English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Postmaster Action Needed Message
-
Hello,
One of my users got this message.
The link is in https://tinyurl.com/#######eta=user@domain.com
Is this a legitimate way for Mdaemon to send messages?
-
That is not a message from MDaemon.
-
Next concern is that the sender is
From: Postmaster <postmaster@ourdomain.com>
-
Do you have SPF, DKIM, and DMARC configured and have MDaemon setup to use them?
All three are important because the protection of the FROM header comes from DMARC and it depends on SPF and DKIM.
If you have DMARC setup but your policy is p=none, you should change it to at least p=quarantine if you can.
SPF, DKIM, and DMARC are a more complicated setup, but it is the preferred method because it protects the FROM header for all domains that have a DMARC policy conifgured in DNS.
If you are not sure if you have them configured, send a message to domain-test@mdaemon.com. You should receive a message back that tells you what is not enabled.
Another option is to enable and configure IP Shielding making sure to check the box for "Check FROM header against IP Shield" found at Security | Sender Authentication | IP Shield. As long as your users are authenticating when sending mail and the box for "Do not apply IP Shield to authenticated sessions" is checked all you should need to do is enable IP Shielding. If your users are not authenticating then you need to either have them all authenticate or make sure every IP address they connect from is listed in the DOMAIN/IP Pairs on the IP Shield configuration dialog.
