IP Screen

The IP Screen is located under: Security » Security Settings » Screening. It is used to define specific remote IP addresses that will be allowed to connect, or not allowed to connect, to your local IP addresses. The remote IP addresses you place on the IP Screen can be associated with either all of you local IP addresses or with individual IPs. CIDR notation and the wildcards *, #, and ? are allowed.

For example:

*.*.*.*                        Matches to any IP address

#.#.#.#                        Matches to any IP address

192.*.*.*                Matches to any IP that begins with 192

192.168.*.239                Matches to IP addresses from 192.168.0.239 to 192.168.255.239

192.168.0.1??                Matches to IP addresses from 192.168.0.100 to 192.168.0.199

New IP Screen Item

To create a new IP Screen entry, click New. This will open the New IP Screen Item dialog for creating the entry.

Local IP

In the drop-down list choose either "All IP's" or the specific IP to which this item will apply.

Remote IP (CIDR, * ? and # wildcards are ok)

Enter the remote IP address that you wish to add to the list, associated with the Local IP designated above.

Accept connections

Selecting this option means that the specified remote IP addresses will be allowed to connect to the associated local IP address.

Refuse connections

Selecting this option means that the specified remote IP addresses will NOT be allowed to connect to the associated local IP address. The connection will be refused or dropped.

Add

When you have finished entering the information in the options above, click this button to add the entry to the list.

Import

Select an IP address and click this button if you wish to import IP address data from an APF or .htaccess file. MDaemon's support for these files is currently limited to the following:

"deny from" and "allow from" are supported
only IP values are imported (not domain names)
CIDR notation is allowed but partial IP addresses are not.
Each line can contain any number of space-separated or comma-separated IP addresses. For example, "deny from 1.1.1.1 2.2.2.2/16", ""3.3.3.3, 4.4.4.4, 5.5.5.5", and the like.
Lines starting with # are ignored.

Remove

To remove an entry, select the entry in the list and click Remove.

Default Action

To specify the default action for connections from remote IP addresses that have not been defined, select an IP address from the list and click accept or refuse. Once a default action has been specified, you can change it by selecting the "<default>" node beneath the IP address and then selecting the new default setting.

accept

When this option is chosen, connections from any IP addresses not specifically defined on the IP Screen will be accepted.

refuse

When this option is chosen, connections from any IP addresses not specifically defined on the IP Screen will be dropped, or refused.

The IP Screen will never block trusted IPs or local IPs.

IP & Host Screening Options

Apply IP Screen to MSA connections

Use this option to apply IP Screening to connections made to the server's MSA port. Normally this is not necessary. This setting is disabled by default.

Apply Host Screen to MSA connections

Use this option to apply Host Screening to connections made to the server's MSA port. Normally this is not necessary. This setting is disabled by default.

Drop connection on Host Screen refusal

When this option is enabled, the connection will be dropped immediately upon a Host Screen refusal.

Drop connection after EHLO (Do not wait for authentication)

Enable this option if you wish to drop banned connections immediately following EHLO/HELO. Normally you would wait for authentication. This setting is disabled by default.