----------------------------------------------------------------------------- MDaemon Server v8.X Release Notes ----------------------------------------------------------------------------- MDaemon 9.0 is coming! Superior multi-threaded IMAP, AntiVirus, and AntiSpam performance, Active Directory monitoring, integrated free/busy server, integrated SyncML server, plus so much more. contact sales@altn.com for more information. ----------------------------- MDaemon 8.15 - March 14, 2006 ----------------------------- o fix to possible crash when sending calendar/task reminders o fix to excessive CPU usage by IMAP LIST command (Secunia Advisory SA18921) --------------------------- MDaemon 8.14 - Jan 13, 2006 --------------------------- o fix to memory leak in WorldClient when searching contacts o fix to memory leak in MDList.dll when enumerating mailing list memebers o fix to memory leak in MDUserLDAP.dll when enumerating users o fix to SMTP memory leak related to gateways o fix to IMAP server non-paged pool memory leak when using IDLE o fix to JavaScript error in Lookout theme when using the contact picker to add contacts to contact group o fix to reminders not working properly with recurring events o fix to inconsistant calendar event time between Lookout and Outlook o fix to opening /ghost when console locked o fix to WorldClient not encoding < > in javascript strings o fix to no details are displayed for iCalendar invitation from Outlook o fix to possible crash closing failed SSL SMTP connections o fix to IMAP/POP access settings not staying when creating a new account and using ODBC back end o fix to AUTH requirement not working with gateways o fix to debug message boxes displayed in MDMigrator.exe o fix to MDMigrator not importing messages if the "Top of Information Store" folder name is localized o fix to possible crash in MDMigrator when migrating a MS Exchange server to MDaemon o fix to possible crash when using deluser.sem files that only contain mailbox values rather than full email addresses o fix to deluser.sem not working right when containing only mailbox values o fix to help/pdf file not launching in non-english versions o fix to messages with hidden MIME parts not signing with DK properly o fix to "sign with DomainKeys" action not working o fix to in WorldClient sub-folders of a public or shared folder may be displayed as a mail folder even though they are a different type ---------------------------- MDaemon 8.13 - Sept 13, 2005 ---------------------------- o fix to installer not checking for correct version of WebAdmin o fix to migrator writing out gateways.dat MaxDiskSpace line wrong o fix to incorrect german characters in german version o fix to startup failure on some Windows 2003 servers o fix to crashing and not saving account settings when using LDAP backend o fix to quotas not converting when using LDAP backend o fix to a couple of small memory leaks in WorldClient o fix to crashing if using ODBC backend o fix to migrator not modifying MaxDiskSpace when using ODBC backend --------------------------- MDaemon 8.12 - Sept 7, 2005 --------------------------- SPECIAL CONSIDERATIONS ---------------------- o Some or all of this file may not yet be localized. CHANGES AND ADDITIONAL NEW FEATURES ----------------------------------- o Improved appearance and usability of the attendees tab when creating an event in WorldClient using the Lookout theme. o Improved usability of the recurrence dialog when creating an event in WorldClient using the Lookout theme. o Added the ability to specify the number of occurrences when creating a recurring event in WorldClient using the Lookout theme. o When spooling all mail to an ISP or upstream host temporary (4xx) errors will not be returned to the message sender. These messages will stay in the queue until the temp error is repaired. This change was made in 8.11 but was not documented. o By default, new accounts are able to modify the public address book. You can change this by disabling the checkbox in Alt+F10. o Disk space quota values for both accounts and gateways are now expressed in terms of MB (Megabytes) rather than KB (Kilobytes). All your existing quota settings were preserved and converted to the new scale during the installation process. You do not need to adjust any existing quota settings. By scaling quotas to MB, you can now set quotas much higher than before. The minimum quota possible now is 1 MB. The maximum is 999,999 MB. Be aware that this convertion is not backward compatible. If you need to downgrade you will need to restore from a backup rather than simply installing an older version on top of this one. The $CURRENTDISKSPACE$ macro returns a value in kilobytes now (not bytes). The MaxDiskSpace field in an imported CSV file is expected to be given in kilobytes now. Similarly, the exported MaxDiskSpace data is in kilobytes. o There are now separate controls for enabling POP and IMAP access for each account. The account editor GUI has changed to accomodate this. o The API was changed in several important ways. See MD-API.HTML in the \docs\API folder for details on the 8.12 changes. o If MDaemon encounters a message header which does not comply with RFC regulations it will preface the header with 'X-MD-Bad-Header:'. The existance of bad headers in a message causes SpamAssassin to insert its status headers in the wrong place thereby sending the message to the bad message queue. o WorldClient now translates the folder names "Calendar", "Tasks", and "Contacts" into the user's language. The names of other users' shared folders and the domain's public folders are also translated. o Two new URIBL sources were added to 80_MDaemon_scores.cf. To enable, edit this file and remove the leading comment characters (#). These sources are experimental but effective. o Increased the width of the "Allow this many RCPT commands per message (RFC says 100)" edit box in Misc. Options in order to support 6 rather than 5 digits of precision for this field. o The Gateway editor in the GUI was significantly redesigned. Several tabs were consolidated and similar options were grouped more appropriately. All the functionality is still there but lots of text has changed. o Changed "Postmaster address must authenticate" to a more generic "Address requires authentication" since this message is displayed in multiple contexts. o Added switch to Gateway editor to restrict ATRN requests to one session at a time. When this switch is set, subsequent ATRN requests for a gate- way domain will receive an "ATRN already in progress" type of message. o When authenticating as a domain (no local-part) any MAIL value that uses that domain will be considered a match for purposes of the "Authentication credentials must match those of the email sender" switch. FIXES ----- o fix to DomainPOP mail not triggering auto-responders o fix to DomainPOP list mail not always routing to list members properly o fix to blank Reply-To headers in DomainPOP collected mail o fix to empty list mail not routing to public folder o fix to unable to rename folder in WorldClient Standard theme o fix to unable to rename folder in WorldClient Lookout/FireFox 1.0.6 o fix to unable to import certain calendar CSV files into WorldClient o fix to WorldClient pop-up window may not close with MSIE/SSL. o fix to WorldClient LookOut not scrolling filters in Firefox o fix to WorldClient Standard not always remembering the correct folder o fix to WorldClient LookOut 'help' icon disappearing after viewing options o fix to update checker sending update notifications every night o fix to spam-blocker.log file not being updated o fix to no edit check in Gateway 'forward to address' option o fix to greylisting affecting some system and list mail errantly o fix to host screening not working with values enclosed in [ and ] chars o fix to WC LookOut not reloading page when adding Japanese contacts o fix to RAW replyto not including optional text in quotes o fix to pruning settings not saved when creating a new user account o fix to private flag is not set when WC synchronizes events with Outlook o fix to some RAW mail generating errant TO headers o fix to handle leak when launching external processes o fix to CFEngine memory leak ---------------------------- MDaemon 8.11 - July 28, 2005 ---------------------------- o You can now specify several DKIM signing and verifying options using the "DKIM Options" button on the Cryptographic Signing dialog. o fix to missing instructions in dns_readme regarding DKIM policy location o fix to DKIM policy lookup in wrong location - updated to libdkim 1.0.8 o fix to RAW forwarded mail using incorrect Content-Transfer-Encoding hdr o fix to unable to create new contact group o fix to unable to create new contact in specific themes o fix to greylisting controls enabled in standard version (didn't work tho) ---------------------------- MDaemon 8.10 - 26 de julio de 2005 ---------------------------- CONSIDERACIONES ESPECIALES ---------------------- o Las siguientes entradas se añadirán automáticamente a su archivo de la lista blanca del bloqueador de spam (NoTarpit.dat): 127.0.0.* 192.168.*.* 10.*.*.