504

Configuring dynamic screening options in SecurityGateway

This article explains how to configure SecurityGateway to dynamically block certain IP addresses from connecting to the server for a specific amount of time, which can help cut down on spammers attempting to connect and send unwanted messages and taking up available connections.

 

From the Dashboard, after logging in:

  1. Click on Security in the lower-left corner
  2. Locate the Anti-Abuse section
  3. Click on Dynamic Screening

You may then configure the following options:

  • Enable dynamic screening

    SecurityGateway will automatically block connections that match the criteria given below for a specific number of minutes, to help cut down on malicious connections attempting to abuse the system. By default, this is disabled.

     

  • Ban senders who cause this many failed RCPT attempts

    If an incoming session attempts to give a RCPT TO command with a local address that does not exist this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 failed RCPT commands.

  • Ban senders who connect more than xx times in yy minutes

    If an incoming session attempts to connect more than the given number of times in the given number of minutes, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 10 connection attempts made in a 5-minute period.

  • Ban senders that fail this many authentication attempts

    If an incoming session attempts to authenticate with a username and password and fails this many times, SecurityGateway will block the connecting IP address for the specified number of minutes. By default, this is set to 3 failed attempts.

  • Ban senders for this many minutes

    This is how long that banned connections are stopped from connecting to SecurityGateway for. By default, this is set to 10 minutes.

  • Close SMTP session after banning sender

    If an incoming session triggers one of the criteria above and is added to SecurityGateway's dynamic-screening list, the connection will then be closed. By default, this is enabled.

    • Exclude messages from whitelisted IP addresses and hosts

      If the sending domain or IP address is on the server's whitelist, then SecurityGateway will never dynamically screen it. By default, this is enabled.

  • Exclude messages from authenticated sessions

    If the incoming connection authenticates with a username and password on the SecurityGateway server then SecurityGateway will never dynamically screen it. By default, this is enabled.

A list of currently blocked IP addresses will be shown in the Blocked IP List window at the bottom of the window, along with how long it has been blocked, to allow administrators to review the screening process.

Additional Comments

These settings are for the entire server, and cannot be configured for specific domains.