Is spam being sent out from a local machine on your network? Follow these steps to track down a spambot.

Has this happened to you? Let’s say you’re the MDaemon administrator for your company, and you’ve noticed that somewhere, somehow, spam messages are being sent from within your network. Perhaps one of your PCs has been compromised. What do you do? Here are some tips to help you track the issue down.

First, make sure you have the option “Authentication is always required when mail is from local accounts” enabled (Security | Security Settings | SMTP Authentication). Also enable “Credentials used must match those of the return-path address” and “Credentials used must match those of the From header address.” Then, make sure “…unless message is sent to a local account” is unchecked to prevent intra-domain spam (between local domain users).

SMTP Authentication in MDaemeon
Make sure the appropriate boxes are checked to require SMTP authentication

Next, find out if the spam messages are coming in from an authenticated session. To do this, locate one of the spam messages & open it up in Notepad to view its headers (or you can open it in Queue & Statistics Manager). Does the message have an X-Authenticated-Sender header? It will look something like this:

X-Authenticated-Sender: SpammerUser@example.com

If this header is present, then that is the user who authenticated to send the message. The first thing you should do in this case is to change the account’s password via the Accounts menu in MDaemon. Even if the spamming is going through the user’s mail client, until you give the user the new password and they update their mail client the authentication credentials will be rejected and the spamming will be temporarily stopped.

In newer versions of MDaemon, we’ve added Account Hijack Detection, which will automatically disable an account if it sends a specified number of outbound messages via an authenticated session in a given period of time. We recommend enabling this feature. In MDaemon, it’s located under Security | Security Settings | Screening | Hijack Detection.

Account Hijack Detection
Account Hijack Detection

The next step is to look at the Received headers. Find the one where the message was received by your server. Here is an example of what this header would look like:

Received from computer1 (computer1@example.com (192.198.1.121) by example.com (MDaemon PRO v17) with ESMTP id md50000000001.msg for <UserWhoWasSpammed@example.com >, Fri, 13 Sep 2016 21:00:00 -0800

Find the connecting IP (192.198.1.121) in the above example. This is the machine that is sending out spam. Locate that machine to deal directly with the spambot on that machine.

If the message wasn’t authenticated or wasn’t sent from your local network, locate the Message-ID header and copy that value.

Message-ID: <123.xyx.someone@example.net>

Then open the MDaemon SMTP-IN log that covers the time when that message was received by MDaemon (based on the timestamp in the received header) and search for that Message-ID in the log (in the 250 response line when the message is accepted):

Thu 2016-09-12 20:00:00: –> 250 Ok, message saved <Message-ID: <123.xyx.someone@example.net>>

Look at the rest of transaction and see why the message was accepted/not rejected – spam score, DNSBLs, etc.

Also, if your external domain is listed in the Trusted Hosts list (Security | Security Settings | Trusted Hosts), try removing it from this list.

Check back often for more tips & tricks!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New MDaemon Collaboration Feature: Send & Receive DropBox Files with WorldClient

In MDaemon 17, we added support for DropBox integration for WorldClient, MDaemon’s web-based email client. Now, users can easily save attachments in inbound messages to their DropBox account, or insert links to their DropBox files in outbound attachments. Because files are stored in DropBox and not on the mail server, disk space and bandwidth are reduced.

We’ve put together the following tutorial video to help you get started with WorldClient’s DropBox file sharing features.

Step-by-step instructions can be found in the following knowledge base article:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1166

If you’re not yet an MDaemon user, visit the MDaemon product page to see what you may be missing!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Open Protocol (XMPP/Jabber) Support Provides More Instant Messaging Choices for MDaemon Users

In today’s connected society, users demand instant access to open channels of Chat-bubblescommunication. For years, MDaemon has offered instant messaging via WorldClient Instant Messenger. Formerly known as ComAgent, WorldClient Instant Messenger has evolved to support open protocol (XMPP/Jabber) for instant messaging, giving users more choices over what instant messaging client to use.

What exactly is XMPP & why should I care?

XMPP is a communication protocol based on XML that powers a wide range of applications. It is based on open standards and offers greater flexibility and choice for its users. XMPP supports secure communications via SSL, and a wide variety of XMPP clients for Windows, MacOS, Linux, iOS, Android, BlackBerry, and Nokia devices. There’s even a DOS/Command-line client for die-hard DOS purists. A complete list of XMPP clients can be found at xmpp.org.