* 172.16.0.0/12 o Los valores predeterminados para las nuevas instalaciones serán de -0.5 para los resultados "pasa" de SPF y DomainKeys. Anteriormente, esta puntuación era de -2.5 pero se pensó que era demasiado generosa. Se recomienda que las instalaciones existentes comprueben y cambien también sus puntuaciones. o Se ha cambiado el formato del archivo de la firma de DomainKeys (DKSign.dat). Si especifica selectores opcionales en este archivo, ahora debe hacerlo de forma ligeramente diferente. Abra DKSign.dat con el bloc de notas y lea el texto en la parte superior del archivo para ver cómo usar "s=" para especificar los valores opcionales del selector y cómo usar el nuevo "d=" para especificar un dominio de firma. NUEVAS FUNCIONES PRINCIPALES ------------------ * INTRODUCCIÓN A DKIM (DomainKeys Identified Mail) (sólo en MDaemon PRO) * DomainKeys Identified Mail (DKIM) es el futuro en firmas cifradas y en la verificación de mensajes de correo electrónico. Identifica claramente al firmante y protege el contenido del mensajes de correo. Alt-N ha estado trabajando directamente en la especificación de DKIM con representantes de Yahoo, Cisco, IBM y Sendmail, entre otros. Recientemente se envió a IETF para una revisión pública y puede obtenerse un borrador en http://www.ietf.org. Puede obtener más información sobre DKIM con un buscador Google o aquí: http://www.altn.com/press/press_release.asp?ReleaseID=137 DKIM le permite firmar criptográficamente los mensajes de correo electrónico usando su única propia "clave". DKIM es un software que recibe su correo firmado, puede verificar sus firmas y aplicar la directiva local de forma apropiada. Las fichas de verificación y firmas de DomainKeys en la interfaz se han cambiado con objeto de generalizar algunos textos y para insertar opciones para crear y verificar firmas DKIM. * PROCESO DE LISTA GRIS (sólo en MDaemon PRO) * Se ha agregado soporte para el proceso de lista gris. Hay disponible una nueva interfaz para configurar en Alt+F1. El Proceso de lista gris es una técnica para luchar contra el spam que se aprovecha del hecho de que los servidores SMTP deben reintentar la entrega de cualquier mensaje que reciba un código de error temporal. El concepto es que llega un mensaje, es rechazado por la lista gris con un error temporal durante un tiempo (p. ej., 30 minutos) y más tarde el servidor de envío de correo lo volverá a intentar. Se cree que sólo los servidores genuinos se preocupan en reintentar la entrega mientras que las herramientas de spam sólo lo intentan una vez y continúan. Es importante darse cuenta que esta técnica retrasa deliberadamente el correo "bueno" y el malo. Pero, el correo "bueno" debe ser entregado por un MTA genuino (no una herramienta de spam) y por ello llegará finalmente, aunque la entrega se retrasará. Puede usar opciones en la nueva pantalla de configuración de la lista gris para limitar el tiempo que el servidor rechazará una conexión pero no puede controlar el tiempo que el servidor de envío de correo espera entre los reintentos. Hay varios problemas tradicionales con el proceso de lista gris, por lo que se han tenido que agregar varios modificadores para mitigar sus efectos negativos. Por ejemplo, un problema ocurre cuando un dominio de envío usa un conjunto de servidores de correo para enviar correo saliente. Como se usa un servidor de correo diferente con cada entrega, parece ser que cada intento es una nueva conexión para el motor de la lista gris. Esto puede multiplicar el tiempo que un mensaje se considere de la lista gris. Para resolver este problema se ha unido SPF con el proceso de lista gris. Si el dominio de envío publica registros SPF, éstos probablemente listarán todos los IP de todo el conjunto de servidores y esto podemos tenerlo en cuenta en el motor del proceso de lista gris. En segundo lugar, se ha añadido una opción para omitir completamente la IP del servidor de envío de correo el cual, mientras disminuye la seguridad del proceso de lista gris, soluciona por completo el problema del conjunto de servidores. Segundo, el proceso de lista gris tradicionalmente conlleva una gran base de datos desde que cada conexión entrante debe seguirse. En MDaemon, se ha minimizado la necesidad de seguir las conexiones reemplazando la función del proceso de lista gris casi al final de la secuencia de procesos. Esto permite que las otras opciones de MDaemon rechacen un mensaje antes de que lleguen a la fase de la lista gris. Como resultado, el tamaño del archivo de datos de la lista gris es relativamente pequeño y la memoria que ahí reside supone un impacto de rendimiento práctico pequeño. En tercer lugar, las opciones de elaboración de lista la blanca están disponibles para minimizar el impacto de la lista gris en el correo "bueno". El proceso de lista gris tiene su propio archivo de lista blanca pero también una opción para usar los archivos de la libreta de direcciones privada de los usuarios como bases de datos de la lista blanca. Así, el correo a un usuario de alguno de esa libreta de direcciones de usuarios puede excluirse de la lista gris. También pueden excluirse los mensajes enviados a las listas de correo. Finalmente, la base de datos de la lista gris se vigila a sí misma eliminando las entradas que permanecen sin usar durante un tiempo. Para más información sobre el proceso de lista gris visite el sitio Web de Evan Harris en http://projects.puremagic.com/greylisting/. CAMBIOS Y NUEVAS FUNCIONES ADICIONALES ----------------------------------- o Ahora el correo local es apto para las firmas cifradas. Esto era necesario para cubrir casos de uso como subdominios, puertas de enlace, correo enviado desde un usuario de dominio local a otro usuario de dominio local, etc. o Se ha agregado un sistema de caché para búsquedas de puertas de enlace LDAP. El sistema está habilitado de forma predeterminada y almacena en caché los resultados durante 15 minutos. Puede deshabilitar el sistema o cambiar el TTL predeterminado modificando MDaemon.ini con el bloc de notas aquí: [LDAP] Búsquedas de caché=No (predeterminado Sí) LDAPTTL=15 Los resultados de la caché están almacenados en LDAPCache.dat y pueden volverse a cargar tras cualquier modificación manual creando LDAPCACHE.SEM en la carpeta APP. Esto aumentará considerablemente la velocidad del procesamiento del correo de la puerta de enlace entrante. o Encabezado Autenticación-Resultados actualizado para el formulario borrador-02. El borrador actual lee que se requieren múltiples encabezados AR al autenticar las características del correo diferente. Así, ahora puede ver hasta tres encabezados AR en lugar de uno. o Las búsquedas dnsBL ahora siempre se harán tras el primer comando RCPT. Esto permite otras comprobaciones para posiblemente rechazar el mensaje con antelación y de esta manera reducir la necesidad del exceso de DNS. o Ahora los archivos de la lista blanca que listen las direcciones IP coincidirán con las subcadenas. Por ejemplo, ya no se requiere configurar "10.0.*.*" para que coincida con "10.0.0.1" o con "10.0.0.10", etc. Poniendo simplemente "10.0" será suficiente (pero el método antiguo aún se admite). Esto es para hacer MD compatible con los archivos de la lista blanca que se pueden conseguir públicamente. Además, se aceptan los comentarios de los datos actuales a la derecha mientras estén delimitados por el carácter#. Por ejemplo: 10.0.0 # subred LAN local o "Sesión SMTP correcta" sólo se registrará si (a) una sesión entrante entrega un mensaje correctamente y MDaemon lo acepta y (b) una sesión saliente entrega correctamente un mensaje y el servidor remoto lo acepta. Con nada más se obtendrá un "Sesión SMTP terminada". o Texto de mensaje de error al escribir un nombre no válido para un dominio secundario. o MDaemon ya no excluye mensajes RAW del procesamiento de filtro de contenidos usando el "cf" como los dos primeros caracteres de la baza del nombre del archivo. Use "pd" para conseguir esto (es coherente con otros códigos de procesamiento en cola). o MDaemon ahora creará tres encabezados X-Búsqueda-Advertencia (uno para cada CORREO erróneo, HELO y búsquedas PTR). Esto permite un filtro de grano más fino. o Encabezado X-MDSPF-Resultado cambiado para ser coherente con X-MDDK-Resultado (p. ej., X-MDSPF-Resultado: (nombre del equipo)). o Modificador agregado a Opciones de Misc. para deshabilitar la inserción de un encabezado Remitente en el correo de la lista. Sin embargo, si ha firmado de forma cifrada los mensajes de la lista con DomainKeys el encabezado Remitente DEBE insertarse de todas formas y este modificador no tendrá efecto. o Cuadro de edición del asunto del mensaje de bienvenida de la lista nueva movido de la ficha Encabezados a la ficha Sistema en la interfaz de Opciones de Misc. o Los encabezados de la firma de DomainKeys de los mensajes de la lista se quitarán a menos que haya configurado MDaemon para que retire los mensajes de la lista. o A veces es práctico pasar la dirección de correo electrónico completa en lugar del buzón solo para Windows al autenticar a los usuarios que estén usando la función "autenticación NT dinámica". para conseguir esto, configure los siguientes modificadores en MDaemon.ini: [Avanzado] Inicio de sesión uPN=Sí (predeterminado No) Además, al usar "\\NT_ANY" puede que sea necesario el campo de la contraseña de la cuenta. o Los archivos de bienvenida predeterminados de la lista de correo se han actualizado. Ahora puede incluir las siguientes macros (estas macros sólo funcionan en los archivos de bienvenida de la lista): $LISTNAME$ - expande el nombre de la lista (p. ej.: md-beta) $LISTEMAIL$ - expande la dirección de correo electrónico de la lista $LISTDOMAIN$ - expande el host de dominio de la lista Para ver una nueva lista predeterminada, crear un nuevo archivo de bienvenida de la lista usando el botón CREAR en la interfaz de usuario del editor de listas. o El código relacionado con la lista se ha limpiado al suscribirse en varios lugares. o Los comandos IMAP que devuelven una lista de carpetas del usuario y el código de WorldClient para generar una lista de carpetas se han optimizado. o Iconos agregados a la página de opciones de la carpeta de WorldClient para mostrar el tipo de carpeta. o Los