MDaemon Email Server | Secure On-Premise Email

Overview \| Features \| Pricing \| Purchase \| Download \| Support \| Anti-Virus\| Contact Us \| Blog Articles

Current version of MDaemon Messaging Server is v25.x| Release Notes |QuickStart Guide

MDaemon Server v14 Release Notes

MDaemon 14.5.3 - January 20, 2015

CHANGES AND NEW FEATURES

[6319] A 64-bit version of MDaemon is now available. The 64-bit version can handle a higher number of active sessions before running out of memory. Please note that the 64-bit MDaemon is not compatible with 32-bit plugins. When switching to the 64-bit MDaemon, you must also switch to 64-bit versions of all software that uses the MDaemon API. A 64-bit version of SecurityPlus is available. We do not have a 64-bit version of BES, so stay on the 32-bit MDaemon if you need it. If you run WorldClient, Remote Administration, or ActiveSync in IIS, you will need to configure or recreate the application pools to be 64-bit.
[14292] MDaemon responds with a 4xx temporary error to delivery attempts to disabled or frozen accounts (see [14010]). If you would prefer to have a 5xx response instead you can add this setting in MDaemon.ini [Special] DisabledAccountsSend550=Yes (default is No).

FIXES

[14286] fix to javascript error on Remote Admin's account editor page
[14264] fix to Save and Cancel buttons not enabled for certain options on Spam Filter in Remote Admin
[14281] fix to incorrect logic when setting an account to Frozen via Remote Administration
[14225] fix to ActiveSync provision issue with newer iOS versions
[14278] fix to ActiveSync error searching the global address list
[14279] fix to ActiveSync device protocol version may be reported as 0.0
[14168] fix to iOS 8 ActiveSync Automatic Reply end date not syncing properly
[14322] fix to DMARC sometimes reporting "too many recipients" errantly and ignoring them
[14289] fix to MDaemon is unresponsive during the daily ACL cleanup processing
[14343] fix to SPF record macros might not be expanded properly
[14285] fix to long Gateway AUTH passwords are truncated to 14 characters
[14325] fix to ActiveSync policies may not be enforced correctly
[14306] fix to WorldClient does not display any filters if a filter rule has a folder name containing a plus sign
[13971] fix to iOS 8 Settings app crashes when trying to set an ActiveSync Automatic Reply end date
[14338] fix to ActiveSync policy templates are removed when updating from MD 14.0 to 14.5
[14342] fix to ActiveSync policy dropdown errantly containing auto-generated policy names
[14162] fix to display problems in Content Filter Rule Editor in Remote Administration when using certain actions
[13786] fix to corrupt data in SPFCache.dat file, requiring the cache file to be deleted
[14358] fix to WorldClient Lookout theme: Cannot delete attendee from new or existing event
[14368] fix to MDRA help does not open if MDRA is running under IIS as a sub-directory
[12527] fix to reminder emails are not generated for tasks created in public folders

MDaemon 14.5.0 - October 21, 2014

SPECIAL CONSIDERATIONS

[13265] The two options to hide local IP addresses and local LAN IP addresses when processing message headers have been deprecated and removed from Ctrl+O | Preferences | Headers. They have now been replaced by a single option which hides reserved IP addresses. That was always the intent of the older two options anyway. This new option is enabled by default and prevents use of reserved IPs from appearing in certain MDaemon created message headers. Reserved IPs are as defined by various RFCs and include: (a) 127.0.0.* (b) 192.168.*.* (c) 10.*.*.* and (d) 172.16.0.0/12. If you want or need to do the same for your domain IPs (including LAN domains) then you can set this switch in MDaemon.ini manually: [Special] HideMyIPs=Yes (default is No).

[13332] The option "POP3, IMAP, and WorldClient passwords are case sensitive" has been deprecated and removed from Ctrl+O | Preferences | Miscellaneous. Passwords are now always case-sensitive. Allowing otherwise breaks security best practices and is incompatible with hash-based authentication mechanisms (APOP, CRAM-MD5) and secure (hash-based) password storage. As a result of this some of your users may need to update their password in their mail client.

[13786] The SPF cache file now caches a domain's actual SPF policy record taken from DNS rather than the final result of SPF processing. Your old SPFCache.dat file can not be migrated and so was renamed SPFCache.dat.old in case there are settings in there you need to refer to. You can delete SPFCache.dat.old at any time.

[13121] DomainKeys has been deprecated (see below). As a result the content filter action to sign messages with DomainKeys will be ignored. If you were using this action in any of your rules you may want to either change them to sign with DKIM instead or delete them if they are no longer needed.

MAJOR NEW FEATURES

[11196] DMARC (Requires MDaemon PRO)

Support for DMARC (Domain-based Message Authentication, Reporting, and Conformance) has been added. DMARC defines a scalable mechanism by which a mail sending organization can express, using the Domain Name System, domain level policies and preferences for message validation, disposition, and reporting, and a mail receiving organization can use those policies and preferences to improve mail handling. The DMARC specification and full details about what it does and how it works can be found here: http://www.dmarc.org/.

DMARC allows domain owners to express their wishes concerning the handling of messages purporting to be from their domain(s) but which were not sent by them. Possible message handling policy options are "none" in which case MDaemon takes no action, "reject" in which case MDaemon refuses to accept the message during the SMTP session itself, and "quarantine" in which case MDaemon places the following header into each message for easy filtering into your user's Junk E-mail folder: "X-MDDMARC-Fail-policy: quarantine". This header is only added when the result of the DMARC check is "fail" and the resulting DMARC policy is something other than "none." It is possible to configure MDaemon to accept messages even though DMARC requests that they be rejected. In fact, this is the default operational mode. In these cases MDaemon will place an "X-MDDMARC-Fail-policy: reject" header into the message in case you want to filter more seriously on that.

DMARC supersedes ADSP and the message disposition features of SPF. However, you can still use all of them together with DMARC. ADSP and SPF message rejection now takes place after DMARC processing if DMARC verification is enabled.

DMARC depends in part upon the use of a "Public Suffix List." A "Public Suffix" is one under which Internet users can directly register names. Some examples of public suffixes are .com, .co.uk and pvt.k12.ma.us. A "Public Suffix List" is a list of all known public suffixes. MDaemon uses the one maintained for the community by the Mozilla Foundation that is found here: https://publicsuffix.org/. A copy of this list is installed into your \App\ folder as effective_tld_names.dat. There is currently no comprehensive or single authoritative source for such a list which is an issue the Internet community should address. Over time this file will grow obsolete and must be replaced by downloading it afresh from https://publicsuffix.org/list/effective_tld_names.dat and saving it to your \App\ folder. MDaemon will periodically and automatically download and install this file as part of the daily maintenance event approximately once every two weeks. Various controls to govern this can be found on the new DMARC configuration screens. The DMARC log and the new DMARC window within the Security tab inside the main UI will contain the results of the update and all other DMARC processing operations. You can set a different file download URL if needed but the data downloaded must conform to the format specified by Mozilla for their file. You can read about this at the URL mentioned above. MDaemon strictly follows the parsing algorithm specified by Mozilla. Create a (possibly empty) file called "PUBLICSUFFIX.SEM" and place it in MDaemon's \App\ folder if you replace or edit the effective_tld_names.dat file yourself and need MDaemon to reload it without a reboot.

To use DMARC as a mail sender you must publish a DMARC TXT record within your domain's DNS setup. Information on how this record is defined and structured can be found at http://www.dmarc.org. When you publish a DMARC record to your DNS you may begin receiving DMARC reports from many different sources via email. These reports are provided as a compressed XML file whose format is governed by the DMARC specification. Consuming these reports is outside the scope of MDaemon's DMARC implementation. However, the data within these reports can provide important insight into a domain's mail flow, improper domain use, DKIM signing integrity, and SPF message path accuracy/completeness. The addresses to which these reports are sent is configured by you when you create your DMARC record.

