User Tools

Site Tools


reference:security_intrusion_protection

Security Settings -> Intrusion Protection Tab

SettingsSecurity Settings → Intrusion Protection Tab

Starting in VPOP3 v6.0, VPOP3 can monitor failed logins for all accounts across all services and block an attacker's IP address from accessing VPOP3 for a specified time

Monitor logins period

This tells VPOP3 over how long it should check for failed logins.

For instance, if this is set to 30 minutes, VPOP3 will count the failed logins over the past 30 minutes. Failed logins from earlier than this are not counted.

Failed login threshold

This tells VPOP3 how many failed logins during the monitor logins period are needed before the IP address is blocked. So, if the monitor logins period is set to 30 minutes, and the failed login threshold is set to 10, then if there are at least 10 failed logins from a certain IP address within the past 30 minutes, then the IP address will be blocked temporarily.

Failed login block time

This tells VPOP3 how long an automatic block should last. So, if this is set to 30 minutes, when VPOP3 blocks an IP address it will block it for 30 minutes, and after those 30 minutes, the IP address will automatically be unblocked.

Manage Block List

This lets you view, delete or add IP addresses/subnets to block

This block list is shared with the SMTP Service Intrusion Protection System.

If you double-click on an entry in the list, it will show you why the entry was added. You can select an entry and press the Delete button to remove it from the list

If you want to manually add an IP address to block, you can specify it at the bottom of the page, specify the time to block the address for, and press the Add button. You cannot tell VPOP3 to block the address permanently, but you can specify a big number for the time to block it. The maximum time you can block an address for is 999,999,999 minutes (approximately 1900 years).

The Address you specify can be an individual address, or a network range specified in CIDR format (eg 1.2.3.0/24)

Manage Never Block List

The Never Block list is used to tell VPOP3 never to block connections from the specified addresses. This can be useful for internal IP address ranges, or the IP addresses of partners or mail forwarding services.

This block list is shared with the SMTP Service Intrusion Protection System.

The Never Block List can be viewed to see which IP addresses are already in the list and when they were added. You can delete entries from the never block list by selecting them and pressing the Delete button.

You can manually add entries to the never block list by entering the address and pressing the Add button. If you add an entry to the Never Block list, then it will automatically be removed from the Block List if the address is currently blocked.

The Address you specify can be an individual address, or a network range specified in CIDR format (eg 192.168.0.0/16)

reference/security_intrusion_protection.txt · Last modified: 2018/11/14 10:45 (external edit)