With today’s massive ransomware outbreak, here are a few reminders of how to avoid becoming a victim.

RansomwareAs I was coaxing myself awake this morning with my usual jolt of strong coffee, I checked my favorite news sites & was informed of yet another ransomware attack. This one, which is believed to have originated from Ukraine, was first thought to be a variation of last year’s Petya ransomware outbreak, but upon further investigation, it appears that today’s malware is a new type – a worm that some computer experts are referring to as “NotPetya“. This attack demands a smaller ransom (in comparison to other attacks) of approximately $300, and then begins to serve its primary purpose – to wipe files on the computer. According to researchers at Symantec, this attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry outbreak, as well as two other methods to spread the attack. According to information provided by this article on CNN, if you’ve installed all of the latest Windows patches, you should be safe from this particular strain of malware, however, by no means is this a reason to be complacent. Administrators and end users must still be mindful of safety precautions.

Due to the proliferation of Malware as a Service (MaaS), just about anyone with the desire and the funds can initiate a malware attack, making new & emerging threats a real concern for the foreseeable future. This presents a good opportunity to review best practices for avoiding ransomware – for end users, and for administrators via the tools available in MDaemon and SecurityGateway.

How can end users protect themselves from ransomware?

End users should be aware of the following 18 email safety tips, which originally appeared in this post.

  • Change your password often.
  • Use strong passwords. Never use a password that contains “password” or “letmein”.
  • Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become much more vulnerable to data theft.
  • Don’t open an attachment unless you know who it is from & are expecting it. Many of today’s social engineering tactics rely on the ability to trick users into opening attachments.
  • Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments. This article provides a good overview of why you should not enable macros in Microsoft Word.
  • Use anti-virus software on your local machine, and make sure it’s kept up-to-date with the latest virus definitions.
  • If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.
  • Learn how to recognize phishing
    – Messages that contain threats to shut your account down
    – Requests for personal information such as passwords or Social Security numbers
    – Words like “Urgent” – false sense of urgency
    – Forged email addresses
    – Poor writing or bad grammar
  • Hover your mouse over links before you click on them to see if the URL looks legitimate.
  • Instead of clicking on links, open a new browser and manually type in the address.
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums. Spammers often scan these sites for email addresses.
  • Don’t click the “Unsubscribe” link in a spam email. It would only let the spammer know your address is legitimate, which could lead to you receiving more spam.
  • Understand that reputable businesses will never ask for personal information via email.
  • Don’t send personal information in an email message.
  • Don’t reply to spam. Be aware that if you reply to a spam email, your reply most-likely will not go back to the original spammer because the FROM header in the spam message will most-likely be forged.
  • Don’t share passwords.
  • Be sure to log out.

How can administrators protect their systems from ransomware?

The battle against ransomware cannot be fought by users alone. Administrators must also take steps to lock down their email infrastructure. These best practices will help protect your network and users.

Best Practices for MDaemon Administrators

  1. Enable account hijack detection. This feature will automatically disable an account if a designated number of messages are sent from it via an authenticated session in a given period of time. When the account is disabled, the administrator receives a notification so that corrective action can be taken. Instructions for configuring account hijack detection can be found in this knowledge base article.
  2. Enable dynamic screening. Dynamic screening is a feature that blocks future connections from a connecting server or client based on its behavior.  Instructions for configuring dynamic screening can be found here.
  3. Configure the IP Shield. The IP Shielding feature allows administrators to assign an IP address (or IP address range) to email messages from a given domain. Messages claiming to come from a specific domain must originate from one of the approved IP addresses. Exceptions can be made for users connecting from outside of the network who are using SMTP authentication.  Click here for instructions.
  4. Require SMTP Authentication. This helps ensure that the user authenticates with a valid username and password. Instructions can be found here.
  5. Use DKIM & SPF to detect spoofing. DKIM uses a private/public key pair to authenticate a message. When an incoming message is signed with DKIM, a DNS record lookup is performed on the domain taken from the signature and the private key taken from the signature is compared with the public key in the domain’s DNS records. SPF uses a DNS record that lists hosts that are allowed to send mail on behalf of a domain.
  6. Enable DMARC & configure your DMARC record. DMARC (Domain-Based Message Authentication, Reporting & Conformance) allows domain owners to instruct receiving servers on how to handle messages claiming to come from their domain that did not pass DKIM and SPF lookups.  Learn more here.
  7. Ensure that all connections (SMTP, POP, IMAP), are using SSL. SSL (Secure Sockets Layer) is a method for  encrypting the connection between a client and server, as well as between to servers. Learn more here.
  8. Have a backup strategy. If by chance malware still manages to infect your network, your last resort is to have a reliable backup strategy. Ideally, you should have your systems backed up off-site and, for added safety, secondary backup data should be saved to media that is not connected to the network.

More information on these settings can be found in the following guide on best practices for protecting your users:

Email Server Settings – Best Practices

Best practices for SecurityGateway administrators

SecurityGateway provides an extra layer of anti-spam, anti-spoofing and anti-malware security, in addition to your mail server’s built-in security settings. These best practices will help keep ransomware and other malicious content from reaching your mail server. Each item includes a link with more information.

  1. Require strong passwords.
  2. Query a user verification source to ensure that users are valid.
  3. Require SMTP authentication to prevent unauthorized account access.
  4. Prevent unauthorized mail relaying.
  5. Protect your domain with IP Shielding.
  6. Require SSL encrypted connections.
  7. Configure backscatter protection.
  8. Don’t whitelist local addresses. If a spam messages was spoofed with one of your local addresses, this could allow the spam message to bypass various security features. This why it is recommended that no local addresses be added to your whitelist.
  9. Enable spam & virus Outbreak Protection.

These steps are discussed in more detail in the following guide:

SecurityGateway – Settings to Protect Your Mail Server

Of course, no system is 100% fool-proof, which is why user education is so important. Remember – your network and email infrastructure are only as secure as their weakest link. It is the responsibility of all parties involved – administrators and end users, to help ensure a secure messaging and collaboration environment.

Easy Migration from Microsoft Exchange or any ActiveSync Supported Email Server

For many small-to-medium businesses, hosting an in-house Microsoft Exchange Server requires dedicated staff and deep pockets. In the mid-90’s, MDaemon was created as an affordable alternative to Exchange that wouldn’t break your IT budget &  required no dedicated staff to administer it. With every installation of MDaemon comes the free Exchange migration utility – MDMigrator. MDMigrator will import all user accounts, email messages, public folders and other settings from Exchange to MDaemon. You can find step-by-step instructions in this knowledge base article:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=347

We’ll show you how easy this process is in this tutorial video.

If you’re moving from a non-Exchange mail server, we’ve got you covered as well! Instructions for migrating using our ActiveSync migration client can be found here:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1135

Looking to move into the cloud? Let us host your email for you with WorldClient Private Email, or click here to find a partner in your region to host your email with MDaemon Private Cloud.

Questions? Comments? Let us know via the links below!

Is spam being sent out from a local machine on your network? Follow these steps to track down a spambot.

Has this happened to you? Let’s say you’re the MDaemon administrator for your company, and you’ve noticed that somewhere, somehow, spam messages are being sent from within your network. Perhaps one of your PCs has been compromised. What do you do? Here are some tips to help you track the issue down.

First, make sure you have the option “Authentication is always required when mail is from local accounts” enabled (Security | Security Settings | SMTP Authentication). Also enable “Credentials used must match those of the return-path address” and “Credentials used must match those of the From header address.” Then, make sure “…unless message is sent to a local account” is unchecked to prevent intra-domain spam (between local domain users).

SMTP Authentication in MDaemeon
Make sure the appropriate boxes are checked to require SMTP authentication

Next, find out if the spam messages are coming in from an authenticated session. To do this, locate one of the spam messages & open it up in Notepad to view its headers (or you can open it in Queue & Statistics Manager). Does the message have an X-Authenticated-Sender header? It will look something like this:

X-Authenticated-Sender: SpammerUser@example.com

If this header is present, then that is the user who authenticated to send the message. The first thing you should do in this case is to change the account’s password via the Accounts menu in MDaemon. Even if the spamming is going through the user’s mail client, until you give the user the new password and they update their mail client the authentication credentials will be rejected and the spamming will be temporarily stopped.

In newer versions of MDaemon, we’ve added Account Hijack Detection, which will automatically disable an account if it sends a specified number of outbound messages via an authenticated session in a given period of time. We recommend enabling this feature. In MDaemon, it’s located under Security | Security Settings | Screening | Hijack Detection.

Account Hijack Detection
Account Hijack Detection

The next step is to look at the Received headers. Find the one where the message was received by your server. Here is an example of what this header would look like:

Received from computer1 (computer1@example.com (192.198.1.121) by example.com (MDaemon PRO v17) with ESMTP id md50000000001.msg for <UserWhoWasSpammed@example.com >, Fri, 13 Sep 2016 21:00:00 -0800

Find the connecting IP (192.198.1.121) in the above example. This is the machine that is sending out spam. Locate that machine to deal directly with the spambot on that machine.

If the message wasn’t authenticated or wasn’t sent from your local network, locate the Message-ID header and copy that value.

Message-ID: <123.xyx.someone@example.net>

Then open the MDaemon SMTP-IN log that covers the time when that message was received by MDaemon (based on the timestamp in the received header) and search for that Message-ID in the log (in the 250 response line when the message is accepted):

Thu 2016-09-12 20:00:00: –> 250 Ok, message saved <Message-ID: <123.xyx.someone@example.net>>

Look at the rest of transaction and see why the message was accepted/not rejected – spam score, DNSBLs, etc.

Also, if your external domain is listed in the Trusted Hosts list (Security | Security Settings | Trusted Hosts), try removing it from this list.

Check back often for more tips & tricks!

If you’re not archiving your email, you should be!

Archive-ButtonWhen disaster strikes, is your business able to recover from data loss with minimal downtime?

How does your business handle legal requests for discovery and compliance audits?

Are you protected against data loss when employees leave the company?

Businesses of all sizes worldwide rely on email for their day-to-day communication needs. With the prevalence of malware, ransomware, and malicious actors hell-bent on wreaking havoc for personal profit, and with increasingly strict guidelines for HIPAA, FERPA and other regulations, it is more important than ever to have backup copies of all email communications for your business.

MailStore is a complete, secure archiving solution that can grow with your business. A robust archiving solution such as MailStore can meet your company’s needs in these key areas:

  • Compliance & eDiscovery – Businesses in the education, legal and healthcare industries have a growing list of regulations and eDiscovery requirements that must be met.
  • Disaster Recovery – When disaster strikes, in addition to easily getting data into your archive, you want it to be just as easy to get data back out of your archive. MailStore supports multiple archive & export methods, providing the flexibility businesses need to get their data into and back out of MailStore regardless of what email platform or mail client is used.
  • Reduced Server Workload – An archive solution helps reduce the workload of the mail server, freeing up resources for more important business communications.
  • Storage Space – MailStore can be configured to delete messages after a given period of time once they have been archived. This helps reduce storage requirements on the server.
  • Easy Backup & Restore – MailStore makes it easy to make backup copies of your important email messages – from any mail server, mail client, or even a PST file. The restore process is just as easy!
  • Avoidance of PST Nightmares – PST files can be archived and accessed from the MailStore client. Businesses whose users use PST files will benefit from being able to consolidate these PST files in a single archive location.
  • Elimination of Mailbox Quotas – Archived messages can be removed from the mail server after a period of time, reducing the need for mailbox quotas.
  • Prevent Users from Deleting Emails – A journaling mailbox can be configured on the mail server to collect copies of all inbound and outbound mail. You can then create a journaling archive profile in MailStore to capture all inbound and outbound messages as they pass through the mail server. This allows all messages to be archived even when the sender or recipient deletes the message from his Inbox or Sent Items folder.
  • Increased Productivity – Archived messages and attachments are fully indexed, making it easy to perform complex searches in a matter of seconds.

We’ve created the following video to help you get started with MailStore.

Want to learn more?  Click here to start using MailStore today!

New MDaemon Collaboration Feature: Send & Receive DropBox Files with WorldClient

In MDaemon 17, we added support for DropBox integration for WorldClient, MDaemon’s web-based email client. Now, users can easily save attachments in inbound messages to their DropBox account, or insert links to their DropBox files in outbound attachments. Because files are stored in DropBox and not on the mail server, disk space and bandwidth are reduced.

We’ve put together the following tutorial video to help you get started with WorldClient’s DropBox file sharing features.

Step-by-step instructions can be found in the following knowledge base article:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1166

If you’re not yet an MDaemon user, visit the MDaemon product page to see what you may be missing!

SecurityGateway 4.5.1 – With Integrated Encryption, Tracking & E-Sign with RMail!

I’m happy to announce the release of SecurityGateway 4.5.1. Though this is only considered a point (.1) release, it packs a big punch with the newly-added RMail features from RPost. With RMail, you can:

  • Track your important emails and know precisely when they’re delivered and opened.
  • Receive Proof of Delivery, Time, and Exact Content.
  • Easily encrypt sensitive emails and attachments for security or legal compliance.
  • RMail™ makes it easy for all parties to e-sign and complete a transaction, as well as to determine when a message has been delivered and opened.
Encrypt, E-sign, SecurityGateway
RMail Encryption, Signing, Proof of Delivery

For more information on the latest features and enhancements, or to download the latest SecurityGateway with RMail support, visit our downloads page.

As always, you can leave a comment if you have questions!

Open Protocol (XMPP/Jabber) Support Provides More Instant Messaging Choices for MDaemon Users

In today’s connected society, users demand instant access to open channels of Chat-bubblescommunication. For years, MDaemon has offered instant messaging via WorldClient Instant Messenger. Formerly known as ComAgent, WorldClient Instant Messenger has evolved to support open protocol (XMPP/Jabber) for instant messaging, giving users more choices over what instant messaging client to use.

What exactly is XMPP & why should I care?

XMPP is a communication protocol based on XML that powers a wide range of applications. It is based on open standards and offers greater flexibility and choice for its users. XMPP supports secure communications via SSL, and a wide variety of XMPP clients for Windows, MacOS, Linux, iOS, Android, BlackBerry, and Nokia devices. There’s even a DOS/Command-line client for die-hard DOS purists. A complete list of XMPP clients can be found at xmpp.org.

Why is this important for MDaemon users and administrators?

In addition to greater choice for end users, other features that we’ve come to appreciate from the ComAgent years remain, including file transfer for end users and message logging for administrators.

How do I connect to MDaemon’s XMPP service with third-party chat clients?

The steps for each instant messaging client will vary, but the concepts for each are the same. You’ll need your email address, password, and the host name or IP address of your MDaemon server. I’ve created a tutorial video showing the configuration process for both MDaemon administrators and end users.

Want to learn more? We have some valuable resources in the following knowledge base article.

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=1167

This is just one of many collaboration features found in the MDaemon Messaging Server. Download your free trial & start collaborating today!

New Feature: Email Health Check for Optimal Security Settings

Our latest version of MDaemon, MDaemon 17, comes packed with lots of new features for administrators and end users, including new password security, support for Let’sEncrypt, DropBox integration, message scheduling, and much more. Today, I’d like to demonstrate MDaemon’s new Health Check utility. With this handy new tool, administrators no longer have to go through each feature to verify that it’s configured for optimal security. This new tool will analyze all security-related settings, display each setting’s current value, its recommended value, and where that feature is located in the MDaemon interface. This tool offers administrators the flexibility to change all settings to their recommended value at the same time, or to select and change individual settings. In this tutorial video, I demonstrate how to use the new Health Check utility.

Need additional help? More guidance on the MDaemon Health Check utility can be found in this knowledge base article.

If you haven’t yet upgraded to MDaemon 17, check out the release notes and our previous blog post to see what you’re missing!

MDaemon 17 Adds New Security and Collaboration Features

Dropbox Integration for Webmail Users, Popular IM Client Connections, Support for Let’s Encrypt, new Message Scheduling, and More!

Businesses around the world have depended on the reliability and security of MDaemon for over 20 years.

With the release of MDaemon 17, we’ve included additional security features and introduced several new features for WorldClient, MDaemon’s feature-packed web-based email client.

Below, you’ll find a summary of key new features. A more comprehensive list of all new features and enhancements can be found in the MDaemon release notes on the MDaemon Download page.

New Security Features

MDaemon Health Check Utility

MDaemon’s new health check utility will analyze all security-related settings and display a report of each feature that is not configured with the recommended setting. This report includes the name of the feature, the current setting for that feature, its recommended setting, and the GUI path to the setting. Administrators can select an entry in the report and click on “Set to Recommended” to re-configure the selected feature with the recommended setting, or by holding down CTRL or SHIFT, multiple items can be selected and re-configured simultaneously.

MDaemon Health Check Utility
MDaemon Health Check Utility

Enhanced Password Security

An option has been added to store mailbox passwords using non-reversible encryption. This protects the passwords from being decrypted by MDaemon, the administrator, or a possible attacker.

