Hexamail Nexus Administration Guide - Advanced Authentication - Authentication

Authentication

Authentication Options

Authentication

   Authentication

Secure Authentication
This restricts the AUTH mechanisms that are allowed for clients connecting over unencrypted channels. Some AUTH mechanisms transmit passwords in an insecure way. You can restrict these mechanisms to only be allowed over secured channels such as SSL or TLS
Example interface
On/Off
false
Allowed Methods
This restricts the AUTH mechanisms that are allowed for clients. It requires a service restart to change the available mechanisms. Note DIGESTMD5 is now obsoleted by RFC5802 - Salted Challenge Response Authentication Mechanism (SCRAM) with reasons mentioned in RFC6331
Example interface
On/Off
PLAIN,LOGIN,NTLM,CRAMMD5
PLAIN+NTLM
Host
The hostname used for Authentication, e.g. mycomputer
Example interface
<hostname>
Domain
The domain used for Authentication, e.g. domain.com
Example interface
<domain>
FQDN
The FQDN used for Authentication, e.g. mail.domain.com
Example interface
<FQDN>

   Password Hacking

Action to take
You can automatically close the connection and optionally block the IP for clients that fail authentication
Example interface
Off, Close Connection, Block IP
Off
Maximum Invalid Auths
This is the maximum number of invalid authentication attempts allowed
Example interface
1 - 64
6
3
Block IPs that try to authenticate if disabled
Automatically block clients temporarily if they try to authenticate and authentication is disabled
Example interface
On/Off
Off