MDaemon Email Server | Secure On-Premise Email
C&C Software - Canadian Distributor for MDaemon Wednesday, November 22, 2017


C&C Home | Product Portfolio | Resellers | Blog Icon

Overview | Features | Pricing | Purchase | Download | Support | Anti-Virus| Contact Us | Blog Articles

MDaemon 17.5.1 - October 24, 2017

SPECIAL CONSIDERATIONS

[19710] The Dynamic Screening option to freeze accounts after a number of authentication failures is now off by default. It will be turned off when updating to version 17.5.1. If you want to turn it back on, go to Security | Dynamic Screening | Auth Failure Tracking.

CHANGES AND NEW FEATURES

FIXES

MDaemon Server v17.5 Release Notes

MDaemon 17.5.0 - September 26, 2017

SPECIAL CONSIDERATIONS

[18481] BlackBerry Enterprise Server (BES) for MDaemon is not compatible with MDaemon 17.5 or newer. There will not be a new version of BES for MDaemon that is compatible. MDaemon's installer will disable BES if it is detected. Uninstall BES to not be prompted about it. Screens about BES have been removed from the MDaemon UI.

[10327] Added quarantine exclusion lists to allow password-protected files from or to configured senders and recipients. At Security | AntiVirus, enable "Allow password-protected files in exclusion list..." and click the "Configure Exclusions" button. Note that as of SecurityPlus 5.1.0, the ClamAV Plugin may quarantine password-protected files before the main AV engine can scan them. An option is to disable the ClamAV Plugin.

MAJOR NEW FEATURES

[11481] LOCATION SCREENING

A geographically based blocking system has been developed which allows you to block incoming SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger connections being attempted from unauthorized regions of the world. A new screen has been added at Ctrl+S|Screening|Location Screening to configure this.

When the connecting IP is from a blocked country an entry can be logged in the Dyanmic Screening Log.

[18722] DYNAMIC SCREENING FOR ALL PROTOCOLS/SERVICES

MDaemon's dynamic screening has been expanded to operate with SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger. Authentication failures are tracked across all of these services and IPs can be blocked for all of them. Settings are in the UI at Security | Dynamic Screening. The log is on the Plug-ins | Dynamic Screen tab. WorldClient's separate Dynamic Screening system has been removed.

[5801] PIM ATTACHMENTS

PIM (calendar, contact, tasks, notes) items now support attachments.  Attachments may be added to a PIM item via WorldClient, Outlook Connector, or CalDAV/CardDAV.  When scheduling a meeting, any attachments will be sent to the meeting attendees.

LookOut and WorldClient themes - Implemented PIM attachments for Calendars. A new tab was added in the Calendar Edit view that allows users to add file attachments to an event/meeting. As long as a user has read access to an event, the attached files can be downloaded by the user. Only users with edit access can upload or remove attachments from a given event/meeting. Other themes will not be able to edit the attachments, but the attachments will not be lost when an event/meeting is edited.

[15733] PGP KEY-EXCHANGE DURING SMTP

A new checkbox on the MDPGP GUI enables/disables automatic transaction of public keys as part of the SMTP message delivery process. If enabled, MDaemon's SMTP server will honor an SMTP command called RKEY.

When sending an email to a server that supports RKEY MDaemon will offer to transmit the sender's then current and preferred public-key to the other host. That host will respond indicating that it either already has that key and thus no further work need be done ("250 2.7.0 Key already known") or that it needs that key in which case the key is immediately transferred in ASCII armored form right then and there ("354 Enter key, end with CRLF.CRLF") just like an email message. Keys that are expired or revoked are never transmitted. If MDaemon has multiple keys for the sender it will always offer up the key that is currently marked as preferred. If no key is preferred then the first one found is offered. If no valid keys are available then no work is done. Only public-keys that belong to local users are offered.

