What are the recommended Security, Dynamic Screening, Spam Filter, and AntiVirus Settings in MDaemon?

The following are general recommendations for configuring MDaemon's security, spam, and antivirus features provided by MDaemon AntiVirus.

Security configurations may very from server to server and certain servers may need to be adjusted accordingly.  

The following screenshots where taken from MDaemon version 23.0.  Prior versions may not contain all of the features below.

A valid MDaemon AntiVirus key must be activated in order to change AntiVirus settings.

Please direct any questions to our technical support team for more information.

Click here to contact us.

1. Navigate to the MDaemon GUI
2. Select Security
3. Select Security Settings

Security Settings

1. Relay Control
   
2. Reverse Lookups
   
3. POP Before SMTP
   
   
4. Trusted Hosts
   Hosts added to this list will bypass all Security Settings.
   
5. Trusted IPs
   IP Addresses added to this list will bypass all Security Settings.
   

Sender Authentication

1. IP Shield
   
   
2. SMTP Authentication
   
   
3. SPF Verification
   How to enable SFP Verification and create a simple SPF record
   
4. DKIM Verification
   
   
5. DKIM Signing
   Click here for more information on configuring the mail server to sign mail using DKIM
   
6. DKIM Settings
   
   
7. DMARC Verification
   Click here for more information on configuring DNS records for DMARC
   
   
8. DMARC Reporting
   
   
9. DMARC Settings
   
   

Screening

1. Sender Block List
   
   
2. Recipient Block List
   Local domains and/or addresses should not normally exist on this list
3. IP Screen
   
   
4. Host Screen
   Recommended values have been pulled from our recommended host screen article.
   
5. SMTP Screen
   
   
6. Hijack Detection
   
   
7. Spambot Detection
   
   
8. Location Screening
   Use this feature to disable SMTP/IMAP/POP connections from unauthorized regions of the world. Learn more about Location Screening here.
   
   

1. MDaemon
   A third party or self-signed certificate must exist in the server's certificate store to use SSL, STARTTLS, and STLS.  The use of a self-signed certificate is not recommended.
   How do I get a free SSL certificate from Let's Encrypt?
   
2. Webmail
   You may use the same certificate above for secure Webmail connections over HTTPS. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for Webmail.
   
3. Remote Administration
   You may use the same certificate for Webmail and/or MDaemon SSL connections. HTTPS only and HTTP redirected to HTTPS will disable non-SSL connections from occurring for remote administration sessions.
   
   
4. No STARTTLS List
   Hosts/IPs added to this list will be exempt from using STARTTLS during SMTP sessions.
5. STARTTLS List
   Hosts/IPs added to this list will be required to use STARTTLS.
6. SMTP Extensions
   
   
7. DNSSEC
8. Let's Encrypt
   This menu is used to generate and apply a valid certificate using MDaemon and Let's Encrypt.  See the article below for assistance setting one up in MDaemon.
   How do I get a free SSL certificate from Let's Encrypt?
   

1. Backscatter Protection
   
   
2. Tarpitting
   
   
3. Greylisting
   
   
4. LAN Domains
   Domains listed here are considered by MDaemon to be part of the local area network (LAN)..
5. LAN IPs
   IPs listed here will be considered by MDaemon to be part of the local area network (LAN).
6. Site Policy
   Text transmitted during the initial connection of each SMTP session.
   Policies should be limited to 15 lines with 75 characters per line.

Recommended Dynamic Screening Settings

1. Select Security
2. Select Dynamic Screening...
3. Options/Customize
   
   
4. Authentication Failure Tracking
   These are default values and can be modified as desired.
   
   
5. Protocols
   
   
6. Notifications
   These options can be modified as desired.
   
   
7. Dynamic Block List
   IP addresses can be added here permanently or expire after an desired date.  CIDR notation and wildcards(*) are accepted here.
   
   
8. Dynamic Allow List
   Exempt IP addresses or ranges.  Default settings are pictured below.
   
   
   
   

1. Open the MDaemon GUI
2. Select Security 
3. Select AntiVirus
   
4. Select Virus Scanning
   

1. Open the MDaemon Configuration Session
2. Select Security
3. Select Spam Filter

Spam Filter

Bayesian Classification


Bayesian Auto-learning


Spam Daemon (MDSpamD)
No changes should be made here unless instructed to from technical support.

Allow List (automatic)



Allow List (no filtering)
Local domains/addresses should not be on this list unless messages to a specific account should receive spam-filter exempt mail.

Allow List (by recipient)
Local domains/addresses should not be on this list unless needed.

Allow List (by sender)
Local domains/addresses should not be on this list unless needed.

Block List (by sender)
Local domains/addresses should not be on this list unless needed.

Updates


Reporting


Settings


DNS-BL

Hosts

Allow List
This file lists IP addresses of sites that are exempt from DNSBL lookups. Local domains/addresses should not be on this list.


Settings

Spamhaus Data Query Service (DQS) 

Spamhaus Data Query Service offers increased protection utilizing multiple block lists.  Once an account has been created with SpamHaus, enter your unique DQS key in the text box below to activate these services in MDaemon.

Getting started with Data Query Service