MailEnable Professional Guide
Administration / Server configuration / Localhost - Policies
In This Topic
    Localhost - Policies
    In This Topic

    The Policies tab provides settings to lock out users after too many failed password attempts and prevent users from entering simple passwords.

     

    Setting

    Description

    Lock out user for one hour after

    Keeps track of mailbox authentication failures per hour.  When the number of failed attempts is reached, from any mail service, the mailbox will be locked out for 1 hour. Valid authentication attempts do not affect the number of attempts. You are able to unlock a mailbox by opening its properties in the administration program - if it is blocked a button will be shown allowing you to unblock. This lock out option does allow invalid users to lock out valid users from their account (by trying incorrect credentials). Valid users can also lock themselves out if they try to authenticate with the incorrect password. Because of these two limitations it is recommended to avoid this option and use the Enable Abuse Detection and Prevention option instead.

    Enforce password policy

    When an administrator creates an account or a user changes a password, the password must meet the password complexity requirements that are enabled. Existing passwords are not affected by enabling this option. So if you have users with a simple password they will still be able to log in. Use the Check existing passwords button to find these mailboxes. There are some policies which are always enforced on password changes when this option is enabled. These are:

    • Passwords cannot include the mailbox name or the postoffice name.
    • Password cannot include the word password.
    • Password cannot be pass or test.

    Other password policies are then enabled as you wish. You can use the Check existing passwords button to produce a list of all the mailboxes which fail to meet the password requirements.
    Enable abuse detection and prevention IP addresses will be temporarily blocked if they appear to be trying to guess a password. Blocked IP addresses will be held in cache memory for hour. In order to release the blocked IP's from memory the respective service needs to be restarted, or the Unblock IP Address button can be used to remove an address. If an IP address is whitelisted under the SMTP options then it will not be blocked. If an IP address is just trying to use the same username/password over and over it will not be blocked, as it is just assumed to be an incorrectly configured client account.

     

     

     

    © MailEnable Pty. Ltd. All Rights Reserved.