MDaemon 17.5.1 - October 24, 2017
 The Dynamic Screening option to freeze accounts after a number of authentication
failures is now off by default. It will be turned off when updating to version 17.5.1.
If you want to turn it back on, go to Security | Dynamic Screening | Auth Failure Tracking.
CHANGES AND NEW FEATURES
-  LetsEncrypt logging will now include additional details that will make it
easier to troubleshoot. The log will include a URL to LetsEncrypt.com that will help
explain why challenges fail.
-  Defaults for the Dynamic Screening settings have been changed. Account freeze
is off by default and fewer notifications are enabled. If you have the defaults from
17.5.0, please review your settings and adjust them to your liking.
-  In WCIM more info is shown about chat room participants, to help
-  LookOut and WorldClient themes - Added a Saved Searches folder to the
folder list under Favorites and before Personal folders. This is off by default.
To enable it go to Options | Folders and check the box next to Show Saved Search
Folders. To search a saved search, click on the folder in the Saved Search list.
To open the advanced search dialog and create a new search click the "New Saved
Search" folder at the bottom of the Saved Search folder list.
-  WorldClient - Added minimum and maximum password length information when
strong passwords are not required.
-  The XMPP server log is now displayed in the MDaemon GUI on the WorldClient
-  MDRA - Updated the MimeTypes.cfg file.
-  WorldClient - Updated the MimeTypes.cfg file.
-  MDaemon no longer reports CRAM-MD5 authentication failures for accounts using
AD authentication or non-reversible passwords to the Dynamic Screening system.
-  The number of characters allowed in the Mailing List AD Search Filter setting
has been doubled.
-  The Location Screening option to only block authentication for SMTP
connections is now enabled by default, and the wording of the option has been
-  fix to MDRA - IMAP Filters do not support multiple conditions
-  LetsEncrypt: fix to arguments being passed to CertUtil not allowing a space in
the path and a fix to the error handling not detecting when this occurs.
-  LetsEncrypt: fix to the script trying to start MDaemon Remote Administration
when it is disabled.
-  fix to WCIM crash
-  fix to MDaemon may allow active connections to attempt logins after their
IPs have been blacklisted by Dynamic Screening
-  fix to minor syntax error in generated Authentication-Results headers
-  fix to WorldClient - Adding calendar entries to public calendar in
Lookout theme with the private calendar disabled causes entry to be added to
-  fix to WorldClient theme - When "Folder" column is included for wide
screens the message list is displayed with columns on top of each other
-  fix to WorldClient theme - Cannot reverse the sort order in Contacts,
Tasks, Notes, and Documents
-  fix to WorldClient theme - Send/Save buttons in Compose view are ugly in
-  fix to LookOut and WorldClient themes - Month View - If adding more than
18 events in a day, the 19th event replaces the first event
-  fix to MDRA - Time picker drop down button in Autoresponder screen
breaks to the next line
-  fix to MDRA - Domain Manager has wrong Header text
-  fix to MDRA - strings not being translated
-  fix to MDRA - Gateway Manager "Delete" button does not work
-  fix to MDRA - No alert for blank New Black List Entry
-  fix to MDRA - AS Client Wipe buttons not giving alert
-  fix to MDRA - Buttons not working on New Catalog dialog
-  fix to MDRA - Stray closing bracket at top of Copy to Folder dialog
-  fix to WorldClient - Reminder causing WorldClient to crash
-  fix to Content Filter "Add to Windows event log" action does not
-  fix to specific CalDAV request may cause the WorldClient process to
-  fix to a recurring calendar event without "Start" element in the
"Recurrence" node of the calendar.mrk crashes the Mac iCal application when
synchronizing via CalDAV
-  fix to MDRA - Jump to rule dropdown shows rules before the one you are
-  fix to RKEY 5xx error handling incorrect in some cases
-  fix to WorldClient - WC shows message is both signed & encrypted with
one key instead of two
-  fix to Content filter PGP screen showing incorrectly parsed key ID
-  fix to possible MDaemon hang during shutdown
-  fix to LookOut and WorldClient themes - Users cannot change passwords
when Password Recovery is disabled
-  fix to LookOut and WorldClient themes - error message occurs whenever
attempting to attach a document to a calendar event when using http
-  fix to LookOut and WorldClient themes - No search results when searching
for non-English characters
-  fix to WorldClient - Compose - attachments section hides when you add CC
or BCC fields
-  fix to WorldClient - Missing spaces between recipients in To and CC
-  fix to MDRA - Bayesian Learn button is not working
-  fix to MDRA - Mailing List Notification alerts prompts are incorrect
-  fix to MDRA - Unable to click OK on IP Cache alert for Max entries
-  fix to MDRA - Alert for importing member does not prompt
-  fix to MDRA - Unable to delete members of a Mailing Lists
-  fix to MDRA - Mailing List Headers allows blank email address
-  fix to MDRA - Gateway Manager Creating new Gateway Alerts are mixed up
-  fix to MDRA - Gateway Manager Options appears to turn off even when it
-  fix to possible ActiveSync server crash when setting out of office message
-  fix to possible ActiveSync server crash during a FolderSync operation
-  fix to non-ASCII country names are corrupted in MDaemon's Location Screening
-  fix to LookOut and WorldClient themes - When marking a message as read
using a 5-second delay, it will revert to unread
-  fix to LookOut and WorldClient themes - ampersand (&) is encoded as
& in the contact list
-  fix to MDRA - Unable to save an entry to the dynamic screening white
list or black list
-  fix to LookOut theme - Voice icon does not have tooltip
-  fix to MDRA - "Return to Defaults" button does not work in Server
-  fix to Bayesian items on the MD queue window right-click menu are enabled
when Bayesian is disabled
-  fix to RCPT sometimes accepting odd or incomplete domain form
-  fix to WorldClient - Display Name is received encoded in Reply-To when
entered in the Default Reply-To Address
-  fix to CardDAV server may not synchronize all contacts
-  fix to LookOut and WorldClient themes - when using German WC and two
Drafts folders exist on the server, one named "Drafts" and one named "EntwÃ¼rfe",
only the German named folder shows up
-  fix to LookOut and WorldClient themes - If the ListRefreshTime is set to
0, the theme will lock up, because it is constantly refreshing the message list
-  fix to WorldClient session cookie check fails if the browser sends cookie data
that is too long
-  fix to tentative placeholder events are created for meeting requests in
messages that are flagged as spam
-  fix to LookOut theme - Public Documents folder not showing contents when
given only Lookup and Read rights
-  fix to disabling Dynamic Screening IP aggregation results in global /0 or /1
-  fix to Dynamic Screening notification emails may have corrupted text for some
-  fix to LookOut and WorldClient themes - IE does not handle opening
attachments in a way that is easy for users
-  fix to WCIM user rejoins chat room with wrong nickname after XMPP server
-  fix to possible MDaemon.exe crash if using bandwidth throttling
-  fix to IMAP server account access issue
MDaemon Server v17.5 Release Notes
MDaemon 17.5.0 - September 26, 2017
 BlackBerry Enterprise Server (BES) for MDaemon is not compatible with MDaemon
17.5 or newer. There will not be a new version of BES for MDaemon that is compatible.
MDaemon's installer will disable BES if it is detected. Uninstall BES to not be
prompted about it. Screens about BES have been removed from the MDaemon UI.
 Added quarantine exclusion lists to allow password-protected files from or to
configured senders and recipients. At Security | AntiVirus, enable "Allow password-protected
files in exclusion list..." and click the "Configure Exclusions" button.
Note that as of SecurityPlus 5.1.0, the ClamAV Plugin may quarantine password-protected
files before the main AV engine can scan them. An option is to disable the ClamAV Plugin.
