Using Dynamic Screening, MDaemon can track the behavior of incoming connections to identify suspicious activity and then respond accordingly. You can block an IP address (or range of addresses) from connecting when it fails authentication a specified number times within a specified amount of time. You can also freeze the accounts attempting to authenticate when they fail too many times too quickly. Also, when an IP address is blocked or an account is frozen, it is not permanent. The connecting IP address will be blocked for the number of minutes, hours, or days that you specify, and frozen accounts can be "thawed" automatically after a specified amount of time, or manually by the admin.
Enable the Dynamic Screening service
Check this box to enable the Dynamic Screening service. You can also enable/disable the service under the Servers section in the navigation pane of MDaemon's main user interface.
System Options
Enable Authentication Failure Tracking
When this option is enabled, the Dynamic Screening service will track authentication failures for the protocols designated on the Protocols tab and perform actions determined by the options on the Auth Failure Tracking tab. This option is enabled by default.
Enable Dynamic Screening Blacklist
This option turns on the Dynamic Screening service's ability to black list IP addresses and ranges. You can manage the blacklist from the Dynamic Blacklist tab. The blacklist option is on by default.
Enable Dynamic Screening Whitelist
This option turns on the Dynamic Screening service's Dynamic Whitelist feature, which you can use whitelist IP addresses and ranges, to exclude them from Dynamic Screening. The whitelist is on by default.
Advanced Logging Options
Log Auth Failure data at startup
This option enables the writing of all authentication failure data that is currently stored by Dynamic Screening to the log file at startup. This is disabled by default.
Log Blacklist data at startup
Enables the writing of all Dynamic Blacklist data that is currently stored to the log file at startup. This is disabled by default.
Log Whitelist data at startup
Enables the writing of all Dynamic Whitelist data that is currently stored to the log file at startup. This is disabled by default.
Log Location data when available
Check this box if you wish to log each connection's location data, if it's available.
Log Locations using ISO-3166 Codes
Check this box if you wish to use ISO-3166 two-letter country codes when logging locations, instead using names.
Log all whitelist hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from an address that is on the Dynamic Whitelist.
Log all blacklist hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from an address that is on the Dynamic Blacklist.
Log all trusted IP list hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from a Trusted IP address.
Log all Location Screen hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is refused due to Location Screening.
Log all failed authentications
This option adds an entry to the Dynamic Screening log each time an inbound connection fails authentication.
Log all successful authentications
Enable this option if you wish to log every incoming authentication attempt that succeeds. This is disabled by default.
Log all connections allowed
Enable this option if you wish to create a log entry for every connection that passes Dynamic Screening and is allowed to proceed. This is disabled by default.
Log all connections refused
This option adds an entry to the log every time an incoming connection is refused by Dynamic Screening.
Log configuration when changes detected
This option adds entries to the log for all Dynamic Screening configurations when changes are detected from external sources (such as manually editing the INI file). Normal changes are logged at the Info level.
Log summary once [Daily | Hourly | Per minute]
Adds to the Dynamic Screening log a summary of Dynamic Screening stats once every day, hour, or minute. By default the summary is logged hourly.
Screening Data Reset Options
Reset all Auth Failure data
Click this checkbox if you wish to clear all Dynamic Screening authentication data. You must then click Apply or OK for the reset to occur.
Reset all Blacklist data
Click this checkbox if you wish to clear all Dynamic Screening Blacklist data. You must then click Apply or OK for the reset to occur.
Reset all Whitelist data
Click this checkbox if you wish to clear all Dynamic Screening Whitelist data. You must then click Apply or OK for the reset to occur.
Enable Advanced User Interface features
Check this box and then close/reopen the MDaemon configuration interface to add several advanced Dynamic Screening features. A Domain NAT Exemptions screen is added to the Dynamic Screening dialog, from which you can designate specific IP address/domain combinations to exempt from Dynamic Screening blocking when valid users at that IP address fail password authentication. There are also several Dynamic Screening shortcuts added to the toolbar's Dynamic Screening section, and an option is added to the Dynamic Screening shortcut menu under the Servers section of the main interface that allows you to pause rather than disable the Dynamic Screening service, preventing clients from accessing the service while you manage its settings.
See:
