Auth Failure Tracking
Contents
Ignore authentication attempts using identical passwords
This option applies to the IP Address Blocking Options and to the Account Freezing Options below. By default, when an authentication attempt fails, subsequent authentication attempts will be ignored when using the same password. They will not count against the number of failures allowed before blocking the IP address or freezing the account. Multiple attempts using the same, incorrect password typically occur when, for example, the user's email password has changed or expired and their client is automatically attempting to log in using the old one.
IP Address Blocking Options
Block addresses after [xx] authentication failures within [xx] [Minutes | Hours | Days]
Click this check box if you wish to block an IP address temporarily when it fails to authenticate to your server an excessive number of times in a limited time period. Specify the number of minutes, hours, or days and the number of failures allowed in that period.
Enable IPv4 aggregation as low as x.x.x.x/ [xx] identical bits (CIDR)
This option will block a range of IPv4 addresses when the authentication failures are coming from IP addresses near each other instead of from a single address.
Enable IPv6 aggregation as low as x::::x:x/ [xx] identical bits (CIDR)
This option will block a range of IPv6 addresses when the authentication failures are coming from IP addresses near each other instead of from a single address.
Multiple Offense Penalties
This is the amount of time that an IP address or IP address range will be blocked by the Dynamic Screening system when it fails the specified number of authentication attempts. By default the amount of time that the IP address is blocked increases with each subsequent offense. That is, by default if an IP address violates the authentication failure limit, it will be blocked for one day. Then if that same IP address subsequently violates the limit again, it will be blocked for two days. The length of penalty will be increased each time until it maxes out at the fourth offense penalty.
Default expiration timeout
This is the amount of time an IP address or IP address range will be blocked from connecting to MDaemon if it violates the authentication failure limit specified above. The default is 1 day.
Second offense penalty
This is how long an IP address or IP range will be blocked by Dynamic Screening if that address was already blocked once before. The default is 2 days.
Third offense penalty
This is the amount of time that an IP address will be locked the third time it violates that authentication failure limit. The default is 3 days.
Fourth offense penalty
If an IP address or IP address range violates the authentication failure limit four or more times, this is how long that address will be blocked. The default is 4 days.
Account Freezing Options
Freeze accounts that fail authentication [xx] times within [xx] [Minutes | Hours | Days]
Check this box if you wish to switch an Account's Status to FROZEN when it fails the specified number of authentication attempts in the designated amount of time. MDaemon will still accept incoming messages for a frozen account, but no one can sign in to the account to send or collect messages until it is "thawed" (i.e. the Account Status is switched back to ENABLED). This option is enabled by default.
Frozen account timeout
This is the amount of time that the account will remain frozen, if you have enabled the option below to Automatically thaw accounts frozen by Dynamic Screening upon timeout.
Admins may thaw accounts by replying to notification email within the timeout period
When an account is frozen by Dynamic Screening, by default an administrator will receive a notification email about it. The administrator can then "thaw" the account (i.e. switch its status back to "Enabled") by simply replying to the email, if this option is enabled. The option is enabled by default, and it requires the Frozen Account Reports options on the Notifications tab to be enabled.
Automatically thaw accounts frozen by Dynamic Screening upon timeout
Check this box if you wish to automatically thaw frozen accounts when the Frozen account timeout period has elapsed. This option is disabled by default.
See: