MDaemon has many features for fighting spam that, when configured properly, can be very effective at blocking out unwanted junk email. However, it is possible for the occasional spam message to slip through. Likewise, it is also possible for the occasional non-spam message to be mistakenly identified as spam and blocked from being delivered. This is especially true if you work in finance or the medical industry, where you are more likely to receive legitimate email messages that contain words often found in spam. This presents a challenge: How can administrators and end users improve the accuracy of the spam filter?
An effective solution to the problem is using Bayesian analysis to help MDaemon “learn” what is & is not spam.
You may be thinking, “So what is Bayesian analysis?” Bayesian analysis is based on Bayesian logic, which is a branch of logic that deals with probability inference – predicting future events based on knowledge of prior events. In the context of spam filtering, MDaemon’s Bayesian Learning feature uses Bayesian logic to make inferences about the probability that a message is spam based on the patterns contained within it and how those patterns compare with the patterns found in messages that have been fed to the Bayesian Learning engine.
Bayesian Learning helps train MDaemon’s spam filter to become more accurate over time by feeding it samples of spam and non-spam messages. This is especially useful for the medical and finance industries, where certain keywords are “spammy” to one industry but not the other. This feature also helps reduce false positives (legitimate messages mistakenly marked as spam) or false negatives (spam messages that were not marked as spam).
So how does Bayesian Learning work & how can users use it to train their inboxes to recognize spam? Keep reading to find out!
How to Use Bayesian Learning – The Short Version
Before we get into the details of how to use MDaemon’s Bayesian Learning features, let’s start with a high-level overview of how to use it. First, the administrator enables Bayesian Learning in MDaemon. Then, the administrator creates the Spam and Non-Spam public folders and grants users Lookup/Insert access rights to those folders. Ham/Spam forwarding addresses can also be enabled, so that messages sent to them as attachments can be fed to the Bayesian Learning engine accordingly. Users who receive false-negatives or false-positives can then feed those messages to the Bayesian Learning engine using various methods. By default, after 200 spam and non-spam messages have been collected, Bayesian Learning takes place & the contents of these messages are added to a database of “tokens.”
Instructions for Administrators
The administrator needs to enable Bayesian Learning in MDaemon, and configure Bayes folder access and optionally configure forwarding addresses, as outlined in the following steps.
In MDaemon, navigate to Security | Spam Filter, and click on Bayesian Classification in the left-hand navigation menu.
Check the first box to enable Bayesian classification.
By default, the second box (Schedule Bayesian learning for midnight each night) is checked. If you have a lot of spam/non-spam messages to learn from, you may want to schedule Bayesian learning at more frequent intervals by un-checking this box and entering a value in the following blank (Schedule Bayesian learning once every __ hours).
Most spam messages are relatively small, so to improve performance, you can enter a value in the “Do not learn from messages larger than” blank. 50,000 bytes is the default value.
Before we discuss the checkbox to enable spam/ham forwarding addresses, we need to create public folders for spam and non-spam messages. Click on the Create button to populate these fields with the default location for these folders, or use the buttons to the right to specify a different location. By default, access permission to these folders is only granted to local users of local domains and is limited to Lookup and Insert rights. The postmaster’s default permissions are Lookup, Read, Insert, and Delete. To prevent users from placing spam in the non-spam folder and vice-versa, you could remove access to these folders for all users except the administrator (via Setup | Public Folder Manager), and create another pair of spam/non-spam folders, then grant users Lookup and Insert rights to those folders instead. This allows the administrator to review the contents of these folders for improperly placed messages before placing them in the Bayesian Spam and Non-Spam folders.
You can optionally check the box “Enable spam and ham forwarding addresses.” When this box is checked, users can forward false-negatives or false-positives to email@example.com or firstname.lastname@example.org to feed these messages to the Bayesian Learning engine. This process is explained in greater detail later in this post.
Users who have been granted Lookup & Insert access rights to the Spam and Non-Spam folders can use the thumbs-up & thumbs-down icons in WorldClient to feed spam (false-negatives) and non-spam (false-positives) to the Bayesian Learning engine. Administrators who wish to remove these icons for all users can edit the MDaemon/WorldClient/Domains.ini file and add the following: [Default:UserDefaults] DisableSpamButton=Yes DisableHamButton=Yes Save the file and restart MDaemon (or IIS, if WorldClient is running on IIS).
Administrators who wish to remove these icons for a specific user can edit the User.ini file for the user (located at MDaemon/Users/example.com/(username)/WC) as follows: [User] DisableSpamButton=Yes DisableHamButton=Yes
Instructions for End Users
Now that Bayesian Learning is properly configured in MDaemon, users can begin feeding the Bayesian Learning engine samples of spam and non-spam messages to train the spam filter to become more accurate. There are various ways to train the Bayesian Learning engine – using the thumbs-up & thumbs-down icons in WorldClient, using drag & drop to drag messages to the Spam and Non-spam folders (when using IMAP or Outlook Connector), or forwarding messages as attachments to the assigned spamlearn@ or hamlearn@ addresses (useful for POP users).
The easiest way to train the Bayesian Learning engine is to select “This is Spam” or “This is Not Spam” (in the WorldClient theme) or the thumbs-up and thumbs-down buttons (in the LookOut and WorldClient themes) in WorldClient. Simply click once on it to highlight it, and then select “This is Spam” or click on the thumbs-down icon. If a legitimate, non-spam message was placed in your Spam folder, you can highlight it, and then select “This is Not Spam” or click on the thumbs-up icon.
Using Drag & Drop (IMAP & Outlook Connector)
IMAP and Outlook Connector users who have been granted Lookup and Insert access rights to the spam and non-spam folders can use drag & drop to move the message to the appropriate spam/non-spam folder.
Forwarding as Attachments (POP3)
POP3 users can forward these messages (as an attachment from an authenticated session) to the spamlearn@ and hamlearn@ addresses. Messages sent to these addresses must be received via SMTP from a session that is authenticated using SMTP AUTH.
As explained under step 5 above (under Administrator Instructions), when granting users access to the Bayesian Spam and Non-Spam public folders, it’s possible for users to feed samples of spam and non-spam to the wrong folders, making the Bayesian learning process less effective, thus, you may consider creating a separate pair of Spam/Non-Spam public folders and having users place messages in those folders instead for administrative review.
When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in the following knowledge base articles:
We begin a series of posts on the importance of email security and why it should be a top priority for organizations. In this post, we share some insights from the founder of Alt-N Technologies, Arvel Hathcock, to get his perspective on security tips for email users.
Most everyone has an email account. Many have more than one. Email is really at the core of online life because it is tied to so many of our online services. Look at your phone. Many of the service apps you see connect with you via your email account. This is why I believe the wide-spread practice of “password reset via email message” or “Forgotten Password” has crowned the email account password the most significant and important of all passwords.
That’s not to say that password management for services like online banking are not critical. They are. But having a strong password for banking and not your email can expose you to some real dangers, as well. Imagine if a hacker or other bad actor can figure out your email password. One of the first actions they could take is to login and change your password. This locks you out. Next, they check through your inbox and folders looking for anything interesting, such as popular online services or banking portals. Now, they login with your email address and use the “Forgotten Password” feature. Soon an email will show up in your inbox (which is no longer controlled by you) allowing them to verify the change and now another important service is not controlled by you. This email and others like it will allow a hacker to change all of your online passwords – all because they found your email password.
This is not good and it leads me to security tip #1: Put effort into the security of your email account password.
It can be the key to all your other passwords. Also, do not use your email account password with any other online account or service because you do not know and cannot control when it will be that service’s turn to get hacked.
Because of the risk mentioned earlier, I would also recommend users disable “Forgotten Password” features where possible and use an alternative method. As bad as “Forgotten Password” can be to reset access, the Question and Answer options can be risky, too. I was horrified years ago to discover that an online app for a banking chain reset my password using only the “Question and Answer” method – no email at all! You know – the questions some services ask like “What’s your mom’s name?” or “Where did you grow up?” etc. If someone can get the answers right, they can change the password.
This idea assumes that would-be hackers will always be outsiders without access to even basic information about their targets. You should use caution before completely trusting these methods. One trick I recommend is to select the question (it’s usually in a drop-down list) and enter a totally random and completely unpredictable answer (but one that you can remember, of course).
I realize these features exist for convenience but remember that security can be reduced and new attack options exposed by these methods if not managed properly.
Earlier this year, we introduced several new security and convenience features for MDaemon, including contact synchronization via CardDAV, two-factor authentication in WorldClient, spambot detection, and an ActiveSync migration client for migrating from any mail platform that supports ActiveSync protocol version 14.1. If you’re running an older version of MDaemon and would like to see what you may be missing, check out our MDaemon Features by Version page for all features by release version.
For MDaemon 16.5, we continue the trend of packing in new features for both administrators and end users.
