how_to:your_connection_has_been_blocked_temporarily_-_try_again_later

Error message: Your connection has been blocked temporarily - Try again later

If you get an error message in your email client software saying Your connection has been blocked temporarily - Try again later or Server access temporarily blocked! Please try again later, this means the Intrusion Prevention System (IPS) in VPOP3 has detected abnormal behaviour from your IP address, and it has applied a temporary block to prevent abusive behaviour.

There are two components in which detect abnormal activity - the SMTP service and the Login component.

SMTP Service

You can set how the SMTP Service IPS works by going to Services → SMTP → IDS/IPS in the VPOP3 settings.

Every time one of the monitored events happens (eg a failed login, or a message containing a blocked attachment name) the relevant 'multiplier' is added to a score for that IP address. If that score reaches the Client Error Block Threshold value within the specified Client Error Monitor Period, then the IP address is blocked for the Client Error Block Time time.

For instance, with the default settings of:

  • Bad Authentication Multiplier = 50
  • Bad Local Rcpt Multiplier = 50
  • Relay Denied Multiplier = 100
  • Client Error Monitor Period = 60 minutes
  • Client Error Block Threshold = 1000
  • Client Error Block Time = 30 minutes

If an IP address tries to relay through VPOP3 twice (2 x 100), tries to log on 5 times with an invalid password (5 x 50), tries to send to 12 local addresses which don't exist (12 x 50) within an hour, then the total score will be 200 + 250 + 600 = 1050, so that IP address will be blocked for 30 minutes.

Login Component

You can access the settings for this by going to Settings → Security Settings → Intrusion Protection. VPOP3 will block IP addresses if it sees repeated attempts to log in with an invalid username and/or password from an IP address. This is separate from the Account Locking facility which just blocks an account, as this will also check for attempts to log in to multiple different accounts, or even accounts which don't actually exist in VPOP3.

Managing the blocked IP addresses

You can manage the blocked IP addresses on either the SMTP service or Security Settings pages described above. The options below are identical on those two pages.

Viewing the event log

You can see which events contributed to an IP address being blocked by clicking on the View Event Log button

The 'Never Block' list

The 'Never Block' list tells VPOP3 never to block certain IP addresses even if they do suspicious actions

You can add/remove addresses from the 'never block list' by clicking on the Manage Never Block List button.

As well as preventing the blocking of individual IP addresses, you can stop a subnet being blocked by using CIDR notation, eg 192.168.1.0/24

The 'Block' list

The 'Block' list shows which IP addresses have been blocked, either automatically or manually.

You can view the block list as well as manually block IP addresses, or remove IP addresses from the block list by clicking on the Manage Block List button.

As well as manually blocking individual IP addresses, you can block a subnet by using CIDR notation, eg 192.168.1.0/24

In the block list, if you double-click on a blocked IP address, then a message will appear summarising why that IP address was blocked.

Common reasons for problems

Common causes of legitimate IP addresses being blocked are:

  • sending messages to invalid local recipients (eg if the recipient email address is misspelled)
  • sending messages containing prohibited attachment filenames, eg attachments with 'dual filename extensions', such as 'document.xls.pdf'
  • broken email client software - eg email client software trying to send a message even if previous SMTP commands failed, resulting in an invalid SMTP command sequence, which is classed as a 'Syntax Error' by the IPS/IDS system.

Normally a user has to perform these actions many times to be blocked, so in most cases legitimate users won't be blocked.

However, sometimes users will repeatedly try an action even though it has failed, without trying to establish why it failed, in the hope that somehow it will work later - this can lead to their IP address being blocked

In version 5.0d and earlier there was a known issue with the Manage Block List and Manage Never Block List buttons in Internet Explorer. Other web browsers, such as Mozilla Firefox and Google Chrome work correctly. This problem was fixed in version 5.0e

how_to/your_connection_has_been_blocked_temporarily_-_try_again_later.txt · Last modified: 2018/11/14 10:45 by 127.0.0.1