How to enable Hijack Detection to prevent server abuse from compromised accounts

Hijack detection enables an MDaemon administrator the ability to configure a set number of messages sent from an authenticated account, from a specific IP range, in a defined number of minutes.

If an account crosses this threshold the postmaster is notified via email and (optional) the account is frozen. A frozen account can still receive mail. However, the account cannot send mail. This feature is useful to prevent compromised accounts for submitting scores of spam/bulk mail.  Compromised servers can result in the possibility of having domains added to public internet black lists or result in poor sending reputations.

  1. Select Security
  2. Select Security Settings
  3. Expand Screening
  4. Select Hijack Detection
    hijack detection mdaemon menu
    • Hijack detection will be triggered when the number of messages (X) exceeds the specified amount of time (Y).
    • Check Limit messages sent from reserved IPs to limit message sent from reserved IPs to X messages in Y minutes.
    • Check Limit messages sent from local IPs to limit message sent from local IPs to X messages in Y minutes.
    • Check Limit messages sent from all other IPs to limit message sent from all other IPs to X messages in Y minutes.
    • Check Freeze accounts when limit is reached to freeze MDaemon accounts when X messages meets/exceeds Y minutes.
    • Freezing accounts will allow incoming mail to be delivered and restrict outgoing mail

  5. Click White List if you would like to open the Hijack Detection white list to add entries (wild-cards are OK).
    hijack detection mdaemon white list
  6. Select Save when finished adding/removing addresses to the White list.
  7. Click OK

 

**NOTE - Mailing lists are included in this feature.  If you have mailings lists with more than X members, add them to the white list or consider increasing X number of messages.