When setting up a DMARC record for one or more of your domains take care with use of p=reject. Take particular care if your domain provides email accounts for general use by human users. If such users have signed up for any mailing lists, make use of a mail forwarding service, or expect to use common things like "share this article with a friend" you should know now that a DMARC p=reject policy could make those things entirely impossible and if so you'll hear about it. DMARC p=reject is perfectly appropriate and useful but only when it is applied to domains that control how their email accounts are used (for example, transactional mail, automated (i.e. non-human) accounts, or to enforce corporate policies against use of the account outside organizational boundaries).

DMARC p=reject is especially bad for mailing lists and if careful steps are not taken this can result in list members being automatically removed from your mailing lists. To mitigate this, the following steps should be taken: (I) For mail receivers: (a) do not allow anyone to post to any of your mailing lists if they are from a domain that publishes restrictive DMARC policy (ie.. any policy other than "none") or (b) failing that, configure all your lists to alter the From: header within messages from such posters. MDaemon 14.5 has new configuration options within the Mailing List Editor that can do all that work for you. If you don't want to do either of those things then at least make sure you disable the mailing list feature that automatically removes members who refuse to accept mailing list traffic. Otherwise, a message sent through your list by (for example) user@yahoo.com will result in the instant removal of every aol.com list member along with any and all other list members whose mail systems are DMARC compliant. MDaemon 14.5 automatically configures all your lists to be DMARC safe so that none of your list members will be removed by enabling the From: header mitigation described above for all your lists. (II) For mail senders: by all means publish a DMARC record for your domains and specify an email address to receive reports but take care not to use p=reject unless you are sure its appropriate (which it very well may be).

In order to support DMARC aggregate reporting MDaemon will store data which it will need later in order to generate aggregate reports according to the DMARC specification. MDaemon ignores the DMARC "ri="; tag and only produces DMARC aggregate reports that cover from 00:00:00 UTC to 23:59:59 UTC for a given day. At midnight UTC (which is not necessarily midnight local time) MDaemon consumes this stored data to generate the reports. MDaemon needs to be running at this time or the stored data could grow and grow and never be consumed. Therefore, if you do not run your MDaemon 24/7 you should not enable DMARC aggregate reporting. DMARC aggregate reporting is disabled by default.

In order to support DMARC failure reporting RFC 5965 "An Extensible Format for Email Feedback Reports", RFC 6591 "Authentication Failure Reporting Using the Abuse Reporting Format", RFC 6652 "Sender Policy Framework (SPF) Authentication Failure Reporting Using the Abuse Reporting Format", RFC 6651 "Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting", and RFC 6692 "Source Ports in Abuse Reporting Format (ARF) Reports" have been fully implemented. Failure reports are created in real-time as the incidents which trigger them occur. MDaemon implements DMARC AFRF type failure reports and not IODEF type reports. Therefore, only values of "afrf" in the DMARC "rf=" tag are honored. See the DMARC specification for complete details. Multiple failure reports can be generated from a single message depending upon the number of recipients in the DMARC record's "ruf=" tag and upon the value of the "fo=" tag times the number of independent authentication failures which were encountered by the message during processing. When the DMARC "fo=" tag requests reporting of SPF related failures MDaemon sends SPF failure reports according to RFC 6522. Therefore, that specification's extensions must be present in the domain's SPF record. SPF failure reports are not sent independent of DMARC processing or in the absence of RFC 6522 extensions. When the DMARC "fo=" tag requests reporting of DKIM related failures MDaemon sends DKIM and ADSP failure reports according to RFC 6651. Therefore, that specification's extensions must be present in the DKIM-Signature header field and the domain must publish a valid DKIM reporting TXT record in DNS and/or valid ADSP extensions in the ADSP TXT record. DKIM and ADSP failure reports are not sent independent of DMARC processing or in the absence of RFC 6651 extensions. See the various specifications referenced herein for complete details. DMARC failure reporting is disabled by default.

Important Note: A DMARC record can specify that reports should be sent to an intermediary operating on behalf of the domain owner. This is done when the domain owner contracts with an entity to monitor mail streams for abuse and performance issues. Receipt by third parties of such data may or may not be permitted by your privacy policy, terms of use, or other similar governing document. You should review and understand if your own internal policies constrain the use and transmission of DMARC reporting and if so you should disable DMARC reporting as appropriate.

DMARC requires use of STARTTLS whenever it is offered by report receivers however there's no way to predict or police this. However, you should enable STARTTLS if you haven't already (see Ctrl+S | SSL & TLS | MDaemon).

There is a white list for use with DMARC verification. This white list is for IPs only. A match to this white list causes DMARC processing to be skipped. DMARC also interacts with the SPF and DKIM white lists. If they cause SPF or DKIM processing to be skipped then DMARC processing will also be skipped. Naturally, when both SPF and DKIM are entirely disabled then DMARC processing will be skipped.

DMARC also honors the Approved List which can white list based on verified DKIM identifiers and/or SPF paths from sources you trust. So, for example, if a message arrives that fails the DMARC check but has a valid DKIM signature from a domain on the Approved List the message is not subject to punitive DMARC policy (i.e..the message is treated as if the policy were p=none). The same happens if SPF path verification matches a domain on the Approved List. So, take note that your existing Approved List is now also a DMARC white list. Finally, DMARC has been integrated with MDaemon's VBR system and a new option has been added to Ctrl+S | Sender Authentication | VBR Certification which allows you to ignore punitive DMARC policy on messages that fail a DMARC check but otherwise have a verified identify vouched for by at least one of your trusted VBR service providers. This option is enabled by default. For more information on VBR see https://www.altn.com/email-certification/. Congratulations on VBR (RFC 5518) achieving Standards-Track status!

The Authentication-Results header has been extended to include DMARC processing results. Note that Authentication-Results includes some data in comments for debugging purposes including the DMARC policy requested by the domain owner which is not necessarily the action taken on the message. For example, when the result of a DMARC check is "pass" it does not matter what the DMARC policy states as policy is only applied to DMARC checks which "fail". Similarly, when the result of a DMARC check is "fail" and the policy is "reject" the message may be accepted anyway for local policy reasons. Use of this header for filtering should take all this into account. Alternatively, filter for "X-MDDMARC-Fail-policy: quarantine" or "X-MDDMARC-Fail-policy: reject" to filter these messages into spam folders or whatever you want to do. MDaemon strips out the "X-MDDMARC-Fail-policy:" header from every incoming message.

Messages must conform to DMARC section 15.1 with respect to the RFC 5322 From header or they are not processed which basically means that the absence of a single (one and only one) properly formed (according to RFC specifications) RFC5322 From field renders the message invalid generally and therefore invalid for DMARC processing.

Several new screens have been added at Ctrl+S | Sender Authentication where you can set various options related to DMARC use.

DMARC requires SPF and/or DKIM verification to be enabled as it is based upon the verified identities that those two mechanisms provide. You can't make productive use of DMARC for inbound mail without one or both of those technologies enabled. The UI will try to enforce this.

DMARCReporter is a tool that reads DMARC XML reports and transforms them into easier to read HTML. This tool has been installed into your \MDaemon\App\ folder. See DMARCReporterReadMe.txt for instructions on use.

[9843] NEW LOOK FOR MDAEMON REMOTE ADMINISTRATION

Massive updates were done to the Remote Administration interface. "Mobile Device Management" is now a top-level menu item for easier access. Some other menus were relocated to align Remote Administration more closely with MDaemon's layout. Accordingly, menus have been utilized where appropriate. Context-sensitive help has also been added.

[10279] ACTIVESYNC SERVER NOW SUPPORTS SERVER-SIDE MAIL SEARCHING (Requires MDaemon PRO and active ActiveSync Software License Renewal Coverage)

MDaemon's ActiveSync server now supports searching messages on the server. Please refer to your ActiveSync client's documentation to find out if it supports this feature and how to use it. The search indexes are stored on the server in the folders being searched in files named SrchData.mrk and SrchIndex.mrk.

[13231] IMPROVED MAILING LIST ENGINE

The mailing list engine has had several improvements.

