As I announced recently in this post, MDaemon 17.5 has been released, with new security and collaboration features. One feature that our users will find particularly useful is the new Location Screening feature, which allows administrators to block incoming connections from specific countries. When you consider the scale and widespread distribution of global threats, blocking connections by country can provide the following benefits:
It can reduce the amount of email traffic on the server, freeing up system resources.
It has the added benefit of reducing the amount of spam received.
New spam domains, email zombies & phishing sites pop up all over the world every day. In fact, Cyren’s World Threat Map displays a handy visual representation of newly-discovered threats in real-time.
So if you know your company does not do business with certain countries, you can add these locations to MDaemon’s Location Screening feature and stop all traffic from these countries.
In previous versions of MDaemon, the best way to block connections by country was to use the DNS-BL feature, but with MDaemon 17.5, a new, intuitive check-box screen was added. In this tutorial video, I show you how easy it is to configure Location Screening in MDaemon.
Do you have questions or feedback? If so, click on the “Leave a Comment” link under the title of this post & let us know!
Has this happened to you? Let’s say you’re the MDaemon administrator for your company, and you’ve noticed that somewhere, somehow, spam messages are being sent from within your network. Perhaps one of your PCs has been compromised. What do you do? Here are some tips to help you track the issue down.
First, make sure you have the option “Authentication is always required when mail is from local accounts” enabled (Security | Security Settings | SMTP Authentication). Also enable “Credentials used must match those of the return-path address” and “Credentials used must match those of the From header address.” Then, make sure “…unless message is sent to a local account” is unchecked to prevent intra-domain spam (between local domain users).
Next, find out if the spam messages are coming in from an authenticated session. To do this, locate one of the spam messages & open it up in Notepad to view its headers (or you can open it in Queue & Statistics Manager). Does the message have an X-Authenticated-Sender header? It will look something like this:
If this header is present, then that is the user who authenticated to send the message. The first thing you should do in this case is to change the account’s password via the Accounts menu in MDaemon. Even if the spamming is going through the user’s mail client, until you give the user the new password and they update their mail client the authentication credentials will be rejected and the spamming will be temporarily stopped.
In newer versions of MDaemon, we’ve added Account Hijack Detection, which will automatically disable an account if it sends a specified number of outbound messages via an authenticated session in a given period of time. We recommend enabling this feature. In MDaemon, it’s located under Security | Security Settings | Screening | Hijack Detection.
The next step is to look at the Received headers. Find the one where the message was received by your server. Here is an example of what this header would look like:
Received from computer1 (email@example.com (220.127.116.11) by example.com (MDaemon PRO v17) with ESMTP id md50000000001.msg for <UserWhoWasSpammed@example.com >, Fri, 13 Sep 2016 21:00:00 -0800
Find the connecting IP (18.104.22.168) in the above example. This is the machine that is sending out spam. Locate that machine to deal directly with the spambot on that machine.
If the message wasn’t authenticated or wasn’t sent from your local network, locate the Message-ID header and copy that value.
Then open the MDaemon SMTP-IN log that covers the time when that message was received by MDaemon (based on the timestamp in the received header) and search for that Message-ID in the log (in the 250 response line when the message is accepted):
Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).
Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.
Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.
Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.
By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.
SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.
In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to firstname.lastname@example.org to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.
Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.
You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.
Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
Click Save and Close to save your changes.
End User Instructions
Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.
There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.
To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:
Log into SecurityGateway.
Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
You will receive confirmation that the message was marked as spam.
To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: email@example.com). Note: SMTP authentication must be used.
If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.
When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.
Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!
If you haven’t seen our YouTube channel lately, you’re missing out on some valuable information that can be used to help you manage MDaemon and SecurityGateway. Recently, we’ve added several new MDaemon tutorial videos. Here are a few that might interest you.
MDaemon Graphical User Interface (GUI) Overview
In this video, we provide a tour of MDaemon’s graphical user interface. We show you where to find key security, administration, and account management settings, how to navigate your way through the mail queues, and how to find information in the mail routing, security and spam filter logs using the tabs across the bottom of the MDaemon interface.
MDaemon’s File Structure
One of the benefits of MDaemon that make it easy to troubleshoot and administer is its file structure. All key settings are stored in configuration files located in the MDaemon/App directory, and user email messages are stored in the Users directory. This flat-file structure makes MDaemon very easy to backup and restore using simple drag & drop.