Public-key transfers take place as part of the SMTP mail session that delivers the message from the user. In order for the public-keys transmitted in this way to be accepted the public-key must arrive along with a message that has been DKIM signed by the domain of the key owner with the i= set to the address of the key owner which also must exactly match the From: header address of which there can be only one. The "key owner" is taken from within the key itself. Also, the message must arrive from a host in the sender's SPF path. Finally, the key owner (or his entire domain via use of wildcards) must be authorized for RKEY by adding an appropriate entry to the MDPGP rules file (instructions are in the rules file for this) indicating that the domain can be trusted for key exchange. All this checking is done automatically for you but you must have DKIM and SPF verification enabled or no work can be done.

The MDPGP log will show the results and details of all keys imported or deleted and the SMTP session log will also track this activity. When it works right your SMTP session logs will show details of key transactions and the MDPGP log file will fill with details.

This process tracks the deletion of existing keys and the selection of new preferred keys and updates all participating servers it sends mail to when these things change.

CHANGES AND NEW FEATURES

Group GUID Group Name GUID Full Name Email
The Jedis Anakin Skywalker ani@jedi.mail
Leia Organa leia.organa@jedi.mail
Luke Skywalker luke.skywalker@jedi.mail
Yoda yoda@jedi.mail
The Siths Darth Maul darth.maul@sith.mail
Darth Vader darth.vader@sith.mail
Emperor Palpatine emperor.palpatine@sith.mail