Enhanced Password Security
Enhanced Password Security

More information on this feature can be found in the following knowledge base article:
How to store mailbox passwords using non-reversible encryption

Access to Free Certificates

MDaemon now supports “Let’s Encrypt,” a certificate authority service that uses an automated process to provide free certificates for Transport Layer Security (TLS) encryption for secure websites.

New Webmail Features

Dropbox Integration

WorldClient users can save message attachments directly to their Dropbox accounts and attach files directly from Dropbox when composing a message.

DropBox Integration
DropBox Integration

More information on Dropbox integration:
How to set up Dropbox integration

Flexible Chat Client Options

WorldClient Instant Messenger now uses the XMPP protocol for instant messaging instead of WorldClient’s proprietary protocol. This gives users more chat client options (those that support XMPP), especially when wanting to use mobile chat clients to connect with MDaemon users on their desktop.

Message Scheduling

WorldClient users now have the option of sending a message at a later date and time. This feature is located under the Advanced button in the message compose window. Simply select the desired date and time in the new drop-down menus, and then click on Send. For more information on how to enable this feature, please see the MDaemon release notes.

WorldClient Message Scheduling
WorldClient Message Scheduling

Support for Multiple Email Signatures

WorldClient now supports multiple email signatures. This is useful in situations where a user has additional aliases for his account, such as sales@example.com, etc. A default signature can be assigned to the user’s primary email address and to each alias. When composing a message, users can use the default signature assigned to the email address (or alias) currently used, or choose from among their other signatures via the Advanced button in the message Compose window.

Multiple Email Signatures
Multiple Email Signatures

Easily Share Contacts with Other Email Clients

When using the LookOut or WorldClient themes, WorldClient users can now import vCards (.vcf files) into their default contacts folder. vCards enable users to send and receive contact information in a format that can be easily read in other email programs. A vCard may contain a contact’s name, title, phone number, email address, mailing address, and other information.

Import Contacts VCF
Import Contacts VCF

Enhanced Desktop Notifications

Desktop notifications are now available for WorldClient tasks and events. When a reminder is configured for an event or task, a pop-up window will display to alert the user.

Desktop Notifications
Desktop Notifications

Other Improvements

  • ActiveSync Corrupt Message Notifications notify administrators if a particular message cannot be processed.
  • The ActiveSync Migration Client now supports the ability to select which folder types to migrate.
  • A new content filter option has been added which will quarantine the entire message when it contains a restricted attachment.
  • The Retry Queue configuration screen has a new checkbox which enables sending of a “successful delivery” DSN (delivery status notification message) any time a message is delivered which has previously been delayed and placed in the retry queue for whatever reason.
  • Options have been added to the Outlook Connector centralised management for local cache filename and attachments directory.

If your license is current, you can upgrade to MDaemon 17 for free. You can check for MDaemon updates via the Help menu in MDasemon, or click here to visit the MDaemon purchase page.

Visit our Downloads page to download the latest MDeamon, or click here to read the release notes.

Easy Backup & Recovery with MDaemon

MDaemon’s user-friendly flat-file structure makes it easy to backup and recover your email messages, user accounts, security settings, and any other data stored in MDaemon. No extra Windows components or third-party applications are required, and you won’t have to navigate through any confusing dialog boxes to backup & recover your data. Backing up and restoring MDaemon is as easy as drag & drop. All you would need to do is map a drive letter from the MDaemon server to another drive on your network, then drag over the files you want to back up.

In this example, we’ve backed up our users’ email directories, our configuration files, and our mail queues.

MDaemon Backup FoldersIf you’ve accidentally deleted users, you can simply restore the Userlist.dat file, located in the MDaemon/App directory. In this example, let’s assume user01, user02 and user03 were all deleted.

MDaemon Users DeletedSimply drag the userlist.dat file from your backup back to the MDaemon/App directory, as shown here.

Userlist drag & dropAnd if email messages were deleted, they can easily be restored as well. Email messages are stored within the Users directory under the specific domain and user. Simply drag the .msg files from the backup to the User’s folder on the MDaemon server.

Restoring Email MessagesYou can do a lot more with MDaemon’s file structure, including restoring a user’s contacts when they were accidentally deleted, moving public folders, and much more.

Click here to learn more about MDaemon’s file structure.

If you’re new to MDaemon, visit our MDaemon product page to learn more!