[13196] The mailing list editor has been slightly reworked. All the header manipulation related settings have been removed from the Settings page and put on their own new Headers page. Also, the option to set the list's precedence value has been deprecated and removed. Similarly the option to insert the list's name into the 'To:' header 'Display Name' has been removed as an unnecessary duplicate of the radio button option on the same screen that does the same thing.

[13198] Added a new option to the mail list editor which will allow you to reject messages sent to the list from authors whose domain publishes a restrictive DMARC policy ("p=reject" or "p=quarantine"). This option is enabled by default. By publishing restrictive policy these domain owners are effectively making it impossible for their users to participate in any mailing list or forwarding service or "mail this article" type of service. That may well be what they intend. However, allowing the mailing list engine to accept such messages can lead to unrelated members being automatically unsubscribed. You wouldn't need to enable this option if you use the new From: header alteration option but better safe than sorry (see [13160]). Also, you wouldn't need to do this as long as your list does NOTHING to invalidate a valid DKIM signature (if there is one) but lists do that all the time and for perfectly good reasons (like adding a label to the Subject:, adding footers to the message body, etc).

[13160] Added a new option to the Mailing List Editor Headers screen which allows you to alter the From: header value on incoming posts from authors whose domain publishes restrictive DMARC policy. This option is enabled by default and should stay enabled. As much of the previous From: header data is preserved as possible. This should help with the recent issues mailing list administrators have experienced due to the DMARC "p=reject" policies at Yahoo, AOL, and some others. FYI, as it depends on DMARC data being available this option doesn't really do anything when DMARC processing is disabled. Any time the From: header is changed by this feature the original From: header data will be moved into the Reply-To: header but only if (1) the message has no Reply-To: header to begin with and (2) only if the mailing list configuration itself does not specify a custom Reply-To: for all list messages.

[5102] Support for List-ID (RFC 2919) has been added. List-ID allows you to enter a short description for your mailing list which is included in the List-ID message header. This description is optional and if not provided the List-ID header will contain just the list identifier by itself. An example header with a description looks like this: List-ID: "Discussion of the current MDaemon Beta" <md-beta.altn.com>. An example without a description looks like this: List-ID: <md-beta.altn.com>. The email address of the mailing list itself is used as the list's unique identifier (note that the "@" is changed to a "." character to safely comply with the specification). The List-ID header is stripped from incoming messages sent to local mailing lists but not from incoming messages sent to local users from outside mailing lists.

[13201] Support for List-Post, List-Subscribe, List-Unsubscribe, List-Help, List-Owner, and List-Archive mailing list headers (RFC 2369) has been added. These headers are added to list messages if URLs for each are specified in the new controls found within the mailing list editor on the Moderation tab (because that's where there was room for them). These must be URLs as specified in RFC 2369 (for example: mailto:arvel@altn.com). See that document for examples. Whatever you put into these controls will be inserted into all mailing list messages. If the data is improperly formed it won't achieve any results. When a List-Unsubscribe value is provided MDaemon will use it rather than other possible auto-generated values.

[13230] Support for sending mailing list monthly subscription reminders has been added. When enabled, MDaemon will send the text of a reminder message to each list member on the first day of each month. You can control the content of the reminder message using some new controls on the Mailing List editor Reminders page. The following macros are available for use within the reminder message:

$LISTADDRESS$ which expands to the mailing list's email address
$LISTNAME$ which expands to the local-part of the mailing list's email address
$UNSUBADDRESS$ which expands the list's unsubscribe address (the MDaemon system address basically)
$MEMBERADDRESS$ which expands to the email address of the list member receiving the reminder

You can copy and paste whatever HTML you want from your favorite HTML editor into the control. If you'd rather send the reminders on a different day of the month, change it by editing MDaemon.ini and setting [Special] ListReminderDay=X (default is 1).

[13242] The option to configure a list's Reply-To value has been enhanced in the UI with radio buttons to allow you to more easily select (1) Leave any Reply-To unchanged (2) Put list's name in Reply-To (3) Put arbitrary email address in Reply-To.

[13263] IMPROVED SMTP SERVER

MDaemon's SMTP server has had some improvements

[13243] Support for RFC 3463 (Enhanced Mail System Status Codes) has been added. These codes allow for much finer grained reporting and automation. As a result of this, nearly all of MDaemon's SMTP server protocol strings have been changed to include the enhanced codes. Also, support for RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes) has been added. The ESMTP capability ENHANCEDSTATUSCODES will be advertised to other servers during the SMTP transaction.

[13264] Support for RFC 3464 (An Extensible Message Format for Delivery Status Notifications) and RFC 6522 (The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages) has been added. This completely overhauls MDaemon's DSN reporting. All of the old code and behavior related to this has been removed and replaced. With these changes, MDaemon's DSN system now fully complies with industry standards and will properly interoperate with automation tools and other MTAs. The format of the DSN has radically changed and now rigidly complies with the specifications. This means that delivery warning messages and delivery failure messages now fall under the control of these RFCs and are no longer accessible to administrators for customization. They can be localized but not customized. The "Subject" data for these messages can still be changed but this is not recommended. The data contained in these DSNs is now in MIME multipart/report format and no longer includes the original message as an attachment. Instead, only the headers of the original message are included in a text/rfc822-headers MIME section of the multipart/report message as the specifications recommend. Nearly all the optional components of these reports have been implemented including taking advantage of enhanced status codes if the receiving MTA supports them. DeliveryWarning.dat and DeliveryError.dat have been deprecated and removed. Ctrl+Q | DSN Options screen has been updated to remove the edit buttons and also the old option "Don't generate DSN for undeliverable list mail." This option is also deprecated and removed. MDaemon never generates DSNs for undeliverable list posts. Please review the RFCs if you want the full details on what the meaning of the various elements within these mails mean. MDaemon adds a Session-ID and a Queue-ID to each DSN. The Session-ID is a functionally unique value that identifies the actual mail session or transaction event that attempted delivery (this is not new; it has just never been used for anything until now). The Queue-ID is a functionally unique value that identifies the message file inside the queue (it's the file's name). "Functionally unique" means unique enough to identify the data it points to for all practical purposes but not guaranteed to never repeat over the long term.

[13475] Support for RFC 3848 (SMTP and LMTP Transmission Type Registration) has been added. This governs the value of the "WITH" clause in Received headers. This means you'll see "ESMTP" for unauthenticated non-SSL sessions, "ESMTPA" for authenticated sessions, "ESMTPS" for SSL sessions, or "ESMTPSA" for authenticated & SSL sessions. Values of "MULTIPOP" and "DOMAINPOP" are MDaemon specific and will continue to be used even though they don't appear in the IANA registry.

[13312] IMPROVED SENDER AUTHENTICATION

[13292] Updated MDaemon's SPF implementation to the latest specification (RFC 7208):

Section 4.6.4: Imposed a limit on the number of SPF terms that cause DNS queries. The following terms cause DNS queries: the "include", "a", "mx", "ptr", and "exists" mechanisms and the "redirect" modifier. The total allowed for such terms is now fixed at 10 and cannot be changed as per the specification. Also, each 'A' record lookup performed while processing an "mx" mechanism count toward the 10 term limit. When the 10 term limit is reached further SPF processing stops, any SPF results are dropped, and a permanent error is recorded as the result as per the specification. Section 4.6.4: "ptr" resource records count toward the 10 term limit as well however any extras over and above 10 are simply ignored and no permanent error is generated as per the specification.

Section 4.6.4: Imposed a limit on the number of "void" lookups. These are defined in the specification as lookups that result in either (a) domain does not exist or (b) no answers exist. When this limit is reached SPF processing generates a permanent error as per the specification. You can configure the number of allowable void lookups via a new control in Ctrl+S | Sender Authentication | SPF Verification. It cannot be less than 2.