Why is this important for MDaemon users and administrators?

In addition to greater choice for end users, other features that we’ve come to appreciate from the ComAgent years remain, including file transfer for end users and message logging for administrators.

How do I connect to MDaemon’s XMPP service with third-party chat clients?

The steps for each instant messaging client will vary, but the concepts for each are the same. You’ll need your email address, password, and the host name or IP address of your MDaemon server. I’ve created a tutorial video showing the configuration process for both MDaemon administrators and end users.

Want to learn more? We have some valuable resources in the following knowledge base article.

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1167

This is just one of many collaboration features found in the MDaemon Messaging Server. Download your free trial & start collaborating today!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New Feature: Email Health Check for Optimal Security Settings

Our latest version of MDaemon, MDaemon 17, comes packed with lots of new features for administrators and end users, including new password security, support for Let’sEncrypt, DropBox integration, message scheduling, and much more. Today, I’d like to demonstrate MDaemon’s new Health Check utility. With this handy new tool, administrators no longer have to go through each feature to verify that it’s configured for optimal security. This new tool will analyze all security-related settings, display each setting’s current value, its recommended value, and where that feature is located in the MDaemon interface. This tool offers administrators the flexibility to change all settings to their recommended value at the same time, or to select and change individual settings. In this tutorial video, I demonstrate how to use the new Health Check utility.

Need additional help? More guidance on the MDaemon Health Check utility can be found in this knowledge base article.

If you haven’t yet upgraded to MDaemon 17, check out the release notes and our previous blog post to see what you’re missing!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Easy Backup & Recovery with MDaemon

MDaemon’s user-friendly flat-file structure makes it easy to backup and recover your email messages, user accounts, security settings, and any other data stored in MDaemon. No extra Windows components or third-party applications are required, and you won’t have to navigate through any confusing dialog boxes to backup & recover your data. Backing up and restoring MDaemon is as easy as drag & drop. All you would need to do is map a drive letter from the MDaemon server to another drive on your network, then drag over the files you want to back up.

In this example, we’ve backed up our users’ email directories, our configuration files, and our mail queues.

MDaemon Backup FoldersIf you’ve accidentally deleted users, you can simply restore the Userlist.dat file, located in the MDaemon/App directory. In this example, let’s assume user01, user02 and user03 were all deleted.

MDaemon Users DeletedSimply drag the userlist.dat file from your backup back to the MDaemon/App directory, as shown here.

Userlist drag & dropAnd if email messages were deleted, they can easily be restored as well. Email messages are stored within the Users directory under the specific domain and user. Simply drag the .msg files from the backup to the User’s folder on the MDaemon server.

Restoring Email MessagesYou can do a lot more with MDaemon’s file structure, including restoring a user’s contacts when they were accidentally deleted, moving public folders, and much more.

Click here to learn more about MDaemon’s file structure.

If you’re new to MDaemon, visit our MDaemon product page to learn more!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Restricting Message Size for Everyone Except a Select Few Users in MDaemon

Recently, one of our customers asked the following question:

“How do I restrict messages to 2MB for inbound and outbound mail – for all users except a small group of users?”

In MDaemon, this can be done via the Content Filter (located under the Security menu). Simply follow these easy steps:

  1. Add the users who will not be subject to the size restriction to a group via Accounts | Groups & Templates.
  2. Go to Security | Content Filter and create a new rule.
  3. In the left-hand “Conditions” column, check the box “If MESSAGE SIZE is greater than.”
  4. In the right-hand “Actions” column, check the box “DELETE the message”, and also check the box “Send a NOTE 1 to.”
  5. In the bottom section, click on the blue text “is greater than 10K” and enter a value in KB (2000 KB, for example), and then click OK.
  6. Click on the blue text “Specify Information” next to “and send note 1.”
  7.  In the new window, enter $SENDER$ in the To field, adjust the subject if desired, and enter a message in the main window, such as “Sorry, your message has exceeded the allowed size limit.”
  8. Click OK to save your progress.
  9. Give your new rule a name in the “Name this rule” field at the top, and click OK to save the rule.
  10. Now, we need to create a new rule to skip the size limit rule for members of the group we created in Step 1. Click on New Rule.
  11. Give your rule a name.
  12. In the left-hand “Conditions” column, check the boxes “If SENDER is a member of GROUP” and “If RECIPIENT is a member of GROUP.”
  13. In the box below, click on the blue “specific group name” text for each item, and select the group you created in Step 1. Do not change the word “or” to “and.”
  14. In the right-hand “Actions” column, check the box “SKIP the next ‘n’ rules.”
  15. Click the blue text “Specify Information” in the bottom section, and verify that it has “1” specified under “Skip over how many rules?”
  16. Click OK.
  17. Save your new rule.
  18. Back on the main Rules screen, highlight the last rule you created, and click the “Move up” button to move it above the size limit rule we created previously.
  19. Click OK to exit the content filter.
Here are screenshots of these rules:

