Make antihammering system more suitable for intranet use

[HVGS]

We use the webmail function for 900 student accounts.

These are accessed at school and away from school.

The current anti hammering is a good security feature for internet access but has a major flaw for intranet use.

If a student gets there password wrong on a school computer then the IP address of that computer is banned.

This effectively kills webmail access for all users from this computer for the ban time.

An option to lockout the account rather than lock the IP would be useful especially if it could be selected for certain IP ranges.

Ideally I like would like to retain the current system for internet ip addresses and account lockout for intranet use

Even better if you ever get active directory authentication working then it would depend on the domain controller lockout policy for intranet access.

Thanks
Phil

[Code Crafters]

I have forwarded your suggestion for consideration in a future update. IP based security such as anti-hammering is always a problem when connections all come via a central router on an Intranet making them all effectively the same IP. We may be able to add an IP safe list for anti-hammering to avoid this problem. We are also adding Active Directory authentication in version 3 due out next year and will look into something being done for authentication with this also.

For now, you will have to simply de-activate anti-hammering. However, if you run the latest version 2.63 and use the SPAM filtering wizard for medium level protection you will find that this is very effective. For maximum protection, also configuring Bayesian filtering (not done by wizard) using auto-learn from users training only can achieve 99.5% SPAM filtering when properly trained. We get over 1000 SPAM mails a day and rarely see one hit our Inbox.