MDaemon 17.x - Using Dynamic Screening to monitor and respond to SMTP, POP, and IMAP

Using the Dynamic Screening features, MDaemon can track the behavior of sending servers to identify suspicious activity and then respond accordingly. 

  1. Select Security
  2. Select Security Settings 
  3. Expand Screening
  4. Select Dynamic Screen 
  5. Select Enable dynamic screening

Once enabled, the following options are available.

  • Select Block IPs that connect more than X times in Y minutes to block any SMTP, IMAP, or POP connection to the server.
  • Select Block IPs that fail this many authentication attempts to add IPs to the block list after the defined number of authentication attempts.
  • Limit simultaneous connections by IP to (0 = no limit) This will set the maximum number of connections an single IP address can make before being blocked.
  • Block IPs that cause this many failed RCPTs
      This adds the connecting IP the block list when the defined number result in 'Recipient Unknown' responses from MDaemon.
  • Block IPs that send this many RSETs (0 = no limit)
      The offending IP address will be added to the block list when sending the defined number of RSET commands.
  • Block IPs and senders for this many minutes
      Set the number of minutes IP address should be blocked for.
  • Close SMTP session after blocking IP
      MDaemon will terminate the session when the IP address is added to the block list.
  • Don't block IP when SMTP authentication is used
      Exempts Dynamic Screening when the sender authenticates with the mail server.
  • Select the White list to add individual IP address or IP address ranges to be excluded from Dynamic Screening.
  • Select Advanced to view/edit the \MDaemon\App\DynamicScreen.dat file that contains the currently blocked IP addresses and the number of minutes remaining on the block list.
  • Maximum authentication failures allowed in a mail session will allow you to enter a value for maximum authentication attempts.

    Once this value is met, MDaemon can perform one or both of the following;

    ·         Freeze accounts that exceed the max authentication failures allowed will allow the account to receive mail, but not send mail.

    ·         Notify postmaster when max authentication failures reached to send a notification to the post master when SMTP, and/or POP, and/or IMAP protocols fail the configured number of allowed authentication attempts.