Using MultiPOP to pull all mail, including spam, from Gmail to MDaemon

With Gmail recently dropping support for ActiveSync, I’m seeing more and more people wanting to centralize all of their mail in local MDaemon installation.

This sometimes includes a situation where you want to pull mail from your old external mailboxes into MDaemon. When pulling mail from Gmail, for example, you’ll find that MDaemon’s MultiPOP feature grabs the Inbox, but what about mail that ends up in Gmail’s spam folder?

As it turns out, it’s possible to disable Gmail’s spam filtering using a custom Gmail filter, and then rely on MDaemon’s excellent spam filtering instead.

  1. Login to the Gmail account
  2. Click on Settings
  3. Click on Forwarding and POP/IMAP
  4. Select one of the two Enable POP options
  5. Click Save Changes
  6. Click on Filters
  7. Create a new filter
  8. In the “Has the words” filter field, type “deliveredto:[email protected]” where [email protected] is the name of your Gmail box.
  9. Click the grey Create filter with this search >> link
  10. Enable Never send it to Spam
  11. Click Create filter

This will not apply to any messages already marked as spam (even if you use the “Also apply filter to…”, it will not move messages out of the Spam or Trash folder), so you will need to manually move any messages now in the Spam folder into the Inbox for MDaemon to see them.

 

Gmail difficulties pulling mail from MDaemon

If you have a mixed MDaemon+Gmail environment where Gmail retrieves mail from MDaemon via POP3 (a reverse Multi-POP), at some point in the past 24 hours you may have noticed Gmail stopped accessing mail.

It appears that Gmail has changed how their Always use a secure connection (SSL) when retrieving mail feature works, and they now require a certificate signed by an authority that they trust, they no longer accept self-signed certificates.

This is a good and bad, self-signed certificates offer little or no security against man-in-the-middle attacks, and so can lead to a false sense of security, however, it’s annoying that this breaks your working configuration.

Between this and the recent announcement that Gmail will be dropping ActiveSync support for new accounts, it might be a good time to consolidate all of your users on a locally hosted and managed MDaemon server rather than relying on the moving support target of cloud hosting.

If you don’t already have a valid certificate, I previously wrote an article on where you can get Cheap SSL Certificates (I have no affiliation, and I receive no compensation for this referral. I also have not verified that their certificates pass Gmail’s tests at this time or in the future).

MDaemon Critical vulnerability (versions 11, 12 and 13)

Alt-N posted a fix to a recently discovered vulnerability, MDaemon Security Bulletin – MD102412, listing MDaemon versions 11, 12, and 13 as being affected by a flaw that was discovered during internal testing.

If you run one of the affected versions, please visit http://www.altn.com/Support/SecurityUpdate/ to find an updated build and install the update immediately. Builds are available for customers running older versions even if your upgrade protection has already expired, so there is no reason to not deploy this release immediately.

Per Alt-N’s FAQ on MD102412, MDaemon versions prior to MDaemon 11.0.0 are not affected by this issue.