Please enable JavaScript to view this site.

MDaemon Email Server 24.5

Navigation: » No topics above this level «

Security Menu

Scroll Prev Top Next More

MDaemon is equipped with an extensive suite of security features and controls. Click Security on MDaemon's menu bar to reach the following security features:

Health Check — This page provides a convenient list of important security settings consolidated onto a single page, and it displays each setting's current value and its default value. Where those values differ, the setting is highlighted so that the Global Administrators can quickly review those particular settings. If desired, admins can select any of those settings to change back to their default values, or they can click a link next to any setting to jump to the page where that setting is located. In addition, admins can easily undo the most recent change made on the Health Check page. They can also view previous changes made during the current browser session, and then undo specific changes. Note: This option is only available in the MDaemon Remote Administration (MDRA) web-interface.

AntiVirus — MDaemon AntiVirus can help you stop email-borne computer viruses by providing the highest level of integrated protection available for MDaemon customers. It will catch, quarantine, repair, and/or remove any email message found to contain any virus. AntiVirus also contains a feature called Outbreak Protection, which can be used to protect you from certain spam, phishing, and virus outbreaks that can sometimes be missed by the other traditional, content and signature-based security measures.

Content Filter — a highly versatile and fully multi-threaded Content Filtering system makes it possible for you to customize server behavior based on the content of incoming and outgoing email messages. You can insert and delete message headers, add footers to messages, remove attachments, route copies to other users, cause an instant message to be sent to someone, run other programs, and much more.

Spam Filter — uses spam filtering technology to heuristically examine email messages in order to compute a "score". This score is used to determine the likelihood of a message being spam. Based on that determination the server can then take certain actions such as refusing or flagging the message. See also: Spam Traps

DNS Block Lists —allows you to specify several DNS block listing services that will be checked each time someone tries to send a message to your server. If the connecting IP has been listed by any one of these hosts, the message will be refused.

Relay Control — used to control what MDaemon will do when a message arrives at your mail server that is neither from nor to a local address.

IP Shield — if a domain name specified in this list attempts to connect to your server, its IP address must match the one that you have assigned to it.

Reverse Lookup — MDaemon can query DNS servers to check the validity of the domain names and addresses reported during incoming messages. Controls on this screen can be used to cause suspicious messages to be refused or a special header inserted into them. Reverse Lookup data will also be reported in the MDaemon logs.

POP Before SMTP — the controls on this screen are used to require each user to first access his or her mailbox before being allowed to send a message through MDaemon, thus authenticating that the user is a valid account holder and allowed to use the mail system.

Trusted Hosts — domain names and IP addresses that will be considered as exceptions to the relay rules listed on the Relay Control screen.

SMTP Authentication — used for setting several options that denote how MDaemon will behave when a user sending a message to MDaemon has or has not been authenticated first.

SPF — Most domains publish MX records to identify the machines that may receive mail for them, but this doesn't identify the locations allowed to send mail for them. Sender Policy Framework (SPF) is a means by which domains can also publish "reverse MX" records to identify those locations authorized to send messages.

DomainKeys Identified Mail — DomainKeys Identified Mail (DKIM) is an email verification system that can be utilized to prevent spoofing. It can also be used to ensure the integrity of incoming messages, ensuring that the message hasn't been tampered with between the time it left the sender's mail server and arrived at yours. This is accomplished by using an encrypted public/private key pairs system. Outgoing messages are signed using a private key and incoming messages have their signatures verified by testing them with the public key published on the sender's DNS server.

Certification — Message Certification is a process by which one entity vouches for or "certifies" the good email conduct of another entity. The Certification feature is beneficial because it can help ensure that messages will not be erroneously or needlessly subjected to unwarranted spam filter analysis. It can also help lower the resources required to process each message.

Sender Block List — lists addresses that are not allowed to send mail traffic through your server.

IP Screen — used to designate IP addresses from which you will allow or refuse connections to your server.

Host Screen — used to designate hosts (domain names) from which you will allow or refuse connections to your server.

Dynamic Screening — Using Dynamic Screening, MDaemon can track the behavior of incoming connections to identify suspicious activity and then respond accordingly. You can block an IP address (or range of addresses) from connecting when it fails authentication a specified number times within a specified amount of time. You can also block the accounts attempting to authenticate when they fail too many times too quickly.

SSL & TLS — MDaemon supports the Secure Sockets Layer (SSL) protocol for SMTP, POP, and IMAP, and for Webmail's web server. SSL is the standard method for securing server/client Internet communications.

Backscatter Protection — "Backscatter" refers to response messages that your users receive to emails that they never sent. This occurs when spam messages or messages sent by viruses contain a Return-Path address that is forged. Backscatter Protection helps prevent this by ensuring that only legitimate Delivery Status Notifications and Autoresponders get delivered to your accounts, by using a private key hashing method to generate and insert a special time-sensitive code into the Return-Path address of your users' outgoing messages.

Bandwidth Throttling — the Bandwidth Throttling feature makes it possible for you to police the consumption of bandwidth used by MDaemon. You can control the rate at which sessions or services progress, setting different rates for each of MDaemon's major services on a per-domain basis, including Domains and Domain Gateways.

Tarpitting — makes it possible for you to deliberately slow down a connection once a specified number of RCPT commands have been received from a message's sender. This is to discourage spammers from trying to send unsolicited bulk email to you. The assumption behind this technique is that if takes spammers an inordinately long period of time to send each message then that will discourage them from trying to do so again in the future.

Greylisting — Greylisting is a spam-fighting technique that exploits the fact that SMTP servers retry delivery of any message that receives a temporary (i.e. "try again later") error code. Using this technique, when a message arrives from a sender not on the allow list or otherwise previously unknown, its sender, recipient, and sending server's IP address will be logged and then the message will be refused by Greylisting with a temporary error code during the SMTP session. Then, when the legitimate servers attempt to deliver the messages again a few minutes later, they will be accepted. Because spammers do not typically make further delivery attempts, Greylisting can significantly help to reduce the amount of spam your users receive.

LAN IPs — use this screen to list IP addresses that reside on your LAN (local area network). These IP addresses are therefore treated as local traffic for the purposes of bandwidth throttling, and may be exempt from various other security and spam prevention restrictions.

Site Policy — used for creating a site policy to be transmitted to sending servers at the beginning of every SMTP mail session. An example of a common site policy is, "This server does not relay."