Administrators will Benefit From these New Features:
Centralized Management of Outlook Users
Outlook Connector allows Outlook users to share their email, calendars, contacts, tasks and notes. In previous versions of MDaemon and Outlook Connector, users would configure all settings on the Outlook Connector client, including host names, SSL and port settings, and other preferences. Beginning with MDaemon 16.5 and Outlook Connector 4.0 (also released today), these settings can now be stored centrally in MDaemon and pushed out to clients. When a new Outlook Connector profile is created, only the username and password are needed. All other settings are retrieved from MDaemon with the click of a button.
Unique Public Key Management for Encryption Security Control
OpenPGP uses public/private key pairs to encrypt and decrypt messages. If I want to send you an encrypted message, I would need to obtain your public key, which is used to encrypt the message, and you would decrypt it with your private key. WorldClient, MDaemon’s webmail client, can now be used as a basic public key server for exchanging public encryption keys. This allows WorldClient to honor requests for your users’ public keys using a specially formatted URL. Additionally, MDaemon’s OpenPGP feature now supports collection of public keys over DNS. This helps to automate the process of exchanging encryption keys.
Automatic Product Updates
It’s easier to ensure that you’re running the latest version of MDaemon, Outlook Connector, and SecurityPlus with the new Automatic Updates feature. Updates can be automatically downloaded and installed at a designated time.
MDaemon’s OpenPGP features can now verify embedded signatures found within messages. This helps the recipient ensure that the message is authentic. WorldClient will display an icon or text label for verified messages. WorldClient will also display labels for messages with valid DKIM signatures, messages decrypted by OpenPGP, and messages signed with an OpenPGP key.
WorldClient Categories for Easier Inbox Management
When using the LookOut and WorldClient themes, WorldClient has new category selections for easy sorting and identification of email messages. Messages can be sorted by category, and multiple categories can be assigned to a message. Authorized users can also create their own custom categories in addition to using the built-in categories.
Connect with most IM Clients
MDaemon 16.5 includes two separate chat systems. In addition to WorldClient Instant Messenger, users can now chat with each other using their favorite third-party chat (XMPP) client. With the addition of this feature, users now have the flexibility to chat from any device with a compatible XMPP client, including mobile devices.
There are many XMPP clients to choose from, including Trillian (Windows), Adium (Mac OSX), and Mozilla Thunderbird (Linux, OSX, Windows). A list of XMPP clients can be found here: http://xmpp.org/software/clients.htm.
Features may vary depending on which XMPP client is used. WorldClient Instant Messenger’s features can be found here:
The SMTP Authentication screen has a new option which, when enabled, will require all incoming messages from local IP addresses to use SMTP authentication. When this setting is enabled, if a message that is not authenticated arrives from a local IP address, it will be rejected. We recommend enabling this setting for added security.
Modification of “From” header as additional protection from spoofing
Sometimes users are fooled into thinking an email comes from one person when it is actually from an attacker. This happens because email clients often display only the sender’s name and not his email address. This new option defeats such an attack by altering the From: header value. If enabled, when a message arrives for a local user, its From: header is modified. For example: From: “Spartacus” <email@example.com> would become From: “firstname.lastname@example.org — Spartacus” <email@example.com>.
WorldClient can check for attachments if they are mentioned in the subject/body.
When an attachment is mentioned in the subject or body of a message, yet no file is attached, WorldClient can be configured to remind the sender of a possibly missing attachment when clicking the Send button.
A company’s greatest asset is its customers, and here at Alt-N, we strive to listen to our customers’ needs. A direct result of that effort was the creation of the Alt-N Idea Engine, which allows customers to submit feature requests and other ideas to improve our products. Many of these ideas have made their way into our products, and many more are being considered for future versions.
Recently, we introduced some exciting new features to MDaemon, including a flexible Remote Administration interface and enhanced security via DMARC (Domain-Based Message Authentication, Reporting, and Conformance). I’m pleased to announce that these and other great new features have now been added to SecurityGateway!
With the proliferation of handheld devices and an increasingly mobile workforce, users will benefit from an updated, responsive web interface that is optimized for mobile devices. The format of the information displayed is dependent on the size of the browser window, so whether you’re on a desktop PC, a tablet, or a mobile phone, the interface adjusts for a more user-friendly experience regardless of what type of device is used.
Enhanced Anti-Spoofing Support with DMARC
DMARC (Domain-Based Message Authentication, Reporting and Conformance), enables domain owners to direct the actions to take when handling messages purporting to be from their domain(s) but were not actually sent by them.
