Grabit Campaign Spead via Phishing Attacks Spies on SMBs

There’s a new phishing campaign with a payload of malware that’s been targeting small and mid-sized businesses in Thailand, India, and the United States, as well as a few companies in Israel, Germany, and Canada. Messages sent in this campaign contain a malicious attachment disguised as a Microsoft Word document. When opened, this file loads the HawkEye keylogger software and other remote administration tools to spy on the machine, take control of it, and steal data and files. So far, thousands of passwords, emails, and usernames have been stolen from almost 5000 hosts. Data has been stolen from Outlook, Facebook, Skype, Gmail, Pinterest, Yahoo, LinkedIn,  and Twitter, as well as bank accounts. To combat this threat, update your antivirus definitions, and make sure all software patches are up-to-date.

Click here to read the original article on the Grabit phishing campaign, posted on ZDNet.

One of the key points to take away from this is that email security is not just a mail server administrator’s job. In addition to configuring the mail server to filter out as much spam, malware, phishing attempts, and viruses as possible, end users must also understand how to recognize spam, phishing attempts, and malicious attachments. Administrators need to educate their users on how to identify these threats. For a review on how to recognize these tactics and how to keep your network safe from email-borne threats, check out my post “Email Safety Tips for End Users.”

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Using Auto-Complete with Multiple Domains in WorldClient

WorldClient (MDaemon’s webmail client) includes an auto-complete feature that allows entries in the To: and CC: fields to pre-populate with suggested names & addresses that match the characters you enter as you type. This works when sending mail to local or non-local domains. When hosting multiple domains in MDaemon, steps can be taken to allow this auto-complete feature to populate entries from other MDaemon-hosted domains.

WorldClient’s auto-complete feature will display email addresses that are in any contact list accessible by the user. By default, for each account created MDaemon creates an entry in the public folder for the domain that account was created in. By default this public folder is located at C:/MDaemon/Public Folders/example.com.IMAP/Contacts.IMAP. Also, by default, the public folder of the domain a user is a member of is accessible by that user, so any accounts on the domain to which the user belongs will appear in his WorldClient auto-complete list.

If you want members of other domains to appear in that user’s auto-complete list, grant that user “lookup” and “read” rights to the public “contacts” folders of those domains (located at C:/MDaemon/Public Folders/example.com.IMAP/Contacts.IMAP). You can reach this setting by clicking on “Setup” | “Public Folder Manager.” Click on the folder you wish to update, and then click on “Edit ACLs.”

Folder Access Control
Click “Edit ACLs” to edit folder permissions

To make the contacts lists for all domains on your MDaemon server accessible by all users, in the access control list (“ACL”) for each public contacts folder on your domain, change the rights for “Built-In (anyone)” by highlighting it and clicking on the Edit button.

Shared folder access control list
Click to edit folder access control list

Select at least the “lookup” and “read” checkboxes below.

Shared Folder Permissions
Check the box for each access level

By doing this, you will grant all users on all domains on your MDaemon server permission to view the public contacts for all domains on your MDaemon server. This means that the MDaemon auto-complete feature should display all of the users on all domains on your MDaemon server.

In addition to applying to all public contacts to which a user has access, auto-complete can be configured to work with all addresses to which a user sends an email message. This works by placing an entry for each address in the spam filter white-list, so be careful with this setting because not only will these addresses appear in auto-complete in WorldClient; they will also not be counted as spam (or more precisely, their spam scores will be lowered – per settings under the Spam Filter | Settings screen). When the spam filter’s auto-whitelist feature is configured, addresses that are added to the spam filter white list will be added to the following folder:

C:/MDaemon/Users/example.com/user/WhiteList.IMAP
Thus, because the user has access to this whitelist folder by default, the entries contained within the folder will also be used for WorldClient’s auto-complete feature.

If you have questions, let us know via the Comments section below!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Have you Changed Your Domain? Make sure Users Still Receive Email on their Old Domain.

When a company changes its name, the company’s domain name often changes as well. Not only does this affect the URL for the company’s website, but also the email addresses of the company’s employees. As a result, email messages often get sent to email addresses using the old domain until all parties involved have been notified of the domain change. This can lead to bounce-back messages and delays in important business correspondence. To ensure that all messages sent to the old domain are still delivered to their intended recipients, we recommend setting up a domain alias. In this video, we show you how this is done using MDaemon and SecurityGateway.

Don’t let important messages get lost due to domain changes. Setting up domain aliases can help ensure that business correspondence is maintained during transition.

If you’d like more information on MDaemon or SecurityGateway, then visit our Products page. If you have questions about domain aliases, please leave us a comment below.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Incoming Email by Country

Are you receiving a lot of inbound email to MDaemon or SecurityGateway from a particular country?

Does your company do business with this country?

Do your email users only need to send and receive email within your own country?

If you run a small business and all of your clients and suppliers are local, then chances are you’re not going to be sending email to certain countries across the globe. Depending on the type of business, companies may want to block all incoming connections from these countries. This is especially useful because a lot of international email traffic contains spam, malware, phishing attempts, and viruses. Taking the time to deal with these types of messages can lead to lost productivity.

There’s an easy way to block these connections. In this video, I show you how to block mail by originating country using the DNS-BL features in MDaemon and SecurityGateway.

If you’d like more information on MDaemon’s security features, then visit the Email Security link under our MDaemon product page.

Click here to learn more about SecurityGateway’s security features.

Visit the Downloads page on our website to download a free trial, and please leave us a comment below if you have questions or would like more information.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Outlook Connector 3.5 is Now Available

Today, we released Outlook Connector 3.5. Outlook Connector provides groupware sharing & collaboration capabilities (calendars, contacts, tasks & notes) for Outlook users using MDaemon as the mail server platform. The following changes and new features have been added:

  • An option to use IMAP STARTTLS has been added to the Advanced page of the Outlook Connector account configuration dialog.  Previously this option was only available for SMTP.  The “Use Persistent Connection” option has been removed from the GUI but can still be set in the config.xml file if needed.
  • Outlook Connector now uploads copies of sent messages to the server in temporary IMAP connections, allowing them to complete in the background without blocking  other operations in the Outlook UI.
  • Outlook Connector trial keys are now sent via email and must be entered into the installer to continue.  The trial period is 30 days.

There have also been various fixes and other improvements. For a complete list of new features and improvements, you can read the Outlook Connector release notes.

Visit our Outlook Connector product page to download Outlook Connector.

If you’re just getting started with Outlook Connector and would like more information on installing and configuring it for optimal performance, then visit the How-to – Quick-Start Guides section of our Literature page for helpful setup guides.

If you’d like to see Outlook Connector in action, then check out our webinar on YouTube.

If you’d like more information or have any questions, please let me know via the Comments section below.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •