Phishing targeting domain registrants

We’ve recently become aware of a phishing scheme targeting customers of various registrars. Since this is targeting administrators directly, I felt it was worth of a mention even though it’s not MDaemon specific. This is a little difference from most phishing as it’s targeted to domain owners, and specifically mentions their domain registrar by name.

An example message sent to one of my own addresses is below, noting that I am using “TUCOWS, INC.” as my registrar for the domain in question.

Dear Dave Warren,

The Domain Name HIREAHIT.COM have been suspended for violation of the TUCOWS, INC. Abuse Policy.

Multiple warnings were sent by TUCOWS, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,

TUCOWS, INC.

Spam and Abuse Department

As with all phishes, you should simply ignore and delete it without any further action (or report it to the sending network, if you have the time and energy to hunt it down)

Adding aliases to iOS

iOS has long supported email aliases for IMAP accounts, but in the most roundabout a difficult way possible, by copy-and-pasting comma separated lists into the account editor. If you still support older iOS devices, take a look at How to set up mail aliases on iPhone, iPad

Modern iOS releases make this much easier.

  • Add a normal IMAP account
  • Open the Settings app
  • Open Mail, Contacts, Calendars
  • Edit the account
  • Touch the Account line
  • Touch the Email line
  • Touch Add Another Email…

While it’s not something that made the Keynote at WWDC, it probably should have given how incredibly useful aliases are to email geeks. Unfortunately aliases are not permitted on the Exchange/ActiveSync protocol, and the iPhone still lacks IMAP IDLE support, so you’re left with a choice: Do you want mail pushed to your iOS device, or do you want to send from multiple aliases?

Port numbers

Assuming a default configuration, the following inbound ports are required (depending on which services you want to make publicly available). All ports are TCP, unless otherwise mentioned.

MDaemon
25, Inbound and Outbound – ESMTP
53, Outbound – DNS (note that return packets are required)
110, Inbound and Outbound – POP3 and MultiPOP
143, Inbound – IMAP4
366, Inbound and Outbound – ODMR (ATRN, alternate ESMTP port)
465, Inbound – SSL SMTP
587, Inbound – ESMTP MSA (Mail Submission Agent — Have your mail cilents deliver here rather then 25 to avoid ISP firewalls
993, Inbound – SSL IMAP4
995, Inbound and Outbound – SSL POP3
4069 UDP, Inbound and Outbound – Minger

Even if you intend on enforcing encrypted connections, the unencrypted ports should be left active as the STARTTLS command starts a connection unencrypted and later adds encryption.

WorldClient, SyncML, ActiveSync, WebDAV, and possibly more
3000, Inbound – HTTP
80, Inbound – HTTP
443, Inbound – HTTPS

If nothing else on your server listens on port 80 and 443, it is highly recommended to assign these ports to WorldClient. It is required for ActiveSync’s AutoDiscovery, and for some older ActiveSync clients to connect.

WebAdmin
1000, Inbound – WebAdmin’s webserver

BES
3101, Outbound – BES services

SpamAssassin
80, Outbound – SA-Update

SecurityPlus/Outbreak Protection
21, Outbound – FTP for virus definitions updates
80, Outbound – HTTP for virus definitions updates and Outbreak Protection

If you are using a software firewall, you should ensure that the following processes have unrestricted inbound and outbound access: MDaemon.exe, WorldClient.exe, WebAdmin.exe, MDSpamD.exe, AVUpdate.exe

Finally, note that various parts of MDaemon interact using sockets to localhost IP addresses, so if you use a software firewall, you should not block any traffic to/from 127.0.0.1. This includes SpamAssassin, WorldClient, BES and other features.