eventos del calendario importados de la invitación de iCal están marcados como privados. o El campo asunto de las invitaciones de iCal creadas por WorldClient se configurarán en el campo "notas" de los eventos del calendario. o El intervalo predeterminado "comprobar para actualizar" se ha cambiado de 7 a 14 días. o Imagen de la plantilla de creación de cuentas nuevas de WorldClient mejorada. o WorldClient ofrecerá una indicación de la validación de DomainKeys y DKIM en la ventana de visualización de mensajes. PARCHES ----- o parche para corregir el problema de inicio en WS2003 sp1 y XPsp2 para algunos equipos o parche para corregir Autenticación-Resultados no escritos en el correo entrante de la lista o parche para corregir mensaje de usuario desconocido que a veces especifica un usuario desconocido erróneo o parche para corregir el bloqueo asociado con la creación de listas con nombres de lista largos o parche para corregir invitaciones de iCal múltiples que pueden enviarse a una sola reunión o parche para corregir que WorldClient puede que no reconozca que las carpetas compartidas están habilitadas o parche para corregir el programador de reuniones no importado de la solicitud de reuniones de iCal o parche para corregir asistentes de la reunión vacíos si el registro de los asistentes en la solicitud de reuniones de iCal abarca múltiples líneas o parche para corregir que no se puede crear un contacto nuevo al visualizar "Todos los contactos" o parche para corregir que MDaemon enví DATOS sin que ningún destinatario se haya aceptado previamente o parche para corregir que no se reintente la entrega en errores temporales al usar slips del enrutador o parche para corregir que la cuenta inicial no aparece en la libreta de direcciones en las instalaciones nuevas o parche para corregir que la protección de AUTH del administrador de correo no funciona al usar alias externos o parche para corregir el paquete de bienvenida del envío de listas por dos veces a los nuevos miembros o parche para corregir el problema de que las reglas de coincidencia del subdominio DK no se han aplicado correctamente o parche para corregir el problema de que los eventos creados por WorldClient no se muestran bien en Outlook o parche para corregir el problema de que DK usa el remitente del sobre en lugar de del encabezado De para determinar la elegibilidad para firmar o parche para corregir el problema de que a veces falta Volver-Ruta de acceso en las copias locales de las listas de correo encaminadas o parche para corregir el problema de que las listas de correo tardan más de lo necesario en realizar la entrega a los miembros de la lista local o parche para corregir el problema de que los correos electrónicos de notificación generados por CF no siguen las reglas de CF o parche para corregir el problema de que Contenido-Transferir-Codificación no se ha preservado al reenviar a las listas o parche para corregir el problema de la vulnerabilidad del recorrido del directorio en cuarentena del filtro de contenidos o parche para corregir el problema de una posible infracción de acceso en MDaemon.exe o parche para corregir el problema de que el servidor IMAP AUTENTICA y CREA puntos débiles o parche para corregir el error jscript de WorldClient al arrastrar el icono sobre la lista de carpetas o parche para corregir el problema de que WorldClient recargue la bandeja de entrada al eliminar el último mensaje en la página o parche para corregir el problema de múltiples líneas de caché RBL agregadas al encabezado X-RBL-Advertencia o parche para corregir el problema de que el cuadro de diálogo de las carpetas compartidas del editor de cuentas no actualiza AclShLookup.dat para las subcarpetas al renombrar/eliminar las carpetas principales o parche para corregir el problema de que el direccionamiento de spamlearn/hamlearn no local no funciona adecuadamente o parche para corregir el problema de que 4xx rebote el correo al usar la opción de entrega "ruta a ISP" o parche para corregir el problema de que WorldClient no ordena el campo asunto adecuadamente en ningún caso o parche para corregir el problema de que MDUserComAPI no lee ningún elemento en las variables de matriz o parche para corregir el problema de que MDUserComAPI requiere paréntesis en algunas variables (VBScript) ---------------------------- MDaemon 8.03 - June 14, 2005 ---------------------------- SPECIAL CONSIDERATIONS ---------------------- o Some important Spam Filter default settings were changed. Please read the section IMPROVED SPAM FILTER below for details. o The following entries will be automatically added to your SPF whitelist file (SPFXcpt.dat) and DomainKeys verification whitelist file (DKVerifyXcpt.dat): 127.0.0.* 192.168.*.* 10.*.*.* 172.16.0.0/12 o An entry in your SpamAssassin local.cf file was changed. If you had 'dns_available yes' in your local.cf file this line was removed. Removing this line causes SpamAssassin to first check if DNS is available before attempting to use rules which depend upon it. This is a smarter option but does create additional overhead since testing for DNS connectivity may not be necessary for all sites. If you would like to change this setting or disable DNS based rules entirely you can do so via new controls within the Spam Filter GUI. MAJOR NEW FEATURES ------------------ * IMPROVED SPAM FILTER (MDaemon PRO only) * A couple of important default Spam Filter settings have been changed to allow increased Content Filter performance. By default now MDaemon will perform a spam scan on incoming messages during the SMTP session. If the score is over 12.0 the message will not be accepted. You can change this score to whatever value you feel is appropriate via the existing options in Security|Spam Filter or reset the score to the old default of ZERO which completely disables SMTP based scanning. When doing the spam scan during the SMTP session MDaemon can be configured to take the reported results as definitive and will NOT rescan the message again once it's in the queue. By scanning during SMTP sessions and avoiding a second queue-based scan the efficiency of the AntiSpam part of Content Filter can be greatly increased. The spam headers added to messages when processed in this way are the SpamAssassin defaults - any custom headers or changes to SA default headers you may have specified in your local.cf are ignored. If you would like to enable this CPU saving feature check the "Skip queue-based scan on messages processed during SMTP sessions" option within the Spam Filter|Heuristis tab. CHANGES AND ADDITIONAL NEW FEATURES ----------------------------------- o Added support for IMAP4 UIDPLUS (RFC 2359). o Added "change message processing priority" action to the content filter. o Some verbiage was changed on the SMTP Authenication tab. The option to require SMTP AUTH when the postmaster alias is used was extended to also protect the abuse and webmaster addresses. o MDaemon now sets the first and last name fields for public contacts in addition to the full name. It recognizes "FirstName LastName" and "LastName, FirstName" formats. If you want MDaemon to only set the full name, edit MDaemon.ini and set: [Special] SetContactFirstAndLastNames=No (default Yes) o When MDaemon automatically adds contacts to a users address book file it will populate the real name field with the email address rather than leave the real name field blank (this looks better in OL and WC). o A new switch was added to the Automatic IP Screening feature within the Tarpit settings. You can now configure sessions to automatically close after being added to the IP screen. This switch is enabled by default. o MDaemon's DomainKeys signing capability has now been extended to mailing list messages. A new switch in the DomainKeys signing GUI will allow you to have MDaemon sign outgoing list mail. The signing of list mail requires content filter processing on each list message after 'cracking'. This can cause a performance hit on sites with large/popular mailing lists. You do not need to specify your lists in the DKSign.dat file as authorized for DK signing. If you enable this new option MDaemon will assume that it should sign all mail to all your lists. o MDaemon no longer performs MX record lookups on the host that is being signaled to dequeue waiting mail (Setup|Primary Domain|Dequeue). It just doesn't seem to make sense to lookup MX records in this instance. o Slight verbiage change to the gateway ETRN tab to make it clear when MX and A records might be used. o Added some additional DomainKeys logging and removed the long p= and b= values from being logged (this served no purpose really). o Verbiage change to the DNS-BL 'Flag messages from blacklisted sites but go ahead and accept them' option. This checkbox has had a logic reversal and now reads 'Block email from servers which have been blacklisted'. Some appropriate warning text has also been added. The value of the old setting has been preserved. o The DNS-BL option 'Add blacklisted sites to the IP Screen' was removed from the GUI. This option is still available but now requires manual editing of the MDaemon.ini to set it. This option should rarely (if ever) be enabled as it amounts to a PERMANENT caching of negative DNS-BL results - something definitely not recommended. o It is now possible to set zero as the score for white/black list matches within the Spam Filter. o You can now specify a tarpit delay scaling factor from within the tarpit setting GUI. This is a multiplier that grows the base delay over time. So, when a session first gets tarpitted it will experience a (for example) 10 second delay. If the scaling factor is 1.5 the next delay will be 15 seconds, the