MAJOR NEW FEATURES
 LOCATION SCREENING
A geographically based blocking system has been developed which allows you to block
incoming SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration,
CalDAV/CardDAV, XMPP, and Minger connections being attempted from unauthorized regions
of the world. A new screen has been added at Ctrl+S|Screening|Location Screening
to configure this.
When the connecting IP is from a blocked country an entry can be logged in the Dyanmic Screening Log.
 DYNAMIC SCREENING FOR ALL PROTOCOLS/SERVICES
MDaemon's dynamic screening has been expanded to operate with SMTP, POP, IMAP,
WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV,
XMPP, and Minger. Authentication failures are tracked across all of these services and
IPs can be blocked for all of them. Settings are in the UI at Security | Dynamic
Screening. The log is on the Plug-ins | Dynamic Screen tab. WorldClient's separate
Dynamic Screening system has been removed.
 PIM ATTACHMENTS
PIM (calendar, contact, tasks, notes) items now support attachments.
Attachments may be added to a PIM item via WorldClient, Outlook Connector, or
CalDAV/CardDAV. When scheduling a meeting, any attachments will be sent to
the meeting attendees.
LookOut and WorldClient themes - Implemented PIM attachments for
Calendars. A new tab was added in the Calendar Edit view that allows users to
add file attachments to an event/meeting. As long as a user has read access to
an event, the attached files can be downloaded by the user. Only users with edit
access can upload or remove attachments from a given event/meeting. Other themes
will not be able to edit the attachments, but the attachments will not be lost
when an event/meeting is edited.
 PGP KEY-EXCHANGE DURING SMTP
A new checkbox on the MDPGP GUI enables/disables automatic transaction of
public keys as part of the SMTP message delivery process. If enabled,
MDaemon's SMTP server will honor an SMTP command called RKEY.
When sending an email to a server that supports RKEY MDaemon will offer to transmit
the sender's then current and preferred public-key to the other host. That host
will respond indicating that it either already has that key and thus no further
work need be done ("250 2.7.0 Key already known") or that it needs that key in which
case the key is immediately transferred in ASCII armored form right then and there
("354 Enter key, end with CRLF.CRLF") just like an email message. Keys that are
expired or revoked are never transmitted. If MDaemon has multiple keys for the sender
it will always offer up the key that is currently marked as preferred. If no key
is preferred then the first one found is offered. If no valid keys are available
then no work is done. Only public-keys that belong to local users are offered.
Public-key transfers take place as part of the SMTP mail session that delivers the
message from the user. In order for the public-keys transmitted in this way to be
accepted the public-key must arrive along with a message that has been DKIM signed
by the domain of the key owner with the i= set to the address of the key owner which
also must exactly match the From: header address of which there can be only one.
The "key owner" is taken from within the key itself. Also, the message must arrive
from a host in the sender's SPF path. Finally, the key owner (or his entire domain
via use of wildcards) must be authorized for RKEY by adding an appropriate entry
to the MDPGP rules file (instructions are in the rules file for this) indicating
that the domain can be trusted for key exchange. All this checking is done automatically
for you but you must have DKIM and SPF verification enabled or no work can be done.
The MDPGP log will show the results and details of all keys imported or deleted
and the SMTP session log will also track this activity. When it works right your
SMTP session logs will show details of key transactions and the MDPGP log file will
fill with details.
This process tracks the deletion of existing keys and the selection of new preferred
keys and updates all participating servers it sends mail to when these things change.
CHANGES AND NEW FEATURES
-  Added a new option to Ctrl+S|Sender Authentication|SPF Verification which allows
you to apply SPF processing to the HELO/EHLO value. This option is enabled by default.
-  The \MDaemon\Data\ folder is now included in the config file backup system.
-  The LetsEncrypt script no longer needs to shut down MDaemon and its associated
programs prior to writing content out to INI files. This reduces the potential
down time, but you are still required to restart MDaemon in order for the changes
to be recognized.
-  The LetsEncrypt script no longer writes out the certificate information
to the INI files and restarts MDaemon even if nothing has been changed.
-  As part of the new Dynamic Screening work, the option "Limit simultaneous
connections by IP to (0 = no limit)" has been moved from Ctrl+S|Screening|
SMTP Screen to F2|Server Settings|Sessions. Also, the SMTP Screening UI has been
adjusted. The settings here apply only to SMTP screening and use the Dynamic Screening
system so some explanatory text was added.
-  LookOut and WorldClient themes - Added the option to export and import Groups/Distribution
Lists from and to a contact folder in WorldClient. The format is WorldClient specific,
since Outlook does not support exporting and importing Groups. The format is as
columns - Group GUID, Group Name, GUID, Full Name, Email
Each line that contains either a Group Name or a Group GUID is
considered the beginning of a new group. Any GUID, Full Name or Email on that line
is considered the first member of the group/list. An Example from Excel follows:
When importing, the Group GUID is replaced with a freshly generated GUID. If no
Group Name is included, the name will be displayed without translation as "ImportedFromCSV_%GUID%",
where %GUID% is replaced with the first five characters of the GUID. Leaving the
cells to the right of a group name empty will result in the next line being the
first member of the group/list. The Email field is required for a member to be added.
-  LookOut and WorldClient themes - Added Voice Recording feature. This feature
requires a microphone and is only available in certain browsers. It can be disabled
by the admin on a per user basis by adding EnableVoiceRecorder=No to the User.ini.
Users are limited to five tracks of five minutes each. Attempting to record more than
5 tracks will result in either the selected track, or the first track, being replaced
by the new recording (the user will be prompted). After recording is stopped (either
automatically or by the user), the track is converted to an mp3 and uploaded to the
server. Users have four options regarding each track:
Users can only act on one track at a time. For example, only one track can be attached
to a message. If a user wants to attach multiple tracks to a message, the user will
need to save each track to the default documents, and do the attaching from there.
- Save to the desktop
- Save to default WorldClient documents folder
- Send in an email using a quick dialog that only includes To, CC, BCC, Subject,
and a plain/text Message Body
- Only the To is required. There are canned Subject and Message Body
phrases used when no Subject or Message Body is input by the user.
- Open a new Compose view with the track attached
-  LookOut and WorldClient themes - Users can now reorder favorite folders
by dragging and dropping them in the favorites list.
-  LookOut and WorldClient themes - New folder management features in the Options
| Folders view and in the main folder list view.
In the folder list view (left pane):
In the Options | Folders view, the folder tree is now collapsible, and the New Folder
dialog has been moved to an external window like in the WorldClient theme.
- Users can drag and drop to move folders from one parent to another
- Users can rename folders and give favorites nicknames by clicking on them a second
time (shortly after folder selection)
- Show Folders by Type is now available in the LookOut theme
- If there is already at least one favorite folder (because favorites are hidden until
one is added), users can drag and drop a folder to favorites in order to add it
(dragging a folder out of the favorites does nothing).
- The new folder and rename folder dialogs were added to the LookOut theme
-  Lite, LookOut and WorldClient themes - Added an option to choose the font
size for plain text Compose under Options | Compose. The option (Compose Font Size)
is always visible in Lite theme, and only visible in LookOut and WorldClient themes
when HTML Compose is turned off.
-  WorldClient - The paperclip is no longer displayed in the message list for
new messages that only include inline images, unless the "List All Attachments"
option is turned on under Options | Personalize. This only affects new messages,
so old messages will continue to show the paperclip in the case that only inline
images are attached to the message.
-  LookOut and WorldClient themes - Users can now open file attachments in
the browser (if the browser supports it) by clicking on the name of the file in
the message preview or external message window. To download the attachment, click
the download icon next to the name.
-  LookOut and WorldClient themes - Added options to Export a contact in vCard
4.0 format. The "Export vCard" button will download the vCard. The "Send
vCard" will open a new Compose window with the vCard(s) attached.
