19
Jan
Updated MDaemon SSL Certificate Support
You may have picked up in the IT press recently that we're starting to see an industry-wide movement to a new, and importantly more secure, standard of SSL certificate.
Alt-N Technologies, developer of the Exchange alternative MDaemon Messaging Server have just announced they too are following this trend and stating they'll be replacing all end-point and intermediate server certificates with those based on the new SHA-2 algorithm.
Important note: Alt-N will be moving to SHA-2 SSL certificates on January 20, 2015.
We recently needed to migrate our own internal MDaemon and SecurityGateway server to a new location. Luckily we often do this for customers and we have guides specifically written to help with this process.
This year in particular, I've seen an increasing number of users' email account credentials become compromised, which has allowed spammers free reign to use their mail server to send spam out to the Internet.
The usual result is an overflowing outbound mail queue, thousands of bounce messages coming in and your server's IP address being blacklisted.
The first thing to note is that if your company has an email server, you should assume that spammers will always be trying to hijack users' accounts by guessing their passwords.
In this post I will run through a few simple pro-active settings checks that can reduce the chances of this happening and - in the unfortunate event that it does happen - can limit the resulting negative effects.
Over the last 24 hours we have seen a few instances where valid email from Outlook.com servers has been rejected by our customers MDaemon and SecurityGateway servers due to SPF record checks.
The emails getting rejected do appear to be valid messages but have been arriving from an IP address not included in the sending servers SPF records. The common factor here is that all the sending domains are using outlook.com services.
If you're using Office 365, or one of the many hosted Exchange variants available today, you may be aware that MailStore has long been able to give you a complete and automatically synchronised off-site copy of your mail.
I've always been happy recommending it as a solution, 
If you've recently made the move to MailStore version 9, it's entirely possible you'll be sat there wondering why on earth all of those archiving jobs you had set up can't be modified any more.
Today's nugget of MDaemon wisdom comes from conversations I've had with a small number of customers reporting they're unable to send outbound email to specific recipients.
Upon closer inspection of the error in the SMTP (OUT) log, there's a message reading "SSL negotiation failed".
Configuring any Web service to work over HTTP using SSL is a good idea.
We certainly recommend it for BackupAssist's Multi-site Manager (BAMM) and in this post I'll show you how to create an SSL certificate you can then bind this kind of service to.
A new SSL vulnerability is doing the rounds this morning, known as POODLE, or Padding Oracle On Downgraded Legacy Encryption.
POODLE is a newly disclosed vulnerability in the legacy SSL 3.0 protocol that could be exposing users of newer Transport Layer Security (TLS) encryption protocols to risk.
If exploited, the POODLE flaw could potentially enable an attacker to access and read encrypted communications.
Just like a lot of our customers we use multiple ADSL broadband lines for our Internet access in the office and occasionally we have seen a line issue that effects our Draytek Vigor router and the only fix we have found is a quick controlled reboot.