next 22.5 seconds, and so on. The default scaling factor is 1 which basically means no scaling. o If you are inserting HashCash tokens into outbound mail or signing messages with DomainKeys then autoresponders MUST go through the Content Filter (since it is what does this work). So, take note that your autoresponders will now be subject to Content Filter processing if either of these features are enabled. o Three new options were added to the Spam Filter to allow you to specify whether DNS is available when processing messages. You can specify: Yes - DNS is available and so SURBL/RBL and any other rules which require DNS connectivity will be utilized. No - DNS is not available and so any rule which requires DNS will not be utilized. Test- DNS availability should first be tested and if present it will be used. This is the default setting. o MDaemon will set the RES_NAMESERVERS environment variable for use with SpamAssassin if you configure specific DNS servers within MDaemon's Setup|Primary Domain|DNS tab. If you configure MDaemon to use the DNS servers from Windows itself then the RES_NAMESERVERS environment variable will be removed from the environment settings. In this was we hope to insure that SpamAssassin uses the same DNS servers that MDaemon is using. The environment settings apply only to the MDaemon process and any child process thereof. The are not server-wide and will not effect other processes running on the system. o MDStats now displays kilobytes instead of bytes in the Disk Space column o Calendar invites are no longer sent when editing an existing event/meeting. o Messages which arrive over authenticated sessions are given a slightly higher delivery priority over those which are not. o A new switch was added to the Logging options to disable the WorldClient and HTTP logs. Note, the files will still be created and will have start- up and shutdown timestamps but that's all. o iCalendar invitation are now added to user's default calendar when the message containing the invitation is opened. o Comagent will disable Outlook(MAPI) synchronization if Outlook Connector is enabled and user is an Outlook Connector user. o A new $MACHINENAME$ macro was added which returns the machine name field from Setup|Primary Domain. This macro is now used in the default account information script (ACCTINFO.DAT) for new installations. o The language on the DomainKeys verification tab was changed to make it more clear on how scoring takes place. o Multiple files in the WorldClient themes have been condensed to take up less space for faster loading times. Most files have a master file with a %filename%_master.%ext% naming scheme with the exception of the globals.js and list.js files for LookOut, which are stored in the HTML/LookOut/JavaScript subdirectory. Those looking for similar crunched files can use the javascript crunchinator at www.brainjar.com o The default "charset" that MDaemon uses in auto-generated messages was changed from US-ASCII to iso-8859-1 for increased compatibility. o File|Print option was removed as it never worked properly in the 8.x code base and printing options are handled in context via right-click options in the various pane windows. o The extra SMTP port introduced in 8.02 has been morphed into a true MSA port capability. This means that: (a) the default port value was changed from 2525 to 587 (b) transmission on this port requires AUTH o You can now configured the header which will be used when setting up IMAP spam filtering rules for your users. The default is still X-Spam-Flag but you can change it by editing the following in CFilter.ini with notepad: [SpamFilter] IMAPFilterHeader=X-Spam-Flag o The default subject in AntiVirus update notification emails was changed to include the result (Success or Failure) of the AV update attempt. o The default CFUPDATE.DAT file which is the template describing the result of an AntiVirus update has been changed to include the full log of the AV update attempt. Your existing CFUPDATE.DAT file was renamed to CFUPDATE.DAT.OLD so that this new file could replace it. o MDaemon will always place the name of the mailing list in the Sender header for all list mail. o By default, MDaemon will accept messages which are not compliant with internet standards (MDaemon has the ability to bring non-compliant messages into compliance later). If you would prefer to have MDaemon reject non-compliant messages you can set a new switch added to Setup|Misc Options|Servers tab. MDaemon will reject message which do not have a DATE header. It will also reject messages which are missing both a SENDER and FROM header. Also, these required headers must have a value (they can not exist as empty headers). o The language on the DomainKeys signing tab was changed to make it more clear on how to create new selectors. o When you specify from and to values that make messages eligible for DomainKeys signing you can add an optional selector value to the end of each line and that selector will be used to sign messages which match that criteria. Open the DKSIGN.DAT file and read the instructions at the top for more information. o SPF/DK cache/whitelist file editors were changed from notepad to MDaemon's internal file editor. o MDaemon will now send the string 'Connection refused' before closing the session when tarpitted and/or IP screen refuses a connection. o If you do not want MDaemon to send the "Spam Trap" content report email (this can be very long sometimes) you can set the following in CFilter.ini using notepad: [SpamFilter] SendSpamReport=No (default Yes) o Changed DK to return DK_STAT_SYNTAX when signature doesn't match sender's domain. Also, better info will track into the Authentication-Results header when this is the case. o Added multiple signature support to the DomainKeys verification code. If a message arrives with more than one signature MDaemon will apply some logic in an attempt to find the first one that matches the sender domain. o Spam Filter was updated to include SpamAssassin 3.04. o Trusted IPs are exempt from the gateway AUTH requirement. o Tons of cleanup to Smtpwnd - removing old unused code. o Added Slovenian language to WorldClient - thanks to Red Zion for doing this work for us. FIXES ----- o fix to crash/100% CPU associated with inline SMTP Spam scanning o fix to hashcash mint size being ignored (always using 20 bits) o fix to spam score not showing up in SPAM entries within stats log o fix to WC's LookOut theme not supporting certain Japanese subjects o fix bad message Date headers causing WC's LookOut theme to display a blank message list o fix to holding queue release causing crash in ghost sessions o fix to maximum RCPT count setting not being incremented by "recipient unknown" result - was only counting RCPT commands that gave a "250 OK" o fix to unnecessary pane refresh with 'bayesian learn as ham/spam' option o fix to autoresponders not working properly when no start time specified o fix to problems using ODBC backend and SQL Server o fix to strings for the PocketPC, XHTML, and WML themes are not in the languages.ini file. These strings are not being translated. o fix to DomainKeys not using the d= tag properly o fix to possible crashing when stopping/restarting MDaemon o fix to possible IMAP server crash o fix to errant JavaScript handling in WorldClient o fix to addrbook.mrk files created by addrldap.exe cannot be read o fix to possible crash after editing a domain or processing a reload cache sem file while inbound SMTP sessions are active o fix to some DAT files not being updated with timer countdowns o fix to MD3Conv.exe crashing if upgrading from really early MD installs o fix to auto-responders not getting DK signed or hashcash minted o fix to 'dns_available yes' problem for new installations o fix digitally signed messages not being DK signed o fix to LookOut forwarding/autoresponder validation bug o fix to WorldClient not being restarted when changing SSL settings o fix to IMAP & SMTP servers not supporting authentication with an alias o fix to signatures only being applied to primary domain mail o fix to hashcash minting not working properly in some cases o fix to IE requesting read/unread/new/forward and reply images for individual list view message headers for WorldClient LookOut o fix to MD not removing the MSG file associated with a public contact when deleting an account o fix to possible orphaned sessions in 'send all to ISP' configurations o fix to modal dialog box sometimes causing thread to freeze -------------------------- MDaemon 8.02 - May 3, 2005 -------------------------- o The migrator was not converting old "global memos" to the new system. Global memos will now be converted and placed onto the domain's public Calendar folder. The permissions from the old system are preserved as well as all the data. The only difference is that global memos can no longer be placed on each individual user's private calendar. Instead they are placed on the domain's public calendar. This is one instance where the old system was easier to understand and use than the new one and where the functionality could not be precisely translated. Very sorry about that! If you have already upgraded you can run the following from a command prompt to convert your global memos to the new folders: \MDaemon\App\MD3Conv /ug8_global_memos ex: C:\MDaemon\App\MD3Conv C:\MDaemon\App /ug8_global_memos o You can disable list view page reloading within WorldClient Lookout by setting the following key in Domains.ini. You can also set this in a user's User.ini file as well. [Default:UserDefaults] RefreshListViewOnNew=No (default Yes) o You can now specify a second SMTP port on the Setup|Primary