A formidable arsenal of security tools
MDaemon incorporates the very latest features to combat any potential abuse of your email server or users' email identities.
Relay Control
By default, MDaemon does not allow mail relaying (ie. handling of mail that is neither to or from a local user). However, should you wish to reconfigure the options for a certain scenario, you can do so.
IP Shield
The IP Shield allows you to define valid IP ranges from which email from specified domains is allowed to be sent thereby protecting your users from having their email accounts abused by spoofers.
SMTP Authentication
SMTP Authentication allows your users to verify who they are before attempting to send email. This allows MDaemon to bypass some security checks and is a vital requirement if your users are connecting from outside of your network. Where an email client does not offer support for SMTP Authentication, an email client can instead be configured to use a POP check before sending email via SMTP.
Reverse Lookups
To combat abuse, MDaemon can use reverse look-up checks on incoming connections such as Reverse PTR record lookups, HELO checks and domain validation checks.
Trusted Hosts
Often it is useful to be able to setup 'trusts' for email arriving from certain IP addresses or hosts. MDaemon allows trusts to be set-up very easily and once done, trusted servers can be exempted from a number of security checks.
SPF & Sender-ID
MDaemon offers full support for Sender Policy Framework (SPF) and Sender-ID techniques which can provide verification that messages received by the server did actually originate from a server defined by the sender in their own DNS record.
DKIM & DomainKeys
MDaemon offers full support for DomainKeys Identified Mail (DKIM) and DomainKeys which provide for cryptographic signing and verification of email messages to verify both that the sender of an email is who they claim to be and that their email hasn't been modified in transit.
Address Blacklist
The address blacklist allows you to specify addresses or domains from which your server will not accept emails.
IP Screen
IP screening allows you to specify whether connections are allowed or blocked from specified IP addresses or IP ranges.
Host Screen
Host screening allows you to specify whether connections are allowed or blocked from specified host names.
Dynamic Screen
MDaemon's dynamic IP screening allows connecting IP addresses to be automatically blocked for a period of time if any suspicious activity is detected such as bad authentication details being used, rapid repeated connections or sending to multiple unknown addresses.
Backscatter Protection
Backscatter occurs when spam or viruses send email using a forged address as the return path. This can lead to thousands of bogus delivery status notices, or automated responses ending up in your users' inboxes. MDaemon incorporates Backscatter Protection which prevents this type of problem by implementing Bounce Address Tag Validation (BATV). This features should be implemented with care and is disabled by default.
Tarpitting
MDaemon includes sophisticated tarpitting which deliberately inserts response delays to slow down SMTP transactions when a single SMTP session is sending a message to multiple recipients. In normal usage, these inserted delays are not noticeable, however in the event of a spam or denial of service attack they can protect your server from being completely bombarded and overloaded by unwanted email.
Greylisting
Greylisting is a well known spam reducing technique that configures the server to reject all messages for a set period of time on first delivery attempt on the assumption that genuine email will be automatically re-delivered within a few minutes as oppposed to spammers email which generally isn't. This mechanism can be very effective but will introduce a small delay to the receipt of email and could risk the rejection of some genuine email. Greylisting is disabled by default in MDaemon.
|
