The following are general recommendations for utilizing MDaemon's security and spam features as well as the AntiVirus and Outbreak Protection features provided by MDaemon AntiVirus.
Security configurations may very from server to server and certain servers may need to be adjusted accordingly.
The following screenshots where taken from MDaemon version 17.5. Prior versions may not contain all of the features below.
A valid MDaemon AntiVirus key must be activated in order to change AntiVirus and Outbreak Protection settings.
Please direct any questions to our technical support team for more information. Click here to contact us
Recommended Security Settings
- Navigate to the MDaemon GUI
- Select Security
- Select Security Settings
- Security Settings
-
- Relay Control
- Reverse Lookups
- POP Before SMTP
- Trusted Hosts
Hosts added to this list will bypass all Security Settings.
- Relay Control
-
- Trusted IPs
IP Addresses added to this list will bypass all Security Settings.
- Trusted IPs
- Sender Authentication
- IP Shield
- SMTP Authentication
- SPF Verification
- DKIM Verification
- DKIM Signing
Click here for more information on configuring the mail server to sign mail using DKIM - DKIM Settings
- DMARC Verification
Click here for more information on configuring DNS records for DMARC - DMARC Reporting
- DMARC Settings
- IP Shield
- Screening
- Sender Blacklist
- Recipient Blacklist
Local domains and/or addresses should not normally exist on this list - IP Screen
- Sender Blacklist
-
- Host Screen
Recommended values have been pulled from our recommended host screen article.
- Host Screen
-
- SMTP Screen
- Hijack Detection
- Spambot Detection
- Location Screening
(Optional) Use this feature to disable SMTP/IMAP/POP connections from unauthorized regions of the world. Learn more about Location Screening here.
- SMTP Screen
- SSL & TLS
- MDaemon
A third party or self-signed certificate must exist in the server's certificate store to use SSL, STARTTLS, and STLS
- MDaemon
-
- WorldClient (web mail)
You may use the same certificate for WorldClient SSL connections. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for web mail.
- WorldClient (web mail)
-
- Remote Administration
You may use the same certificate for WorldClient and/or MDaemon SSL connections. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for remote administration sessions.
- Remote Administration
-
- STARTTLS White List
Hosts/IPs added to this list will be exempt from using STARTTLS during SMTP sessions.
- STARTTLS White List
-
- STARTTLS Required List
Hosts/IPs added to this list will be required to use STARTTLS.
- STARTTLS Required List
- Other
- Backscatter Protection
- Tarpitting
- Greylisting
- LAN Domains
Domains listed here are considered by MDaemon to be part of the local area network (LAN)..
- Backscatter Protection
-
- LAN IPs
IPs listed here will be considered by MDaemon to be part of the local area network (LAN).
- LAN IPs
-
- Site Policy
Text transmitted during the initial connection of each SMTP session.
Policies should be limited to 15 lines with 75 characters per line.
- Site Policy
Recommended Dynamic Screening Settings
The Dynamic Screening menu prior to MDaemon version 17.5 can be found by following the steps below.
Please note that many of the below options are not available and should be followed as closely as possible.
- Select Security
- Select Security Settings
- Expand Screening
- Select Dynamic Screening
To open Dynamic Screening in MDaemon version 17.5 and above...
- Select Security
- Select Dynamic Screening...
- Options/Customize
- Authentication Failure Tracking
- Dynamic Blacklist
IP addresses can be added here permanently or expire after an desired date. CIDR notation and wildcards(*) are accepted here. - Dynamic Whitelist
Exempt IP addresses or ranges. Default settings are pictured below. - Protocols
- Notifications
Recommended AntiVirus Settings
- MDaemon AntiVirus must be activated to access this menu.
- Open the MDaemon GUI
- Select Security
- Select AntiVirus
- Content Filter
- AntiVirus
- AntiVirus
Recommended Outbreak Protection Settings
- MDaemon AntiVirus must be activated to access this menu.
- Navigate to the MDaemon GUI
- Select Security
- Select Outbreak Protection
-
- Outbreak Protection
- Outbreak Protection
Recommended Spam Filter Settings
- Navigate to the MDaemon GUI
- Select Security
- Select Spam Filter
- Spam Filter
- Spam Filter
- Bayesian Classification
- Bayesian Auto-learning
- Spam Daemon (MDSpamD)
No changes to be made here unless instructed to from technical support.
- Spam Filter
-
- White List (Automatic)
- White List (no filtering)
Local domains/addresses should not be on this list - White List (by recipient)
Local domains/addresses should not be on this list - White List (by sender)
Local domains/addresses should not be on this list - Black List (by sender)
Local domains/addresses should not be on this list - Updates
- White List (Automatic)
-
- Reporting
- Settings
- Reporting
- DNS-BL
- Hosts
- White List
Local domains/addresses should not be on this list - Settings
- Hosts