Domain|Ports screen. This is to get around ISPs who are more and more starting to restrict traffic on port 25. Specifing 0 (zero) as a port for a service will disable that service. o Added checkboxes to the Setup|WorldClient|Calendar tab to control the sending of email and instant message calendar and task reminders. o Added switch to Gateway ATRN tab to require AUTH when sending messages as a user of the gateway domain. This switch is disabled by default so as not to break existing installations but you can change this to enabled for all domains by editing the following in MDaemon.ini: [Special] GatewaysRequireAUTH=Yes (default No) o Shared folders are now enabled by default. You can switch off shared folders if you want to disable this feature. o Added logic to DK cache to NOT cache domains putting SPF record into DK namespace. o fix to "copy/move" option missing from WorldClient context menu for messages in the Spam Trap folder o fix to messages lacking MIME header not being parsed for spam/ham learn o fix to work-around FireFox 1.03 issues with WorldClient web mail o fix to buffer overflow when using ODBC database with long data values o fix to French DK cache file header problem (French users should delete DKCache.dat and restart MD to get proper file version) o fix to WorldClient LookOut not loading correctly for some IIS6 users o fix to lack of public contact folder access under MDaemon Standard o fix to looping problem with "ignore RTE error" enabled route slips o fix to crashing on startup of trial versions in Italian or French o fix to unable to add iCal attachments to WorldClient Calendar o fix to incorrect wording on gateway relaying option in GUI o fix to old autoresponders starting up when start/end time are invalid o fix to OC/GW not being enabled when a new key is entered o fix to imprecise warning text when changing existing RSA keys for DK o fix to contact export not working in German version o fix to LookOut reporting the message didnt' exist when deleting the last message in a folder o fix to SpamAssassin checked performed by the SMTP engine getting different results from queue based scans (some additional work here might be needed) o fix to folders list icons erroneously reloading in LookOut o fix to contacts lost after migration if addrbook.mrk is not valid XML o fix to contacts folder may contain duplicate contacts after migration o fix to message counts not updated in LookOut after composing draft o fix to calendar/task/contact comment field not synched with Outlook ----------------------------- MDaemon 8.01 - April 14, 2005 ----------------------------- o The migrator which runs during the installation will no longer rename existing Contacts or Calendar folders for GroupWare accounts on sites that have installed and are actively running GroupWare (sites with a registered or trial GroupWare key). This preserves the existing folders for all GroupWare users. If there is data to be migrated it will be migrated into two new folders - WorldClient Contacts and WorldClient Calendar; however, if there is no data to be migrated these folders will not be created. For users and sites that are not running GroupWare any existing Contacts and Calendar folders will be renamed so that MDaemon can be sure that these folders are of the correct type and contain the correct data. The migrator will make sure that a Tasks folder exists but will not need to rename or deal at all with any existing Tasks folders since there is no old data that needs to be imported. If you would like to revert all the Old Calendar/Old Contacts/Old Tasks folder data back into the Calendar/Contacts/Tasks data for all users you can run \App\MD3Conv.exe to do it. Execute 'MD3Conv ?' for command line instructions (look for /ug8_revert_all). o WorldClient LookOut theme now supports drag-and-drop when using Internet Explorer (Firefox/Mozilla is not yet supported). o MDaemon's IMAP server now sends the APPENDUID response code, to better support Outlook Connector o fix to ComAgent unable to open folders others than INBOX o fix to Outlook security warning when ComAgent performs MAPI contact sync o fix to contact folder addrbook.mrk file not in sync with TNEF .msg files o fix to DK signing not working because of path problems o fix to AntiVirus and Content Filter not working for MDaemon Standard o fix to $CALTEXT$ in CalRemind.dat not outputting the event's subject o fix to ODBC back end problem when using Access DB o fix to WorldClient LookOuts contact lookup not working in French o fix to autoresponders created via Lookout not working right ----------------------------- MDaemon 8.00 - April 12, 2005 ----------------------------- SPECIAL CONSIDERATIONS ---------------------- o All or parts of this file may not be localized. o Your AntiVirus update schedule file (\App\AVSchedule.dat) was renamed to \App\AVSchedule.dat.old so that a new set of default update times could be put in place. The new defaults randomize the times that updates take place but schedule only a single update per day. You can return to your old update settings by renaming \App\AVSchedule.dat.old to \App\AVSchedule.dat if you wish (restart MDaemon after renaming the file). o This version creates Calendar, Contacts, and Task folders for each user and a Contacts folder for each domain during the installation. If these folders already exist they will be renamed to Old Calendar, Old Contacts, and Old Tasks. See the IMPROVED COLLABORATION SUPPORT section below for more details. o MDaemon requires activation of your registration key. The goal of the activation system is to combat piracy and protect the interests of legitimate customers. Immediately after MDaemon loads it will launch the Activation Wizard which will walk you through the simple process of activating your registration key. You can activate in a fully automated fashion or manually if you prefer. The process takes only a few seconds. Activation verifies that the key you are using is legitimate. It also ties your registration information to your computer using the MAC address of your Network Interface Card making it impossible for others to illegally use your registration key. No personal information about you is required or transmitted. Reactivation is required only if you change out your Network card. The 'Help | Activate your registration key...' menu selection will launch the Activation Wizard should you need to do this in the future. Multiple activations are allowed however this is for customer convenience only and should not be considered license to violate the EULA. Registered users have 30 days in which to activate. Activation is required in order for MDaemon to function. For a more detailed description of activation see: http://www.altn.com/Activation/faq.asp o This version of MDaemon requires WebAdmin 3.10. You can obtain WebAdmin 3.10 from http://files.altn.com/WebAdmin/Release/ o Please note the evolution of the old MDaemon GroupWare product into the new Outlook Connector for MDaemon. This name change is reflected in numerous places within the MDaemon GUI and documentation. To read more on this check out this partner newsletter: http://files.altn.com/static/images/partners/press/newsletters/NL-200501.pdf o The default automatic spam filtering IMAP rule created for each account via the Spam Filter's 'Automatically filter spam messages into user's IMAP spam folder' was changed. The rule used to merely check for the existence of the X-Spam-Flag header within each message. This was found to be not sufficient because some external SpamAssassin enabled software places 'X-Spam-Flag: No' into messages. So, the rule was changed to check for 'X-Spam-Flag: Yes' rather than just the existence of the header itself. To change the rule for all your accounts uncheck the 'Auto- matically filter spam messages into user's IMAP spam folder' option and follow the instructions. This will remove the old rule from each of your accounts. Then recheck the same option to build the new rule for each account. o Some of the WCML tags have been changed. Your custom WorldClient templates will need to be updated. o If you are using the composite log check your settings. They will need adjustment because a new log for Outlook Connector activity has been added. o Using the Content Filter's "Copy the message to specified user(s)" action with a mailing list as the target of the action can lead to the following problem: if the list is keeping a digest then the digest will NOT get a copy of the message. This limitation will be addressed in a future version. o Older versions of ComAgent will no longer be able to sync contacts with MDaemon 8. To regain this capability your users must update to ComAgent 8. o The WhoWhere and InfoSpace public LDAP servers no longer appear to be operating. Therefore the installer will rename your AddrLookup.ini file to AddrLookup.old before installing a new version which removes these entries. If you have added custom LDAP servers for your WorldClient users (including LDaemon for example) you can reconfigure them by editing the new AddrLookup.ini file (remember to start numbering at 1 ex: [LDAP1]). MAJOR NEW FEATURES ------------------ * IMPROVED COLLABORATION SUPPORT (MDaemon PRO only) * Collaboration support within MDaemon/WorldClient has been completely re- written and vastly improved. From within WorldClient you can now more easily and attractively create appointments, schedule meetings, and work with address books. For the first time, recurring appointments are fully supported. Also, appointments are more elaborate with many more fields available to describe them than were possible before. Internally, contacts, calendars, and task data