======Security Settings -> Intrusion Protection Tab====== [[Settings]] -> [[Security Settings]] -> Intrusion Protection Tab Starting in VPOP3 v6.0, VPOP3 can monitor failed logins for all accounts across all services and block an attacker's IP address from accessing VPOP3 for a specified time ====Monitor logins period==== This tells VPOP3 over how long it should check for failed logins. For instance, if this is set to 30 minutes, VPOP3 will count the failed logins over the past 30 minutes. Failed logins from earlier than this are not counted. ====Failed login threshold==== This tells VPOP3 how many failed logins during the **monitor logins period** are needed before the IP address is blocked. So, if the **monitor logins period** is set to 30 minutes, and the **failed login threshold** is set to 10, then if there are at least 10 failed logins from a certain IP address within the past 30 minutes, then the IP address will be blocked temporarily. ====Failed login block time==== This tells VPOP3 how long an automatic block should last. So, if this is set to 30 minutes, when VPOP3 blocks an IP address it will block it for 30 minutes, and after those 30 minutes, the IP address will automatically be unblocked. ====Manage Block List==== This lets you view, delete or add IP addresses/subnets to block This block list is shared with the [[smtp ids ips|SMTP Service Intrusion Protection System]]. If you double-click on an entry in the list, it will show you why the entry was added. You can select an entry and press the **Delete** button to remove it from the list If you want to manually add an IP address to block, you can specify it at the bottom of the page, specify the time to block the address for, and press the **Add** button. You cannot tell VPOP3 to block the address permanently, but you can specify a big number for the time to block it. The maximum time you can block an address for is 999,999,999 minutes (approximately 1900 years). The **Address** you specify can be an individual address, or a network range specified in [[wp>CIDR|CIDR]] format (eg 1.2.3.0/24) ====Manage Never Block List==== The Never Block list is used to tell VPOP3 never to block connections from the specified addresses. This can be useful for internal IP address ranges, or the IP addresses of partners or mail forwarding services. This block list is shared with the [[smtp ids ips|SMTP Service Intrusion Protection System]]. The Never Block List can be viewed to see which IP addresses are already in the list and when they were added. You can delete entries from the never block list by selecting them and pressing the **Delete** button. You can manually add entries to the never block list by entering the address and pressing the **Add** button. If you add an entry to the Never Block list, then it will automatically be removed from the Block List if the address is currently blocked. The **Address** you specify can be an individual address, or a network range specified in [[wp>CIDR|CIDR]] format (eg 192.168.0.0/16)