MDaemon 15.5.x - Protecting MDaemon from relaying mail using the IP Shield
The steps below will configure MDaemon verify the domain name give in the incoming SMTP MAIL command originates from the designated IP address entered in the IP Shield settings.
- Select Security
- Select Security Settings
- Expand Sender Authentication
- Select IP Shield
- Click Enable IP Shield
- Select Don't apply IP Shield to messages sent to valid local users
- In the Domain field, enter the domain name that you wish to associate with an IP address or range.
- In the IP field, enter the IP address or range that associates with the above domain name.
- Click Add
- Click OK
As an example, the default configuration uses the $LOCALDOMAIN$ macro, which designates all the defined domains configured in MDaemon, and the private IP address range in the a local network. An incoming session stating the $LOCALDOMAIN$ in the SMTP MAIL statement must originate from the IP address range in the local network to pass through the IP Shield.
Another example, without using macros or IP address ranges. Example.com is entered in the domain name field and 192.0.2.124 is entered in the IP field. If an incoming SMTP session states the sending address is firstname.lastname@example.org and the connecting IP address is 192.0.2.0, then MDaemon will reject the SMTP session.
The IP Shield also has a number of options that can be configured.
- Select Don't apply IP Shield to messages sent to valid local users to have MDaemon bypass the IP Shield when messages are sent to valid local users.
- Select Don't apply IP Shield to authenticated sessions to have users that authenticate with the mail server exempt from the IP Shield.
- Select Don't apply IP Shield to Trusted IPs to have IP addresses listed in the Trusted IPs exempt from the IP Shield.
- Select IP Shield honors aliases to have the IP Shield translate an address alias in to the true account when checking domain/IP shields.
- Select Check FROM header address against IP Shield to have the IP Shield evaluate the FROM header of the message itself, in additional to the SMTP MAIL command.
- Please be advised - Using this option can cause problems with certain types of messages, such as those coming from mailing lists.