are stored as IMAP folders within each user's root mail directory. Users can use WorldClient or Microsoft Outlook* to access these folders and control what other users have access to these folders. All WorldClient themes (and especially Lookout) have been modified with new templates which present contact, calendar, and task folders in a more logical and attractive way. MDaemon supports and automatically creates domain-wide contact, calendar, and task folders which all domain users will have access to via WorldClient or Microsoft Outlook*. By default, users of a domain will have full access to add, edit, and delete items in these folders. You can easily change this through the MDaemon GUI if you desire to restrict access to these folders. The new collaboration system within MDaemon is completely IMAP/ACL based with data stored in XML and RFC/TNEF format. This allows seamless integration with the Outlook Connector for MDaemon plug-in used by Microsoft Outlook. Granting other users access to your folders can be achieved via WorldClient or Outlook*. MDaemon no longer maintains a single address book for all domains. MDaemon keeps address books on a per-domain basis now. Any other address books will have to be created and maintained by you (if you want them). *Requires Outlook Connector for MDaemon (see http://www.altn.com). IMPORTANT: If you are upgrading to MDaemon 8 from a previous version, the installation process will automatically convert each users private address book (their addrbook.xml file) to the new Contacts folder in their root mail directory. Also, each users calendar information will be migrated from their old Calendar.mrk file to the new XML format within the new Calendar folder in their root mail directory. Finally, each domain's public address book will be converted and placed into the domain's Contacts public folder. None of the original files are deleted by this process. You can run \App\MD3Conv.exe to forcibly migrate the calendar and contact data for any user (or all users) as needed. Just run it once with no command line arguments for instructions. If the migration process finds a Calendar or Contact folder that already exists for a user or domain it will rename that folder to Old Calendar and Old Contacts. Access control is preserved when folders are renamed. * DOMAINKEYS SUPPORT (MDaemon PRO only) * MDaemon is now DomainKeys enabled (http://antispam.yahoo.com/domainkeys). DomainKeys is a specification intended to provide email sender verifica- tion. MDaemon can both sign outgoing and verify incoming emails using DomainKeys. MDaemon's GUI now has a DomainKeys tab, DomainKeys logging options, and a configuration screen on the Security menu where you can setup your DomainKeys properties. MDaemon includes the ability to generate private and public keys suitable for use with the DomainKeys specification. A button within the new DomainKeys GUI will allow you to create keys. By default, keys are generated with a bit depth of 1024 bits which should be very secure. A default selector ('MDaemon') and a default public and private key are created automatically on startup (if they do not already exist). All keys are unique and are never the same from one site to another. MDaemon supports multiple selectors and key pairs. Selectors and keys are stored under the \MDaemon\Pem root folder in the following way: \MDaemon\Pem\\rsa.public - public key for this selector \MDaemon\Pem\\rsa.private - private key for this selector All keys are stored in PEM format. Only messages which are sent to non-local users using SMTP AUTH will be signed. Mailing list messages are never signed. * IMPROVED ANTISPAM - SPAMASSASSIN 3.0 (MDaemon PRO only) * MDaemon now includes SpamAssassin 3.0. This new version of SpamAssassin includes many upgrades and improvements. For a complete list of changes see http://www.spamassassin.org. How the subject tag is specified on the Heuristics tab within the Spam Filter GUI was changed. SpamAssassin no longer supports a key to turn subject modifications on and off. Instead, the existence of a subject tag determines whether one is used or not. As a result, please check this tab and make sure the subject modification is to your liking. Also, the _HITS_ tag in SpamAssassin 3 does not pad the score with leading zeros. This caused us a sorting problem here so you might want to look at your subject tag and change _HITS_ to _SCORE(0)_ which will left pad with a leading zero. SpamAssassin 3 doesn't come configured to use the JP list for SURBL so we added a rule for it to 80_MDaemon_scores.cf. Also, the default SA 3 scores for SURBL hits were much lower than what we previously used with MDaemon so I put the old SURBL scores in 80_MDaemon_scores.cf. Adjust to your liking or delete the lines to use the SA 3 defaults. New default Bayesian scoring has been added to 80_MDaemon_scores.cf. In the future this file will always contain the default scores for Bayesian rules. You may wish to consider deleting the various 'score BAYES_xx' lines from your local.cf file in order to use the new defaults. The new defaults are much lower than previous versions of MDaemon but then so are the defaults within SpamAssassin 3 itself. * CUSTOM PLUG-IN SUPPORT (MDaemon PRO only) * MDaemon can integrate custom built plug-ins. See \Docs\Api\Plugins.txt for more details. * HASHCASH "PROOF-OF-WORK" SUPPORT (MDaemon PRO only) * MDaemon is now able to generate hashcash stamps. Hashcash is a form of electronic postage designed to help verify that the sender of an email message invested sufficient effort in order to do so. Effort is measured in terms of CPU use. Now that hashcash verification is support- ed by SpamAssassin 3.0, the stamps generated by MDaemon's hashcash system and inserted into outgoing messages will have a real impact on lowering the false positive rates when your users send mail. A new screen was added to the Spam Filter properties to configure hashcash settings. In order for stamps to be generated and inserted into messages they must not be list messages and must be either FROM or TO an address listed in HCMint.dat file. You can configure all this from within the Hashcash properties in the GUI. In order to honor hashcash stamps for incoming messages your domains must be listed in the \SpamAssassin\Rules\80_MDaemon_Hashcash.cf file. The installer has already enabled all users of your primary domain for this. To see how it is done for other domains just open the file with notepad and read the instructions there. For more information on HashCash and to support the HashCash concept visit http://www.hashcash.org/. * IMPROVED QUEUE MANAGEMENT * Added a basic queue management system directly into the main MDaemon GUI. This mimics some of the MDStats functionality but in a more integrated fashion. Double clicking a queue on the stats pane window will open the MD GUI to this new queue management system rather than MDSTATS. You can still right click and select to view queues using MDSTATS if you want. * IMPROVED ERROR MANAGEMENT - HOLDING QUEUE * MDaemon now has a new queue - the 'holding' queue. The purpose of this queue is to receive any messages which cause software exceptions during AntiVirus, AntiSpam, or Content Filter processing. If a software error occurs during the processing of messages the messages will be moved into the holding queue and not delivered. When messages are placed into the holding queue they stay there until the administrator takes some action. A button and menu option to process the holding queue were added to the GUI. Processing or 'Re-Queue'ing the holding queue content will shuffle all the messages into either the remote or local queues for processing. If the error which caused the messages to be placed into the holding queue still exists the messages will just be routed right back into the holding queue. 'Release'ing the content of the holding queue will deliver the problem messages regardless of any error which might occur. A warning box is provided when 'Release'ing the queue since doing so could potentially introduce messages into the mail stream which did not properly filter through the Content Filter, AntiSpam and/or AntiVirus engines. A system for configuring notifications related to the holding queue was added to the Queues menu selection in the GUI. Note that if these notifications themselves cause software errors they may not be delivered to remote recipients, but local recipients will work fine. Notifications are sent to the configured parties at MDaemon startup, the first time a message is placed into the holding queue, and once every XX minutes thereafter until either the queue is emptied or the notification mechanism is switched off. Note: when the SpamAssassin.dll file fails to be initialized or is other- wise hosed (which can happen from time to time) MD will no longer switch off the Spam Filter. Also, the message normally sent to postmaster when this occurs has been changed to only send if the holding queue mechanism is inactive. * IMPROVED ANTIVIRUS INTEGRATION * MDaemon can now scan incoming messages for viruses during the actual SMTP session. A new switch was added to the Security|AntiVirus GUI to govern this behavior. This switch is enabled by default. This feature requires MDaemon AntiVirus. If a message is found to be infected the message is immediately refused and can not be accepted. This feature can and will slow down the processing rate of the SMTP server. Messages larger than MAX_SIZE will not be scanned during the SMTP session. MAX_SIZE defaults to 10MB and can be set by editing the following in the CFILTER.INI file with Notepad: [VirusScanner] InlineSMTPMax=10 (value in megabytes) The