How to Enable and Use Two-Factor Authentication in WorldClient
Two-factor authentication is a security feature found in WorldClient, MDaemon’s webmail client, which requires users to submit two forms of identifying data – a password, and a special code or token, before they are able to login. Two-factor authentication helps prevent accounts from being hijacked by someone who manages to guess the account’s password. A potential hacker would have to know the second authenticating factor in order to access the account.
Enabling Do Not Disturb to Establish Work/Life Balance for Employees
MDaemon’s Do-Not-Disturb feature allows administrators to set a time during which certain users are not allowed to check for or send new email messages. In an age where we’re all constantly connected via mobile devices, this helps foster better work-life balance for your users.
Companies around the world are faced with the need to manage email access after hours to reduce overtime pay and promote a stronger work/life balance for their employees. MDaemon makes this goal attainable using its Do Not Disturb feature. Do Not Disturb allows administrators to designate a time during which selected users are not allowed to check their email. During the Do Not Disturb period, accounts can still receive email on the mail server, but users cannot send or check for mail using SMTP, IMAP, POP, WorldClient or ActiveSync.
In MDaemon, you can access the Do Not Disturb feature via the Group Manager screen under the Accounts menu. Follow these steps to configure Do Not Disturb.
Select Groups & Templates.
Select Group Manager.
Select New Group or click on an existing group to select it. Enter a Group Name and Description for your new group.
Click on Add or remove accounts from the selected group.
Check the box for each account you wish to add to this group, and then click OK.
Select the group name under the Group Manager list.
Check Enable Do Not Disturb.
Click on Define Do Not Disturb Schedule to configure when you would like this feature to take effect.
Select your desired Do-Not-Disturb schedule, including dates, times, and days of the week, and then click OK.
Click OK to close the Groups & Templates window.
Once these settings are enabled, users who try to access or send email during Do Not Disturb hours will be denied access.
The following video demonstrates how to configure Do Not Disturb.
Do Not Disturb gives administrators and management teams greater control over who has after-hours access to the email system. This feature was added in MDaemon 15.5. If you’re using an older version of MDaemon and would like to upgrade, then visit our Downloads page to download the latest version of MDaemon.
If you’ve used Microsoft Outlook for an extended period of time, you may have noticed that it doesn’t run quite as smoothly as it used to. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail (checking more frequently can improve performance), and various other factors. Whether you use POP, IMAP, ActiveSync or Outlook Connector, you can perform various tasks to improve Outlook’s performance. Follow the steps outlined below to keep Outlook running like a well-oiled machine.
Outlook Connector Users
Compact the Outlook Connector Local Cache File
Unlike POP, which stores data in a PST file, Outlook Connector stores a local copy of account data in a local cache file. If you are using Outlook Connector, you can compact the local cache file to improve performance. Follow these steps to compact the local cache file:
Make sure Outlook is shut down, and navigate to the Windows control panel.
Click on the Mail control panel.
Click on Email Accounts.
Double-click on your Outlook Connector account.
Click on the Database Management tab.
Locate the Purge Database section and click on the Purge button.
Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.
NOTE: Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected. If messages are show to appear in the preview pane or when viewing, try disabling “Download headers only.”
Performing the following housekeeping tasks regularly will help minimize the amount of data that Outlook must process, and will reduce the amount of memory used by the program.
We recommend performing these housekeeping tasks regularly:
Delete any email messages, calendar items, and contacts that are no longer needed.
Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
Delete unwanted items from the Sent Items folder.
Move items out of the Inbox to other mail folders.
Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.
Having too many Outlook add-ins can bog down Outlook’s performance. When Outlook is installed for the first time, it comes with its own set of add-ins. Not all of these add-ins will be activated, and there may be add-ins enabled that you don’t need. Here is a list of default Outlook add-ins:
Business Connectivity Services Add-in
Microsoft Exchange Add-in
Microsoft Outlook Social Connector / Outlook Social Connector 2013
Microsoft SharePoint Server Colleague Import Add-In
Microsoft Exchange Unified Messaging
OneNote Notes about Outlook Items
Microsoft Access Outlook Add-In for Data Collection and Publishing
Microsoft VBA for Outlook Add-in
Windows Search Email Indexer
This page contains a List of all default Outlook Add-ins, plus other add-ins you might encounter.
In addition, other third-party applications can add their own Outlook add-ins. Fortunately, it’s easy to disable unwanted add-ins.
In Outlook 2007: Go to Tools | Trust Center | Add-ins. In the Manage drop-down list, select which add-ins you’d like to disable. Press Go, and make your changes.