Screen1

Screen2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As a reminder, you can view our webinars and tutorial videos on our YouTube channel. Is there a topic you’d like to learn more about? Let us know in the comments section below!

 

 

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Encryption Options for Keeping Your Private Email Messages Safe

Email encryption options with MDaemonIs your company prepared for the next big data breach? According to a study by Ponemon Institute, which surveyed 567 executives in the United States on how prepared they think their companies are to respond to a data breach, the following findings were made:

  1. Most respondents believe their companies are not prepared to deal with the consequences of a data breach.
  2. Most companies have data breach response plans, but they are ineffective.
  3. Data breach response plans are often not effective because they are not reviewed in a timely manner.
  4. Data breach detection technologies are rarely deployed.

Also, consider these startling enterprise email security statistics from Virtru’s blog:

  1. 87% of senior managers upload business files to a personal email or cloud account.
  2. Email malware creation is up 26% year over year, with 317 million new pieces of malware created in 2014.
  3. Hackers targeted 5 out of 6 large companies using email attacks last year — an annual increase of 40%.
  4. Cybercrime has a 1,425% ROI.

With the proliferation of data theft and compromised systems, more companies are addressing data privacy concerns via a renewed focus on security and encryption technology.

To address these data privacy and security concerns, MDaemon administrators and users have three options for keeping confidential email messages and attachments secure – SSL/TLS, Virtru, and OpenPGP. When an email message is sent, SSL or TLS is used to encrypt the connection from the mail client to the server or from the sending mail server to receiving mail server. Virtru provides end-to-end message and attachment encryption, and OpenPGP provides server-side encryption and key management as well as client-side encryption (when used with an OpenPGP plug-in on the mail client).

Encrypting the Connection with SSL or TLS

When you use POP or IMAP to retrieve your email messages, your username and password are transmitted in clear-text across the internet. This means that anyone using the same network or wireless connection as you, or anyone who has access to internet traffic at your ISP, can potentially intercept your data and read your login credentials. A hacker with malicious intent can then read your email, steal confidential information, or send out thousands of spam messages from your account. Your email credentials are valuable to spammers because the success rate of their solicitations is much greater than if they had simply forged the return-path of the message (which is characteristic of most spam messages).

One method for preventing hackers from being able to “sniff out” private data that’s in transit over the network is to use SSL or TLS. SSL and TLS are methods for encrypting the connection between two mail servers (SMTP) or between the mail server & mail client (POP & IMAP). In other words, the communication channel is encrypted – not the email message itself. A good explanation of SSL can be found here: https://www.digicert.com/ssl.htm

Normally, SMTP traffic is sent from client-to-server or server-to-server over port 25, but if you’d like the SMTP connection to be encrypted using SSL, by default you can configure your mail client to send outbound SMTP traffic over port 465, and you can also configure MDaemon or SecurityGateway to use port 465. Likewise, the default POP3 SSL port is 995, and the default IMAP SSL port is 993.

This knowledge base article contains instructions for configuring SSL features for SMTP, POP, and IMAP for MDaemon.
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=841

This knowledge base article explains how to configure SSL features for SMTP & HTTP in SecurityGateway:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=481

When SSL or TLS is used, the data itself is not encrypted, but the connection is. If you’d like the data itself to be encrypted, then continue reading for how to encrypt email messages and attachments using Virtru and OpenPGP.