SMTP-(in) log will show the result of AV processing. The possible results you might see are: 1) the message was scanned and found infected with a virus 2) the message was scanned and no virus was found 3) the message could not be scanned (usually because a ZIP or other type or attachment could not be opened/accessed) 4) the message could not be scanned (it exceeds the max size limit) 5) an error occurred during the scan * IMPROVED OUTLOOK CONNECTOR INTEGRATION * MDaemon now has an Outlook Connector tab in the main GUI. This tab displays all the IMAP interaction between the MDaemon server and Outlook Connector clients. A separate log file is also created which will track all IMAP activity between the server and the OC clients. Options have been added to the logging settings to enable/disable this logging. The composite log file settings also has the same. Several small changes were made in the GUI to facilitate the evolution of our Outlook Connector product. These changes include modifications to the verbiage on the Setup configuration screens. Also, the on/off switch was removed from the main list of servers on MDaemon's main screen. Outlook Connector support can be turned on/off via the Setup menu. * IMPROVED LDAP QUERIES FOR GATEWAY USERS (MDaemon PRO only) * It is now possible to specify multiple LDAP configurations for your gateway domains. LDAP is used to verify that accounts actually exist before accepting messages bound for gateway domains. To specify extra sets of LDAP parameters you have to setup your first set using the GUI as normal. Then manually edit the GATEWAYS.DAT file using notepad. Create a new set of keys that look like this: LDAPHost1= LDAPPort1= LDAPBaseEntry1= LDAPRootDN1= LDAPObjectClass1=MDaemonContact LDAPRootPass1= LDAPMailAttribute1=mail Note that each key ends with '1'. You can add a third set of parms by creating another set of keys which end with '2', then '3', and so on. When the LDAP queries take place, MDaemon will perform multiple LDAP checks in sequence, if necessary, for a match. If an error or a match is found no further checks are performed. CHANGES AND ADDITIONAL NEW FEATURES ----------------------------------- o When messages are released from the Spam Trap the MTA thread will strip the subject text of all data found between the first [ and ] characters. So, if you change the default Spam Filter 'Subject tag' text, be sure you enclose your changes in [ and ] chars if you want this tag automatically removed. o SPF processing is now enabled by default and has a new option to check the FROM header (previously it could only check the SMTP envelope sender). The SPF configuration screen in the GUI has a check box to enable this (it is disabled by default). Note that if the address checked during SMTP session is the same as that taken from the FROM header the duplicate check will be skipped to save CPU and so on. o SPF GUI has a new switch to cause MDaemon to send all forwarded mail using the email address of the account forwarding the mail. This helps reduce problems associated with forwarding. Normally, forwarded mails are sent using the email address of the original sender and not the email address of the account actually doing the forwarding. o MDaemon will no longer generate route slips and send mail to itself via SMTP when forwarding to local recipients. If you must have forwarded mail being delivered to a local recipient filtered through the SMTP engine then manually specify localhost or 127.0.0.1 in the account's 'Forward mail to this host' field. o Accountprune has the following default settings for "SkipAutoPrune": Public IMAP folder - "SkipAutoPrune=Yes" Non Public IMAP folder - "SkipAutoPrune=No" o The default ACL access rights to the Bayesian Learning root folder for new installations was changed from 'lrswi' to simply 'lr' to prevent users from moving messages into the root folder by default. o Set the following switch in the MDaemon.ini with Notepad if you would like MDaemon to return messages that receive 'no records of the requested type' during MX record lookups: [Domain] NoAnswersImmediateReturn=Yes o Set the following switch in the MDaemon.ini with Notepad if you would like MDaemon to return messages that receive 'no records of the requested type' during A record lookups: [Domain] ANoAnswersImmediateReturn=Yes o Several small tweaks were made to the Spam Trap summary report including a link to WebAdmin's spam trap manager page (requires WA 3.10 and you must provide a link to WebAdmin in WorldClient's Domain.ini file here: [Default:Settings] WebAdminURL= o By default, MDaemon uses the account's mailbox value as the 'logon' parm when using dynamic authentication with Windows to verify that an account exists. Sometimes this parm does not match an actual Windows account and so the verification fails. If you would like to use a different logon for an account you can edit the account's HIWATER.MRK file which you will find in his/her root mail directory and add the following key: [Settings] NTLogonName= From then on MDaemon will use this value when performing dynamic authentication on the mailbox in question. o It is no longer possible to directly specify the config file backup directory so the option was removed from the Misc. Options GUI. Backups are automatically placed in the \MDaemon\Backups\ directory. If you want to specify a different location you can change the following parm in MDaemon.ini using Notepad: [Directories] ConfigFileBackups= o The SMTP engine will only prune addresses from lists if the result of a delivery attempt to the list member nets a 550-554 result code. If you want to completely disable pruning during the SMTP stage for a list open the list's .GRP file with notepad and add this line near the top of the file: ; SkipSMTPPrune = Y o The term "Spam Blocker" has been removed from MDaemon and replaced with the more appropriate term "DNS Blacklists" which is more accurate and reduces confusion between RBL processing and the Spam Filter. o By default, MDaemon will now reject messages to over quota recipients at the RCPT stage rather than after the message is received. If you would like to change this you can edit the following switch in the MDaemon.ini file: [Special] TestQuotaAfterDATA=Yes (default NO) o MDaemon no longer needs its own SURBL configuration file or GUI dialog. These were needed when older versions of SpamAssassin were being used. The 80_MDaemon_surbl.cf file has been deprecated as has the SURBL configuration screen in the Spam Filter properties. SURBL is now an integrated part of SpamAssassin and can be configured by editing the 25_uribl.cf file in the \SpamAssassin\Rules directory (not recommended). o MDaemon now defaults to using 1/2 the outbound session threads when send- ing messages from the retry queue. This frees up 1/2 of the threads for processing regular mail. If you would like to have MDaemon use all the outbound threads when processing the retry queue (as it has done in the past) edit the following key in MDaemon.ini and set it to ZERO: [Sessions] MaxRetry=0 o By default MDaemon will no longer accept messages sent from addresses on the suppression file. In the past, the default in many cases was to accept the message, process it, and send to the bad queue. The suppression file editor will now allow the "Refuse during SMTP" option to be enabled under the "All Domains" root. This is the new default. If you would like to selectively accept/refuse on a per-domain basis, then you need to disable this option under the "All Domains" root and enable it under the individual domain nodes. o When messages are submitted to list digests MDaemon will scan the message and attempt to include only the first text/plain part of the message to the digest. Other message parts are not included in the digest (including HTML parts). If the message does not have a text/plain part or if the messages is not multipart/alternative or multipart/mixed then the whole message will likely be included in the digest (minus any MIME attachments). o MDaemon now supports the forth-coming "Authentication-Results" header (this spec is still in draft stage so some changes might be coming). This new header is planned for use with AUTH, SPF and DomainKeys as the preferred method for communicating authentication results to MUAs. This header is written for locally delivered mail only. If you do not wish MDaemon to use this header at all set the following switch in MDaemon.ini: [Special] WriteAUTHHeader=No (default Yes) o Added switch to the SMTP AUTH GUI that exempts messages to local accounts from the requirement that messages sent from local accounts must be AUTH'ed. This switch is enabled by default which is a change from previous versions. o You can specify new settings in the AV scheduler. By selecting 'Random' for the minute value MDaemon will do the update at a random time during the hour. o Lots of SPF related logging can be cut by setting the following switch in the MDaemon.ini file (this switch causes SPF to only log matches): [ReverseLookup] SPFLogOnlyMatches=Yes (default No) o The checkbox which creates Calendar, Contact, and other domain-level public folders was moved from the Domain editing screen to the Public Folder editing screen. o It is no longer possible to use a period char as the IMAP folder delimiter. Doing so causes internal havoc to the code. So, on startup MDaemon will change the default delimiter to the default char '/' if it is currently a period char '.' o Added WorldClient INI file settings that allow admins to disallow users to view calendars and tasks as well as not add new calendar, task or contacts folders. Set the following INI values under the [User] section