-  LookOut and WorldClient themes - Added a "None" option in the
Compose view Signatures select dropdown
-  LookOut and WorldClient themes - Added a setting in Options | Personalize
to close the message window when the user deletes the message (external window only),
which also preempts the opening of the next message in the list.
-  WorldClient theme - Updated the look of Notes, and added an option to change
the color of the note by clicking on the note icon in the top left corner of the
-  LookOut and WorldClient themes - Added settings in the Options | Compose
view to allow users to choose a signature for replying and forwarding respectively.
-  LookOut and WorldClient themes - Added an option to not include signatures
in replies or forwards. Under the same settings for 18728 the user can choose "No
Signature" for replies and/or forwards.
-  All Themes - the User cookie is now set to the current value of the User
field on login form submission
-  LookOut and WorldClient themes - Added the ability to search for attachment
names in the advanced search
-  All Themes - Added indexed data search for message bodies and attachment
-  All Themes - WorldClient now includes the ability to choose between downloading
the 32 bit and 64 bit OC Plugin Installers.
-  Removed MSXML 4 from the installer.
-  Added support for password protected chat rooms to XMPP server.
-  Added support for password-protected chat rooms to WCIM client.
-  WorldClient theme - Simplified the look of the Compose view. Advanced options
can be displayed by clicking one button. Save (without closing) option added. Clicking
the X in the top right corner will discard a draft, instead of just closing the
window. The subject is displayed in the header as the user types it. Moved the Send,
Save, and Save and Close options to the footer. The entire attachments section is
the drag and drop area. Moved the paragraph justification buttons down to
the second level in the HTML editor options.
-  LookOut and WorldClient themes - Added message list context menu options
to "Whitelist Sender" and "Blacklist Sender". If clicked, the
sender of the selected message(s) will be added to the Whitelist or Blacklist contact
folder. These options can be hidden by adding HideEmailAddressHoverMenus=Yes in
the Domains.ini under [Default:UserDefaults], or adding the same to a user's User.ini
file. When using these options, users can select multiple messages to Whitelist/Blacklist.
-  LookOut and WorldClient themes - Added an option under Options | Compose
to allow users to use the Dropbox Preview Link. The default is the Dropbox Direct
-  Turned off EditBISInboxMapping in MDaemon\WorldClient\Domains.ini under
[Default:UserDefaults]. This hides the "Push to Blackberry" column in
WorldClient's Options | Folders view. This can be enabled for all by changing
it back to Yes in the MDaemon\WorldClient\Domains.ini or per user by adding it to
the [User] section of a user's User.ini file.
-  Increased the number of custom buttons allowed in WorldClient to eight.
-  WorldClient theme - Date now displayed when printing a calendar in Calendar
-  A new screen at Setup | Outlook Connector | OC Client Settings | Add-ins
lets the admin configure Outlook add-ins for Outlook Connector to disable. Requires
Outlook Connector 5.0 or newer. Select a default action, Allow or Disable, which
applies to new or unlisted add-ins. Individual add-ins and their actions (whether
to Allow, Disable, or use the default action), are displayed in a list box. OC
clients will populate the list, or admins can add them from the UI.
-  WorldClient - Added ability for users to view their last ten successful
logins on the Options | Security page. This is enabled by default. To disable this
option, set DisplayLoginHistory to No in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults].
-  WorldClient - Added Internationalized Domain Name support, so that IDNs will
not be displayed in punycode, but instead in UTF-8.
-  LookOut and WorldClient themes - under Options | Compose, the Compose Height
and Compose Width options have been removed when HTML Compose is unchecked, because
the height and width of the text area in the compose view is auto resized to fit
-  LookOut theme - Added a delete button to the appointment editor that works
like the one in the WorldClient theme.
-  Added ability to disable SSL in XMPP Server by adding in \MDaemon\XMPPServer\settings.ini...
-  Added support for account IMAP filters with multiple conditions that can be
combined using AND or OR. The filter rule creation UI has links that let you edit
each part of the rule. Click the "[+]" link to add a condition and the
"[x]" link to remove a condition.
-  When MDaemon 17.5+ first starts up, if MDaemon has never been configured
to use SSL it will automatically generate a default self-signed certificate and
enable SSL for MDaemon, WorldClient, and Remote Administration.
-  POP3, IMAP, and SMTP server authentication changes to make them more
consistent, improve logging, and not give as much information about failures to
clients. When a username is sent to MDaemon in an encoded form, MDaemon logs
it in plain text. When authentication is successful MDaemon logs the account's
email address. When authentication fails MDaemon logs the reason but the error
message sent to the client is generic. Authentication failures due to invalid
username or password are reported to Dynamic Screening, but not those due to the
account being frozen, set to do not disturb, expired password, etc.
-  MDRA - Added a "Message Search" page under "Messages & Queues" for
Global Admins. This view allows the admin to search a single user's message
folders. The maximum number of messages returned is 10,000. After getting a list
of messages, the admin can view the message, and related log entries from the
Routing, SMTP(in and out), DomainPOP, and MultiPOP logs. Logs will only be
displayed if the Statistics Database is enabled under Setup | Server Settings |
Logging | Statistics Log.
-  Content Filter - Added ability to block attachments in nested ZIP files
up to 5 levels deep.
-  WorldClient theme - Increased the email address input length to 76
characters, which is the maximum length of an MDaemon email address.
-  The files NoTarpit.dat, DynamicScreen.dat, and AuthErrors.dat in the
\MDaemon\App directory are no longer used.
-  Added complex Filters to WorldClient. Unsupported themes will not be
able to save changes to existing filters.
-  WorldClient theme - Deferred Delivery - Added an alert that tells the
user when the message will be sent
-  MDaemon creates registry entries for Windows Error Reporting to save memory
dumps if MDaemon.exe, CFengine.exe, WorldClient.exe, WebAdmin.exe, or WCXMPPServer.exe
crash. This functionality requires Windows Server 2008/Windows Vista or later. Dump
files will be saved to the \MDaemon\Dumps folder. This location may be changed by
editing \MDaemon\App\MDaemon.ini and setting [Directories] CrashDumps.
-  Added performance counters for the number of connections refused by IP Screen,
Dynamic Screen, Host Screen, and Location Screen.
-  Added performance counters for whether a new version of a product is available
and the number of days left in the license for each product.
-  WCIM - Added buddy grouping. The default group is "Buddies".
-  Added an account settings option (enabled by default) to automatically
place new meeting requests on the receiving user's default calendar, marked
-  MDRA - Added Location Screening view
-  WorldClient - Improved the error message when entering an invalid
password on the change password page (when forced to change password by admin).
-  WorldClient - Improved the error message when a user uses an old
-  WorldClient and MDRA - Updated CKEditor to version 4.7.1
-  fix to LetsEncrypt generating a new certificate each time the script runs.
