1036

MDaemon 14.5.x - Using Dynamic Screening to monitor and respond to SMTP, POP, IMAP, and WorldClient

Using the Dynamic Screening features, MDaemon can track the behavior of sending servers to identify suspicious activity and then respond accordingly. 

  1. Select Security
  2. Select Security Settings
  3. Expand Screening
  4. Select Dynamic Screening
  5. Select Enable dynamic screening

Once enabled, the following options are available.

  • Select Block IPs that connect more than X times in Y minutes to block any SMTP, IMAP, or POP connection to the server.
  • Select Block IPs that fail this many authentication attempts to add IPs to the block list after the defined number of authentication attempts.
  • Select Watch accounts that fail this many authentication attempts to have MDaemon monitor the number of authentication attempts a local account makes.
    There are two options that can be triggered when this is selected;
    1. Freeze accounts - Select his to freeze accounts when the above number of attempts has been reached. These accounts can receive mail but no send mail.
    2. Email postmaster - Submits a notification email the postmaster alias when the above number of attempts has been reached.
  • Limit simultaneous connections by IP to (0 = no limit)
      This will set the maximum number of connections an single IP address can make before being blocked.
  • Block IPs that cause this many failed RCPTs
      This adds the connecting IP the block list when the defined number result in 'Recipient Unknown' responses from MDaemon.
  • Block IPs that send this many RSETs (0 = no limit)
      The offending IP address will be added to the block list when sending the defined number of RSET commands.
  • Block IPs and senders for this many minutes
      Set the number of minutes IP address should be blocked for.
  • Close SMTP session after blocking IP
      MDaemon will terminate the session when the IP address is added to the block list.
  • Don't block IP when SMTP authentication is used
      Exempts Dynamic Screening when the sender authenticates with the mail server.
  • Select the White list to add individual IP address or IP address ranges to be excluded from Dynamic Screening.
  • Select Advanced to view/edit the \MDaemon\App\DynamicScreen.dat file that contains the currently blocked IP addresses and the number of minutes remaining on the block list.

In addition to Dynamic Screening for SMTP, POP, and IMAP protocols, there are Dynamic Screening options for WorldClient as well.

The following options are available in the Dynamic Screening (WorldClient) section.

  1. Select Block IPs that fail this many authentication attempts and set the maximum number of authentication attempts allowed.
  2. Enter the number of minutes that IPs are blocked for in the Block IPs for this many minutes value box.
  3. Select the Advanced button to view the WorldClient Dynamic Screen block list. The syntax is the same as above, IP address followed by the number of minutes remaining on the block list.