of the User.ini file or in the domains ini file to disable the various functionality: EnableCalendar=No EnableTasks=No CanCreateContactsFolder=No CanCreateCalendarFolder=No CanCreateTasksFolder=No o The active AV update schedule will be dumped to the System log at startup and whenever the schedule is changed using the GUI. o WorldClient will automatically select the Pocket PC theme for any Windows CE devices which connect. o Added "Sign with DomainKeys selector..." action to content filter. o Added DisableWebAdminAccess=Yes/No (Default: No) key to WorldClient's domains.ini file. o In WorldClient more feedback is presented to the user if they cannot create or edit an item because of insufficient access rights. o Contacts folders are now listed in various places with an abbreviated format to allow for sub folders of a greater depth. In addition the folder's owner is always displayed to help clarify the source of the contacts. o All Windows CE devices should get the PocketPC theme for WorldClient now. o Added scrollbars to Tarpit|Advanced. o The IMAP server now supports the LOGIN authentication mechanism. o Various SPF related options are now disabled by default. You should go into Security|SPF and make sure the settings there are what you want. o Significant improvements to calendar performance in WorldClient for users who are not using the Lookout theme. o API function MD_VerifyUserInfo now converts domain to all lower case. o New lists default to disallow EXPN commands o Added domain functions to MDUserCOM (doc not updated yet) o MDUserCOM.dll version will now be the same as the current MDaemon o The default score applied to messages which pass SPF processing was changed from -2.5 to 0. o A new switch was added to the logging options which governs whether the 'all' log file will be created. o MDStats now includes the MDAV message quarantine directory in its list of queues. o By default, a new installation will store queues under a \Queues\ root directory. If you would like to move your queues to this more organ- ized structure see the new Restore tab in the Queues GUI. o The Statistics log now contains MPOP and DPOP line entries for each message collected via MPOP or DPOP. o Cleaned up inbound SMTP logging to make it look more consistent. o The installer now backs up the SpamAssassin 'rules' directory to the \Backup\ folder and the layout of how files are stored there has changed slightly. The format is now \Backup\%VERSION%\. o The installer now includes MDMigrator which is a tool to move from MS Exchange to MDaemon. MDMigrator.txt contains instructions. Previously this file was downloaded separately from our web site. o When spooling all mail to an ISP or upstream host any SMTP delivery error (temp 4xx or permanent 5xx) will return the message to the sender. o MDaemon no longer references or uses the MDAEMON_SPAM_BLOCKER SA rule. The rule is now called MDAEMON_DNSBL. o Added IP being checked to SPF log info. o Added WC support for "x-uuencode" Content-Transfer-Encoding o MDaemon now creates SSL certificates with an exportable private key o Minor verbiage changes to Account Editor's Options tab. o Removed HOSTS file reference from SMTP log and NDR. o MDaemon now supports the processing of multiple A records in response to PTR lookups. o NDR's where changed to appear from MDaemon@ rather than MDaemon@. o The order of the various Received and status headers was changed to bring MDaemon more inline with examples in the various RFC's. o Old dnsBL sites that are no longer functioning were removed from the SpamBlck.dat file. o The default protocol wait time was increased from 30 seconds to 60 seconds. o Several logging defaults were changed. MDaemon now zips old logs each night, has no fixed log file size, and makes date based logs by default. o Added the amount of time to complete request to the WorldClient log. FIXES ----- o fix to alias.dat file permissions getting lost with WA3 under IIS o fix to log file directory created on wrong drive sometimes o fix to disabled whitelist and advanced screens on tarpit in MD Standard o fix to RBL score not showing up in inline SMTP Spam scoring o fix to statistics log records possibly getting jumbled together o fix to active/inactive AV server stat on the STATS window not accurate o fix to looping errors caused by archive copies lacking a NULL return-path o fix to WC message corruption when using the Plain Text mode of the HTML composer and returning from the Spell Check or Add Attachment pages o fix to FileList-xx.dat files referencing incorrect SpamAssassin .cf files o fix to auto update check switch not preserved across updates o fix to some SPF macros not expanding properly o fix to Spam Trap folder name incorrect in German version o fix to MDStats using wrong filenames for SA whitelist, blacklist rules o fix to missing directories always being setup as default C:\MDaemon o fix to list dlls not sending welcome packet when sub'ed via WebAdmin o fix to ODBC list dll not checking if member was on list before adding o fix to WorldClient HTML compose not remembering if the message was plain text only or not o fix to Accountprune recursive switch option("/s") not working o fix to POP server not byte-stuffing TOP responses o fix to IgnoreRcptErrors setting not working correctly o fix to Accountprune to not delete messages in user's IMAP folder and public folder unless the folder's Hiwater.mrk file has the following setting: [Settings] SkipAutoPrune=No o fix to public folder pruning not working o fix to update message referencing ftp.altn.com rather than files.altn.com o fix to cosmetic GUI problems o fix to global auth password visible in plain text inside GUI o fix to MD/GW problem where message would disappear when MD/WC-generated contacts were used in creating the message in Outlook o fix to errant ATRN dequeue session interlock o fix to SPF records sometimes being decoded improperly o fix to dequeue sessions not using the MXCache.dat file o fix to WorldClient LookOut themes's handling of attachments to allow Windows XP SP2's popup blocking issues. o fix to Accountprune recursive("/s") not working if "SkipAutoPrune=Yes" was set for the parent folder o fix to 5xx errors not routing back when spooling all mail to ISP o fix to Sender: header not included in list messages at all times o fix to event log not honoring on/off switch o fix to possible thread dead-locks o fix to ghost starting up with false warning about logs sometimes o fix to gateway GUI sometimes creating blank gateways.dat entries o fix to MD not logging anything when too many sessions encountered o fix to system address always able to send to mailing lists o fix to WC exception parsing certain non-RFC 2046 compliant messages o fix to cosmetic typo errors o fix to AccountPrune not deleting other message types, except ".msg" o fix to problems in cleanup.bat file o fix to GUI problems re WebAdmin when it is running under IIS o fix to potential WC crash if a request for a session is received while the session is being expired o fix to ACL entries not being updated when domain names change o fix to IMAP SEARCH command not supporting nested search parameters o fix to possible crashing problem with using ODBC back end and SQL Server o fix to SMTP server refusing certain addresses o fix to MTA thread not strictly checking for .msg files only o fix to CF not applied to all list mail correctly at times o fix to WC/WebAdmin not being able to send window messages to MDaemon from IIS when using the ODBC backend o fix to Tarpit not honoring White List in all cases o fix to CTL having Subject parm; data not available and serves no purpose o fix to errant value reported with SA_MAX_SMTP_MSG_SIZE in SA header o fix to CF 'send to' rule not working with mailing lists o fix to ComAgent lockups when incoming messages arrive at the same time o fix to Accountprune "/s", recursive switch, for "/m" option o fix to Tarpit white list not honoring CIDR notation o fix to SMTP server not honoring RBL 'Received' header max check count o fix to ODBC selector wizard using 255 byte limit to SQL statements o fix to outbound smtp byte stuffing bug causing Winsock errors o fix to cached files sometimes being truncated to 255 chars/line o fix to SA not writing to screen/logs on default installs o fix to CF editor not writing out 'add to Windows event log' rule correctly o fix to read confirmations being send by the server (should be client) o fix to MD activation being attempted with non-MD key o fix to list digests not handling multipart/alternative messages well o fix to errant logging with long paths when process could not be started o fix to routing problems associated with the use of an MDaemon system alias o fix to md3conv possibly not working with long file names o fix to IMAP server sending BAD response to an authentication failure o fix to WC truncating links for URLs with two commas in them o fix to list members not written to disk if certain wildcards in use o fix to possible lockup during the activation process o fix to localized MD3Conv not being included in installer. o fix to DNS lookup code not handling multiple TXT records properly o fix to spamfilter processing honoring the incorrect max size exception o fix to DomainPOP not being enabled when shutdown by trial expiration o fix to bug causing fresh installs to get fixed log file size o fix to site policy enabled by default o fix to backup files not created if backup dir missing o fix to AV settings to being lost when changing any content filter settings o fix to MDaemon mail dir created in wrong place on some new installs -----------------------------------------------------------------------------