Modern MDaemon versions offer several features that can mitigate the risk of compromised passwords:

The password can be changed by an administrator directly via the MDaemon interface. Alternatively, a locked-out user can change their password via Webmail or the remote administration interface if they have the appropriate web access permissions enabled.

If you are locked out of an existing MDaemon installation, it means the password was set by the person who installed the software or modified later by an authorized user. There is no secret back-door master password built into the software. How Administrative Accounts Are Created

Step-by-Step: How to Change and Secure Your MDaemon Admin Password

SecurityGateway (MDaemon Technologies product)