In Outlook 2010, 2013 and 2016: Go to File | Options | Add-ins. Locate the Manage drop-down menu at the bottom, and select Com Add-ins, then click on Go. To disable specific add-ins, simply un-check the items you don’t need, and click on OK. You can also use the Remove button to remove selected items completely. For some add-ins, you may need to restart Outlook for your changes to take effect.
Disable RSS Feeds
If you have a lot of RSS feeds that are synchronized with Outlook, these syncing tasks could bring Outlook to a crawl. If you aren’t using Outlook as an RSS reader, you can disable this feature from Outlook by following these steps:
In Outlook 2007: Go to Tools | Options. Select the Other tab, and then click on Advanced Options. Then, uncheck both options under RSS Feeds.
In Outlook 2010 / 2013 / 2016: Go to File | Options. Click on the Advanced button in the left-hand navigation menu. Under the RSS Feeds section, uncheck both options.
Adjusting the Send/Receive Frequency
Adjusting Outlook’s Send/Receive schedule can often improve performance. If email messages are slow showing up in your Inbox, you can configure Outlook to send/receive messages more frequently so that it doesn’t have to download as much data each time it checks for new messages. If your send/receive schedule is set to check less-frequently, say, every 30 minutes, try changing it to send/receive every 3 minutes.
Outlook 2010, 2013 and 2016 users can find this setting via File | Options | Advanced. Locate the Send/Receive section and click on the Send/Receive button. Then, under Send/Receive Groups | All Accounts, adjust the timing for “Schedule an automatic send/receive every…” as shown here:
POP, IMAP & ActiveSync Users
Compact or Repair PST Files
PST files can be another source of Outlook sluggishness. You can help improve Outlook’s performance by:
Using multiple PST files.
Keeping attachments out of PST files.
Compacting PST files.
To compact a PST file in Outlook 2010, 2013 and 2016:
Delete any items you no longer need, and then empty the Deleted Items folder.
Click on the File tab on the ribbon, and then select the Info tab.
Click on Account Settings, and then click on Account Settings again.
Click on the Data Files tab.
Select your PST file in the list, and then click on Settings.
On the General tab, click on Compact Now.
Click on OK and Close.
To compact a PST file in Outlook 2007:
Delete any items you no longer need, and then empty the Deleted Items folder.
Navigate to Tools | Account Settings.
Select your desired account, and then click on Change.
Click on More Settings.
On the Advanced tab, click on Offline Folder File Settings.
Click on Compact Now.
Sometimes, your PST files can develop errors or data inconsistencies, resulting in unexpected behavior in Outlook. When you suspect that there’s an issue with the integrity of your PST file, you can run Scanpst.exe to repair your PST files.
Scanpst can be tricky to locate. By default, you should be able to find it in the Program Files | Microsoft Office | Office14 folder, but you may need to perform a search if you can’t find it in its default location. This location may vary depending on which version of Outlook you are using. You may also want to create a shortcut to this file on your desktop for easier access.
Before using this tool, we recommend making a backup copy of your PST file in case any errors or file corruptions occur to the original file. This shouldn’t be an issue, however, because if Scanpst finds any errors, it will prompt you to make a backup before attempting to repair the file.
Keep Windows Up-to-Date
Microsoft periodically releases Windows updates and service packs. Having the latest updates and service packs can help improve your computer’s overall performance as well as Outlook’s performance.
Nobody should have to put up with sluggish Outlook performance. Following the above suggestions will help ensure that you spend less time waiting for things to happen, and more time making things happen!
In a previous video and blog post, I demonstrated how to maintain data privacy by encrypting email messages in WorldClient (MDaemon’s webmail client) using Virtru. However, this easy-to-use client-side email encryption feature does more than just email encryption. When you use Virtru Pro, you can set a message expiration period, revoke sent messages, or disable forwarding. In today’s video tutorial, I show you how to set a message expiration using WorldClient and Virtru.
If you’re what most would call a “power user,” then you may be used to using keyboard shortcuts. If you’re used to the keyboard shortcuts of another client, such as Outlook or Eudora, WorldClient has a feature that allows you to continue using those shortcuts. So if you’re used to using Shift+P to print (which is an Outlook shortcut), then all you need to do in WorldClient is go to the Options menu & select Personalize. Then select your preferred option in the Keyboard Shortcut Layout drop-down menu, as shown here:
More information on this feature can be found in the following page from our WorldClient online manual:
MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.
It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.