MDaemon Remote Administration
Remote Administration is disabled
Choose this option to disable Remote Administration. You can also toggle Remote Administration active/inactive from the File menu, or from the Servers section of the Stats frame on the main MDaemon GUI.
Remote Administration runs using built-in web server
Choose this option to run Remote Administration using MDaemon's built-in web server. You can also toggle Remote Administration active/inactive from the File menu, or from the Servers section of the Stats frame on the main MDaemon GUI.
Remote Administration runs using external web server (IIS, Apache, etc)
Choose this option when you wish to run Remote Administration under Internet Information Server (IIS) or some other web server instead of MDaemon's built-in server. This prevents certain GUI elements from being accessed which might otherwise cause conflicts with your alternate server.
For more information, see Running Remote Administration under IIS.
Remote Administration server uses TCP port
This is the port on which Remote Administration will listen for connections from your web browser. The default port is 1000.
Sessions expire after xx inactive minutes
When you are logged in to Remote Administration, this is the amount of time that your session is allowed to be inactive before Remote Administration will close it. The default is 15 minutes.
Security Settings
Note: The options in this section are available in the MDaemon Remote Administration (MDRA) web-interface.
Use Cross-Site-Request-Forgery tokens
By default, Cross-Site-Request-Forgery (CSRF) tokens are used for more secure transactions, to prevent CSRF attacks.
Allow users to view passwords being typed
By default, users can click an icon to view the password characters they are typing when signing in to the remote administration web interface. Clear this checkbox if you do not wish to allow that.
Allow WebAuthn at Sign-In
Check this box if you wish to allow MDRA users to sign in utilizing the Web Authentication API (also known as WebAuthn), which gives them a secure, passwordless sign-in experience, by allowing them to use biometrics, USB security keys, Bluetooth, and more for authentication. WebAuthn is allowed by default.
Allow WebAuthn for Two Factor Authentication
Check this box if you wish to allow MDRA users to utilize the Web Authentication API (also known as WebAuthn) for two factor authentication. WebAuthn allows users to use biometrics, USB security keys, Bluetooth, and more for authentication. WebAuthn is allowed by default for two-factor authentication.
|
For security, you cannot use the same authentication method for both passwordless sign-in and two factor authentication. Therefore if you wish to use both passwordless authentication and two factor authentication, choose a different authentication method for each. Visit: webauthn.guide, for more information on WebAuthn and how it works. |
Enable Remember Me
Check this box if you want there to be a Remember Me checkbox on the MDaemon Remote Administration (MDRA) sign-in page when users connect via the https port. If users check this box at sign-in, their credentials will be remembered for that device. Then any time they use that device to connect to MDRA in the future they will be signed in automatically, until such time that they manually sign out of their account or their Remember Me token expires. The Remember Me option is disabled by default.
Expire Remember Me tokens after this many days
Use this option to designate the number of days that your users' credentials will be remembered. By default credentials are remembered for a maximum of 30 days before a user is forced to sign in again. This option can be set to a maximum of 365 days. Note: Two-Factor Authentication (2FA) has its own Remember Me expiration key (TwoFactorAuthRememberUserExpiration=30), located in the [Default:Settings] section of the Domains.ini file, located in the \MDaemon\WorldClient\ folder. Therefore 2FA will again be required at sign-in when the 2FA Remember Me token expires, even if the regular token is still valid.
Reset Remember Me
Click this button if you suspect that an account may have had a security breach. This will reset the Remember Me tokens for all users, causing them to have to sign-in again.
|
Because Remember Me allows users to have a persistent login on multiple devices, users should be discouraged from using it on public networks. |
Miscellaneous Settings
Use cookies to remember logon name and other properties
By default the Remote Administration interface uses cookies so that the user's browser can remember the user's login name and other properties. Disable this checkbox if you do not wish to use cookies. Using this feature gives users a more customized login experience but requires that they have support for cookies enabled in their browser.
Require IP persistence throughout remote administration session
As an added security measure you can click this checkbox to cause Remote Administration to restrict each session to the IP address from which you connected when the session began. Thus, no one can "steal" the session since IP persistence is required. This configuration is more secure but could cause problems if you are using a proxy server or Internet connection that dynamically assigns and changes IP addresses.
Stop Remote Administration when MDaemon stops
Click this option if you want Remote Administration to be shut down whenever MDaemon is shut down. Otherwise, Remote Administration will continue to run in the background.
Use HTTP Compression
Click this check box if you want to use HTTP compression in your Remote Administration sessions.
Notify of new releases on Logon page
By default you will be notified on the Sign-in page when a new MDaemon release is available. Uncheck this box if you do not wish to be notified there. Note: This option is available in the MDaemon Remote Administration (MDRA) web-interface.
Send anonymous usage data
By default MDaemon's Remote Administration web client sends anonymous, benign usage data such as: the OS used, browser version used, language, and the like. This data is used by MDaemon Technologies to help us improve Remote Administration. Disable this option if you do not wish to send anonymous usage data.
X-Forwarded-For header
Click this checkbox to enable the use of the X-Forwarded-For header, which is sometimes added by proxy servers. This option is disabled by default. Enable it only if your proxy server inserts this header.
Enable Remember Me
Check this box if you want there to be a Remember Me checkbox on the Remote Administration sign-in page when users connect via the https port. If users check this box at sign-in, their credentials will be remembered for that device. Then any time they use that device to connect in the future they will be signed in automatically, until such time that they manually sign out of their account or their Remember Me token expires.
By default, user credentials are remembered for a maximum of 30 days before the user is forced to sign in again. If you wish to increase the expiration time then you can do so by changing the value of the Expire Remember Me tokens after this many days option in the MDaemon Remote Administration (MDRA) web-interface. You can also change it by editing the RememberUserExpiration=30 key in the [Default:Settings] section of the Domains.ini file, located in the \MDaemon\WorldClient\ folder. The expiration value can be set to a maximum of 365 days. Note: Two-Factor Authentication (2FA) has its own Remember Me expiration key (TwoFactorAuthRememberUserExpiration=30), located in the [Default:Settings] section of the Domains.ini file, located in the \MDaemon\WorldClient\ folder. Therefore 2FA will again be required at sign-in when the 2FA Remember Me token expires, even if the regular token is still valid.
The Remember Me option is disabled by default.
|
Because Remember Me allows users to have a persistent login on multiple devices, users should be discouraged from using it on public networks. Further, if you ever suspect that an account may have had a security breach, in MDRA there is a Reset Remember Me button that you can use to reset Remember Me tokens for all users. This will require all users to sign-in again. |
Remote Administration URL
This is the URL that Webmail will use internally when users click the Advanced Settings link to edit their account settings via Remote Administration. If you are running Remote Administration with the built-in web server, then leave this field blank. If you are using an alternate web server such as IIS, and you have configured Remote Administration to run at an alternate URL or IP address, then specify that URL here.
Bind Remote Administration's web server to these IPs only
If you wish to restrict the remote administration server to only certain IP addresses, specify those addresses here separated by commas. If you leave this field blank then Remote Administration will monitor all IP Addresses that you have designated for your Domains.
Restart Remote Administration (required when port or IIS value changes)
Click this button if you wish to restart the remote administration server. Note: when changing the port setting you must restart Remote Administration in order for the new setting to be recognized.
Edit Mailing List Admins
Click this button if you wish to open the mailing list administrators file to view or edit it.
See:
Running Remote Administration under IIS