When importing, the Group GUID is replaced with a freshly generated GUID. If no Group Name is included, the name will be displayed without translation as "ImportedFromCSV_%GUID%", where %GUID% is replaced with the first five characters of the GUID. Leaving the cells to the right of a group name empty will result in the next line being the first member of the group/list. The Email field is required for a member to be added.
  • [15783] LookOut and WorldClient themes - Added Voice Recording feature. This feature requires a microphone and is only available in certain browsers. It can be disabled by the admin on a per user basis by adding EnableVoiceRecorder=No to the User.ini. Users are limited to five tracks of five minutes each. Attempting to record more than 5 tracks will result in either the selected track, or the first track, being replaced by the new recording (the user will be prompted). After recording is stopped (either automatically or by the user), the track is converted to an mp3 and uploaded to the server. Users have four options regarding each track: Users can only act on one track at a time. For example, only one track can be attached to a message. If a user wants to attach multiple tracks to a message, the user will need to save each track to the default documents, and do the attaching from there.
  • [13361] LookOut and WorldClient themes - Users can now reorder favorite folders by dragging and dropping them in the favorites list.
  • [14784] LookOut and WorldClient themes - New folder management features in the Options | Folders view and in the main folder list view.
    In the folder list view (left pane): In the Options | Folders view, the folder tree is now collapsible, and the New Folder dialog has been moved to an external window like in the WorldClient theme.
  • [8360] Lite, LookOut and WorldClient themes - Added an option to choose the font size for plain text Compose under Options | Compose. The option (Compose Font Size) is always visible in Lite theme, and only visible in LookOut and WorldClient themes when HTML Compose is turned off.
  • [8937] WorldClient - The paperclip is no longer displayed in the message list for new messages that only include inline images, unless the "List All Attachments" option is turned on under Options | Personalize.  This only affects new messages, so old messages will continue to show the paperclip in the case that only inline images are attached to the message.
  • [18526] LookOut and WorldClient themes - Users can now open file attachments in the browser (if the browser supports it) by clicking on the name of the file in the message preview or external message window. To download the attachment, click the download icon next to the name.
  • [5494] LookOut and WorldClient themes - Added options to Export a contact in vCard 4.0 format. The "Export vCard" button will download the vCard. The "Send vCard" will open a new Compose window with the vCard(s) attached.
  • [18345] LookOut and WorldClient themes - Added a "None" option in the Compose view Signatures select dropdown
  • [18397] LookOut and WorldClient themes - Added a setting in Options | Personalize to close the message window when the user deletes the message (external window only), which also preempts the opening of the next message in the list.
  • [18312] WorldClient theme - Updated the look of Notes, and added an option to change the color of the note by clicking on the note icon in the top left corner of the note.
  • [18728] LookOut and WorldClient themes - Added settings in the Options | Compose view to allow users to choose a signature for replying and forwarding respectively.
  • [17255] LookOut and WorldClient themes - Added an option to not include signatures in replies or forwards. Under the same settings for 18728 the user can choose "No Signature" for replies and/or forwards.
  • [18179] All Themes - the User cookie is now set to the current value of the User field on login form submission
  • [9343] LookOut and WorldClient themes - Added the ability to search for attachment names in the advanced search
  • [18479] All Themes - Added indexed data search for message bodies and attachment names
  • [12349] All Themes - WorldClient now includes the ability to choose between downloading the 32 bit and 64 bit OC Plugin Installers.
  • [9644] Removed MSXML 4 from the installer.
  • [18768] Added support for password protected chat rooms to XMPP server.
  • [18769] Added support for password-protected chat rooms to WCIM client.
  • [18805] WorldClient theme - Simplified the look of the Compose view. Advanced options can be displayed by clicking one button. Save (without closing) option added. Clicking the X in the top right corner will discard a draft, instead of just closing the window. The subject is displayed in the header as the user types it. Moved the Send, Save, and Save and Close options to the footer. The entire attachments section is the drag and drop area.  Moved the paragraph justification buttons down to the second level in the HTML editor options.
  • [8769] LookOut and WorldClient themes - Added message list context menu options to "Whitelist Sender" and "Blacklist Sender". If clicked, the sender of the selected message(s) will be added to the Whitelist or Blacklist contact folder. These options can be hidden by adding HideEmailAddressHoverMenus=Yes in the Domains.ini under [Default:UserDefaults], or adding the same to a user's User.ini file.  When using these options, users can select multiple messages to Whitelist/Blacklist.
