checks and smoke tests.
Audit: Review auth events, impersonation, policy changes, enforcement planning, and rate-limit changes before and after each action.

Customers and Users

Customer view: Use the Customer page for sender domains, credentials, suppressions, quarantine, delivery status, usage, and alerts.
Delivery logs: Search by sender, recipient, message ID, queue ID, provider, status, or policy action to confirm what happened to a message.
Quarantine: Held messages and attachments require the configured release workflow. Release actions should match the customer policy and audit trail.
Suppressions: Allow and block entries control accepted senders, recipients, domains, URLs, and indicators for the scoped tenant.
Rate limits: Limits can apply to a customer, user, domain, IP, API key, hypervisor, VPS, or provider route. Throttle or block modes show in Rate Limits and Shaping.
Support handoff: Share tenant ID, message ID, sender, recipient, timestamp, and delivery status when opening an internal support case.

Rate Limits

Customer, user, domain, IP, API key, hypervisor, VPS

Scope	Target	Minute	Hour	Day	Burst	Mode	Action	Updated

Traffic Shaping

Concurrency, connection interval, sender/domain/provider rate, burst

Rule	Scope	Concurrency	Interval	Msg/min	Rcpt/min	Burst	Mode	Action

Delivery Logs

Filtered by message, sender, recipient, provider, verdict

Status	Message	Sender	Recipient	Provider	Bounce	Action	Logged

Message Trace

Receive, policy, scan, queue, delivery, bounce, webhook

Message	Current	Path	Stage Timeline	Updated

Delivery Insights

Provider Drilldowns

Provider	Total	Delivered	Deferred	Bounced	Rate	Action

Remediation

Severity	Scope	Evidence	Recommendation

Traffic

Tenant, sender, domain, provider, relay node, queue state

Severity	Signal	Scope	Count	Rate	Recommendation

Severity	Recommendation	Scope	Evidence	Action

By Sender

Sender	Total	Queued	Delivered	Deferred	Bounced

By Domain

Domain	Total	Queued	Delivered	Deferred	Bounced

By Provider

Provider	Total	Queued	Delivered	Deferred	Bounced

By Relay Node

Node	Total	Queued	Delivered	Deferred	Bounced

Allow/Block Lists

Tenant-scoped sender, recipient, domain, IP, ASN, URL, hash, and rule-set controls

List	Entry	Scope	Match	Action	Status	Reason	Updated

Security Posture

Per-tenant presets including transparent relay, hosting provider, SaaS sender, MSP, and enterprise relay

Tenant	Template	Type	Protection	Policy	Controls	Delivery	Rate	Status

Relay Cluster

Shared rate state, failover readiness, queue depth, drain mode

Active nodes-

Draining nodes-

Offline nodes-

Queue depth-

Concurrency-

Failover-

Severity	Signal	Scope	Recommendation

Node	Region	Pool	Status	Queue	Conn	Msg/min	Rcpt/min	Capacity	Failover	Last Seen

Sign in

Service Health

Provider Admin

Action Queue

Tenant Risk

Managed-Service Access

Infrastructure

Operations Snapshot

Customer Portal

Sender Domains

SMTP and API Access

Suppression Lists

Quarantine

Delivery Logs

Alerts

Usage

API Sending

Enforcement

Plan Action

Action Queue

Agents

Agent Events

Alerts

Audit Events

First-Run Setup

Configuration

Docs

Administrators

Customers and Users

Rate Limits

Traffic Shaping

Delivery Logs

Message Trace

Delivery Insights

Provider Drilldowns

Remediation

Traffic

By Sender

By Domain

By Provider

By Relay Node

Allow/Block Lists

Security Posture

Relay Cluster