-  fix to WorldClient - HTML messages with embedded CSS render poorly
-  fix to WorldClient - Message Preview - Malformed messages may have malformed
-  fix to WorldClient - extra space is shown between lines in an HTML message
that was composed using Outlook
-  fix to Mobile theme - Going back or using the refresh button in the list
view results in a mostly blank page
-  fix to MDPGP GUI showing aliases with macros in dropdown when creating keys
for specific users
-  fix to MSA connections not honoring local sources spam filter exemption
-  fix to WorldClient - Alert.sem file not currently working
-  fix to CalDAV: response is not sent to meeting organizer when accepting
a meeting request in Thunderbird/Lightning
-  fix to WebDAV log file created with name of ".log" if MDaemon
logging is disabled
-  fix to Remote Administration not forcing the recipient of the Weak Password
Report to be a local user
-  fix to able to enter non-numbers for max users per domain in Remote Administration
-  fix to Remote Administration does not force entry of a Smart Host when needed
in Domain Manager
-  fix to some options not enabled on Remote Administration's Domain Manager
| Calendar screen
-  fix to Remote Administration needlessly forcing a policy description in
ActiveSync Policy Editor
-  fix to Remote Administration forcing entry of a Dequeue String when it should
-  fix to Remote Administration not checking for a positive integer for time
to live in IP Cache
-  fix to Remote Administration missing some of the necessary new mailbox name
-  fix to Remote Administration not hiding "WC Documents Folder"
as an option when editing Account Templates
-  fix to LookOut and WorldClient themes - Cannot see new category added on
the Options | Categories view when adding by right clicking message | Categories
-  fix to LookOut and WorldClient themes - Current folder on server changing
if you right click and perform action on a non-selected folder
-  fix to LookOut and WorldClient themes - Applying changes to a signature
with more than one font-size results in all fonts changing back to the default
-  fix to WorldClient theme - After a search, if you click the X on the search
bar, only the message subjects are displayed
-  fix to Lookout theme Add button is not grayed out when editing a single occurrence
of a recurring event
-  fix to encoding issue when AV warning message text is added to HTML messages
-  fix to MDRA - When Free/Busy service for a domain has a password, the field
-  fix to MDRA - Passwords available in plain text on various pages
-  fix to LookOut and WorldClient themes - WorldClient does not display the
email address in the "Recipient unknown" error message
-  fix to WCIM client stripping CR/LF when sending multi-line messages
-  fix to WCIM client not sending status changes to server for 5 minutes
-  fix to remote IP not included in Received headers in some configurations
-  fix to DNSBL lookups on Received header IPs not honoring white list
-  fix to Mail List sending copy to sender errantly in some configurations
-  fix to invalid regular expression in bad passwords file causes problems
for the MDaemon GUI and Remote Administration
-  fix to MDRA - Content Filter shows "Process Exit Code" instead of
"SpamAssasin Score" popup when selecting a SpamAssasin Score entry
-  fix to MDRA - Subfolders are not always created correctly
-  fix to WorldClient - When composing a signature, then when using an
underline, it is not saved
-  fix to LookOut and WorldClient themes - Deferred Delivery sets year to
1601 when sent from the Spell-Check view
-  Fix to LetsEncrypt script not restarting MDaemon when WorldClient or MDaemon
Remote Administration are running under IIS and the WebScripting tools are not installed
-  fix to various problems with the Group Editor in Remote Administration
-  fix to various excessive whitespace on certain popup windows in Remote
-  fix to some text not being translated on Remote Administration's DomainPOP
page, User's Forwarding page, and Dropbox page
-  fix to incorrect prompt in Content Filter "Event Log" actions
in Remote Administration
-  fix to IP Shielding screen in Remote Administration not forcing entry of
an IP address
-  fix to Event Logging screen in Remote Administration not disabling some
options when it should
-  fix to From Header Modification not always handling parsing correctly
-  fix Mobile theme - Calendar months and days are displayed in English
when any other language is selected
-  WCIM client - fix to account not added to drop list on 'Add Contact'
-  WCIM client - fix to "Invisible" status change not working. It
will act as "Do not disturb" to other XMPP client.
-  fix to MDRA - Cannot edit or create new domain
-  fix to WorldClient theme - not able to sort messages by ascending date
when changing the sort order on the Options | Personalize page
-  fix to WorldClient - error message popup goes away too quickly before it
can be read
-  fix to LookOut and WorldClient themes - Unable to send faxes with no
-  fix to IPF.IMAP type folders being created when moving folders
from an IMAP PST to an Outlook Connector account
-  fix to LookOut theme - when switching messages the scroll bar is not
reset in the message preview
-  fix to Possible memory leak in the Thread Pool if Message Log Parser
-  fix to WCIM - if user changes status with multiple XMPP clients, WCIM
should only report offline if all instances go offline
-  fix to Mobile theme - First Day of week setting is not applied to the
-  fix to WCIM - when global status is set to "Online" WCIM should log
account back in
-  fix to contact notes changed on an ActiveSync client are not saved to the
-  fix to ACL entry in an account's root Hiwater.mrk is not added to
AclShLookup.dat during the ACL cleanup event
-  fix to a single instance of a recurring appointment deleted using an
ActiveSync client is not deleted on the server
-  fix to messages sent using ActiveSync may display incorrect date in
-  fix to Sent Items copy of message sent using ActiveSync is unread
-  fix to MD GUI crashes immediately when selecting the Use Small Display Font
MDaemon Server v17.0 Release Notes
MDaemon 17.0.2 - May 19, 2017
-  fix to MultiPOP and DomainPOP when configured to leave mail on the server will
download new messages repeatedly
MDaemon 17.0.1 - May 16, 2017
CHANGES AND NEW FEATURES
-  Added the Delete Selector button to Remote Administration's DKIM Signing page
-  Added the edit box to Account Editor | Settings in Remote Administration
to specify a list of email addresses for automatic processing of meeting
-  Added Central Management of OC Local Cache and Attachment Folder to
-  Added text to the Remote Administration logon page to indicate when a
new version of MDaemon is available. To disable the text, change UpdateCheck=Yes
to UpdateCheck=No in the [Special] section of \MDaemon\WebAdmin\Webadmin.ini
-  Added Mail Archive access to the Queue/Stats Manager
-  Added WorldClient logging information to help identify which message was deleted
-  Added instruction on how to add accounts immediately after creating a
domain in Domain Manager
-  WorldClient - browser native alert, confirm, and prompt dialogs have
been replaced with non-native dialogs in most cases. If the browser has an issue
supporting the new dialogs, the browser dialogs will be displayed.
-  Added text to the WorldClient logon page to indicate when a new version
of MDaemon is available. To disable the text, change UpdateCheck=Yes to
UpdateCheck=No in MDaemon\WorldClient\Domains.ini
-  Worked around WorldClient being unable to authenticate SMTP connections
to MDaemon when both "Enable APOP & CRAM-MD5" and "Allow plain
text passwords" are disabled by making an exception for local machine SMTP
connections. This can be disabled by setting MDaemon.ini [Special]
AllowPlainTextOnLocalhost=No (default is Yes).
-  Renamed the HealthCheck log folder and file from SecurityAnalyzer to
MDHealthCheck and changed from GMT to local time.
-  Health Check - Set Recommended now triggers MDaemon to reload settings
after the operation is completed.
-  Health Check - No longer displays errors for settings that are
-  Health Check - User is now warned to back up settings prior to setting
recommended settings when the Set To Recommended button is clicked.
-  Health Check - Added a warning when IP shield is enabled, but no
Domain/IP pairs are listed
-  WorldClient theme - darkened the plus button/icon in the folders view to
heighten its contrast with the background
-  WorldClient - Added HTTP log for OAuth setup when there is an authorization
failure caused by an HTTP error
-  LookOut and WorldClient themes - Dropbox - changed the Dropbox link in
the Compose view to the direct download instead of the Dropbox preview
-  Remote Administration - browser native alert, confirm, and prompt
dialogs have been replaced with non-native dialogs in most cases.
