Skip to content
  • There are no suggestions because the search field is empty.

What are the recommended Security, Dynamic Screening, Spam Filter, and AntiVirus Settings in MDaemon?

The following are general recommendations for configuring MDaemon's security, spam, and antivirus features provided by MDaemon AntiVirus.

Security configurations may very from server to server and certain servers may need to be adjusted accordingly.  

The following screenshots where taken from MDaemon version 23.0.  Prior versions may not contain all of the features below.

A valid MDaemon AntiVirus key must be activated in order to change AntiVirus settings.

Please direct any questions to our technical support team for more information.

Click here to contact us.


Recommended Security Settings
  1. Navigate to the MDaemon GUI
  2. Select Security
  3. Select Security Settings

Security Settings

  1. Relay Control
    01_relay_control
  2. Reverse Lookups
    02_reverse_lookups
  3. POP Before SMTP
    03_pop_before_smtp
  4. Trusted Hosts
    Hosts added to this list will bypass all Security Settings.
    04_trusted_hosts
  5. Trusted IPs
    IP Addresses added to this list will bypass all Security Settings.
    05_trusted_ips


Sender Authentication

  1. IP Shield
    06_ip_shield
  2. SMTP Authentication
    07_smtp_authentication
  3. SPF Verification
    How to enable SFP Verification and create a simple SPF record
    08_spf_verification
  4. DKIM Verification
    09_dkim_verification
  5. DKIM Signing
    Click here for more information on configuring the mail server to sign mail using DKIM
    10_dkim_signing
  6. DKIM Settings
    11_dkim_settings
  7. DMARC Verification
    Click here for more information on configuring DNS records for DMARC
    12_dkim_verification
  8. DMARC Reporting
    13_dmarc_reporting
  9. DMARC Settings
    14_dmarc_settings


Screening

  1. Sender Block List
    17_mdaemon-sender-blocklist
  2. Recipient Block List
    Local domains and/or addresses should not normally exist on this list
  3. IP Screen
    19_mdaemon_IP-screen
  4. Host Screen
    Recommended values have been pulled from our recommended host screen article.
    20_mdaemon_host-screen
  5. SMTP Screen
    21-mdaemon_smtp-screen
  6. Hijack Detection
    22-mdaemon_hijack-detection
  7. Spambot Detection
    23_mdaemon_spambot_security
  8. Location Screening
    Use this feature to disable SMTP/IMAP/POP connections from unauthorized regions of the world. Learn more about Location Screening here.
    24-mdaemon_location_screening
SSL & TLS
  1. MDaemon
    A third party or self-signed certificate must exist in the server's certificate store to use SSL, STARTTLS, and STLS.  The use of a self-signed certificate is not recommended.
    How do I get a free SSL certificate from Let's Encrypt?
    26-mdaemon-ssl-smtp
  2. Webmail
    You may use the same certificate above for secure Webmail connections over HTTPS. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for Webmail.
    27-mdaemon_webmail_ssl
  3. Remote Administration
    You may use the same certificate for Webmail and/or MDaemon SSL connections. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for remote administration sessions.

    28-mdaemon-remote-administration
  4. No STARTTLS List
    Hosts/IPs added to this list will be exempt from using STARTTLS during SMTP sessions.
  5. STARTTLS List
    Hosts/IPs added to this list will be required to use STARTTLS.
  6. SMTP Extensions
    31_mdaemon_smtp_ext
  7. DNSSEC
  8. Let's Encrypt
    This menu is used to generate and apply a valid certificate using MDaemon and Let's Encrypt.  See the article below for assistance setting one up in MDaemon.
    How do I get a free SSL certificate from Let's Encrypt?
    33_lets_encrypt
Other
  1. Backscatter Protection
    recommended backscatter protection settings in mdaemon email server to prevent invalid notifications
  2. Tarpitting
    recommended mdaemon email server tarpitting settings to include ehlo helo delays
  3. Greylisting
    35-mdaemon-greylisting
  4. LAN Domains
    Domains listed here are considered by MDaemon to be part of the local area network (LAN)..
  5. LAN IPs
    IPs listed here will be considered by MDaemon to be part of the local area network (LAN).
  6. Site Policy
    Text transmitted during the initial connection of each SMTP session.
    Policies should be limited to 15 lines with 75 characters per line.


Recommended Dynamic Screening Settings

  1. Select Security
  2. Select Dynamic Screening...
  3. Options/Customize
    dynamic-screen-options
  4. Authentication Failure Tracking
    These are default values and can be modified as desired.
    dynamic-screen-tracking
  5. Protocols
    dynamic-screen-protocols
  6. Notifications
    These options can be modified as desired.
    dynamic-screen-notifications
  7. Dynamic Block List
    IP addresses can be added here permanently or expire after an desired date.  CIDR notation and wildcards(*) are accepted here.
    dynamic-screen-blocklist
  8. Dynamic Allow List
    Exempt IP addresses or ranges.  Default settings are pictured below.
    dynamic-screen-allowlist



Recommended AntiVirus Settings

MDaemon AntiVirus must be activated to access this menu.

  1. Open the MDaemon GUI
  2. Select Security 
  3. Select AntiVirus
  4. Select Virus Scanning
    mdaemon-antivirus-scanning


Recommended Spam Filter Settings
  1. Open the MDaemon Configuration Session
  2. Select Security
  3. Select Spam Filter

Spam Filter

Messages scoring over 5.0 points will be marked as spam and messages scoring over 12.0 points will be rejected entirely.  These are default values and can be modified as desired.

01-spam-filter-menu

Bayesian Classification
02-spam-filter-bayesian

Bayesian Auto-learning
03-spam-filter-auto-bayes

Spam Daemon (MDSpamD)
No changes should be made here unless instructed to from technical support.


Allow List (automatic)
05-spam-filter-allow-automatic


Allow List (no filtering)
Local domains/addresses should not be on this list unless messages to a specific account should receive spam-filter exempt mail.

Allow List (by recipient)
Local domains/addresses should not be on this list unless needed.

Allow List (by sender)
Local domains/addresses should not be on this list unless needed.

Block List (by sender)
Local domains/addresses should not be on this list unless needed.


Updates
06-spam-filter-updates

Reporting
mdaemon-spam-filter-reporting

Settings
mdaemon-spam-filter-settings

DNS-BL

Hosts

The SpamHaus ZEN block list (zen.spamhaus.org) is a default DNS-Blocklist applied in new MDaemon installations.  

In the image below, another DNS-BL from SpamCop, has been configured to check incoming mail against the provider's block lists. Other DNS-BL hosts exist in free, fair-use, and subscription capacities and can be added to MDaemon for increased security against malicious and/or compromised servers. 

mdaemon-spam-filter-dnsbl

Allow List
This file lists IP addresses of sites that are exempt from DNSBL lookups. Local domains/addresses should not be on this list.
mdaemon-spam-filter-dnsbl-allow

Settings
mdaemon-spam-filter-dnsbl-settings

 

Spamhaus Data Query Service (DQS) 

This feature is available in MDaemon versions 23.0.2 and above. 

Spamhaus Data Query Service offers increased protection utilizing multiple block lists.  Once an account has been created with SpamHaus, enter your unique DQS key in the text box below to activate these services in MDaemon.

Getting started with Data Query Service

mdaemon-spam-filter-spamhaus-dqs