  • [18696] LookOut and WorldClient themes - Added an option under Options | Compose to allow users to use the Dropbox Preview Link. The default is the Dropbox Direct Link.
  • [18209] Turned off EditBISInboxMapping in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults]. This hides the "Push to Blackberry" column in WorldClient's Options | Folders view. This can be enabled for all by changing it back to Yes in the MDaemon\WorldClient\Domains.ini or per user by adding it to the [User] section of a user's User.ini file.
  • [16847] Increased the number of custom buttons allowed in WorldClient to eight.
  • [18194] WorldClient theme - Date now displayed when printing a calendar in Calendar View mode.
  • [18861] A new screen at Setup | Outlook Connector | OC Client Settings | Add-ins lets the admin configure Outlook add-ins for Outlook Connector to disable. Requires Outlook Connector 5.0 or newer. Select a default action, Allow or Disable, which applies to new or unlisted add-ins. Individual add-ins and their actions (whether to Allow, Disable, or use the default action), are displayed in a list box. OC clients will populate the list, or admins can add them from the UI.
  • [13179] WorldClient - Added ability for users to view their last ten successful logins on the Options | Security page. This is enabled by default. To disable this option, set DisplayLoginHistory to No in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults].
  • [3548] WorldClient - Added Internationalized Domain Name support, so that IDNs will not be displayed in punycode, but instead in UTF-8.
  • [18897] LookOut and WorldClient themes - under Options | Compose, the Compose Height and Compose Width options have been removed when HTML Compose is unchecked, because the height and width of the text area in the compose view is auto resized to fit the window.
  • [12412] LookOut theme - Added a delete button to the appointment editor that works like the one in the WorldClient theme.
  • [18936] Added ability to disable SSL in XMPP Server by adding in \MDaemon\XMPPServer\settings.ini...
        [Server]
        EnableSSL=No
  • [9987] Added support for account IMAP filters with multiple conditions that can be combined using AND or OR. The filter rule creation UI has links that let you edit each part of the rule. Click the "[+]" link to add a condition and the "[x]" link to remove a condition.
  • [15967] When MDaemon 17.5+ first starts up, if MDaemon has never been configured to use SSL it will automatically generate a default self-signed certificate and enable SSL for MDaemon, WorldClient, and Remote Administration.
  • [19042] POP3, IMAP, and SMTP server authentication changes to make them more consistent, improve logging, and not give as much information about failures to clients. When a username is sent to MDaemon in an encoded form, MDaemon logs it in plain text. When authentication is successful MDaemon logs the account's email address. When authentication fails MDaemon logs the reason but the error message sent to the client is generic. Authentication failures due to invalid username or password are reported to Dynamic Screening, but not those due to the account being frozen, set to do not disturb, expired password, etc.
  • [17773] MDRA - Added a "Message Search" page under "Messages & Queues" for Global Admins. This view allows the admin to search a single user's message folders. The maximum number of messages returned is 10,000. After getting a list of messages, the admin can view the message, and related log entries from the Routing, SMTP(in and out), DomainPOP, and MultiPOP logs. Logs will only be displayed if the Statistics Database is enabled under Setup | Server Settings | Logging | Statistics Log.
  • [10679] Content Filter - Added ability to block attachments in nested ZIP files up to 5 levels deep.
  • [19226] WorldClient theme - Increased the email address input length to 76 characters, which is the maximum length of an MDaemon email address.
  • [19212] The files NoTarpit.dat, DynamicScreen.dat, and AuthErrors.dat in the \MDaemon\App directory are no longer used.
  • [19078] Added complex Filters to WorldClient. Unsupported themes will not be able to save changes to existing filters.
  • [19160] WorldClient theme - Deferred Delivery - Added an alert that tells the user when the message will be sent
  • [19316] MDaemon creates registry entries for Windows Error Reporting to save memory dumps if MDaemon.exe, CFengine.exe, WorldClient.exe, WebAdmin.exe, or WCXMPPServer.exe crash. This functionality requires Windows Server 2008/Windows Vista or later. Dump files will be saved to the \MDaemon\Dumps folder. This location may be changed by editing \MDaemon\App\MDaemon.ini and setting [Directories] CrashDumps.
  • [17570] Added performance counters for the number of connections refused by IP Screen, Dynamic Screen, Host Screen, and Location Screen.
  • [18939] Added performance counters for whether a new version of a product is available and the number of days left in the license for each product.
  • [9989] WCIM - Added buddy grouping.  The default group is "Buddies".
  • [13293] Added an account settings option (enabled by default) to automatically place new meeting requests on the receiving user's default calendar, marked Tentative.
  • [19340] MDRA - Added Location Screening view
  • [19247] WorldClient - Improved the error message when entering an invalid password on the change password page (when forced to change password by admin).
  • [19359] WorldClient - Improved the error message when a user uses an old password.
  • [19385] WorldClient and MDRA - Updated CKEditor to version 4.7.1
  • FIXES