-  fix to Spam Filter Updates page not always allowing a "Save" in Remote
-  fix to various problems with saving a List Description in Remote
-  fix to LookOut and WorldClient themes - Adding or removing folders to or
from the favorites does not reload the folder list
-  fix to Outlook .msg files attached in WorldClient may be corrupted
-  fix to message is not archived when it is re-queued from the quarantine
after setting up an AV exclusion
-  fix to WorldClient theme - the left pane and bottom preview pane sizes
change between logins
-  fix to WorldClient - When switching to the LookOut theme from Options |
Personalize, the folder list is blank
-  fix to LookOut and WorldClient themes - search term is removed when
switching between folders of the same type
-  fix to WorldClient theme - In Side by Side view, calendar looks corrupt
when enabling additional calendars in Week view
-  fix to MDHealthCheck crash when analyzing if there are many domains
-  fix to IMAP server incorrectly parsing messages with header lines that
are too long
-  fix to WorldClient - email address autocomplete - hitting tab twice too
quickly results in the address being added twice
-  fix to WorldClient - When downloading files named with Japanese
characters they are corrupt when saved using MS Edge
-  fix to WCIM XMPP Client Non-ASCII characters are not encoded correctly
-  fix to WorldClient - some languages that use apostrophes (') - Unable to choose or enter any addresses
when sharing a folder
-  fix to garbage characters on MD UI's Browse for Folder dialog
-  fix to attachments may be corrupted in the archive copy of a message
-  fix to bad archive folders are created when incoming emails do not have an
address in the From header
-  fix to possible ActiveSync server crash
-  fix to ActiveSync GetAttachment command not being allowed
-  fix to times of messages received using ActiveSync may be off by 1 hour
-  fix to PROPFIND request for CalDAV or CardDAV using .well-known path
fails if the path ends with a slash
-  fix to aliases that point to a subaddress folder for an account do not show
up under account's aliases
-  fix to account export options including disabled accounts in the export
-  fix to AD monitoring creating welcome messages when importing disabled
-  fix to AD monitoring not freezing disabled accounts when so configured
(just disabling them)
-  fix to max msg sent per day & spambot detection not recognizing aliases properly
-  fix to list reminders not recognizing aliases properly
-  fix to all groups are unchecked on the MD UI's account templates Groups screen
and Account Editor's Mail Folder & Groups screen
-  fix to Account Editor may not have the correct domain selected when opening
it from the Domain Manager
-  fix to WorldClient theme - Searches in non-ASCII languages fail to
return the expected results
-  fix to MD UI may suggest Dropbox Redirect URI that does not use HTTPS
-  fix to groups from the New Accounts template are not assigned to new
accounts imported from a CSV file that does not have a Groups field
-  fix to WorldClient theme - When clicking a favorite folder, no messages
are displayed when Collapse Nested Folders is enabled
-  fix to WCIM client not being able to connect when specifying a different
XMPP port than the default
-  fix to corrupted Japanese characters in attachment linking filenames
-  fix to all recipients of a message may not be sent in the same outbound
session to a smart host
-  fix to mailing list footer may be added to text file attachments
-  fix to WorldClient's Lite and Mobile themes do not display past the first
page of contacts in folders whose name contains non-ASCII characters
-  fix to WCIM chat window may strip the character following an emoticon
-  fix to the Aliases screen on the MD UI's Account Editor is not updated
after changing the account's email address
-  fix to $USERFIRSTINITIALLC$ macro is not translated when creating a new
account in Remote Administration
-  fix to $USERFIRSTNAMELC$ and $USERLASTNAMELC$ macros are not translated
when creating accounts using ImportNT
-  fix to the MDaemon service may take too long to stop, causing the service
control manager to report an error
-  fix to restarting MDaemon from a Configuration Session UI restarts the
MDaemon service but not the UI
-  fix to a variety of Health Check issues
-  fix to XMPP server and WCIM client not correctly handling when chat room
nick name already exists
-  fix to "Enable instant messaging" does not work for XMPP
-  fix to LookOut and WorldClient themes - Message body removed when
replying to email once alias is changed
-  fix to the dynamic screening "...but not when they use the same password
every time" option does not work for SMTP sessions
-  fix to LookOut and WorldClient themes - When HTML Compose is disabled
changes are not saved to the signature
-  fix to content filter "Match case" option for regex header and
body search and replace does not work
-  fix to ActiveSync GAL search may not work for iOS devices
-  fix to "Authorize all accounts upon first access via ActiveSync
protocol" option not working properly
-  fix to two acceptance notifications are generated when a meeting is accepted
using an ActiveSync client
-  fix to ActiveSync client resyncs due to "Setting Status Collection 16
-  fix to outdated country list on MD UI's Create SSL Certificate dialog
-  fix to MDPGP-Results header may contain non-ASCII characters
-  fix to changing the color of a CalDAV calendar in BusyCal prevents
-  fix to WorldClient - HTML is not working in Login failure help text
-  fix to unresolved macros in ActiveSync-generated read receipts
-  fix to ActiveSync Client Settings dialog does not correctly preview inherited
Domain level settings when editing User or Client
-  fix to MDaemon does not set a subjectAltName value in self-signed
certificates that it generates when given a single host name
MDaemon 17.0.0 - March 21, 2017
 The option "Enable APOP & CRAM-MD5" found at F2|Server Settings|Servers
has changed to disabled by default for security and technical reasons. Using TLS
is the preferred way to avoid transmission of passwords in the clear.
 The "Global AUTH Password" setting at Ctrl+S|Sender Authentication|SMTP
Authentication has been deprecated and removed.
 All settings related to ADSP found at Ctrl+S|Sender Authentication|DKIM
Verification and a single option related to the use of the RS= tag found at Ctrl+S|Sender
Authentication|DKIM Settings have been deprecated and removed.
 In-browser WorldClient Instant Messenger (WCIM) has been removed from the
LookOut and WorldClient themes due to incompatibility with the new XMPP WCIM server.
 The option "Store mailbox passwords using non-reversible encryption"
(see below) is disabled by default for existing installs to avoid breaking anything
for anyone who depends on incompatible features, but for security reasons we recommend
enabling it if you can.
 WorldClient Instant Messenger (WCIM) now uses the XMPP protocol for instant
messaging, which is not compatible with the old chat protocol. Users who do not
update to the new version will not be able to instant message with users who have
updated. Address book synchronization with Outlook has been removed from WCIM.
MAJOR NEW FEATURES
 XMPP support for WorldClient Instant Messenger (WCIM)
WCIM now uses the XMPP protocol for instant messaging instead of WorldClient's proprietary
protocol. This allows the WCIM desktop client to communicate not only with other
WCIM clients, but any third-party XMPP clients (including mobile clients) connected
to your MDaemon's XMPP server.
WCIM now has two types of connections, "WCMailCheck" which connects to
WorldClient for new mail notifications and message counts, and "WCIMXMPP"
which connects to the XMPP server for instant messaging. When updating to version
17, WCIM will automatically migrate IM contacts from the old system to XMPP and
create a WCIMXMPP account.
 WORLDCLIENT DROPBOX INTEGRATION
A new screen has been added to Ctrl+W|WorldClient (web mail)|Dropbox. Here you will
find controls where you can enter your Dropbox "app key", "app secret",
and they are all obtained when you register your WorldClientas a Dropbox "app"
by visiting the Dropbox website. We cannot do this for you but it only needsdoing
once. Please see
Knowledge Base article 1166 for complete instructions on how to register
your WorldClient as an app with Dropbox.
Once the "app key" and "app secret" are configured WorldClient
will be able to connect their accounts to a Dropbox account. The first time a user
logs into WorldClient theme or LookOut theme, the user will be presented with a
dropdown at the top of the page. The user has three options, view the dropdown on
next login, never show it again, or go to the new Options | Cloud Apps view. On
the Options | Cloud Apps view, the user can click the Setup Dropbox button. Doing
so will open an OAuth 2.0 popup. The popup details what the user is connecting to,
and what authorizations WorldClient is requesting. There is also a link to the privacy
policy, and "Connect to Dropbox" button. Once the user clicks the "Connect
to Dropbox" button, the page will navigate to Dropbox. If the user is not logged
into Dropbox, Dropbox will present a site for them to either login or create an
account. Once this step is completed, the user will be presented with another Dropbox
page that asks if the user would like to allow WorldClient to have full access to
his/her account. Clicking "Allow", will take the user back to WorldClient
and tell the user whether or not the authorization was a success. This authorization
is good for one week after which time the same screen is presented again and another
access token is obtained and used for a subsequent week. Once authorization is completed,
the user will be presented with a Dropbox icon next to each message attachment.
