Alt-N Tech: How To Prevent Email Account Hijacking
Written by Neil from Zen Software.
How can MDaemon Messaging Server help prevent accounts from being hijacked (and your company email server from being black listed)?
Finding out that your mail server is being used to relay SPAM can be a major headache for admins and a black mark on your company. As an MDaemon user, fortunately you have plenty of tools at your disposal to help prevent this from happening.
The first signs that an account has been compromised are typically when you are informed that people are not receiving your emails and your local users complain of problems sending or receiving email. You dig further and find that your SMTP server has been black listed and mail from your domain will not be accepted due to SPAM detection by the receiving email server.
The #1 cause for unauthorised relaying, in our experience, is when an account’s credentials get compromised. The spammer authenticates with MDaemon and sends as many spam messages as they can until the email admin detects and fixes the problem.
With the release of MDaemon v13.0.0 we have a new security feature at our disposal called Account Hijack Detection which will help catch this behavior before it causes too much damage, if any. MDaemon will keep track of how many messages users send. When accounts send large numbers of email, and if a certain threshold is breached, MDaemon will disable the account from sending further emails.
When an account is disabled by this feature the MDaemon Postmaster is notified by email about the event. If the admin determines that the user was legitimately sending a larger amount of email they can reply to the email that notified them about the event and MDaemon will automatically re-enable the account. Otherwise the account stays disabled until manually re-enabled.
Configuring Account Hijack Detection
MDaemon’s Account Hijack Detection feature is found by clicking…
Security -> Security Settings -> Screening -> Dynamic Screen
The values shown in the screen shot below are the default values and an account can send 500 emails in a 30 minute time period before MDaemon will disable the account. You may be questioning at this point what user could send 500 emails in 30 minutes. As an example, if you create a single email with 10 addresses in the To: field then this counts as 10 emails. With the use of distribution lists a user can send quite a few emails in a short period of time. There is a handy white list button here to enter your local email addresses in for accounts that regularly send large amounts of email.