If you’re in charge of managing your company’s email, whether you’re running an in-house Exchange server or Office 365, you’ve certainly become all too familiar with the latest threats posed by cybercriminals – threats that go far beyond the old-school Nigerian Prince email scam that has become the brunt of jokes over the past couple of decades. So if protecting your employees from email-borne scams is important to you & your business, a secure email gateway to protect against phishing, malware, data leaks and other threats would be a sound investment.
Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5, the Cyren Antivirus engine can be configured to detect macros in Microsoft Office documents and flag them as infected.
Improved Handling of Restricted Attachments
Messages sent from Microsoft Outlook in Rich Text format are sent with an embedded file containing formatting data. Receiving email clients that do not understand this data may display it as a Winmail.dat attachment. To prevent users from bypassing the restricted attachments list by attaching restricted file types to rich text emails, SecurityGateway can now look inside Winmail.dat attachments for restricted file.
Security Gateway can now also scan RAR archives for restricted attachments.
External Database Support
Security Gateway installs with its own embedded Firebird database, however, in the latest release, administrators can configure Security Gateway to use an external Firebird database for improved performance.
This week, we released version 19 of the MDaemon Email Server, with new features that benefit administrators and end users. The following is a summary of key improvements for email security and productivity. You can view the complete list of new features and updates in the MDaemon release notes.
New MDaemon Email Server Features for Administrators
One of the first things administrators will notice is that the behavior of the “Start MDaemon” Start menu shortcut has changed. When clicked, you’ll now be taken to MDaemon Remote Administration via your browser. If you’d like to launch the MDaemon Email Server console directly, you can use the “Open MDaemon Configuration Session” shortcut, as shown here:
Enhanced Integration with Third-Party Plugins
MDaemon’s XML-API has been expanded to include additional capabilities. Folders and their contents can be created, deleted, renamed, and moved using the API. Developers can use these expanded features to display or manipulate the content of user mailboxes.
“External Message” Warning
A new “External Sender” Content Filter condition has been added, along with a new “Add a warning to the top of the message” action. This allows MDaemon administrators to create a rule that will add a custom warning to the top of all email messages originating from external sources – providing extra protection against phishing attempts by alerting users to treat these messages with extra care.
Support for Separate SSL Certificates for Each Host/Domain
MDaemon supports TLS Server Name Indication (SNI). This allows domains and host names to have their own assigned SSL/TLS certificate, rather than having to share a single certificate.
New Authentication Failure & Frozen Account Reports
MDaemon’s Dynamic Screening feature includes the option to send authentication failure and frozen account reports to end users. When a given number of authentication failures has been reached, or when an account has been frozen, the user is notified so that corrective action can be taken.
New MDaemon Email Server Features for End Users
MDaemon Webmail – “All Unread” and “All Flagged” Saved Searches
When logging in for the first time, MDaemon Webmail users will receive a prompt asking if they would like to create an “All Unread” and “All Flagged” saved search for convenient, one-click access to unread or important email messages.
MDaemon Webmail – Expired Session Indicator
MDaemon Webmail will display (EXPIRED) on the browser tab when a user’s session has expired. This allows users who have multiple browser tabs open to be notified when they have been logged out of MDaemon Webmail without having to switch tabs.
Other MDaemon Email Server Improvements Include:
Autodiscover support has been expanded to accommodate a wider variety of connecting email clients (including eM Client, Thunderbird, Outlook, and others). The service can also now be configured to pass a custom host name to the connecting client on a per-service basis (for example: administrators can configure ActiveSync to connect to activesync.domain.com and IMAP to connect to imap.domain.com, etc.).
The option “Only send antivirus update notification on failure” is now enabled by default, and when updating to MDaemon 19, it will be enabled the first time MDaemon starts up.
When ActiveSync is disabled for a domain, administrators will receive a pop-up asking if they would like to revoke ActiveSync access for users of the selected domain. This makes it easier to revoke access and reduces the usage of ActiveSync licenses.
The STARTTLS White List now takes precedence over the STARTTLS Required List and the “SMTP server requires STARTTLS on MSA port” option.
New options have been added to Security | Spam Filter | Spam Honeypots and Security | Security Settings | Screening | SMTP Screen to enable/disable the Dynamic Screening notification when an IP is blocked.
These are the main highlights. For a complete list of new features & enhancements in the latest MDaemon Email Server, please see the MDaemon release notes. If you’re not currently using MDaemon and would like to learn more about how MDaemon can save your company time and money, click here to download your free trial!