Clicking the icon will result in the attachment being saved to the user's Dropbox
account under the /WorldClient_Attachments folder.
In the Compose view for WorldClient and LookOut themes, users will be able to choose
files from their Dropbox accounts by clicking the Dropbox icon in the HTML editor's
toolbar (top left). This feature does not require the users to setup access to their
accounts via the Options | Cloud Apps view and OAuth 2.0. It only requires the "app
key" and "app secret".
Dropbox integration is disabled by default. The "Enable Dropbox Integration"
checkbox will enable it for all users, or the admin can enable access on a per-user basis
by adding "DropboxAccessEnabled=Yes" to the User.ini.
CHANGES AND NEW FEATURES
-  Option to store mailbox passwords using non-reversible encryption
Added a checkbox at Ctrl+U|Other|Passwords to store mailbox passwords using non-
reversible encryption. This protects the passwords from being decrypted by MDaemon,
the admin, or a possible attacker. When enabled, MDaemon uses the bcrypt password
hashing function. It allows for longer passwords (up to 72 characters), and for
passwords to be preserved yet not revealed when exporting and importing accounts.
Some features such as APOP & CRAM-MD5 authentication and weak password detection
depend on MDaemon being able to decrypt passwords, so they are not compatible.
This option is enabled by default for new installs and disabled by default for existing
As part of this change, the Account Editor's "Mailbox password" fields
are no longer populated when editing an account in the UI. Enter a new password
(twice) to change the password or leave them blank to keep the current password.
-  Integration with Let's Encrypt via PowerShell script
Let's Encrypt is a certificate authority that provides free certificates for
Transport Layer Security (TLS) encryption via an automated process designed to eliminate
the current complex process of manual creation, validation, signing, installation,
and renewal of certificates for secure websites.
A PowerShell script that supports LetsEncrypt is now installed to the MDaemon\LetsEncrypt
directory. A dependency of the script, the ACMESharp module,
requires PowerShell 3.0 . This means this script will not work on Windows
WorldClient must be listening on port 80 or the HTTP challenge cannot be completed
and the script will not work. You will need to correctly set the execution policy
for PowerShell before it will allow you to run this script. Running the script will
set everything up for LetsEncrypt, including putting the necessary files in the
WorldClient HTTP directory to complete the http-01 challenge. It uses the SMTP host
name of the default domain as the domain for the certificate, retrieves the certificate,
imports it into Windows, and configures MDaemon to use the certificate.
The script creates a log file in the MDaemon\Logs\ directory called LetsEncrypt.log.
This log file is removed and recreated each time the script runs. The log includes
the starting date/time of the script but it does not include a date/time stamp for
each action. Notification emails can be sent when an error occurs. This is done
using the $error variable which is automatically created and set by PowerShell.
If you have an FQDN setup for your default domain that does not point to the MDaemon
server, this script will not work. If you want to setup alternate host names in
the certificate you can do so. You need to pass the alternate host names on the
Example usage: ..\LetsEncrypt.ps1 -AlternateHostNames mail.domain.com,imap.domain.com,wc.domain.com
-IISSiteName MySite -To "email@example.com"
You do not need to include the FQDN for the default domain in the AlternateHostNames
list. For example, our default domain, altn.com, is configured with an FQDN of mail1.altn.com.
We use an alternate host name of mail.altn.com. When I run the script, I only pass
mail.altn.com as an alternate host name. If you pass alternate host names, an HTTP
challenge will need to be completed for each them. If the challenges are not all
completed the process will not complete correctly.
If you do not need to pass in alternate host names then do not include the â€“AlternateHostNames
parameter in the command line. If you do not want to have email notifications sent
when an error occurs do not include the â€“To parameter in the command line.
If you are running WorldClient via IIS, you will need to pass this script the name
of your site using the -IISSiteName parameter. You must have Microsoft's Web Scripting
tools installed in order for the certificate to be automatically setup in IIS.
-  Added a new troubleshooting utility called MDaemon Health Check located
at MDaemon\App\MDHealthCheck.exe. Running it will check MDaemon security related
settings (AV, SPAM, SSL, etc.) for settings that are not recommended. It allows
the user to change any settings that are not recommended to the recommended setting.
It also creates a log file of the process in MDaemon\Logs which also includes any
errors (errors about missing settings are not a concern) or warnings found. The
user can open the most recent log from the utility. It can be launched from the
MDaemon UI using the new toolbar button or menu item in the Help menu.
-  Added Content Filter option to quarantine the entire message when it contains
a restricted attachment.
-  Added means to "authorize/approve" new devices that are allowed
to use ActiveSync.
To require approval of any new client that connects, simply set the checkbox in
the client settings dialog for the level at which you wish to enforce it, either
global, domain or user.
A new Filter combobox is preset on the client list dialog, which allows the admin
to look at all clients or clients awaiting approval.
To Authorize a client that requires approval... one can right click on the client
in the list of clients and choose "Authorize client..."
-  LookOut and WorldClient themes - Added Desktop Notifications for event reminders
and task reminders.
-  Ctrl+Q|Mail Queues|Retry Queue has a new checkbox which enables sending
of a "successful delivery" DSN any time a message is delivered which has
previously been delayed and placed in the retry queue for whatever reason.
-  Ctrl+S|Preferences|Headers option to create optional "For" clause
in Received headers has been deprecated and removed. MDaemon no longer generates
this optional clause when creating Received headers.
-  First time access to SMTP/IMAP/POP server from any IP having previously
provided incorrect credentials will result in a warning added to the Screening log
along the lines of "<Protocol> access granted to <IP> using <email
address>'s credentials after having FAILED previous on <Date>"
-  WorldClient - Added an option under Options | Personalize to allow inline
images in messages from Whitelisted senders and contacts from the user's default
-  LookOut and WorldClient themes - Added an option next to attachments in the
attachment list to remove attachments from a message
-  LookOut and WorldClient themes - Added the ability to create multiple signatures,
and assign them on a per email address basis. Users can create, edit, and
delete signatures in the Options | Compose view. In the Compose view, changing
the from address will change the signature, and there is also a list of signatures
to choose from in the advanced options. Each time a user opens a Compose view,
all the signatures are loaded. The number of signatures per user is limited
to 30 in order to prevent slow load times.
-  LookOut and WorldClient themes - Added ability to import vCards (.vcf files)
into WorldClient default contacts folder. There will be an icon next to any
vcf file in the message attachment list.
-  LookOut and WorldClient themes - Added an option in the compose view for
users to send a message at a future date and time. Users can set the date
and time fields which will set the Deferred-Delivery message header for the email
when saved as a draft or when sent. Deferred Delivery must be enabled in MDaemon
at F2|Server Settings|Message Recall.
-  Dynamic Authentication was renamed to Active Directory or AD Authentication
which is what is it and I'm trying to use the correct terms. This caused a change
to UI verbiage at Account Settings|Account Details screen and Ctrl+U|Active Directory|Monitoring.
As part of this work the Account Settings|Account Details screen was also changed
to remove the "Optional sync password" field (UI change only) and add
a field to specifying an optional AD account name to be used with authentication
(UI change only).
-  Several problems were fixed related to mail folder relocation when an account
changes email address or mail folder. The option at Ctrl+O|Preferences|System which
controlled whether mail folders were relocated has been deprecated and removed.
MDaemon will always attempt to move mail folders when necessary.
-  A new checkbox was added to Ctrl+O|Preferences|Headers which toggles whether
host names & IPs are included when "Received:" and potentially other
message headers are constructed. This option is disabled by default.
