Using the Dynamic Screening features, MDaemon can track the behavior of sending servers to identify suspicious activity and then respond accordingly.
- Select Security
- Select Security Settings
- Expand Screening
- Select Dynamic Screen
- Select Enable dynamic screening
Once enabled, the following options are available.
- Select Block IPs that connect more than X times in Y minutes to block any SMTP, IMAP, or POP connection to the server.
- Select Block IPs that fail this many authentication attempts to add IPs to the block list after the defined number of authentication attempts.
- Limit simultaneous connections by IP to (0 = no limit) This will set the maximum number of connections an single IP address can make before being blocked.
- Block IPs that cause this many failed RCPTs
- This adds the connecting IP the block list when the defined number result in 'Recipient Unknown' responses from MDaemon.
- Block IPs that send this many RSETs (0 = no limit)
- The offending IP address will be added to the block list when sending the defined number of RSET commands.
- Block IPs and senders for this many minutes
- Set the number of minutes IP address should be blocked for.
- Close SMTP session after blocking IP
- MDaemon will terminate the session when the IP address is added to the block list.
- Don't block IP when SMTP authentication is used
- Exempts Dynamic Screening when the sender authenticates with the mail server.
- Select the White list to add individual IP address or IP address ranges to be excluded from Dynamic Screening.
- Select Advanced to view/edit the \MDaemon\App\DynamicScreen.dat file that contains the currently blocked IP addresses and the number of minutes remaining on the block list.
- Maximum authentication failures allowed in a mail session will allow you to enter a value for maximum authentication attempts.
Once this value is met, MDaemon can perform one or both of the following
· Freeze accounts that exceed the max authentication failures allowed will allow the account to receive mail, but not send mail.
· Notify postmaster when max authentication failures reached to send a notification to the post master when SMTP, and/or POP, and/or IMAP protocols fail the configured number of allowed authentication attempts.