    MDaemon Server v17.0 Release Notes

    MDaemon 17.0.2 - May 19, 2017

    SPECIAL CONSIDERATIONS

    FIXES

    MDaemon 17.0.1 - May 16, 2017

    SPECIAL CONSIDERATIONS

    CHANGES AND NEW FEATURES

    FIXES

    MDaemon 17.0.0 - March 21, 2017

    SPECIAL CONSIDERATIONS

    [17978] The option "Enable APOP & CRAM-MD5" found at F2|Server Settings|Servers has changed to disabled by default for security and technical reasons. Using TLS is the preferred way to avoid transmission of passwords in the clear.

    [17977] The "Global AUTH Password" setting at Ctrl+S|Sender Authentication|SMTP Authentication has been deprecated and removed.

    [18067] All settings related to ADSP found at Ctrl+S|Sender Authentication|DKIM Verification and a single option related to the use of the RS= tag found at Ctrl+S|Sender Authentication|DKIM Settings have been deprecated and removed.

    [17337] In-browser WorldClient Instant Messenger (WCIM) has been removed from the LookOut and WorldClient themes due to incompatibility with the new XMPP WCIM server.

    [8314] The option "Store mailbox passwords using non-reversible encryption" (see below) is disabled by default for existing installs to avoid breaking anything for anyone who depends on incompatible features, but for security reasons we recommend enabling it if you can.

    [17122] WorldClient Instant Messenger (WCIM) now uses the XMPP protocol for instant messaging, which is not compatible with the old chat protocol. Users who do not update to the new version will not be able to instant message with users who have updated. Address book synchronization with Outlook has been removed from WCIM.

    MAJOR NEW FEATURES

    [17122] XMPP support for WorldClient Instant Messenger (WCIM)

    WCIM now uses the XMPP protocol for instant messaging instead of WorldClient's proprietary protocol. This allows the WCIM desktop client to communicate not only with other WCIM clients, but any third-party XMPP clients (including mobile clients) connected to your MDaemon's XMPP server.

    WCIM now has two types of connections, "WCMailCheck" which connects to WorldClient for new mail notifications and message counts, and "WCIMXMPP" which connects to the XMPP server for instant messaging. When updating to version 17, WCIM will automatically migrate IM contacts from the old system to XMPP and create a WCIMXMPP account.

    [10808] WORLDCLIENT DROPBOX INTEGRATION

    A new screen has been added to Ctrl+W|WorldClient (web mail)|Dropbox. Here you will find controls where you can enter your Dropbox "app key", "app secret", and privacy policy text. All are needed in order to enable the integrated service and they are all obtained when you register your WorldClientas a Dropbox "app" by visiting the Dropbox website. We cannot do this for you but it only needsdoing once. Please see Knowledge Base article 1166 for complete instructions on how to register your WorldClient as an app with Dropbox.

    Once the "app key" and "app secret" are configured WorldClient will be able to connect their accounts to a Dropbox account. The first time a user logs into WorldClient theme or LookOut theme, the user will be presented with a dropdown at the top of the page. The user has three options, view the dropdown on next login, never show it again, or go to the new Options | Cloud Apps view. On the Options | Cloud Apps view, the user can click the Setup Dropbox button. Doing so will open an OAuth 2.0 popup. The popup details what the user is connecting to, and what authorizations WorldClient is requesting. There is also a link to the privacy policy, and "Connect to Dropbox" button. Once the user clicks the "Connect to Dropbox" button, the page will navigate to Dropbox. If the user is not logged into Dropbox, Dropbox will present a site for them to either login or create an account. Once this step is completed, the user will be presented with another Dropbox page that asks if the user would like to allow WorldClient to have full access to his/her account. Clicking "Allow", will take the user back to WorldClient and tell the user whether or not the authorization was a success. This authorization is good for one week after which time the same screen is presented again and another access token is obtained and used for a subsequent week. Once authorization is completed, the user will be presented with a Dropbox icon next to each message attachment. Clicking the icon will result in the attachment being saved to the user's Dropbox account under the /WorldClient_Attachments folder.

    In the Compose view for WorldClient and LookOut themes, users will be able to choose files from their Dropbox accounts by clicking the Dropbox icon in the HTML editor's toolbar (top left). This feature does not require the users to setup access to their accounts via the Options | Cloud Apps view and OAuth 2.0. It only requires the "app key" and "app secret".

    Dropbox integration is disabled by default. The "Enable Dropbox Integration" checkbox will enable it for all users, or the admin can enable access on a per-user basis by adding "DropboxAccessEnabled=Yes" to the User.ini.

    CHANGES AND NEW FEATURES

    FIXES

    MDaemon is a registered trademark of Alt-N Technologies, Ltd.
    Copyright ©1996-2016 Alt-N Technologies, Ltd.