-  A new checkbox was added to Ctrl+P|DNS-BL|Settings which allows you to ignore
DNS-BL results that are outside the range of 127.0.0.1 to 127.255.255.255.
This option is disabled by default.
-  Remote Administration can now edit per-user or global permissions for the
WorldClient Documents folder.
-  Added missing Domain Manager screens to Remote Administration.
-  Remote Administration now allows certain edits to more than one list member
at a time.
-  The UI status bar up-time indicator has a changed layout for easier reading.
-  MDPGP: improved logging of certain error conditions
-  SMTP Mailbox Invalid error response will now include the value that was
determined to be invalid
-  Reworked the Global Mailing List Subscriptions Options in Remote Administration.
These settings are now in the Remote Admin settings rather than on their own page
under "My Mailing Lists."
-  LookOut and WorldClient themes - Added ability to search all folders or sub
folders of the selected folder. To use this feature open the Advanced Search options
and select the Search All Folders or Search Sub Folders radio button. If a message
in the search results is from a folder with limited permissions, the message will
have a redish-orange color to it, and most actions a user would normally be able
to perform on the message will not be permitted. If a user has very large folders,
Search All is NOT recommended due to the long wait for the request. However, canceling
a search no longer leaves the user waiting, but instead cancels any search on the
server and returns the client to a normal folder view without search results.
-  WorldClient theme - increased the effective area for clicking a checkbox
in the list views (Email, Contacts, Tasks, Notes, Documents)
-  WorldClient will no longer display DKIM validated icon after 7 days from
the Date header value of a message
-  LookOut and WorldClient themes - Added the ability for users to import to
the Inbox or download (instead of only view) a .eml message attachment.
-  LookOut and WorldClient themes - added ability to quick search for a folder
when moving/copying messages
-  LookOut theme - Changed the calendar events in LookOut to use the calendar
color for the entire border instead of only the left border
-  WorldClient - Compose view - Updated the HTML editor to CKEditor version
4.6.1. The new version now includes a Copy Formatting feature.
-  LookOut and WorldClient themes - Added an option to Edit a meeting after
accepting an invitation in the Invitation Dialog. After the user clicks the "Accept"
or "Accept Tentatively" box, the Invitation Dialog opens. If the
user wishes to edit the meeting after accepting the invite, the user can click the
"Edit the meeting" checkbox. After the user clicks OK, the Calendar
Event editor will open to the meeting in question. If the user chose to edit
the response, the Calendar Event editor will open after the response is sent.
-  LookOut and WorldClient themes - Added an option under Options | Personalize
to Display New Messages Count in the page title. This setting is enabled by default.
-  WorldClient theme - Added the message count to the hover title/tooltip for
-  WorldClient - Added city and state to fields searched when searching contacts
-  Ctrl+Q|Mail Queues|Retry Queue has a new option to toggle sending of delivery
-  The ActiveSync log level can now be set at a per user/domain basis.
-  The GetVersionInfo XMLAPI command now reports PRO/Cloud information.
-  Added the ability to alter/control log entries that use a 0x######## status
code in ActiveSync, AutoDiscover, XMLAPI modules.
Log Entry modification flags include:
- [Logs:IgnoreSession] Aborts the logging if the Session ID specified is to be ignored...
- [Logs:InfoToWarning] Elevates an Info level log entry to a warning level (ie. 0x########=1)
- [Logs:DebugToWarning] Elevates a Debug level log entry to a warning level (ie. 0x########=1)
- [Logs:WarningToInfo] Deprecates an Error or Warning level level log entry to an
Info level (ie. 0x########=1)
- [Logs:IgnoreEntry] Aborts logging that event id (ie. 0x########=1)
-  ActiveSync Sync Rollback Notifications
The ActiveSync Service can now notify the administrators if a client is repeatedly/frequently
sending expired Sync Keys in Sync operations.
These merely inform the admin that the server issued a rollback for a given collection
because a client made a sync request with the most recently expired Sync Key. The
subject states "ActiveSync Client Using expired Sync Key". This could
occur because of a network issue or something about the content previously sent
to the client in that collection. In some cases, the item id will be there, it merely
depends upon whether or not the previous sync on that collection sent any items.
Rollback warnings do not mean the client is out of Sync, it means that the client
has the potential to go out of Sync and our internal system detected it. Rollback
warnings are issued for a collection no more than once per 24 hour period.
- [System] SendRollbackNotifications=[0|1|Yes|No|True|False]
- [System] RollbackNotificationThreshhold=[1-254] : The number of rollbacks that must
occur on a given collection prior to a notification being sent to the admin. We
recommend a value of at least 5 here, since Network hiccups play a part in this.
- [System] RollbackNotificationCCUser=[0|1|Yes|No|True|False] : Whether or not to
CC the user whose client sent that expired Sync Key.
-  ActiveSync Corrupt Message Notifications
The ActiveSync Service can now notify the administrators if a particular message
cannot be processed. These are sent in real time to inform the admin of a mail item
that could not be parsed and that further action on this item is not possible. The
subject states "Corrupt message notification". These items, in previous
versions, could lead to a crash. In most cases, the content of the msg file will
not be MIME data, however, if it is MIME data, it is likely corrupt. You can choose
to CC the affected user of these notifications with the CMNCCUser key so that they
are aware that an email has arrived in their mailbox that is un-readable. The appropriate
action for these is to move the designated msg file from the user's mailbox and
analyze it to determine both why it is not able to be parsed and how it came to
exist in the state that it is in.
- [System] CMNCCUser==[0|1|Yes|No|True|False]
-  An option to allow file transfers in WCIM has been added at
Ctrl+W|WorldClient (web mail)|WCIM.
-  The ActiveSync Service now cleans up old archived Xml and WbXml archives
during its nightly maintenance processing. The number of days for retention can
be specified from the Service Diagnostics Page. This assists you in maintaining
a fixed window of archival data for diagnostic purposes without having to monitor
and remove them manually. Also, ActiveSync Xml and WbXml archives can be configured
to go to the Logs\AirSync directory has it has done historically, or to go to a
Debug directory under the User's _ActiveSync/Client directory.
-  Updated MDSpamD to include Encode module for charset conversion and normalization.
-  Screens about BlackBerry Enterprise Server (BES) have been removed from
the 64-bit MDaemon's UI, since BES is only compatible with the 32-bit MDaemon.
-  The ActiveSync Client Information dialog now displays complete IP address
-  Added a simple searching function to Remote Administration's Queue Management.
The "*" wildcard can be used when the exact search text is not known.
-  Remote Administration will now validate email addresses added as List or
-  Added 32-bit/64-bit info to MDaemon.ini and MDStats Configuration Report.
-  Added XMPP configuration screen to Remote Administration.
-  Added the Weak Password Report functionality to Remote Administration
-  Added button to Remote Administration's Password Options that goes through
all accounts and flags any of them with a weak password to require a password change.
Note that this could result in accounts being locked out, so there are warnings
in place. Passwords can be changed using the UI, WorldClient or MDaemon Remote
-  Added the ability to disable logging of messages in XMPP Server logs
-  Added missing Gateway Verification options to Remote Administration
-  Added case-insensitive search option to ActiveSync Log Viewer
-  Added the ability to download a read-only copy of a calendar in iCalendar/webcal
format. This allows for a calendar to be viewed and subscribed to in Outlook, Google
Calendar, Mac iCal, and other applications. A read-only private URL, which contains
a unique access token, allows for access without requiring an accountâ€™s login details.
