Configuring dynamic screening options in SecurityGateway
This article explains how to configure SecurityGateway to dynamically block certain IP addresses from connecting to the server for a specific amount of time, which can help cut down on spammers attempting to connect and send unwanted messages and taking up available connections.
From the Dashboard, after logging in:
- Click on Security in the lower-left corner
- Locate the Anti-Abuse section
- Click on Dynamic Screening
You may then configure the following options:
Enable dynamic screening
SecurityGateway will automatically block connections that match the criteria given below for a specific number of minutes, to help cut down on malicious connections attempting to abuse the system. By default, this is disabled.
Ban senders who cause this many failed RCPT attempts
If an incoming session attempts to give a RCPT TO command with a local address that does not exist this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 failed RCPT commands.
Ban senders who connect more than xx times in yy minutes
If an incoming session attempts to connect more than the given number of times in the given number of minutes, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 connection attempts made in a 5-minute period.
Ban senders that fail this many authentication attempts
If an incoming session attempts to authenticate with a username and password and fails this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 3 failed attempts.
Ban senders for this many minutes
This is how long that banned connections are stopped from connecting to SecurityGateway for. By default, this is set to 10 minutes.
Close SMTP session after banning sender
If an incoming session triggers one of the criteria above and is added to SecurityGateway's dynamic-screening list, the connection will then be closed. By default, this is enabled.
Exclude messages from whitelisted IP addresses and hosts
If the sending domain or IP address is on the server's whitelist, then SecurityGateway will never dynamically screen it. By default, this is enabled.
Exclude messages from authenticated sessions
If the incoming connection authenticates with a username and password on the SecurityGateway server then SecurityGateway will never dynamically screen it. By default, this is enabled.
A list of currently blocked IP addresses will be shown in the Blocked IP List window at the bottom of the window, along with how long it has been blocked, to allow administrators to review the screening process.
These settings are for the entire server, and cannot be configured for specific domains.