Intrusion Protection

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Send Mail Feedback
Save Permalink URL

Navigation: Admin Settings > Settings > Security Settings

To get to this page, go to Settings → Security Settings -> Intrusion Protection.

security_ips

The Intrusion Protection tab offers settings which expand on the normal Account Lockout policies (see above). The Account Lockout policies treat each user account as a separate entity - so someone could try to log into 300 different accounts once each, and not be locked out, because VPOP3 only counts consecutive failed logins for each account separately.

The Intrusion Protection feature will count failed login attempts by the user's IP address. So, if someone tries to log into 10 different accounts (whether or not they actually exist in VPOP3) within 30 minutes, then VPOP3 will block access from that IP address for 30 minutes (assuming the settings in the screenshot).

The Monitor logins period tells VPOP3 how long it should monitor login attempts over. If this is set to 30 minutes, then a failed login attempt that was made 31 minutes ago is not counted.

The Failed login threshold tells VPOP3 at what point it should block an IP address. So, if this is set to 10, then when the 10th failed login attempt is made from an IP address, that IP address will be blocked.

The Failed login block time tells VPOP3 how long it should block a suspicious IP address for.

VPOP3 will add blocked IP addresses into a Block List and it will check a Never Block List before blocking an address, so that those IP addresses are never blocked. This facility uses the same Block and Never Block lists that the SMTP IPS system uses

The Manage Block List button shows a window containing the IP addresses which are currently blocked, and telling you when they were blocked, and when the block expires. If you double-click on an address, it will tell you why that address was blocked. You can select an address and press the Delete button to remove the address from the list. You can manually add entries to the Block List by typing them in the Address box at the bottom of the window, entering the time to block the message for into the Period box, and pressing the Add button. You cannot block an address for ever, but you could enter 99999999 minutes into the Period to block the address for nearly 200 years. The Address you enter can be in CIDR format, eg 123.123.123.0/24.

The Manage Never Block List button shows a window containing the IP addresses which VPOP3 is never to block. These would usually be internal or trusted IP addresses. You can select an address and press the Delete button to remove the address from the list. You can manually add entries to the Never Block List by typing them in the Address box at the bottom of the window, and pressing the Add button. The Address you enter can be in CIDR format, eg 192.168.1.0/24.

The View Event Log button will show a window containing the most recent failed login attempts, and where they are coming from. If your VPOP3 is accessible from the Internet (to allow remote access) it is not uncommon for there to be lots of failed login attempts here (especially from spammers attempting SMTP logins). Generally it is not worth getting too worried about as long as your users' passwords are relatively secure.

If you think this help topic could be improved, please send us constructive feedback