Section 9.1: The ABNF was updated for the Received-SPF header so it required a few changes. Also, I added the "mechanism" key so you can see which mechanism matched. Note that the spec calls for using the string "default" when no mechanism matches so that may appear from time-to-time. Also, 9.2 provides guidance on the use of the Authentication-Results header (RFC 7001) so this resulted in a few updates to that header as well.

As a result of the improvements made to Authentication-Results, MDaemon no longer creates the X-MDPtrLookup-Result, X-MDMailLookup-Result, or X-MDHeloLookup-Result headers. These headers will continue to be stripped from incoming messages but they are no longer created or used by MDaemon itself.

[13313] Updated MDaemon's implementation of "Message Header Field for Indicating Message Authentication Status (RFC 7001)." This is the latest specification governing the Authentication-Results header. This caused several changes to the format of the Authentication-Results header and it looks much different now. PTR, HELO, and MAIL reverse lookups now use the ABNF from RFC 7001 (i.e.. iprev and policy.iprev for PTR, HELO, and MAIL with comment text as the differentiator). Also, corrected improper use of ptypes and their values in several places. Also, found and fixed some bugs in the inconsistent text put out in this header and in what happens if a DNS failure occurs during a lookup.

[13314] Implemented "Authentication-Results Registration for Vouch By Reference Results (RFC 6212)." I (Arvel) am one of the authors of VBR but didn't notice that my friend Murray had created RFC 6212 to document VBR results in an industry standard way using his Authentication-Results header. That's what I get for falling into a corporate black hole for 3 years :) MDaemon will now follow this RFC and when multiple VBR hosts are used there will be multiple VBR sections in Authentication-Results.

[13316] Implemented "Authentication-Results Registration for Differentiating among Cryptographic Results (RFC 6008)." This included documenting the results of each DKIM signature in an industry standard way. Previously, MDaemon did not document all signature results and what it did document was not in industry standard form. MDaemon will now follow this RFC and when multiple DKIM signatures are used there will be multiple DKIM sections in Authentication-Results.

[13315] Added new option to Ctrl+S | Sender Authentication | VBR Certification which will force VBR checks even for incoming messages that lack the VBR-Info header. Normally this header is necessary but VBR works fine without it. When the header is missing MDaemon will query your trusted VBR certifiers using the "all" mail type. This option existed in the previous version but was not exposed in the UI. Also, in previous versions it was enabled by default but I changed that to be disabled by default to save on queries. You can enable it if you want. Also, in previous versions only the default certifier was used in this situation (which is Alt-N's service - vbr.emailcertification.org) but now MDaemon will query each of your trusted VBR certifiers. Note that spamhaus has adopted VBR now with their DWL list. See http://www.spamhauswhitelist.com/en/usage.html for information and usage. To use this list within MDaemon just add it to the list of trusted certifiers at Ctrl+S | Sender Authentication | VBR Certification after checking with Spamhaus for any compliance requirements they may have.

[13139] Updated MDaemon's DKIM implementation to the latest specification (RFC 6376). Also, added separate storage of header and body canonicalized data for optional use with DMARC failure reporting. Also, the Authentication-Results header now includes the results of ADSP processing where relevant as per RFC 5617. Finally, RFC 6651 required updates to libdkim. Added a new option to Ctrl+S | Sender Authentication | DKIM Options which adds RFC 6651 "r=y" tag to outbound signatures. This enables DKIM failure reporting should outside verifiers choose to honor it. You must also configure a DKIM reporting TXT record in your domain's DNS and/or update your ADSP TXT record if you want to receive these reports. See RFC 6651 for syntax and instructions on how to do that. When set up correctly you may begin receiving AFRF failure reports from external sources when they encounter messages purporting to be from your domain which fail DKIM verification. Since it requires DNS setup this option is disabled by default. Also, I added another option to Ctrl+S | Sender Authentication | DKIM Options which toggles whether the RFC 6651 "rs=" tag is honored. This tag allows outside domain owners to customize the SMTP rejection string that your MDaemon will display when DKIM processing results in a rejection related to their domain. These strings cannot start with a space or number or include \r, \n, or \t. If they do, MDaemon ignores them. Otherwise, they're fine. This switch is enabled by default. You can disable it if you are uncomfortable with outsiders determining what your MDaemon says in a DKIM related SMTP rejection. Normally, this is just "550 5.7.0 Message rejected per DKIM policy". The "550 5.7.0" bit will be prepended to whatever custom string is used (if any).

