MDaemon's security is set in "Security Settings" below the Setup menu. There are several options:
-Address support: Lists the address that is not allowed through your MailServer. If you receive the message sent from the address in this list, you can choose to accept and put it in the "bad letter queue", or reject it in the SMTP process (not even stored in your Server's temporary directory). This feature is used to control some questions, such as always malignant email. Here, wildcards, such as "*@hotmail.com", and "Baduser @". You can set all domains and a domain valid.
-Ip Screening: Give you to specify the IP address to the server you want to allow or prohibited. If the connection is not allowed, the attempt to the IP address from the list will be rejected and immediately canceled. When your machine has multiple IP addresses, it is very convenient to set it here. Support setting "206. *. *. *" Or "206.101. *. 130".
-Host Screening (Site Submunicage): Give you the Server specified site (domain name) that you want to allow or prohibited. Like IP, this is to let you specify site name. Support setting "* .sample.com" or "Sample. *".
-Ip shielding: If the domain name specified in List is trying to connect to your server, the IP address must match your address here u 饫 cadmium Xin Yu 鲅 ∠??? 合 合 合 例 例 例 例"For example, there are many users who use"
54fg56ff@yahoo.com "or"
TG7HJ47R6@hotmail.com "When the fake name is sent to you, you can set up the true IP address of Yahoo.com and Hotmail.com. But there are too many sites on the Internet, sometimes it is not possible, Get and other methods.
-SMTP Authentication: When the user sent a letter to MDaemon Server, if you don't recognize your identity, use several options to indicate the behavior of MDaemon. (MDaemon supports users who have been authenticated from Windows NT)
1. Authenticated Senders Are Valid Regardless of the ip They is use
The certified user is exempt from the IP Shielding (IP covering) restriction, no matter what IP is used.
2. Authenticated Uses Are Exempt from the Pop Before SMTP REQUIREMENT
If you have a security feature that uses "SMTP pre-POP", this allows authenticated users to exempt this limit.
3. Authentication is always required when Mail is from local accounts
Any letters claimed from local users require the authentication first
4. Mail from "Postmaster" Requires An Authenticated Session
Letter from "Postmaster" also need an authentication process. People and hackers who send garbage letters know that there is "postmaster" existence, they may send mail to your server through this account. You can choose this setting to prevent them from doing this. 5. Authentication Credentials Must Match Those of the Email Sender
The certification certificate must be matched with the sender. This prevents local users from using other user addresses of this system.
6. Global Auth Password
Use the universal auth password. If the "authenticated user can exempt the IP restriction", MDaemon's user account configuration for dynamic NT authentication must use this universal password to replace their ordinary NT password.
-POP Before SMTP (pre-SMTP first POP): For each MDaemon user first access his mailbox before allowing to send information through MDaemon, this verifies that the user has a legal user account, allowing this EMAIL system. This is the simplest method of reducing illegal users using your mail server, which is now commonly used in major ISP. But at the same time, pay attention to requesting the user to make a corresponding settings on the client.
-SPAM Blocker: Allows to specify several ORDB and Maps RBL types, each time you want to send a letter to your Server, these sites will be checked. If the connected IP address is in the site blacklist, this information will be rejected or tagged. It should be noted that some sites are incorrectly recorded in blacklist.
If you want to query the garbage letter and how to use ORDB or Maps RBL to control and suspend garbage, you can refer to:
http://www.ordb.org and
http://www.mail-abuse.com/rbl/.
This spam blocker has several options:
1. Flag Messages from Blacklisted Sites But Go Ahead And Accept Them
Set this, MDaemon will not reject letters from the blacklist site, but these letters will be added to the letterhead of "X-RBL-WARNING". You can also use content filtering to search for letters with these letters, and make the corresponding moves for these letters. MDaemon also automatically creates a "spam" IMAP directory for each user and generates the corresponding IMAP mail rules that put it discovered in this directory. Although it is not necessarily safe, this is also a simple convenience to help users quickly identify spam. This way users only need to check this "spam" directory in time, confirm that some important letters do not have unexpectedly put this directory (sometimes this happens). About this, everyone can refer to it
Http://www.hotmail.com's web page, they are doing this.
