Hexamail Server Administration Guide - Advanced Authentication - Authentication

Authentication

Authentication Options

Authentication

Authentication

Secure Authentication

This restricts the AUTH mechanisms that are allowed for clients connecting over unencrypted channels. Some AUTH mechanisms transmit passwords in an insecure way. You can restrict these mechanisms to only be allowed over secured channels such as SSL or TLS

Example interface:

Example interface

Options:On/Off

Default:false

Allowed Methods

This restricts the AUTH mechanisms that are allowed for clients. It requires a service restart to change the available mechanisms. Note DIGESTMD5 is now obsoleted by RFC5802 - Salted Challenge Response Authentication Mechanism (SCRAM) with reasons mentioned in RFC6331

Example interface:

Example interface

Options:On/Off

Default:PLAIN,LOGIN,NTLM,CRAMMD5

Example:PLAIN+NTLM

Host

The hostname used for Authentication, e.g. mycomputer

Example interface:

Example interface

Default:<hostname>

Domain

The domain used for Authentication, e.g. domain.com

Example interface:

Example interface

Default:<domain>

FQDN

The FQDN used for Authentication, e.g. mail.domain.com

Example interface:

Example interface

Default:<FQDN>

Password Hacking

Action to take

You can automatically close the connection and optionally block the IP for clients that fail authentication

Example interface:

Example interface

Options:Off, Close Connection, Block IP

Default:Off

Maximum Invalid Auths

This is the maximum number of invalid authentication attempts allowed

Example interface:

Example interface

Range1 - 64

Default:6

Example:3

Block IPs that try to authenticate if disabled

Automatically block clients temporarily if they try to authenticate and authentication is disabled

Example interface:

Example interface

Options:On/Off

Default:Off