CHANGES AND NEW FEATURES

[12535] MDaemon now supports TLS 1.1 and 1.2. Requires Windows 7 / Server 2008 R2 or newer.
[13040] Ctrl+U | Passwords now has a new control which lets you configure the minimum password length when requiring strong passwords. The absolute minimum is 6 characters but higher values are strongly recommended. Changing this setting does not automatically trigger a required password change for those with passwords shorter than the new minimum however when those users next change their password this setting will be enforced.
[13197] Message Recall improved slightly with a better indication of success in the Subject: text of result notification email. Also, you can specify the full header+value in the recall request now so "RECALL Message-ID: <message-id>" will work which makes it slightly easier to cut-and-paste.
[12308] You can now enable logging of ActiveSync WBXML and XML data globally with new checkboxes at Alt+M | ActiveSync | Options, for specific domains at Alt+F2 | Options, and for individual devices used by individual users from within the Account Editor | ActiveSync Devices page. It is also possible to turn on logging for all devices for a particular user but I didn't expose this as there's no room anywhere and you can enable/disable the user's device(s) which does the same thing. Each of these controls has the standard Yes, No, or Inherit options. Inherit means do whatever the next level up says to do - so user's devices do whatever the domain's setting is which will default to whatever the global setting is. This logging is switched off by default but is useful for debugging purposes.
[12762] You can now set the maximum number of ActiveSync devices allowed per user globally with a new control at Alt+M | ActiveSync | Options, for specific domains at Alt+F2 | Options, and for individual users from within the Account Editor | ActiveSync Devices page. Setting the global value to zero means no limit. Setting the domain value to zero means use the global setting. Setting the user-level value to zero means use the domain default. All values are set to zero by default.
[12982] The ActiveSync white and black lists can trigger off of Device ID, Device Type, and User Agent strings but not Device OS. This was a UI mislabel only and has been corrected.
[12981] The "Size" column header in the message queue pane within the main UI was changed to read "Size (Bytes)".
[12454] Ctrl+Q | Holding Queue has been reorganized such that the bad queue summary email can be sent even if the holding queue is disabled. It was a mistake to make these options which are unrelated dependent on each other in the UI.
[12374] Moved option to configure the daily quota report subject text from Ctrl+O | System to Ctrl+U | Quotas. Also this configuration was being ignored in some cases. That was fixed.
[13108] Improved SMTP error message upon authentication failure when using MSA port.
[9642] Updated UI to display fact that a Documents folder may also be created for domains/users when configured to do so.
[8619] Added the following new account template macros which return lower case versions of the data they represent: $USERFIRSTNAMELC$, $USERLASTNAMELC$, $USERFIRSTINITIALLC$, and $USERLASTINITIALLC$. Also the installation default for the new account mailbox template was changed to use these new macros. This may or may not change your configuration depending upon whether you are still using installation defaults or not. To double check and use the macros you want see Ctrl+T | Template Manager | New Accounts and you will see the macros used to create a new account's value.
[6172] The way window positions and layouts for the UI are saved has been changed. First, the config session and main UI no longer share or overwrite each other's window positions, item selections, or layouts. Second, if you are running on one of the newer versions of Windows which does not permit any service interaction then MDaemon will no longer bother keeping up with window positions or layouts at all (who cares?). This saves time reading and writing values to disk for something that nobody can ever even look at.
[13121] All support for the original DomainKeys message authentication system has been removed. DomainKeys is obsolete and has been replaced by the acceptance and adoption of DKIM which MDaemon continues to support. Some UI dialogs related to DomainKeys and DKIM found within Ctrl+S | Sender Authentication have been reorganized as a result and options related to DomainKeys removed and the remaining options better consolidated. Some .DAT files may continue to refer to DomainKeys in their various comment text but this will not be the case for fresh new installs nor does it hurt to leave this comment text in place. The install process will remove DomainKeys.dll and update the MDaemon spam filter scores file.
[13124] All support for HashCash has been removed. This technology never caught on. The install process will remove HashCash.dll and HCMint.dat and clean things up.
[13125] All support for Sender-ID has been removed. This technology never caught on and is obsolete.
[9728] MDaemon Remote Administration now has reports showing the top message senders by message count and total size.
[9546] Users are now prompted to decide whether or not to upload a file to their documents list that has the same name as another file in their list in the WorldClient and LookOut themes.
[9696] Added a checkbox next to the filename in the LookOut theme so that selection is easier for the user.
[13110] The Settings views have been updated in the WorldClient theme to better match the simplicity of the theme. From the Settings view there is now a "Return to Inbox" button in order to leave the settings view. The filters list has been altered to display the information for what each filter does in a more user friendly manner. The process for creating and editing filters has been removed from the main page to a modal window. Each time a user moves a filter the server will update the order of the filters. New folder creation has also been removed from the main page to a modal window. The share folder dialog has been changed to only allow email addresses to be added and removed, but not edited. The access level is now editable only after the user has been added. All other views look different but continue to function in the same fashion.
[9675] In the LookOut theme, only the type of folder that an item is being copied/moved from is displayed in the destination dialog.
[9673] In the WorldClient and LookOut themes, users now have the ability to drag and drop a file from a documents folder to their local machine. However, only Chrome supports this functionality. Other browsers will either do nothing, or create a shortcut to the desktop.
[9693] In the WorldClient and LookOut themes, when users compose an email and click the "attach" button users are now able to attach documents from a sortable and searchable list of all documents that user has access to through WorldClient.
[12352] SPF processing will no longer abort due to IP6 mechanisms.
[13192] In the WorldClient theme the folder pane now maintains the width set by the user in the previous session.
[7222] In all themes there is now a button or link that saves the source of the selected message as an .eml file to the user's local machine
[10607] EXPN and LIST commands (do people still use these?) now return results in alphabetical order. EXPN no longer attempts to send the real name or "n/a".
[13199] Sub-addressing should work with aliases for the mailbox part now.
[9854] Some MDaemon Remote Administration reports are hidden from view if the specified feature isn't being used
[12291] The routing log now displays the actual complete header values for To: and From: (within reason)
[10366] It is now possible to save searches for the message list in the LookOut and WorldClient themes by going to the Advanced Search.
[5825] Added new control at Ctrl+O | Preferences | UI which allows you to configure the text editor you like rather than always having the UI use notepad.exe. However, notepad.exe is the default and will always be used if you don't specify something different.
[13161] When the bad queue is processed messages to remote recipients will be moved back into the remote queue for delivery. Also, the routing log will now show LOCAL or BAD QUEUE when processing each type of message and bad queue will have its own color. Also, messages released from the bad queue will honor any newly created aliases to local users that might have been created since the message was placed in the bad queue.
[12488] The checkbox to delete files from the bad queue as part of daily maintenance was removed from Ctrl+O | Preferences | Disk and has been replaced by an edit control that allows you to set the number of days old a file has to be before it gets deleted. So now rather than delete all files it deletes files older than X days. The default is 0 (zero) which means to never delete any files. If you previously had the old option enabled then the new option has been set to 1 day to preserve previous behavior.
[13188] Raised length of forwarding address fields from 256 to 512 characters.
[13273] Updated several places in MDaemon which create auto-generated emails to use a proper and consistent From: and Reply-To:. Also updated several internal references to sales@ and support@ addresses that were out of date.
[5142] Added new setting to Ctrl+O | Preferences | Miscellaneous which will instruct MDaemon to skip the sending of forwarded messages to the smart host if there was an error delivering the forwarded mail to a specifically configured external host. When enabled, such messages will be placed in the retry queue. When disabled, such messages are sent to the bad queue. This switch is disabled by default to preserve previous behavior.
[9407] Added a new setting to Ctrl+O | Preferences | Miscellaneous which will cause MDaemon to delete messages from senders who are in the recipient's personal black list (assuming the options to use black lists are enabled). Previously these messages went into the bad queue. Now you can enable this switch to just delete them. This option is disabled by default to preserve previous behavior.
[13219] The Quota.msg file will now be updated if MultiPOP tries to pull a messages which would exceed the accounts quota limitations.
[12862] MDaemon will try to detect and use the correct FQDN domain value far more often now than it used to.