To view or reset the private URL for a calendar, select "Share Folder"
from the calendar's context menu in WorldClient using the WorldClient or Lookout
theme. Viewing or resetting the private URL requires "Administer / Full Control"
-  Added support for Outlook 2007 and later's
"Publish your calendar on a WebDAV server" feature. Only the
"Limited details" and "Full details" options are supported,
as WorldClient does not support events without a subject. The URL must be
the CalDAV path of a existing WorldClient calendar. The CalDAV path for a
folder can be found from the "Share Folder" dialog for the calendar in
WorldClient. The calendar's CalDAV path is its "private iCalendar feed
URL" before "calendar.ics", i.e. https://company.test:3000/webdav/calendars/company.test/user1/.
Please note that any existing events in the WorldClient calendar will not be deleted,
however these will not be visible in Outlook.
-  An edit box was added to Account Editor|Account Settings|Settings which
lets you enter a short list of email addresses for use with the automatic
processing of calendar requests.
-  ASMC logging has been improved and is more readable for diagnostic purposes.
-  Added options to the Outlook Connector centralized management for local
cache filename and attachments directory. By default they are not pushed to OC
clients. Enable the option to tell OC clients to move their data to the default
or custom locations. Requires OC plugin version 4.5.0 or newer. An example
custom local cache filename is "%APPDATA%\Alt-N\Outlook Connector
-  Management Service (XMLAPI) now supports SetQueueState operation.
-  ASMC: Added the ability to select which folder types to migrate. Run ASMC /?
to see new /FolderTypes flags.
-  MDaemon starts warning about impending license deactivation 7 days in
advance (up from 5 days).
-  Removed obsolete settings from Ctrl+W|WorldClient (web mail)|WCIM.
-  XMLAPI: UpdateDomain/Parameters/Details/Disabled does not work. FIXED.
-  XMLAPI: UpdateUser operation does not enforce strong password requirement.
-  fix to incorrect tab order when adding a new List Member in Remote Administration
-  fix to options missing from Remote Administration's MultiPOP settings
-  fix to from header modification not happening when from header data split
to multiple lines
-  fix to Remote Administration defaults for Greylisting don't match MDaemon's
-  fix to Remote Administration defaults for DMARC Settings don't match
-  fix to Remote Administration defaults for IPv6 don't match MDaemon's
-  fix to Remote Administration's ActiveSync Device Details dialog will
not show details for anything but first listed device
-  fix to Remote Administration's Content Filter "rule jump"
action not showing all available rules
-  fix to incorrect wording of Strong Passwords error in Remote Administration
-  fix to Remote Administration allowing admin to attempt to modify several
accounts at once
-  fix to MDPGP decrypt/verify operations too strict with auth credentials
-  fix to inconsistent application of SMTP and queue-based spam scans in some
-  fix to Mailing Lists Administrators and Outlook Connector Authorized Users
not being saved properly in Remote Administration
-  fix to mailing list editor allowing lists called "noreply" to
-  fix to F3 not auto-selecting the full name field for typing once the dialog
-  fix to tab order not working properly in MDPGP UI, Domain Manager UI, and
Mailing List Manager UI
-  fix to disabled/frozen accounts sometimes improperly re-enabled in the UI
-  fix to Remote Administration's mailbox size reports tooltip not showing
correct value for very large mailboxes with quotas
-  fix to Unknown Error when attempting to re-use an old password in Remote
-  fix to slight error with IP Validating function in Remote Administration
-  fix to adding inline images to an email message breaks Domain Signatures
-  fix to LookOut theme - "Remote images were blocked" not being
translated in external message window
-  fix to WorldClient theme - When printing a calendar, the print dialog window
does not launch
-  fix to Remote Administration's Mailing List Subscription Manager not
usable for non-local users
-  fix to IPv6 addresses not processed properly when computing Received headers
-  fix to LookOut theme - some languages - When selecting categories, the last
option is cut off at the bottom
-  fix to Mobile theme - no scroll bars on HTML emails
-  fix to WorldClient - When removing an attachment, browser ask if you want
to leave the page
-  fix to WorldClient theme - Search retains settings between switching folders
in Contacts but does not show search term
-  fix to WorldClient theme - Subject header text is truncated when viewed
with a right preview pane
-  fix to LookOut theme - Unable to create Contacts, Calendar, Tasks, or Notes
sub-folders in succession
-  fix to WorldClient - Japanese - When clicking Group By Company uncategorized
contacts are not displayed
-  fix to LookOut and WorldClient themes - Slideshow feature not working in
IE11 when message preview is enabled
-  fix to LookOut and WorldClient themes - The Default Contacts View setting
is not applied when clicking "To" in a composed message
-  fix to Remote Administration allowed non-local addresses to be added as
List or Domain Administrators
-  fix to XMPP Server sending Task/Calendar reminders with missing CR/LF
-  fix to MDPGP logging message init errors even when debug logging disabled
-  fix to confusing text in two MDPGP debug log strings
-  fix to unable to enable an account in Remote Admin that has an existing
-  fix to certain changes to DKIM Signing Settings in Remote Admin not seen
by MDaemon until server restart
-  fix to Account Editor items in Remote Admin out of order
-  fix to ActiveSync crash in mdmbsrch.dll when a search reads a corrupt .msg
-  fix to Winsock errors when using Outlook 2013 with ActiveSync
-  fix to possible MDASMgmt.dll crash when corrupt data is present in AirSync.ini
-  fix to non-ASCII characters are corrupt in read receipts generated by the
-  fix to no results when doing an ActiveSync DeepTraversal search on a virtual
-  fix to CalDAV/CardDAV GET responses do not contain a required ETag HTTP
header. This results in errors when attempting to synchronize a single item
with the "DAVdroid" client.
-  fix to incorrect label on the IPv6 screen in Remote Administration
-  fix to ActiveSync "Virtually merge public contacts into default contacts"
option not working
-  fix to LookOut theme - IE8 - the 'Delete' button on the button bar
above the message list does not delete messages when they contain attachments
-  fix to WorldClient - When exporting a calendar, the first Required Attendee
-  fix to possible WorldClient server crash
-  fix to possible CFEngine.exe crash
-  fix to CalDAV-Sync Android client unable to synchronize annual recurring
-  fix to LookOut and WorldClient themes - archive instances of recurring tasks
should include recurrence information
-  fix to iOS clients may not be sent all mail when doing an initial sync after
changing the filter type to "All"
-  fix to incorrect error response when an ActiveSync client requests to search
using an invalid collection ID
-  fix to invalid folder ID in Ping request may cause BlackBerry ActiveSync
client to resync
-  fix to MDaemon may hang for 10-30 seconds while attempting to validate a
remote SSL certificate if it cannot download certificate or revocation data from
the internet. Set MDaemon.ini [SSL] OfflineCertificateValidation=Yes to prevent
MDaemon from trying to download such data.
-  fix to Remote Administration allowing non-numeric characters on the Ports
-  fix for Outlook Connector, if the first instance of a recurring appointment
is changed outside of Outlook, the occurrence may no longer appear in Outlook
-  fix to ActiveSync recipient cache not retaining as many objects as it should
-  fix to LookOut and WorldClient themes - unread counts do not get updated
after deleting messages in a folder
-  fix to plugins log not archiving, not rolling-over by size, not updating
file name, etc.
-  fix to WorldClient - Safari 10 - LookOut and WC themes do not always
-  fix to absolute paths in some localized configuration files
-  fix to incorrect minger query results in some cases
-  fix to AccountPrune.log and ListPrune.log do not have file size limits
-  fix to Domain Sharing buttons disabled in Remote Administration
-  fix to minor formatting issue on Accounts page in Remote Administration
-  fix to meeting request notes are not read from iCalendar COMMENT field
-  fix to Outlook may crash after downloading an event with a start or end
date before 1900 using ActiveSync
-  fix to rare but potential crash when opening the Updates screen in
-  fix to memory leak in MDaemon UI while displaying ActiveSync sessions
-  fix to WorldClient memory leak
-  fix to possible memory corruption when sending DMARC aggregate reports