Navigation:  Security Menu > Security Settings > Screening >

Dynamic Screen

Print this Topic Previous pageReturn to chapter overviewNext page

Using the Dynamic Screening features, MDaemon can track the behavior of sending servers to identify suspicious activity and then respond accordingly. For example, you can temporarily ban an IP address from future connections to your server once a specified number of "unknown recipient" errors occur during the mail connection from that IP address. You can also ban senders that connect to your server more than a specified number of times in a specified number of minutes, and senders that fail authentication attempts more than a designated number of times.

When a sender is banned, it is not permanent. The sender's IP address will be banned for the number of minutes that you have specified on this dialog. Further, from the Advanced button on this dialog you can open the DynamicScreen.dat file, which contains a list of the banned IP addresses and the length of time each will be banned. This file is memory resident and can be changed from the Advanced button or manually with a text editor. Note: when editing this file manually you can create a blank file called TARPIT.SEM and place it in MDaemon's \APP\ directory. This will cause MDaemon to reload the memory resident DynamicScreen.dat file thus implementing your changes.

Dynamic Screening

Activate dynamic screening

Click this check box to activate dynamic screening.

Ban IPs that connect more than [X] times in [X] minutes

Click this check box if you wish to temporarily ban IP addresses that connect to your server an excessive number of times in a limited time period. Specify the number of minutes and the number of connections allowed in that period.

Ban IPs that fail this many authentication attempts

Use this option if you wish to temporarily ban IPs that fail an authentication attempt a specified number of times. This can help prevent attempts to "hack" a user account and falsely authenticate a session. This option monitors SMTP, POP3, and IMAP connections.

Max simultaneous connections per IP (0 = no limit)

This is the maximum number of simultaneous connections allowed from a single IP address before it will be banned. Use "0" if you do not wish to set a limit.

Ban IPs that cause this many failed RCPTs in an SMTP session

When an IP address causes this number of "Recipient unknown" errors during a mail session it will be automatically banned for the number of minutes specified in the Ban IPs for this many minutes option below. Frequent "Recipient unknown" errors are often a clue that the sender is a spammer, since spammers commonly attempt to send messages to outdated or incorrect addresses.

Ban IPs that issue this many RSETs in an SMTP session (0 = no limit)

Use this option if you wish to ban any IP address that issues the designated number of RSET commands. Use "0" if you do not wish to set a limit. There is a similar option on the Servers screen under Default Domains & Servers that can be used to set a hard limit on the allowed number of RSET commands.

Ban IPs for this many minutes

When an IP address is automatically banned, this is the number of minutes the ban will last. When the ban expires the IP will be able to send to you again normally. This feature prevents you from accidentally banning a valid IP address permanently.

Close SMTP session after banning IP

Enabling this option causes MDaemon to close the SMTP session after the IP address is banned.

Don't ban IP when when SMTP authentication is used

Click this checkbox if you want senders who authenticate their mail sessions before sending to be exempt from Dynamic Screening.

Advanced

Click this button to open the DynamicScreen.dat ban list. This lists all IP addresses that have been banned by Dynamic Screening. You can manually add IP addresses and the number of minutes to ban them by listing them one entry per line in the form: IP_address<space>Minutes. For example, 1.2.3.4 60.

White list

Click this button to open the Tarpit/Dynamic Screening white list. IP addresses listed there are exempt from tarpitting and dynamic screening.