IceWarp has a built-in security system that includes, among others:
- Intrusion Prevention System (IPS) that can block IP addresses performing suspicious activities.
- Password policy that helps to improve your security against spam attacks.
If a user selects too difficult password and exceeds the number of login attempts, his IP address will be temporarily blocked by IPS. On the contrary, if a user selects a simple password, it can be easily compromised.
In this article, we will explain how to remove a trusted IP address from the list of blocked addresses and how to reduce spam quantity with a properly configured password policy.
Intrusion Prevention System (IPS)
IPS is a part of a security system that can be customized according to your needs. IPS introduces a number of rules that mostly do not affect authenticated users. It efficiently protects against spammers' DDoS attacks, blocks traffic from IP addresses and domains that are associated with malicious or suspicious activity and detects vulnerability exploits.
To customize IceWarp IPS:
- Go to Remote Console -> Mail -> Security -> Intrusion Prevention tab.
- Set values in the field you want to apply in the IPS. See our documentation to find out more about IPS settings.
- If you have trusted IP addresses that do not need to be checked by IPS, add them to the bypass file B (1)
- To find the blocked IP addresses, click Blocked IPs... (2)
How to unblock IP address
You can unblock trusted IPs.
- To access the list of blocked addresses, click Blocked IPs...(2) see the screenshot above.
- Select the IP and click Remove.
- You can also click Remove to unblock all IP addresses in the list.
Intrusion Prevention Reason Codes
In the Spam Queues or SMTP logs, you can find a reason code that explains the reason why a certain IP address was blocked. Check the IPS reason codes table to see the meaning of the reason code.
Reason Code |
Explanation |
---|---|
C |
Tarpitting invoked via Content Filters |
I |
IP blocked for exceeding connections in one minute |
M |
IP blocked for delivering the oversized message |
R |
IP blocked for exceeding RSET command count |
D |
IP blocked for being listed on DNSBL |
A |
The account that this message was sent to was a "tarpit" account, so the sending IP is tarpitted |
P |
IP blocked for exceeding unknown user delivery count |
Y |
IP blocked for relaying |
S |
IP blocked for exceeding spam score in a message |
U |
IP blocked manually via IceWarp Server's console |
L |
IP blocked for too many failed login attempts |
Password Policy
Password policy allows the unifying of the properties of the passwords generated across the whole organization.
We recommend configuring the password policy to prevent users from creating easily compromised passwords.
To set the password policy:
- Go to Remote Console ->Domain & Accounts -> Policies.
- Check Activate to turn on the password policy. It will be applied to all domain accounts.
- Set minimal password length, number of digits, special symbols, alphabet characters, and capital letters in the password.
- To send the password expiration, check Active and enter the number of days the password is valid. Enter the number of days the users will be notified about the password expiration.
Note: If you configure a password policy to implement it for existing users, set the expiration date of their passwords to notify them about the new password policy. To customize the notification message, click Custom Notification Message File... and enter text. |
Comments
0 comments
Article is closed for comments.