[7270] Due to frequent requests :) Added a new setting to Ctrl+O | Preferences | Miscellaneous which will cause MDaemon to remove duplicate recipients when a single message is submitted to multiple mailing lists. It only removes duplicate list members when a single message is delivered to multiple lists which contain that same member. For example, if list-a@domain.com and list-b@domain.com both have arvel@altn.com as a member then a single message delivered in the same SMTP session would result in one message (not two) being delivered to arvel@altn.com. The problem with this (and why YOU SHOULD NEVER USE IT or any similar de-duplication schemes) is that there is no way to know which copy from which list the individual member prefers to receive and you CANNOT safely assume that it makes no difference. Lists vary widely in their configuration and use by end users. Therefore, by enabling this option you are certain to break something for somebody. There is also no relationship what-so-ever between two different mailing lists except the fact that they happen to be (completely by happenstance) managed by the same MDaemon instance - but so what? That means nothing. This "feature" does not operate upon list messages with identical content that are delivered multiple individual times. This "feature" does not operate upon RCPT values that are not mailing lists. So, if a single message arrives in the same SMTP session for list-a@domain.com and list-b@domain.com and arvel@altn.com then arvel@altn.com would receive two copies if he's a member of list-a and/or list-b.
[13290] The Account Editor and Template Manager have been updated as follows: a new tab called "White List" has been added and the white list related options have been moved from the Options tab and placed onto this new tab. This gives me more UI space to work with. Also, the options moved to the new White List tab are still subject to over-riding spam filter and autoresponder settings as the revised help text on the tab explains however they are no longer greyed out as a result of those settings. This lets you configure them without having to worry about the state of other options on other screens.
[10816] Added right-click menu option to the bad queue which adds the deliver-to address to the spam honeypot. The address must be to a local domain and if it belongs to an existing account a warning popup will occur.
[3432] Autoresponder scheduling has been improved with the addition of checkboxes for each day of the week. When you set an autoresponder start and end time you can now select one or more days of the week that the autoresponder will operate on. All existing autoresponders will operate on every day of the week to preserve existing behavior, however they can be changed as needed.
[13294] Mobile theme - Mail Forwarding options have been added
[13297] Alt+M | ActiveSync | Devices will now present data by domain and then sorted by email address within each domain. Also a "please wait" popup box was added so that you know the data is being processed and the server hasn't locked up.
[12950] In the LookOut and WorldClient themes "Documents" has been added as a default view option.
[12528] In WorldClient it is now possible to set shared permissions to a folder and all of its sub folders by checking the box "Apply to sub folders" in the FolderShare view.
[12842] Added support for displaying custom buttons in the WorldClient UI. Edit \MDaemon\WorldClient\Domains.ini and set [Default:Settings] CustomButtonText1=the text to display on the button (up to 12 characters) and CustomButtonLink1=the URL to open when the button is clicked. Up to 5 buttons may be added.
[13006] Mailing list messages sent to disabled local accounts are simply ignored rather than moved to bad queue.
[9697] Added ability to restrict the size of individual files that can be uploaded to WorldClient's documents folders. Edit \MDaemon\WorldClient\Domains.ini and set [Default:Settings] MaxAttachmentSize=<value in KB>. The default is 0 which means there is no limit.
[9695] Added ability to restrict the types of files that can be uploaded to WorldClient's documents folders. In \MDaemon\WorldClient\Domains.ini enter (for example) "BlockFileTypes=exe dll js", or "AllowFileTypes=jpg png doc docx xls xlsx". The priority is BlockFileTypes. In other words if an extension is in both lists, the content will be blocked. If a list is empty, there is no check. The extensions can be separated by spaces or commas. Leading "."s on the extensions are optional.
[2095] Added size limit for attachments that can be uploaded to WorldClient's Compose view. Edit \MDaemon\WorldClient\Domains.ini and set MaxComposeAttachSize=<value in KB>.
[2687] WorldClient displays the size of the attachments in the Compose window. The value is in KB.
[13441] LookOut and WorldClient themes - Added ability to drag and drop attachments from a message to the desktop. Only supported by Chrome.
[11345] WorldClient - Added ability to set a default Reply-To address in the Options | Compose view. Once set, the Compose view will default to show the advanced options in Lite, Mobile, and LookOut, and will display the Reply-To input in the WorldClient theme.
[12886] WorldClient - Added option in Options | Personalize to print message attachments "Always", "Never", or "Decide on print"
[4758] The trusted hosts and trusted IPs editor have been split apart and placed on two separate screens at Ctrl+S | Security Settings and the ability to add comment text to each entry has been added. First time installation of 14.50 will process the old Relay.dat file into TrustedHosts.dat and TrustedIPs.dat. Relay.dat file is deprecated and will be removed. This change and several others like it have been made to allow for longer IP addresses within the UI necessary to support IPv6 address forms in future.
[9075] WorldClient's time zone option now defaults to the server's time zone rather than a blank value when no time zone has been set.
[6004] WorldClient now includes the names of distribution groups in the Compose view's recipient field autocomplete choices.
[6445] WorldClient's autoresponder editor now adjusts the start and end times to be in the user's time zone instead of the server's time zone.
[12335] LookOut and WorldClient themes - added a calendar view which shows events in a list format
[8204] WorldClient - added a default reminder option under Options | Calendar
[12162] LookOut theme - Added ability to collapse and expand the favorite folder list
[6724] WorldClient - Added drop down list of strong password requirements. Viewable by clicking on the icon next to the "Password" information, and shows up when a user's password change does not meet the requirements.
[13528] WorldClient - Added autocomplete with distribution lists to the add attendee controls for event creation/editing in all themes but Mobile.
[13520] Added ACL file cleanup routine to daily maintenance event. Also you can create ACLFIX.SEM in the \App\ folder to trigger just this cleanup routine.
[13544] Account exports (Accounts.csv file) no longer includes passwords by default. If this is not to your liking you can set the following key in MDaemon.ini using Notepad, but this is not recommended: [Special] ExportPasswords=Yes.
[13283] WorldClient - Added option to set a default event length for new calendar events
[13594] The date/time stamp within logs now include a millisecond value (from 000 to 999) for added precision.
[13604] The Authentication-Results and X-Authenticated-Sender headers that MDaemon sometimes inserts into messages will now use the actual email address passed to the SMTP server for authentication (which could be an alias to an actual account) rather than always exposing the actual email address. This protects against potential address harvesting.
[12298] The message that WorldClient sends to the postmaster when dynamic screening bans an IP now mentions the username attempted.
[13367] WorldClient supports sending secure/private encrypted messages via RPost. Enable this feature on the Compose options page.
[13618] Mobile theme - Added ability to attach documents to messages in the compose view
[13655] MDaemon's active sessions list now displays SSL/TLS use.
[6022] WorldClient - Added contact pictures for Lite, LookOut, and WorldClient themes.
[13533] WorldClient theme - Copy/Move dialog only displays folders of the correct type.
[12435] The disk space values found at Ctrl+O | Preferences | Disk have been converted and migrated from KB to MB. New defaults are 100MB for the warning email and 10MB for the auto-shutdown. Your migrated values could be less than that which is fine and will preserve previous behavior.
[5592] Over-quota message refusals will no longer happen after DATA when multiple RCPTs were provided. Instead, the message is delivered possibly placing an account into a slightly over quota state. However, any subsequent delivery attempts to the over quota account will be refused. This change was necessary in order to (a) maximize the use of an accounts quota value (b) avoid a problem wherein a single message delivered to multiple recipients is refused for all recipients if accepting the message would put even one of the recipients over quota. Also, the quota check has been moved up the processing chain so that it is the first thing which happens after DATA is completed rather than last in the list.
[13780] Double clicking a list member in the List Editor will load the member's settings into the edit controls so you can change a specific entry without having to remove it. This process converts the "Remove" button into a "Replace" button which will save your edits. Clicking any other button on the screen switches back to "Replace" mode.
[13775] "Post only/nomail" label was changed to "Toggle post only" on Mailing List editor button.
[13790] Added a new option to Ctrl+S | Sender Authentication | SMTP Authentication which forces AUTH for all SMTP sessions. This is useful in certain configurations in which all incoming connections can be expected to conform. When enabled, MDaemon will respond to DATA with a 5xx error-code unless the session has been previously authenticated. This option honors the "requires authentication to match the message sender" checkbox. Connections from trusted IPs and local loopback are not subject to this option. This option is disabled by default.
[13789] Added a new option to Ctrl+S | SSL & TLS | MDaemon which forces all incoming connections to use STARTTLS. This is useful in certain configurations in which all incoming connections can be expected to conform. When enabled, MDaemon will respond to MAIL with an error-code unless STARTTLS has succeeded. Connections from trusted IPs and local loopback are not subject to this option. This option is disabled by default.
[13796] When MDaemon detects a semaphore file that it does not recognize it will state so in the system log.
[13245] The ActiveSync server will not send reminders for events in a shared calendar folder to users who do not have write access to the folder.
[13821] The SPF white list now also applies to the SMTP envelope email address.
[13483] An ActiveSync log viewer application is now bundled with MDaemon. Run \MDaemon\ASLogViewer\ASLogView.exe.
[14025] The Ctrl+Q | "Include original message when informing sender" option has been deprecated and removed. MDaemon's DSN system includes the headers of the original message but never the whole thing.
[14026] The Ctrl+Q | "Inform the sender when message is placed in retry queue" option has been deprecated and removed. MDaemon always sends DSNs when required in order to comply with Internet standards.
[14027] The "Place undeliverable DSN messages into the bad message queue" option was moved from the Ctrl+Q | Retry Queue tab to the Ctrl+Q | DSN Options tab.

