MDaemon 14.5.x - Enable Hijack Detection to prevent hijacked (compromised) MDaemon accounts

Hijack detection enables an MDaemon adminstrator the ability to configure a set number of messages allowed to be submitted by any one account in a defined number of minutes.  Authenticated sessions are not exempt from this feature.  If an account crosses this threshold the postmaster is notified via email and the option can even be configured to freeze the account.  A frozen account can still receive mail.  However, the account cannot send mail.  This feature is useful to prevent compromised accounts for submitting scores of spam and having domains added to internet black lists or report poor sending reputations.

  1. Select Security
  2. Select Security Settings

  3. Expand the Screening tree.
  4. Select Hijack Detection
  5. Check Accounts may send no more than X msgs in Y minutes.
    • X = maximum allowed messages
    • Y = number of minutes each account can submit X messages
  6. Check Freeze accounts when limit is reached to freeze these accounts.
  7. Select White list to configure accounts that are to be exempt from this feature.

  8. Select Save when finished adding/removing addresses to the White list.

  9. Click Ok

Additional Comments

**NOTE - Mailing lists are included in this feature.  If you have mailings lists with more than X memebers, add them to the white list or consider increasing X number of messages.