Client-Side Message & Attachment Encryption with Virtru

While SSL & TLS encrypt the connection, Virtru (included with MDaemon) encrypts the actual email message. Virtru provides end-to-end encryption – meaning the message is encrypted on the sending client and decrypted on the receiving client. Messages encrypted via Virtru are stored in their encrypted state on the server and cannot be decrypted without the proper keys. Virtru is included with MDaemon.

Click here for more information on Virtru.

Server-Side Message & Attachment Encryption with OpenPGP

With OpenPGP, messages are encrypted on the server, but they can also be encrypted on the mail client if an OpenPGP plug-in has been installed. The MDaemon administrator enables the OpenPGP features, creates public & private keys for users, and selects users who are allowed to use OpenPGP. Use the MDPGP configuration screen (located under the Security menu) to configure automatic encryption & key exchange, encryption key size and expiration, and to import keys. You can also create content filter rules to encrypt messages that meet specific criteria using OpenPGP.

This knowledge base article contains step-by-step instructions for enabling MDaemon’s OpenPGP features, configuring who can use it, and creating public & private keys for users.

Are These Features Easy to Use?

SSL and TLS are enabled by simply enabling the SSL ports on the mail server and configuring your mail client to use the SSL ports.

With Virtru, you’re up and running by simply enabling the feature in WorldClient. When you enable Virtru in WorldClient, your request is first sent to Virtru for processing. Within seconds, you’ll receive a pop-up message indicating that Virtru is now ready to start encrypting and decrypting your messages and message attachments. It’s that simple!

And for OpenPGP, options are available to help automate the encryption, decryption, and key import/exchange processes.

Conclusion

To recap, SSL & TLS can be used to help prevent eavesdropping on your email communication channel by encrypting the connection, while Virtru & OpenPGP can be used to help keep your email messages safe from unauthorized access by encrypting the actual email messages and attachments. Together, these security measures help to ensure that your confidential business data remains safe from unauthorized access.

Are you ready to ensure your important business communications are safe from prying eyes? Then download MDaemon and get started with SSL, Virtru, and OpenPGP!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Get Aggressive at Fighting Spam by Re-training the Bayesian Learning Process in MDaemon

Fight spam with Bayesian Learning in MDaemon

In certain situations, it may be necessary to retrain your Bayesian Learning database. This can be necessary when spam messages are inadvertently placed in the Bayes non-spam folder, or when non-spam messages are placed in the Bayes spam folder.

To reset your Bayesian Learning and start training it again from scratch, you can perform the following steps:

1. Stop the MDaemon service.
2. Verify that the MDaemon executables (MDaemon.exe, CFEngine.exe, MDSpamD.exe, WorldClient.exe) have all exited memory using Windows task manager.
3. Rename the folder “/MDaemon/SpamAssassin/Bayes/” to”/MDaemon/SpamAssassin/Bayes.old/”
4. Re-launch MDaemon.
5. Go to Security | Spam Filter | Bayesian Classification, then click on the Learn button.

At this point, MDaemon recognizes that the Bayes folder isn’t there when the learn process is triggered, so it builds a new Bayes folder.

You will then need to feed Bayesian learning at least 200 spam and 200 non-spam messages (although the more the better) to start the Bayesian learning process again. Here is a knowledge base article on training the Bayesian learning process in MDaemon.

The Bayesian learning engine won’t process new messages until the administrator has taught it 200 spam and 200 non-spam messages. So even if an administrator were to manually press the Learn button OR have MDaemon learn automatically at midnight, the Bayesian engine  wouldn’t apply itself to new messages even though the new folder is created.

Once MDaemon recognizes that Bayesian learning has learned more than 200 spam and 200 non-spam messages, it will start applying what it has learned to new messages.

You can run a script to determine how many messages the Bayesian filter has learned from. This will come in handy for administrators who need to know how many more messages to feed the Bayesian filter. This process is explained in this knowledge base article.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Outlook Connector Performance Tips

With the recent release of Outlook Connector 4.0, I wanted to review with you some guidelines for improving the performance of Outlook Connector. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail, and various other factors. The following guidelines will help ensure you get the best performance out of Outlook when using Outlook Connector.

