Contact Us    Webinars   
Blog

MDaemon Messaging Server Forensics

MailXaminer | December 22nd, 2014 | Forensics

MDaemon Messaging Server, pertinent messaging based email server software, meant for Windows Operating System can be considered as the most sufficed alternative to Microsoft Exchange. MDaemon Email Server is a groupware server developed by Alt-N Technologies, located in Grapevine. Being one of the finest alternatives to Microsoft Exchange Server, MDaemon is now frequently used in most of the growing organizations as a messaging platform. This software application is not untouched in the email scam cases, and a number of cases often come up with the issue of cybercrimes with respect to MDaemon email messages.

mdaemon-messaging-server
 

MDaemon Messaging Server – Forensic Analysis

mdaemon-configuration-session

 

Creation of User Account – For effective and complete usage of the MDaemon Email Server, the user is required to create a user account. After a valid creation of complete user account, the user mailbox gets created where all the mails get stored.

account-details

 

Applying Filter Rule – Investigators may also seem to be taking keen interest in understanding the filter rules created by the users. The content filter rule in MDaemon allows the users to place a copy of all messages in the MailStore account.

enable-settings

 

Set Up of Default Domain Name & Servers –

The default Domain Name and Servers can be set by moving to the following location: –

Setup à Default Domain/Servers à Public and Shared Folders à Public and Shared Folders à Folder Listings and ACLs

default-domain-servers

 

MDaemon Messaging Server – Email Security

MDaemon Server provides one of the most versatile and robust security mechanisms. The layered security approach provided by the platform does not easily let the cyber stalkers create email – borne threats such as spam, viruses, malware and phishing.

Some of the security mechanisms deployed by the tool include: –

  • Spam filter: – The spam filter provides A class securities by making use of greylist processing technology for identifying spam signatures.
  • SSL and TLS: – The Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocols have implemented by MDaemon.
  • SMTP Authentication: – The SMTP authentication mechanism makes the network chaining more secure by connecting the criteria of providing the user credentials at the time of sending of emails.
  • Bayesian Learning: – Bayesian Learning mechanism plays a vital role in spam filtering. The working of the Bayesian algorithms is experienced based. Using the Bayesian approach, MDaemon classifies the users as trusted or compromised.
  • Content Filter: – A multi – threaded Content Filtering System allows the users to manage the behavior of the server towards the incoming and outgoing email messages.

 

Get a glimpse of the user emails: –

The default location where MDaemon store users’ emails is: –

c:/MDaemon/Users/mdaemon.local/

file-location

 

At the default location, the Forensicators can easily view that default file in which the MDaemon Email Server email data gets stored is “.msg”. This MSG file can be read using tools such as MailXaminer – an email forensics, eDiscovery tool. Using this tool investigator can view and analyze the email in multiple view options such as Hex view, MIMIE view, RTF view, so on and also export the evidence into multiple output formats like PST, MSG, PDF, TIFF, etc.