FIXES

[12434] fix to missing listadmins.dat file preventing manual editing button from opening the file for edits
[13185] fix to WorldClient theme Choose File button truncated in some languages
[13152] fix to WorldClient theme Instant Messenger some strings not translated
[13149] fix to WorldClient theme advanced search strings overlapping checkboxes in some languages
[13187] fix to some settings in Remote Administration do not show the same default values that MDaemon does
[13130] fix to WorldClient and LookOut themes lists do not scroll to the top after changing pages
[13184] fix to quota.msg losing data due to not being thread-safe; also the Date: header gets updated now when this file changes
[9616] fix to X-Spam-Flag header being removed errantly when the option to strip X- headers enabled
[13206] fix to LookOut theme menu bar is truncated in some languages when right- clicking and selecting the Share Folder option
[13319] fix to WorldClient theme when you right-click a message, the Add Contact feature does not add the contact
[12988] fix to WorldClient theme unable to utilize preview pane on an iOS device
[12755] fix to WorldClient Signature editor does not save changes in Source view
[13452] fix to unable to forward/redirect to more than one address with User IMAP filters in Remote Administration
[13459] fix to apply button not working in MD GUI's mailing list editor
[13463] fix to spam filter exclude file not working right when specifying header/value combinations
[12452] fix to C:\MDaemon directory is created when doing a fresh install to a different location
[5016] fix to LookOut and WorldClient themes - New appointment button does not use selected date in Week view
[10337] fix to WorldClient - When printing an email with a large attached image the image is truncated in the printout
[13467] fix to Remote Administration's Domain Manager Host fields not matching up with MDaemon
[13073] fix to browser prompts to install a plugin when receiving instant messages in the WorldClient theme by adding an option to disable the new message sound.
[13499] fix to errant event log entries about holding queue when messages in bad queue
[13650] fix to main screen splitter position not being saved across re-starts
[12347] Messages are now checked for queue expiration at the start of message processing rather than at the end of a delivery attempt. This solves a bug in which at times some messages were left in retry queue too long.
[12712] fix to RECALL feature not working with message directory hashing option enabled
[9251] The check-box within the Domain Manager to skip message size checking for authenticated sessions has been replaced with an edit control where you can enter a separate max message size for authenticated sessions. This way authenticated senders an have one max message size set for them which is different from the one applied to non-authenticated senders.
[13208] Ctrl+P | DNS-BL | Hosts now includes a test button which will test the "DNS-BL host" value by looking up 127.0.0.2.
[13628] fix to WorldClient & LookOut themes - When printing a sent message, the BCC header is not included in the printout
[12042] fix to LookOut theme - when creating a signature, it does not use the default font size that is currently selected
[12943] fix to LookOut and WorldClient themes - when zooming out with two calendars shown side-by-side, the calendar pane on the right goes blank
[13742] fix to quarantine queue visible in MDRA if SecurityPlus is not installed
[12525] fix to LookOut and WorldClient themes - BlackBerry Wired Activation gets stuck on "Loading device(s)" when using IE 11
[13745] fix to Account Manager not keeping selected item in focus across an account edit operation
[5631] fix to WorldClient - blank contacts can be created
[8576] fix to LookOut theme - Message Preview - Unable to transition from inline message preview to hide message preview and vice versa
[13754] fix to potential message loop when postmaster forwards mail
[10486] fix to MDaemon sends duplicate copies of mailing list messages to recipients who are members of multiple groups that are members of the mailing list
[4360] fix to shared folder ACLs are not updated when changing an account's email address
[11566] fix to blank lines are added to the message body when composing plain text messages in WorldClient using IE 10
[13432] fix to Remote Administration not saving changes to WorldClient's Dynamic Screening properly
[13186] fix to Remote Administration not displaying Daily Cleanup times correctly
[13324] fix to ActiveSync outbound byte statistics not always being updated in MDaemon GUI
[13526] fix to WorldClient may insert extra lines in exported calendar CSV files
[13920] fix to quota sent-per-day not always working when aliases were used

MDaemon 14.0.3 - July 15, 2014

CHANGES AND NEW FEATURES

[13310] Added Korean language to MDaemon Remote Administration and WorldClient Instant Messenger

FIXES

[13090] fix to meeting invitation shows that the invitee is the organizer whenever request is synced to iPhone via ActiveSync
[13234] fix to changes to account ActiveSync Public Folders setting not being saved in Remote Administration
[13200] fix to "554 Sorry, message looks like spam to me" sent twice in SMTP session in some configurations
[13079] fix to domain specific smart host not being used in some configurations
[13015] fix to authentication not taking place when sending to smart host(s) in some configurations
[13145] fix to smart host being ignored upon A record lookup failures in some configurations
[8397] fix to messages bouncing back errantly in some configurations
[13153] fix to queue-based spam filter scan not being performed if errors happened during SMTP session spam filter scan
[13142] fix to WorldClient theme may open the previously selected message when attempting to print a different message
[12693] fix to some calendar views in the WorldClient and LookOut themes may incorrectly include events from the previous or next day
[12648] fix to Mobile theme unable to edit public calendar entries
[13204] fix to Content Filter may modify messages in a way that breaks DKIM signatures when AV is enabled
[13076] fix to new WorldClient IM windows open without a place to type a response
[13151] fix to WorldClient theme left column too narrow for some languages
[12299] fix to script error when editing a contact's name in the LookOut theme using IE 8
[13284] fix to memory leak when the "Use recursive aliasing" option is enabled
[13302] fix to the From header in generated autoresponder messages may not be encoded properly
[13381] fix to a duplicate event is created when viewing a meeting invite in Outlook with Outlook Connector after it has been accepted using WorldClient or ActiveSync
[13386] fix to MDaemon Remote Administration assigning a template when editing or creating a group
[13421] fix to PIM items may get out of sync if they are changed on both the server and ActiveSync device between syncs
[12415] fix to WorldClient's Standard theme Compose page not working with MDaemon 14 by installing an update from KBA-02597

MDaemon 14.0.2 - May 14, 2014

FIXES

[13156] fix to mailing list messages getting stuck in the inbound queue

MDaemon 14.0.1 - May 13, 2014

SPECIAL CONSIDERATIONS

[12974] WebAdmin has been renamed to MDaemon Remote Administration.
[12975] ComAgent has been renamed to WorldClient Instant Messenger.

CHANGES AND NEW FEATURES

[9932] Added Manual Learn button to MDaemon Remote Administration's Spam Filter Bayesian Classification section.
[11288] MDaemon Remote Administration now allows log files to be viewed in a new window.
[12846] MDaemon Remote Administration logos and color scheme updated.
[10907] ActiveSync WhiteList and BlackList support wildcards.
[9949] Added MDaemon Remote Administration mailbox reports for quotas for mailbox size and message count.
[12948] WorldClient theme selection behavior changed to not select the checkbox unless the checkbox is clicked.
[12672] Added the ability to nick name favorite folders from the context menu in the LookOut and WorldClient themes.
[10957] Added the ability to select a default From address on WorldClient's Options | Compose page.
[13037] Changed the date formatting in the WorldClient theme's message list to match the simpler look.
[12973] The trial installation process has been streamlined. The installer asks for less customer information and retrieves a trial key automatically. The initial trial period is 14 days but can be extended to the full 30 days by clicking on the link on the Help | Register Your Alt-N Products dialog and following the instructions on our web site.

FIXES

[13122] fix to WorldClient vulnerability that may allow remote code execution
[12910] fix to error 5 when compacting the statistics database
[12289] fix to MDaemon Remote Administration showing inactive quota data in Mailbox Summary Report
[12930] fix to unable to copy/move messages to public folders via MDaemon Remote Administration
[12921] fix to quota settings appear over the "New Email" button in the WorldClient theme
[12925] fix to unable to log in to WorldClient theme using Russian language
[12926] fix to opened email message windows appear blank in the WorldClient theme using Italian language
[12903] fix to incorrect default cursor location when using Advanced Compose in the WorldClient theme
[12834] fix to ActiveSync does not hide PIM items marked private in shared folders
[12887] fix to "Prevent this page from creating additional dialogs" prompt when printing in WorldClient theme using FireFox
[12841] fix to ActiveSync may not list all shared folders that a user has access to
[12966] fix to Copy/Move dialog in MDaemon Remote Administration not sized properly to accomodate large Public Folder paths
[12883] fix to WorldClient theme mark all read and delete all options dot not work in the folder list for the Catalan language
[12911] fix to the WorldClient theme favorites section missing until you log back in when message list threading is toggled
[12756] fix to WorldClient theme view unread messages filter lost when message list is resized
[12979] fix to WorldClient and LookOut themes deleting messages from the external message view does not always show that the message is deleted in the list
[12890] fix to LookOut theme message header color changes in external message view when toggling the expand button
[11854] fix to LookOut theme two line header output in message list hides replied and forwarded flags
[12769] fix to LookOut and WorldClient themes Message preview pane does not refresh when all messages are moved out of a folder
[12877] fix to WorldClient theme when using a transparent png as custom banner, the transparency does not work on the Logon page
[12777] fix to WorldClient theme after reading a message in the preview pane it remains scrolled down when switching to the next message
[9858] fix to Lite theme cannot switch between themes in Options | Personalize using iPad
[12955] fix to WorldClient theme advanced search date selection does not work
[12924] fix to WorldClient theme not very clear which messages are unread
[12902] fix to LookOut and WorldClient themes - certain User.ini values cause the Options | Personalize page to get stuck in a refresh
[13012] fix to able to enable Instant Messaging in MDaemon Remote Administration without having WorldClient Instant Messaging enabled
[12076] fix to LookOut and WorldClient themes - when clicking Options>Outlook Connector the screen is reloaded to the first screen that is displayed after login
[12715] fix to WorldClient theme - Advanced search beginning date picker not opening in IE
[13036] fix to JavaScript error on MDaemon Remote Administration's User ActiveSync Devices page
[13038] fix to WorldClient theme - Folder context menu contains option to delete "default" folders
[12899] fix to Remote Administration's autoresponse saving logic to differentiate between shared and personal autoresponse files
[12952] fix to WorldClient theme cannot resize the folder list frame
[13101] fix to potential crash when editing an account in Remote Administration
[12588] fix to filenames of attachments downloaded from WorldClient using IE 11 may be corrupted
[12701] fix to WorldClient does not detect inline images in certain messages as being inline
[13090] fix to meeting invitation shows that the invitee is the organizer whenever request is synced to iPhone via ActiveSync
[12272] fix to embedded images in HTML messages are not displayed on Android devices
[12680] fix to BlackBerry 10 devices show HTML messages as plain text after updating to MD 14

