SUMMARY
By default the abuse detection in MailEnable will block a maximum of 200 different IP addresses for an hour, if they try to authenticate incorrectly more than 10 times within an hour. Abuse detection keeps the list of IP addresses in memory, and it is service based, so a connection blocked for POP can still access SMTP. The only way to clear a blocked IP address is to either restart the affected service, or wait long enough that there has been less than 10 attempts in the last hour (so a maximum time of an hour is needed). You are able to prevent an IP address from being blacklisted by entering it into the SMTP whitelist.
DETAIL
The following registry keys can be used to adjust these default values. The registry keys need to be added if they do not exist. The abuse intance threshold is the number of times abuse happens before the IP is blocked. The abuse instance maximum age option is the number of seconds to keep the block for. The blocks are per service, so someone abusing IMAP is not blocked from POP, and can only be cleared by waiting the hour or restarting the relevant service.
For 64bit Windows
servers:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail
Enable\Security]
"Abuse Instance Threshold"=dword:0000000a
"Abuse Instance
Maximum Age"=dword:00000e10
For 32bit Windows
servers:
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail
Enable\Security]
"Abuse Instance Threshold"=dword:0000000a
"Abuse Instance
Maximum Age"=dword:00000e10
Product: | MailEnable (Pro-4.X Pro-5.X Pro-6.X Ent-4.X Ent-5.X Ent-6.X) |
Category: | Other |
Article: | ME020610 |
Module: | General |
Keywords: | abuse,detection,lockup,block,IP |
Class: | HOWTO: Product Instructions |
Revised: | Wednesday, May 4, 2016 |
Author: | MailEnable |
Publisher: | MailEnable |