• Products
  • MDaemon Email Server
  • MDaemon Hosted (Cloud) Email
  • SecurityGateway for Email Servers
  • SecurityGateway Hosted (Cloud)
  • Email Archiving
  • RelayFax Network Fax Manager
•  
• Purchase
  • MDaemon Email Server
  • MDaemon AntiVirus (SecurityPlus)
  • MDaemon Connector for Outlook
  • MDaemon ActiveSync
  • SecurityGateway for Email Servers
  • RelayFax Network Fax Manager
  • MailStore Archive Server
  • MailStore Upgrade/Renewal
  • Technical Support Agreement
  • Upgrade/Renew
  • License Sync
  • Purchase & Licensing FAQ
  • Referral Program
•  
• Downloads
  • MDaemon Email Server
  • MDaemon AntiVirus (SecurityPlus)
  • MDaemon Connector for Outlook
  • SecurityGateway for Email Servers
  • RelayFax Network Fax Manager
  • MailStore Archive Server
•  
• Support
  • Request Support
  • Literature
  • Knowledge Base
  • Product FAQs
  • Product Web Help
  • Community Forums
  • Beta Group
  • Our Blog
  • Suggestion Box
  • Technical Support Agreement
  • Phone Support
  • Security Update
•  
• Blog
•  
• Partners
  • Technology Partners
  • MDaemon Hosted Email Providers
  • SecurityGateway Hosted Providers
  • Find A Partner
  • Become A Partner
  • Partner Portal
  • Security Threat Center
  • Transportation Partners
•  
• About Us
  • Management
  • Policies and EULA
  • GDPR Compliance
  • Careers
  • Contact Us
•  

504

Configuring dynamic screening options in SecurityGateway

This article explains how to configure SecurityGateway to dynamically block certain IP addresses from connecting to the server for a specific amount of time, which can help cut down on spammers attempting to connect and send unwanted messages and taking up available connections.

From the Dashboard, after logging in:

1. Click on Security in the lower-left corner
2. Locate the Anti-Abuse section
3. Click on Dynamic Screening

You may then configure the following options:

• Enable dynamic screening

  SecurityGateway will automatically block connections that match the criteria given below for a specific number of minutes, to help cut down on malicious connections attempting to abuse the system. By default, this is disabled.

   

• Ban senders who cause this many failed RCPT attempts

  If an incoming session attempts to give a RCPT TO command with a local address that does not exist this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 failed RCPT commands.

• Ban senders who connect more than xx times in yy minutes

  If an incoming session attempts to connect more than the given number of times in the given number of minutes, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 connection attempts made in a 5-minute period.

• Ban senders that fail this many authentication attempts

  If an incoming session attempts to authenticate with a username and password and fails this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 3 failed attempts.

• Ban senders for this many minutes

  This is how long that banned connections are stopped from connecting to SecurityGateway for. By default, this is set to 10 minutes.

• Close SMTP session after banning sender

  If an incoming session triggers one of the criteria above and is added to SecurityGateway's dynamic-screening list, the connection will then be closed. By default, this is enabled.

  • Exclude messages from whitelisted IP addresses and hosts

    If the sending domain or IP address is on the server's whitelist, then SecurityGateway will never dynamically screen it. By default, this is enabled.

• Exclude messages from authenticated sessions

  If the incoming connection authenticates with a username and password on the SecurityGateway server then SecurityGateway will never dynamically screen it. By default, this is enabled.

A list of currently blocked IP addresses will be shown in the Blocked IP List window at the bottom of the window, along with how long it has been blocked, to allow administrators to review the screening process.

Additional Comments

These settings are for the entire server, and cannot be configured for specific domains.