1091

MDaemon 15.5.x - Enable Hijack Detection to prevent hijacked (compromised) MDaemon accounts

Hijack detection enables an MDaemon administrator the ability to configure a set number of messages allowed to be submitted by any one account in a defined number of minutes.  Authenticated sessions are not exempt from this feature.  If an account crosses this threshold the postmaster is notified via email and the option can even be configured to freeze the account.  A frozen account can still receive mail.  However, the account cannot send mail.  This feature is useful to prevent compromised accounts for submitting scores of spam and having domains added to internet black lists or report poor sending reputations.

  1. Select Security
  2. Select Security Settings
  3. Expand Screening
  4. Select Hijack Detection

    • Hijack detection will be triggered when the number of messages (X) exceeds the specified amount of time (Y).
      1. Check Limit messages sent from reserved IPs to limit message sent from reserved IPs to X messages in Y minutes.
      2. Check Limit messages sent from local IPs to limit message sent from local IPs to X messages in Y minutes.
      3. Check Limit messages sent from all other IPs to limit message sent from all other IPs to X messages in Y minutes.
      4. Check Freeze accounts when limit is reached to freeze MDaemon accounts when X messages meets/exceeds Y minutes.
        - Freezing accounts will allow incoming mail to be delivered and restrict outgoing mail

  5. Click White List if you would like to open the Hijack Detection white list to add entries (wild-cards are OK).


  6. Select Save when finished adding/removing addresses to the White list.


  7. Click OK

 

**NOTE - Mailing lists are included in this feature.  If you have mailings lists with more than X memebers, add them to the white list or consider increasing X number of messages.