English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
By Hijack detection using content filtering.
-
Is there any way to bypass the hijack detection using content filtering? Ie if given a certain email subject or email header, bypass detection?
We don't want to add the entire account to bypass the detection, just in certain system emails?
-
Arron Staff
You cannot use the content filter to bypass hijack detection.
Are the certain system emails you are wanting to bypass all coming from the same IP address? Is it a reserved IP address? If it is, you can adjust the hijack detection limits based on the IP address.
-
@Arron Hi, thank you for your response. No, they are not all from the same IP address. Is there any other potential solution to bypass the hijack detection that, but just for some emails rather than the entire account?
-
Arron Staff
Not that I can think of.
-
Okay, is it possible this could be added as a feature in the future?
-
Arron Staff
I can add it to the wishlist, to be considered for future versions, but I'd like to better understand the use case. Can you explain in details the situation so we can better understand the issue?
Is a service sending out email notifications through your MDaemon server? If it is, can the service send the notifications directly instead of through your server?
Can the service be configured to send to your server from a specific IP address so that you could just exclude the IP address?
HiJack detection is only considered when the account successfully authenticates with the server.
Would changing the email address the notifications are from to be a dedicated email address and only exlcuding that email address from hijack detection help?
Could you change the password for the account to be more secure so it is less likely to be used maliciously?
Using a dedicated address with a 50 character password that is not used in any other places would help to limit the exposure and make it less likely that the account would become compromised.
If you don't want to change the from address, can you use app passwords to increase the security of the password?
-
Thanks for your reply and sorry I've been on holiday.
Essentially we want to be able to change the From Address, in the HiJack detection whitelist are we adding the actual sending account or the from address of the email account (if we are using an alias to send from?
-
Arron Staff
When adding an account to the exempt list, you need to add the email address of the actual MDaemon account that the sending client is authenticating as.
If the sending client is authenticating using an alias, you still need to add the email address of the account the alias resolves to, in order to exempt the messages from HiJack Detection.
-
That's interesting because the main account was added, but the account still got frozen. I had thought that might be because the alias is not.
-
Arron Staff
Please upload a copy of your inbound SMTP log that shows the messages being received, including the message that caused the account to be frozen, along with a copy of the HiJackWhiteList.dat file from the MDaemon\app directory. You can upload the files to https://mdaemon.sharefile.com/r-rc3922c1eed334d4dbf5e34f0bd04ccd6
-
I think it may be because of this. I believe we tried to send to this bad email 5 times. Assuming if the email is on the hijack detection that won't effect this setting
REMOTE message: pd3501004542747.msg
Sun 2024-09-01 06:46:35.483: * Session 73008613; child 0020
Sun 2024-09-01 06:46:35.483: * From: BeauDesert.ProShop@foremostgolf.com
Sun 2024-09-01 06:46:35.483: * To: craig@whitecube.biz
Sun 2024-09-01 06:46:35.483: * Subject: Your new account Balance
Sun 2024-09-01 06:46:35.483: * Message-ID: <MDAEMON-F202409010645.AA4527703md5001000325948@mail.foremostgolf.com>
Sun 2024-09-01 06:46:35.483: * Size: 444600; <c:\mdaemon\queues\remote\pd3501004542747.msg>
Sun 2024-09-01 06:46:35.511: Resolving MX record for whitecube.biz (DNS Server: 192.168.1.131)...
Sun 2024-09-01 06:46:35.528: * DNS server reports no valid records for the requested type found
Sun 2024-09-01 06:46:35.548: Resolving MX record for whitecube.biz (DNS Server: 31.221.37.101)...
Sun 2024-09-01 06:46:54.820: * DNS: 20 second wait for DNS response exceeded (DNS Server: 31.221.37.101)
Sun 2024-09-01 06:46:54.820: Resolving MX record for whitecube.biz (DNS Server: 8.8.8.8)...
Sun 2024-09-01 06:46:54.838: * DNS server reports no valid records for the requested type found
Sun 2024-09-01 06:46:54.838: Attempting SMTP connection to whitecube.biz
Sun 2024-09-01 06:46:54.839: Resolving A record for whitecube.biz (DNS Server: 192.168.1.131)...
Sun 2024-09-01 06:46:54.840: * D=whitecube.biz TTL=(8) A=[76.223.67.189]
Sun 2024-09-01 06:46:54.840: * D=whitecube.biz TTL=(8) A=[13.248.213.45]
Sun 2024-09-01 06:46:54.840: Randomly picked 13.248.213.45 from list of possible hosts
Sun 2024-09-01 06:46:54.840: Attempting SMTP connection to 13.248.213.45:25
Sun 2024-09-01 06:46:54.840: * 13.248.213.45 in connection failure cache for up to 5 minutes due to previous connection failure(s)
Sun 2024-09-01 06:46:54.840: Attempting SMTP connection to 76.223.67.189:25
Sun 2024-09-01 06:46:54.840: * 76.223.67.189 in connection failure cache for up to 5 minutes due to previous connection failure(s)
Sun 2024-09-01 06:46:54.841: * This message is 1 minutes old; it has 29 minutes left in this queue
Sun 2024-09-01 06:46:54.841: SMTP session terminated (Bytes in/out: 0/0)