2. Check "Received" Headers forin SMTP Collected Messages
Check the IP address marked in the "ReceiveD" letterhead in the letter received by SMTP. This policy is not very much for the strategy of the already received, if "SMTP Pop" is set, it is not required.
3. Check "Received" Headers with POP Collected Messages
Check the IP address marked in the "ReceiveD" letter in the message received by DomainPop or MultiPop.
4. Add Blacklisted Sites To The IP Screen (Under All Domains) adds the site in the blacklist to the IP Screen (IP masking) function below (below all domains). This option is important to prevent these sites from trying to connect to your server. The file that automatically adds a blacklist to IP Screen is approximately 20KB (about 500 items), and will not be added automatically (can manually). This prevents the address of the address in IP Screen from affecting the performance of the server.
5. Several other options are a few exceptions, and the same size is similar, and there is not much to say.
In the Spam Blocker Hosts page, you can manually add and delete a list of site.
In the Spam Blocker Caching page, you can set up the cache blocking garbage letter. Here is set to automatically.
-Relay settings: Used to control MDaemon how to deal with a letter that is not a local address?
1. This Server Does Not Relay Mail for Foreign Domains
Set this option, MDaemon will refuse to accept the letters that from FROM and TO do not contain local users. That is to say, do not transfer external mail.
2. Refuse to accept mail for unknown local users
Set this option, MDaemon accepts messages that are unknown locally.
3. Sender's address Must Be Valid if it claims to be from a local domain
If the letter claims that it is from a local Domain, this local user must exist, otherwise MDaemon will refuse to send this letter.
4. Mail Sent Via Authenticated SMTP Sessions Can Always Be Relayed
Letters issued by the certified process are always forwarded.
5. Mail Can Always Be Relayed Through Domain Gateways
Letters can always be forwarded through the domain gateway, regardless of the forwarding control. This feature is forbidden by default, and is not recommended.
-Trusted Hosts: Specifies a domain name or IP address outside the Relay rule in Relay Settings.
-Trapit settings: trapitting means that it is intentionally inserted in the SMTP processing to hinder the send server constantly attempt to send.
-Reverse lookup: MDaemon can query DNS Server to check the legality of the letter domain name and IP address. Can be used to refuse suspicious letters or have a special letterhead in the letterhead. DNS inverse data is also recorded in the MDaemon log file.
1. Perform Reverse Ptr Record Lookup On Inbound SMTP Connections
MDaemon will perform a counter-tag record query for all coming SMTP processes.
2. ... Send 501 and Shutdown Connection if no Ptr Record match
If the PTR record is not found, the 501 error code is sent, and the connection is aborted.
3. Perform Lookup on Helo / Ehlo Domain
Helo / EHLO is the identity of the sending client to confirm that it is connected to the Server. Set this option to reverse the domain name reported when using the helo / ehlo command in the process.
4. Perform Lookup On Value Passed In The Mail Command Setting this option to counter the domain name reported when using the mail command in the process. For example, you can see "Mail from" in the log
Abced@yahoo.com.cn ". This time will be reversed in this domain yahoo.com.cn. This address is usually the return path of the letter, but also the original initiation address of the letter. But pay attention to sometimes it is wrong here. Address instead.
5. REFUSE TO Accept Mail if a lookup returns "domain not all" Domain Not Found "
If the result of the anti-query is "Did not find this domain name", set this option to reject the letter, and give 451 error code (requested by the operation), then the process will be allowed to be normal.
6. ... Send 501 Error Code (Normally Sends 451 Error Code)
Set this option, when "Did not find the domain name" error appears, use 501 error code instead of 451 error code.
7. ... and the shutdown the socket connection
Set this option to abort the connection when "Did not find the domain name" error appears.
8. INSERT "X-Lookup-Warning" Header Into Suspicious Messages
If it is discovered when the inquiry is discovered, the letter is inserted into the "X-look-warning" letterhead.
In summary, you can see that now popular mail servers can already use multiple means to implement mail security and spam issues. But in real use, we also need to make a constant reference log files to make changes. For example, 163.com is considered a spam server abroad (indeed a lot of spam from there). If you use spam blocker, you may not receive mail from 163.com. Therefore, the specific case is given to the specific setting. This considers yourself, just see the people.
