Microsoft has announced that in the last few days, four separate vulnerabilities in the Exchange Server platform have been identified.
Unfortunately, it would seem these have already been used by hackers to steal the mailbox content of many thousands of Exchange Server installations.
The detail on these vulnerabilities indicates that only the on-premise versions of Exchange Server are affected, so users of Cloud based Microsoft 365 products can breathe a sigh of relief. However, as on-premise Exchange Server is still a widely used platform the impact is considerable.
One of the most overlooked areas of email security is your own domain reputation. Unlike most email security solutions, Reputation is focused on you as the sender's ability to send email to recipients and to stop spammers from spoofing you and claiming to send email as your domain.
Microsoft have announced that Basic Authentication is being deprecated and that they will start turning this authentication type off on 365 tenants beginning October 2022.
MailStore version 13 onwards makes it possible for Microsoft 365 customers to tighten up their security by utilising Microsoft's Modern Authentication integration.
This article aims to explain what changes have been made in MailStore to support Modern Authentication and what the process is to convert a MailStore installation over from using Basic Authentication to Modern Authentication.
So what changes need to be made in MailStore?
All the steps for configuring MailStore to archive an Office 365 Platform using Modern Authentication all covered in this MailStore 'Implementation guide'
However if you are converting an existing MailStore installation over from Basic Authentication to Modern Authentication, these are the main steps we would advise: (please check each step carefully)
Stop or delete all existing jobs from running by converting them to 'Manual' mode. An existing "journaling" job doesn't need to be removed.
Remove all existing basic authenticated users from MailStore with the exception of the default admin account (If you have any existing custom permissions for users to access other archives, you may want to make a note of these before you remove them and recreate them once the new users have been re-synced).
Synchronise your users again using the new Directory Services method 'Microsoft 365 (Modern Authentication)' - the details are in this guide. or you can follow this video
Once your users are synchronising correctly try logging in as one of the users using the MailStore Web Interface - this will check the verification is working correctly.
Create new archive jobs using the Email-Servers > Microsoft 365 Type to mirror any existing jobs you have set up using Basic Authentication. See this video for an overview
If the username format differs from the old username format, you may find you now have duplicate archives. To resolve this, rename the old archive so it has the username of the new archive. This action will cause MailStore to merge both the old archive and the new archive into a single new username archive.
The remainder of this guide explains how Basic Authentication differs to Modern authentication, to help you understand the mechanisms involved.
One of the more recent and often somewhat overlooked security features within MDaemon is Location Screening. This can be viewed as an IP level firewall but one that is blocking IPs based on their country of origin.
If you are new to SecurityGateway or indeed have been using it for years, there is always something new to learn about the software. With the fantastic help from Brad Wyro over at MDaemon there is now a selection of tutorial videos you can sit back and watch in your lunch break to get up to speed on the product.