Beruflich Dokumente
Kultur Dokumente
ImprovedIPShieldFeature
WhatisIPShield?
IPShieldisasecurityfeatureinMDaemonthatprotectslocalaccountsbypreventingmalicioususers
fromspoofing,orpretending,tobealocaluseronyourMDaemonserver.IPShieldworksbypairingan
IPaddress/IPrangewithyourlocaldomain.Ifasendinguserclaimstobeauserofadomainentered
intoIPShieldthentheusermustbesendingtheirmessagefromthesuppliedIPaddress/IPrange.Below
isanexampleofanIPShieldentry.
Yourdomain.com192.168.0.*
*****Besuretoreadtheimportantnotesattheendofthisarticle.
Whatdoestheaboveexamplemean?
IfasendinguserisclaimingtobeauseroftheYourdomain.comdomainthentheymustbesendingtheir
messagefromthe192.168.0.*IPrange.
WhatiftheuserisnotcomingfromtheIPaddress/IPrangespecifiedandtheyare
avaliduser?
EnablingSMTPauthenticationintheusersemailclientwillbypasstheIPShieldsecuritycheck.By
defaultanyauthenticatedSMTPsessionswillnothaveIPShieldappliedtothem.
IPShieldStandardBehaviour
IPShieldisappliedtothedomainnamegivenintheMAILFROMcommandduringtheSMTPsession.
BelowisanexampleofarejectionthatfailedtomeettherequirementsofIPShield.
Tue
Tue
Tue
Tue
Tue
Tue
Tue
Tue
Tue
Tue
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
14:17:12:
14:17:12:
14:17:14:
14:17:14:
14:17:14:
14:17:14:
14:17:14:
14:17:14:
14:17:14:
14:17:24:
Tue
Tue
Tue
Tue
Tue
2012-06-26
2012-06-26
2012-06-26
2012-06-26
2012-06-26
14:17:24:
14:17:26:
14:17:26:
14:17:26:
14:17:26:
Aswecansee,thedomainnameusedintheMAILFROMcommandwasYourdomain.comsoMDaemon
expectsthesessiontobecomingfromthe192.168.0.*IPrange.Sincethesessiondidnotcomefrom
thisIPrangetheconnectionisrejectedwitha530Authenticationrequired...error.Thewordingofthe
errorwillhopefullyletavaliduserknowtoenableauthenticationintheiremailclienttobeabletosend
theirmessagetoMDaemon.
IfyouhaveeverreceivedaspammessagethatappearedtobeFromandToyourselfthenyoumaybe
wonderinghowthemessagewasacceptedbyMDaemonevenifyouwereusingIPShield.Most
spammersaresmartenoughtoknownottousealocaladdressintheMAILFROMcommandbecause
mostemailserversrequiresomeformofverificationinorderfortheemailservertoaccepttheiremail
(i.e.requireSMTPauthentication).SothespammerwillgiveanexternaladdressintheMAILFROM
command,whichMDaemoncannotapplyIPShieldto.
ItsaftertheDATAcommandisgivenduringtheSMTPsessioniswhentheactualmessageisbeing
transferredtotheserver.ThisiswheretheFrom,To,Subject,Dateheaders(andothers)alongwiththe
bodyofthemessageareformed.HerethespammercanmakethemessageappeartobeFromandTo
thelocaluser.
Belowisascreenshotofatelnetsession.InthissessionImpretendingtobeanexternalsenderwhile
formingboththeFromandToheaderstocontainthelocalusersaddress.
UndertheoldIPShieldbehaviourthisemailisaccepted.Belowiswhatthisemaillookslikewhenviewed
throughWorldClient.
C&CSoftwareSolutionsIncwww.ccsoftware.ca
Page2
ImprovedIPShieldBehaviour
Ifyouarestillwithme,andIhopeyouare,hereshowAltNimprovedtheIPShieldfeature.IPShield
cannowbesettoalsolookattheFromheaderofanemailandapplyIPShieldtothedomainused.IP
ShieldwillstilllookatthedomainnamegivenintheMAILFROMcommandbutnowitcanalsolookat
theFromheader.SincetheFromheaderisformedaftertheDATAcommandisgivenwellseethe
rejectionneartheendofthesession.
BelowisascreenshotofatelnetsessionwhereMDaemonsIPShieldfeatureissettochecktheFrom
header.
WecanseethatMDaemonrejectedthisspoofedemailandtheerrorisabitdifferentwhichindicatesto
theadminwhytheemailwasrejected.
C&CSoftwareSolutionsIncwww.ccsoftware.ca
Page3
***ImportantNotes***
InordertobenefitfromtheIPShieldfeature,MDaemonmustbeacceptingemailfromexternalsources
directly.ThismeansthattheMXrecordforyourdomainwillpointdirectlytoMDaemon.MDaemonhas
tobeabletoseetheconnectingIPaddressoftheSMTPsessionsinordertoapplyitsIPShieldsettings.
AltNTechnologiesimprovedtheIPShieldfeatureinMDaemonv12.5.0.Youmayneedtoupdateyour
MDaemoninstallationinordertotakeadvantageofthisimprovedsecurityfeature.Youcandownload
yourMDaemonupdatefromhere:http://www.ccsoftware.ca/mdaemon/download.cfm.
ToturnontheIPShieldfeature,accesstheMDaemonGUIandclickSecurity|SecuritySettings|IP
Shield.BelowisascreenshotoftheIPShieldoptionsonatypicalsetup.
ThenewoptionthatwillgiveustheimprovedspoofcheckingisCheckFROMheaderaddressagainstIP
Shield.ItisalsogoodtonoteherethatMDaemoncanusethe$LOCALDOMAIN$macro.Thisishandy
forMDaemonserversthathavemultipledomainsconfiguredsothattheadmindoesnthaveto
manuallyaddeverydomain.Theentriesyouseeintheabovescreenshotcanbemadeautomaticallyby
MDaemonbyclickingtheDefaultbuttonontherighthandside.
Feelfreetoaskusanyquestionsbydirectingthemtosupport@ccsoftware.ca.
WerealwayshappytohelpyougetthemostfromyourMDaemonsoftware!
C&CSoftwareSolutionsIncwww.ccsoftware.ca
Page4