I’ve got some exciting news. Our latest & greatest MDaemon release is now available for download! With MDaemon 18, we introduce new features that benefit administrators and end-users alike. Let’s go over the top new features. You can view a more comprehensive list of all new features and enhancements in the MDaemon release notes.
New Features for Administrators
Single Installer for All Licensed Features
The MDaemon download/install file now includes all former plug-ins which are now “licensed features” of MDaemon that require a separate license key.
When you enable each feature for the first time, a 30-day trial is activated. You can purchase a full license for these features on our website or through your local MDaemon reseller. Purchase options can also be found under the Help menu in MDaemon.
Enhanced Security to Avoid DNS Attacks
DNSSEC is a technology that digitally signs DNS data so that you can be assured that it’s valid. It was created to combat man-in-the-middle attacks that are possible in the DNS system. These types of attacks can lead to users being directed to a hijacker’s own deceptive website in an attempt to collect personal data. To help ensure MDaemon does not become a victim of these attacks, it is now capable of requesting DNSSEC be used when available.
Remote Administration – Set Security Features to their Recommended Settings
If you have adjusted MDaemon’s security settings over time and are unsure of the best settings for optimal security, you can now set each security feature to its recommended setting with a single mouse click in MDaemon Remote Administration.
Antivirus – Mailbox Scanning
When MDaemon Antivirus is enabled, administrators can now configure a schedule to scan all mailboxes. This allows the detection of any infected messages that may have passed through before any new virus definitions were created to detect the latest threats.
ActiveSync – Exempt Known Devices from Location Screening
An option has been added to allow a previously known device to bypass location screening when connecting via MDaemon ActiveSync. Administrators can enable this option to allow users to continue to access their account from locations that are configured to have their authentication attempts blocked. This is useful if you have users who are traveling and need access to their email.
New Features for End Users
Remote Administration & Webmail – Remember Me for Easier Access
MDaemon Webmail and Remote Administration users can enable the Remember Me feature to automatically login without having to enter a username and password. The Remember Me duration can be configured by the administrator for up to 365 days.
Webmail – Simplified Email Encryption
When composing a message, MDaemon Webmail users can use the Advanced Options screen to instruct MDaemon to encrypt the message, retrieve their public key, or retrieve the public key of another user (if available). This greatly simplifies the process of sending secure, encrypted email using MDaemon PGP.
Webmail – Message Snooze
MDaemon Webmail users can snooze emails to temporarily remove them from their inbox until they need them. The user’s email will reappear in the inbox at the configured time, whether it’s tomorrow, next week, or when you get home. Snoozed messages can be displayed at any time using the View Snoozed Messages options.
Webmail – Collaboration & Security for Public Calendars
MDaemon Webmail users can publish a calendar to a publicly accessible URL for easy sharing and collaboration. For added security, these public calendars can be password protected. To publish a calendar, click the Share Folder icon for your calendar under the Options|Folders menu in MDaemon Webmail, enter an optional display name and password under the Public Access tab, and then click on Publish Calendar. Anyone who has the calendar’s URL and optional password can view it in their browser. More information on how to enable this feature globally or on a per-user basis can be found in the MDaemon release notes.
Webmail – Text-to-Speech
When viewing a message in MDaemon Webmail using the WorldClient, LookOut, or Mobile theme, users can click on a button to listen to the message.
Note: This feature is currently only supported in Chrome or Firefox.
Are you running an older version of MDaemon or using a different email platform? Download the latest MDaemon & see what you’ve been missing!
If you’d like to learn more about MDaemon & what’s new with version 18, or if you’re considering changing platforms for a simpler and more cost-effective email solution, here are a few links you may find helpful.
MDaemon 16.0.2 has been released. This update includes a “remember me” feature for two-factor authentication in WorldClient. With this feature enabled, users will not have to re-enter a verification code for a designated period of time.
Other new features and enhancements include:
Global administrators can now set the Mail Archive path in Remote Administration.
The Remote Administration group editor now supports Do Not Disturb scheduling. This allows administrators to schedule a period of time during which email cannot be accessed for all accounts that have been assigned to a group.
Administrators can now sort the Active Sessions list in Remote Administration – for an improved view of server activity.
Global administrators can now disable two-factor authentication for selected users in Remote Administration.
MDaemon 15.5.3 has been released. With this latest release, we’ve added support for one of the most popularly-requested features – the ability for the content filter to check for restricted files inside of RAR and ZIP attachments.