User Tools

Site Tools


how_to:locked_accounts

Locked Accounts

VPOP3 has a security feature which will lock out an account after it has had several failed login attempts. This feature is to make it harder for an attacker to use a brute force or dictionary password attack on an account.

The default settings are that after more than 3 attempts to log into an account with an incorrect password, VPOP3 will lock the account for 30 minutes. You can change these settings on the Settings → Security Settings page in the VPOP3 settings.

To unlock an account, you can log into an administrator's account, go to the Users list in the settings, edit the user in question (which will have a padlock icon next to it) and clear the Account Locked Out box on the settings, then press Submit.

If you can't get into the VPOP3 settings because it's the administrator's account which is locked out, there are three options:

  • Go to Start → Programs → VPOP3 → Configure VPOP3 in Windows. By default VPOP3 will always allow connections to the Administration pages if you use the 'Loopback' IP address (127.0.0.1), even if the account is locked out (this option can be disabled on Services → WebMail/Admin).
  • Go to Start → Programs → VPOP3 → VPOP3 Service Settings in Windows. This lets you into a restricted settings user interface (note you cannot use this over Windows Remote Desktop or Terminal Services or related service). Right-click the locked account and choose Unlock User.
  • Restart VPOP3. This will unlock all accounts at startup.

The SECURITY.LOG file in the VPOP3 folder on the hard disk will record all failed login attempts, and the IP address where the login attempt came from.

how_to/locked_accounts.txt · Last modified: 2018/11/14 10:45 by 127.0.0.1