If you happen to be using an external mail filtering service or appliance, one of the critical setup steps is to ensure that MDaemon is configured to not accept messages that attempt to bypass your mail filtering service as spammers look ways to bypass filtering gateways.
There are multiple ways to accomplish this in MDaemon, but one of the easiest ones is often overlooked: IP Shield. IP Shield is a very simple feature, it provides an administrator a simple way to tell MDaemon to only accept mail from a particular domain if it matches one of the listed IP addresses. Once upon a time, this was used to prevent spammers and others from forging one’s own domain, but there are better ways to accomplish this in MDaemon now, so today, we’ll use IP Shielding in another way: By using wildcards. With a wildcarded sender domain, you can use IP Shield to ensure that MDaemon will only accept mail if it’s from a pre-defined IP address or uses authentication.
- Open the Security menu
- Click on Security Settings
- Under Sender Authentication, open the IP Shield dialog
- Uncheck Do not apply IP Shield to messages sent to valid local users
- Check Do not apply IP Shield to authenticated sessions
- Check Do not apply IP Shield to Trusted IPs
- Check IP Shield honours aliases
- Uncheck Check FROM header against IP Shield
- In the Domain field, enter *
- In the IP field, the IP address of your mail filtering gateway
- Click Add
- Repeat these steps to add any other IPs that should be allowed to send mail without authentication.
Note that you can use wildcards and CIDR notation for IP addresses here.
Since users should be configured to use authentication, this will not impact normal user traffic, but it will block any unauthenticated attempt to send mail unless the IP matches one of the entries.