  1. With each new version of Outlook Connector, various performance enhancements are made, thus, we recommend using the latest version of Outlook Connector on the MDaemon server and the latest Outlook Connector plug-in on each client. On the MDaemon server, you can check the version of Outlook Connector that’s installed by navigating to Help – View the release notes for your version of Outlook Connector. Users can verify their version of the Outlook Connector plug-in by clicking on the “About” tab on the Outlook Connector toolbar in Outlook. Click here to download the latest version of Outlook Connector. On this page, click on the “Download Now” button to download Outlook Connector on the server. There are also links to download the 32-bit and 64-bit versions of the Outlook Connector client.
  2. We recommend using Outlook Connector with MDaemon 14 and above. Newer versions of MDaemon also have various performance enhancements. You can get the latest version of MDaemon here.
  3. We recommend disabling all Outlook Add-ins except the Outlook Connector plug-in. In Outlook 2016, 2013 & 2010, add-ins are located under File – Add-ins. In Outlook 2007, they’re located under Tools – Trust Center – Add-ins.
  4. Regular defragmentation of the MDaemon server’s hard disk is recommended. Server performance can be further improved by reducing the amount of logging MDaemon is doing (Setup – Server Settings – Logging – Settings) along with moving the Logs folder and User, Public and Queues folders to a physically separate disk. When moving logs, queues, or public folders to a separate drive, simply map a drive letter to the drive, then update the Directories section of the MDaemon.lni file (located in the MDaemon/App directory) with the new path to these directories.

    MDaemon directories
    Where MDaemon stores mail, queues, logs, etc.
  5. We recommend periodically purging and compacting the Outlook Connector database file (local cache). Follow these steps to compact the local cache file:
    1. Make sure Outlook is shut down, and navigate to the Windows control panel.
    2. Click on the Mail control panel.
    3. Click on Email Accounts.
    4. Double-click on your Outlook Connector account.
    5. Click on the Database Management tab.
    6. Locate the Purge Database section and click on the Purge button.
    7. Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.

      Outlook Connector Database Managemen
      Outlook Connector Database Managemen
  6. The local Outlook Connector cache file should be excluded from real-time scanning by third party desktop antivirus applications. By default, the local Outlook Connector cache is located at C:/Documents and Settings/-username-/Application Data/Alt-N/ Outlook Connector 4.x/ProfileName/account-name/User’sEmail@YourCompany.com.
  7. Outlook should only be configured to use HTML or Plain Text format for sending emails. Depending on the version of Outlook you are using, these settings can usually be found via Tools – Options – Mail Format tab. Outlook should not be configured to use Word as its email editor or to use Rich Text Format (RTF). Both of these methods result in emails which do not adhere to Internet standards.
  8. We recommend configuring Outlook Connector’s Send/Receive tab (located under the Account button in the Outlook Connector toolbar) to only check the Inbox folder for new items at each Outlook send/receive interval.
  9. Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected.
  10. We recommend configuring the Send/Receive schedule to check for new mail every 3 minutes.
  11. We recommend performing these housekeeping tasks regularly:
    1. Delete any email messages, calendar items, and contacts that are no longer needed.
    2. Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
    3. Delete unwanted items from the Sent Items folder.
    4. Move items out of the Inbox to other mail folders.
    5. Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.

Following these guidelines will help ensure that Outlook Connector continues to run smoothly. For more information, please see our Outlook Connector how-to guides. As always, I’m available if you have questions!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Our eLearning Videos are Now Available on YouTube!

eLearningWould you like to brush up on your MDaemon or SecurityGateway skills? Well now you can, for free, on our YouTube channel! Topics for each course include:

MDaemon

  • Getting Started
  • Domain & Server Settings
  • Managing Accounts
  • Mailing Lists
  • Gateway Configuration
  • Security Settings
  • OpenPGP Encryption
  • WorldClient
  • Spam Filter Configuration
  • Mobile Device Management

SecurityGateway

  • Getting Started
  • Configuring Domains & Users
  • Mail Delivery & Filtering Settings
  • Spam Filter Configuration
  • Anti-Spoofing Tools
  • Anti-Abuse Tools
  • Server Maintenance

Click here to access the SecurityGateway tutorials.
Click here to access the MDaemon tutorials.

In the coming weeks, I will be updating these videos & adding new topics, so check back often for the latest eLearning lessons!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •