PDA

View Full Version : MDaemon 10.x: Recommended MDaemon Security Settings



sniper
13-11-2009, 11:00 AM
Security configurations will vary from site to site, but the following configurations will be a good starting point for just about any server. Open MDaemon and use the following steps:

Under the Security menu | Spam Filter:

Spam Filter section:

1. Ensure 'Don't filter mail sent from local sources' is enabled
2. Ensure 'Don't filter mail from trusted or authenticated sources' is enabled
3. For 'Don't filter messages larger than' enter 100KB. You may increase this if you find you're getting larger spam messages, but watch for a performance hit and adjust accordingly
4. Leave 'Don't forward spam' with the default setting of 'disabled'
5. 'Move spam into user's IMAP spam folder automatically' should only be enabled if you are not using POP3 protocol for any of your local users. This can be a helpful way to allow your users to review their spam, but not have it clutter up their Inboxes
6. The rest of the settings on this tab can be left at default

Heuristics section:

1. Ensure 'Enable heuristic message scoring system' is enabled
2. For the field 'A message is spam if its score is greater or equal to' enter 5.0
3. For the field 'SMTP rejects messages with scores greater or equal to' enter 12.0
4. Leave the rest of these settings at default

Reporting section:

1. Ensure the first option 'Insert spam report into the headers of the original message' is selected

Bayesian section:

1. Select 'Enable Bayesian classification'
2. Enable 'Schedule Bayesian learning for midnight each night'
3. For 'Don't learn from messages larger than' enter 50000 bytes
4. Ensure that the correct path is populated in the 'Path to known spam folder' and 'Path to known non-spam folder’ fields

Spam Daemon section:

1. Leave the 'host or IP' to 127.0.0.1 and the 'port' at 783
2. The rest of these settings may be left at default

In most cases, the rest of the settings in this dialog can be left at defaults as well.

Security | Spam Filter... | DNS-BL:

DNS-BL hosts section:

1. The first option 'Enable DNS-BL queries' should be enabled

DNS-BL Options section:

1. Ensure 'Skip 'Received' headers within messages from white listed sites' is enabled
2. Ensure 'Skip DNS-BL processing for authenticated sessions and trusted IPs' are enabled
3. Ensure 'Stop further DNS-BL queries on first DNS-BL match' is enabled
4. Ensure 'SMTP server should refuse mail from black-listed IPs' is disabled
5. The rest of this tab can be left at default

White List section:

1. Be sure to add any of your local machines on the network to the white list

Security | Security Settings... | SPF & Sender ID:

SPF / Sender ID section:

1. Enable 'Verify sending host using SPF'
2. Enable 'Verify PRA using Sender ID'
3. The next 2 options should be disabled
4. Ensure -0.5 is entered for the 'Approved messages add this to the Spam Filter score'
5. 'Messages which fail add this to the Spam Filter score' should be at 15.0
6. Ensure 'Insert 'Received-SPF' header into messagess' is enabled
7. Everything else should be enabled except for Use local address in SMTP envelope when forwarding messgaes

If you have SecurityPlus for MDaemon installed, it's a good idea to refuse infected messages during SMTP session.

Security | AntiVirus...:

AntiVirus section:

1. Make sure Enable AntiVirus scanner is enabled
2. Enable 'Refuse to accept messages that are infected with viruses'
3. The remaing defaults should be acceptable but can be altered according to your specific needs

Security | Outbreak Protection:

1. Make sure Enable Outbreak Protection is checked
2. Viruses should be 'blocked in real time'
3. Spam should be 'accepted for filtering' and the Score should be 2.5
4. IWF content should be 'blocked in real time and the Score should be 2.5
5. The remaing defaults should be acceptable but can be altered according to your specific needs