If you do not plan to support mobile users, you may want to restrict access to the Server accounts. Use the following option on the Client IP Addresses page:
Logins From Non-Client Addresses: When the "prohibit" option is selected, all "login" operations (needed for POP, IMAP, SIP, XMPP, WebUser Interface, ACAP, PWD, etc.) are accepted only from the Server computer itself, and from the Client IP Addresses.
When an access module accepts a connection from an unlisted network address, and this option is selected, the module sends an error code to the client application, and the connection is closed immediately. Links with the rest of the Internet will be used only for mail Transfer, Real-Time Signals exchange, and for HTTP access to Account File Storage.
When this option is selected, the SMTP AUTH operation can be used only if a client mailer or server connects from the network address included into Client Addresses list.
When this option is selected, any Signaling operation that requires authentication can be used only if a client device or server connects from the network address included into Client Addresses list.
Note: Before you enable this option, make sure that the network address you are currently using is included into the Client Addresses list: otherwise you will immediately lose HTTP Admin access to the Server.
You can also specify the access restrictions on the lower (TCP) connection level. For each service (module), open the Listener page and specify the addresses the service (module) should or should not accept connections from. If a connection comes from an address that is not included into the Grant list or is included into the Deny list, the connection is closed immediately, and no module-level operations are performed.