Back to Community Threads
Ways to secure your Smartermail Server
Problem reported by rick - Today at 7:13 PM
Submitted
1) Make sure you're running latest version
2) Change your admin login name to something obscure, like J1MMY-JON, not admin or administrator
3) Restrict Admin login to specific IP#
4) Put Web Portal behind Cloudflare. ChatGPT is excellent at guiding you through this. This adds all sort of protections against attack. Only thing that users are noticing is the occasional Cloudflare "Verifying you are human" pop up. Force all incoming traffic through Cloudflare, deny anything trying to bypass.
5) Let Windows Defender scan C:\Program Files (x86)\SmarterTools\SmarterMail\Service\App_Data\upload.
6) Install Huntress. This fired off alarms and isolated our server as soon as it saw backdoor files appear in the folder mentioned in #5. Was running patched version of SM, but Huntress still did its job.
7) Highly recommend running Threatlocker to secure/limit Smartermail.exe. You can prevent it from running Powershell, cmd.exe, cscript, mshta.exe, rundll, etc. Threatlocker also prevents anything from running unless you've specifically permitted it in advance... so nothing can run. Very strong protection.
8) Cloudflare Access can let you lock down Admin, API, etc paths behind 2FA if you want to go overboard.

Anyone else have any good ideas - please chime in!
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
SmarterMail Servers and TLS SupportSmarterMail > Installation and Configuration