MDaemon 14.0.0 - March 25, 2014

SPECIAL CONSIDERATIONS

[10732] Product registration system has been updated to utilize a digitally signed XML based license file. This approach allows for greater flexibility, and will enable ALT-N to offer new innovative purchasing and renewal options. The installation process will automatically download the license file. Product activation has been replaced by a scheduled mechanism that will update the license file on a periodic basis. The system is able to accommodate temporary connectivity outages, however communication with the licensing service is required for continued use of the product.
[12415] WorldClient's Simple theme has been renamed to Lite. MDaemon Lite's WorldClient will use this theme. The Standard theme is no longer included with MDaemon. It will be available as a separate download.

MAJOR NEW FEATURES

[12504] NEW WORLDCLIENT THEME (Requires MDaemon PRO)

A new theme, WorldClient, has been introduced in response to customer requests for a more modern, browser-based email client. This new theme incorporates numerous design elements from popular consumer and business browser-based email clients and was designed with input from professional UI/UX development teams.

This new WorldClient theme is now the default WorldClient theme for new installs. When updating, the installer will ask if you want to change your default to this new theme.

[12091] ACTIVESYNC SERVER NOW SUPPORTS SHARED FOLDERS (Requires MDaemon PRO and active ActiveSync Software License Renewal)

MDaemon's ActiveSync server now supports other users' shared folders in addition to personal and public folders. The behavior of any client accessing shared folders via the ActiveSync protocol can vary. While MDaemon's ActiveSync implementation supports Email, Events, Contacts, Tasks and Notes, not all device clients are capable of handling this data.

[12723] The MDaemon GUI has controls to turn ActiveSync shared folders on or off at the global level (at F2 | Server Settings | Public & Shared Folders and Alt+M | ActiveSync | Options), at the domain level (at Alt+F2 | Domain Settings | Options), or account level (at Account Editor | Mail Services). "Inherit" means the domain or account will use the value that was configured at the global or domain level.

CHANGES AND NEW FEATURES

[12432] The Dynamic Screening "Account failed authentication" emails to the postmaster now list the date, time, IP, and protocol for the failed attempts.
[6250] MDaemon now logs "Failed $PROTOCOL$ authentication attempt from $IP$ for "$EMAIL$"" to make it easier to find and troubleshoot authentication failures.
[4715] Added support for inline images in domain signatures. An image may be added...
- From WebAdmin...
- By using the " $ATTACH_INLINE:path_to_image_file$" macro in the signature HTML. For example, <IMG border=0 hspace=0 alt="" align=baseline src="$ATTACH_INLINE:c:\images\mr_t_and_arnold.jpg$">
[8031] WorldClient supports adding inline images to composed HTML messages. Users can upload images using the same methods mentioned above for WebAdmin in [4715].
[9703] WorldClient's LookOut theme now features a side by side calendar view.
[12388] WorldClient's HTML compose editor has been updated to a newer version that is compatible with IE 11.
[12669] WorldClient's English and English-UK spell check dictionaries have been updated.
[12364] WebAdmin now allows Global Administrators to Freeze/Unfreeze mail queues.
[9332] WebAdmin now includes Queue Management functionality for Global Administrators.
[12087] WebAdmin's Account Manager now displays icons for OC and AS users.
[3920] Added "Return port settings to defaults" to WebAdmin.
[11287] WebAdmin now allows Global Admins to configure Outbreak Protection settings.
[11311] WebAdmin now allows Global Admins to configure server-wide Autoresponder settings.
[4381] It is now possible to administer the WorldClient server settings via WebAdmin.
[2222] Added HTML support in CF "Append a corporate signature" action. Updated WebAdmin to use an HTML editor to edit the signature. Inline images are supported and may be uploaded using WebAdmin or the $ATTACH_INLINE:path_to_image_file$" macro.
[12554] ActiveSync User Agent protocol restrictions can now be set using the entire value, not just the portion preceding the forward slash.
[12767] ActiveSync protocol restrictions now support * and ? wildcards.

FIXES

[12500] fix to issues releasing certain messages from Spam Trap or Holding Queue using WebAdmin
[12470] fix to problems releasing or requeuing messages from the Holding Queue using WebAdmin
[12515] fix to The "Automatically decline requests that conflict with an existing event" option does not account for events with a busy status of "Free"
[12509] fix to Save button not always enabled for Domain Admins on User Editor | Mail Services tab in WebAdmin
[12529] fix to in WebAdmin certain content filter rule conditions are not correctly synched with MDaemon
[12425] fix to ActiveSync server does not support the "Limit .old file roll overs to one per day" logging option
[12457] fix to IMAP folder subscriptions are not updated when creating, renaming, or deleting folders using ActiveSync
[12615] fix to invalid message subject characters may cause an error when attempting to view the Spam Trap folder in WebAdmin
[12066] fix to vague error when changing user password in WebAdmin to an invalid value
[2205] fix to mailing list thread numbers do not work properly when the subject line is encoded
[12270] fix to messages sent from Outlook 2013 using ActiveSync may display incorrect characters when received by an Outlook IMAP or Outlook Connector account
[12447] fix to the From header in generated autoresponder messages does not have the full name encoded
[12635] fix to contact birthday and anniversary not being synced to ActiveSync devices
[12650] fix to being unable to unfreeze or re-enable account in WebAdmin under certain circumstances
[12587] fix to WorldClient Options | Filters page may not list rules when the search text or folder name contain certain characters
[12565] fix to the "Has Attachment", "Is Unread", and "Is Flagged" Advanced Search options do not work in WorldClient's LookOut theme
[12663] fix to bad queue summary emails may not list all messages in the bad queue
[12448] fix to MDaemon does not remove old config backups if the config backup directory has been changed
[12376] fix to MD GUI's IP Shield list box does not have a scroll bar
[12271] fix to WebAdmin reports contain no results for custom date range where start and end dates are the same
[12584] fix to WorldClient crashes when viewing All Contacts if RelayFax integration is enabled
[11720] fix to WorldClient lists inline images as attachments when composing
[12701] fix to WorldClient does not detect inline images in certain messages as being inline
[9690] fix to WorldClient's LookOut theme may not show the note's contents on the Advanced Edit view
[12662] fix to WorldClient's LookOut theme may show incorrect colors for notes
[12641] fix to WorldClient LookOut theme's message list doesn't refresh when a new message arrives in an empty folder
[12359] fix to dynamic screening does not block other active connections from an IP that is blocked due to repeated authentication failures
[12727] fix to WorldClient's LookOut theme only marks the first message as read when using the delay before marking read option
[12783] fix to not enough room in WebAdmin's Holding Queue settings for Summary Email frequency
[11668] fix to ComAgent does not handle mailto URLs on Windows 7
[4631] fix to Comagent's tooltip never refreshes message count
[12077] fix to attachments of PIM items saved by Outlook Connector are corrupted when the items are edited in WorldClient
[12745] fix to Account Editor may move an account's mail to a different directory after the mailbox name is changed

MDaemon is a registered trademark of Alt-N Technologies, Ltd.