A panicked admin contacted us stating that their info@ account was being used to send spam. What we quickly found out is that the admin had not enabled any security to protect their local accounts from being abused. All the spammer needed was to know a valid local email address to send spam from.
***Tip: try to avoid using well known account names like firstname.lastname@example.org. Spammers like to try and target these types of accounts. Even when authentication is enabled this is the most commonly abused account in our experience. Almost every time the info@ account also has a password of “info”.
MDaemon provides robust security right out of the box, but each installation is different and it’s up to the admin to decide the best route to take based on their environment. Therefore a number of security options must be configured after a default installation. The most common form of security to enable is to require authentication from local users. If the admin had enabled the authentication requirement then the spammer would have needed to also know the password for the info@ account to be able to send their spam. Usually much more difficult. (unless as in the tip above you have configured the password to be the username!)
Below is a list of 3 options available to help protect your local email accounts.
- Require SMTP authentication from local users. The option is found by clicking Security | Security Settings. Select “SMTP Authentication” found under the Sender Authentication sub menu. Place a check mark beside “Authentication is always required when mail is from local accounts”.***NOTE: after making this change you may need to go to the user’s email client and enable authentication. No changes need to be made if the user is using WorldClient or Outlook with Outlook Connector. The Outlook Connector enables SMTP authentication by default.
- Use IP Shield. This security feature works by matching an IP address, or IP range, with your local domain. If MDaemon see’s a local user sending an email it will check to ensure the email is coming from a location (IP address) the admin has specified. If a user authenticates when sending in their message to MDaemon this security check is skipped.This feature is found by clicking Security | Security Settings. Look for “IP Shield” under the Security Settings sub menu. For a more detailed overview of this feature please see our previous blog post found here.
- POP Before SMTP. This is simply another form of authentication. To successfully check for new email a local user must always authenticate. When a user successfully checks for new email MDaemon will record the IP address that the user connected from. MDaemon will now only accept an email from this specific user if its sent from the exact same IP address that they checked for new email from. If a user authenticates when sending in their message to MDaemon this security check is skipped. This feature is found by clicking Security | Security Settings. Look for “POP Before SMTP” under the Security Settings sub menu.
You really only need one of these features enabled to protect your local accounts but we recommend using a combination of requiring SMTP authentication as well as IP Shield. The IP Shield feature does a great job of detecting emails where the FROM header has been spoofed with local users’ email addresses.
We hope this has been helpful. If you have any questions feel free to send an email to email@example.com.