Bind Domain to Its Own IP address
For servers that have multiple IP addresses and multiple domains, each domain in SecurityGateway can now be bound to its own IP address. This allows messages from a specific domain to be sent only from its assigned IP address.
MDaemon 16.0.2 has been released. This update includes a “remember me” feature for two-factor authentication in WorldClient. With this feature enabled, users will not have to re-enter a verification code for a designated period of time.
Other new features and enhancements include:
Global administrators can now set the Mail Archive path in Remote Administration.
The Remote Administration group editor now supports Do Not Disturb scheduling. This allows administrators to schedule a period of time during which email cannot be accessed for all accounts that have been assigned to a group.
Administrators can now sort the Active Sessions list in Remote Administration – for an improved view of server activity.
Global administrators can now disable two-factor authentication for selected users in Remote Administration.
MDaemon 15.5.3 has been released. With this latest release, we’ve added support for one of the most popularly-requested features – the ability for the content filter to check for restricted files inside of RAR and ZIP attachments.
Today we’ve launched the newest version of the MDaemon email server with some exciting new features. Staying true to the company’s focus on email security and end user ease of use, we believe these new features will be welcomed by many of our users across industries.
With a growing emphasis in the market on email privacy, MDaemon 15.5 introduces additional encryption features using Vitru and Open PGP to make it easy for users and administrators to keep email communications private.
On the client side, WorldClient users can enable Virtru for end-to-end encryption. Basic encryption for emails and attachments is included for free within the WorldClient settings menu. Virtru encrypts the user’s email and attachments and does not have access to the encryption keys. For organizations that need to comply with HIPAA or need additional security controls, Virtru Pro is available for an annual subscription of only $24 per user. Virtru Pro allows users and administrators to revoke messages at anytime, see and control forwarding, as well as add expiration data to email messages. For Microsoft Outlook users, the same features (free and Pro) are available using the Virtru for Outlook add-on.
On the server side, Open PGP for MDaemonhas been added to give administrators the ability to use encryption, decryption, and basic key management capabilities through OpenPGP support. This additional layer helps administrators who want to ensure user compliance by managing encryption settings at the server versus the user implemented client level. Also, MDaemon’s Content Filter now contains actions to encrypt and decrypt messages. And finally, server-side encryption capabilities are beneficial when using email archiving with MDaemon.
Managing Employee Workload and Overtime with Email Do Not Disturb
Companies in many countries are being challenged by the need to manage email access “after hours” to prevent overtime pay and promote a stronger work/life balance. To date, most companies can only implement Human Resource policies to address the issue. To help IT Administrators deliver another layer of compliance to the organization, MDaemon 15.5 introduces its “Email Do Not Disturb” feature.
Located within the Accounts | Groups & Templates settings, Do Not Disturb allows the MDaemon administrator to set a time frame during which email may not be accessed by its users. Accounts in this state will receive incoming mail but users may not be able to login to their MDaemon account or send/reply to messages until the Do Not Disturb period has lapsed.
New Calendar Synchronization Options with CalDAV Support
Support for synchronizing calendars via the CalDAV protocol has been added. Notable CalDAV clients are Apple iCal (Included with Mac OS X), Apple iOS (iPhone), and Mozilla Thunderbird via the Lightning calendar plugin.
Adding Public Contacts Support in ActiveSync
The ActiveSync server has an option to include and merge a user’s public contacts with their default contacts. This allows users of clients such as Outlook 2013, which does not support multiple contacts folders or global address list searching, to access public contacts. The public contacts are read-only and tagged with “Public” and “Read-Only” categories.
Productivity Improvements for WorldClient Users (MDaemon’s Web-based Email)
Browser* Desktop Notifications – When launching WorldClient using the LookOut or WorldClient theme, the browser will prompt the user to allow desktop notifications. If accepted, the user will receive notifications of new email messages, new Instant Messages (in the case that the corresponding chat is not in focus), and any change in status of a chat buddy.
*Desktop notifications are not supported by Internet Explorer.
Password Recovery – If enabled, users who have permission to edit their password will be able to enter an alternate email address to reset their password in case they forget it. Once set, if the user attempts to log in with an incorrect password a “forgot password?” link will appear and direct them to a page that asks them to confirm their password recovery email address. If entered correctly, a message containing a link to a page that allows them to change their password is sent. This feature is disabled by default.
Creating a New Event, Task, or Note via Email – Users can easily convert an email message to an event, task or note. This enables users to more easily follow-up on emails that contain information relevant to projects, meetings or other time sensitive activities.