Using Dynamic Screening, MDaemon can track the behavior of incoming connections to identify suspicious activity and then respond accordingly. You can block an IP address (or range of addresses) from connecting when it fails authentication a specified number times within a specified amount of time. You can also freeze the accounts attempting to authenticate when they fail too many times too quickly. Also, when an IP address is blocked or an account is frozen, it is not permanent. The connecting IP address will be blocked for the number of minutes, hours, or days that you specify, and frozen accounts can be "thawed" automatically after a specified amount of time, or manually by the admin.
Enable the Dynamic Screening service
Check this box to enable the Dynamic Screening service. You can also enable/disable the service under the Servers section in the navigation pane of MDaemon's main user interface.
System Options
Enable Authentication Failure Tracking
When this option is enabled, the Dynamic Screening service will track authentication failures for the protocols designated on the Protocols tab and perform actions determined by the options on the Auth Failure Tracking tab. This option is enabled by default.
Enable Dynamic Screening Block List
This option turns on the Dynamic Screening service's ability to block IP addresses and ranges. You can manage the block list from the Dynamic Block List tab. The block list option is on by default.
Enable Dynamic Screening Allow List
This option turns on the Dynamic Screening service's Dynamic Allow List feature, which you can use to exempt IP addresses and ranges, to exclude them from Dynamic Screening. The allow list is on by default.
Block Logon Policy Violations
By default MDaemon requires accounts to use their full email address when logging in instead of just the mailbox portion of their address (e.g. they must use "user1@example.com" instead of just "user1"). This is controlled by the "Servers require full email address for authentication" option on the Systems page. When that option is on, you can also turn on this Block Logon Policy Violations option if you wish to block any IP address that attempts to logon without using the full email address. This option is off by default.
Advanced Logging Options
Log Auth Failure data at startup
This option enables the writing of all authentication failure data that is currently stored by Dynamic Screening to the log file at startup. This is disabled by default.
Log Block List data at startup
Enables the writing of all Dynamic Block List data that is currently stored to the log file at startup. This is disabled by default.
Log Allow List data at startup
Enables the writing of all Dynamic Allow List data that is currently stored to the log file at startup. This is disabled by default.
Log Location data when available
Check this box if you wish to log each connection's location data, if it's available.
Log Locations using ISO-3166 Codes
Check this box if you wish to use ISO-3166 two-letter country codes when logging locations, instead using names.
Log all Allow List hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from an address that is on the Dynamic Allow List.
Log all Block List hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from an address that is on the Dynamic Block List.
Log all trusted IP list hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is from a Trusted IP address.
Log all Location Screen hits
This option adds an entry to the Dynamic Screening log each time an inbound connection is refused due to Location Screening.
Log all failed authentications
This option adds an entry to the Dynamic Screening log each time an inbound connection fails authentication.
Log all successful authentications
Enable this option if you wish to log every incoming authentication attempt that succeeds. This is disabled by default.
Log all connections allowed
Enable this option if you wish to create a log entry for every connection that passes Dynamic Screening and is allowed to proceed. This is disabled by default.
Log all connections refused
This option adds an entry to the log every time an incoming connection is refused by Dynamic Screening.
Log configuration when changes detected
This option adds entries to the log for all Dynamic Screening configurations when changes are detected from external sources (such as manually editing the INI file). Normal changes are logged at the Info level.
Log summary once [Daily | Hourly | Per minute]
Adds to the Dynamic Screening log a summary of Dynamic Screening stats once every day, hour, or minute. By default the summary is logged hourly.
Screening Data Reset Options
Reset all Auth Failure data
Click this checkbox if you wish to clear all Dynamic Screening authentication data. You must then click Apply or OK for the reset to occur.
Reset all Block List data
Click this checkbox if you wish to clear all Dynamic Screening Block List data. You must then click Apply or OK for the reset to occur.
Reset all Allow List data
Click this checkbox if you wish to clear all Dynamic Screening Allow List data. You must then click Apply or OK for the reset to occur.
Enable Advanced User Interface features
Check this box and then close/reopen the MDaemon configuration interface to add several advanced Dynamic Screening features. A Domain NAT Exemptions screen is added to the Dynamic Screening dialog, from which you can designate specific IP address/domain combinations to exempt from Dynamic Screening blocking when valid users at that IP address fail password authentication. There are also several Dynamic Screening shortcuts added to the toolbar's Dynamic Screening section, and an option is added to the Dynamic Screening shortcut menu under the Servers section of the main interface that allows you to pause rather than disable the Dynamic Screening service, preventing clients from accessing the service while you manage its settings.
See:
