MDaemon Email Server | Secure On-Premise Email
Overview | Features | Pricing | Purchase | Download | Support | Anti-Virus| Contact Us | Blog Articles


MDaemon Server v18.0 Release Notes

MDaemon 18.5.1 - November 13, 2018

SPECIAL CONSIDERATIONS

[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.

CHANGES AND NEW FEATURES

FIXES

MDaemon 18.5.0 - September 25, 2018

SPECIAL CONSIDERATIONS

[18211] BlackBerry Internet Service feature integration has been deprecated and removed. The BIS service (if it still exists) will now interact with MDaemon as it would any other SMTP/IMAP server.

[20768] WAB functionality has been deprecated and removed from Ctrl+U|Other.

MAJOR NEW FEATURES

[19813] MDaemon Instant Messaging in Webmail

The WorldClient and LookOut themes now feature a browser-based XMPP client that lets users instant message without needing to run the MDaemon Instant Messenger desktop application or some other XMPP client application. Users can enable it from Webmail's Options | Personalize screen, "Enable MDaemon's Instant Messaging feature in browser". Admins can enable or disable instant messaging per domain using the Domain Manager, per account using the Account Editor, or per group using the Group Manager. It operates on ports 7070 (HTTP) and 7443 (HTTPS).

[19962] Exempt Webmail from Location Screening

Added a user option in Webmail to exempt Two Factor Authentication logins from Location Screening. If a user has BypassLocationScreeningTFA=Yes in the [User] section of their User.ini file, and Two Factor Auth is enabled for the user, Location Screening is bypassed. This allows users to login to Webmail in countries that would normally be blocked by Location Screening.

[20395] Improved AD Integration

Users whose accounts are set to use AD authentication can now change their AD password in Webmail if the "AllowADPasswordChange" setting is enabled in \MDaemon\WorldClient\Domains.ini. It is disabled by default.

[12576] Signature Macros

MDaemon signatures now support macros that insert contact information from the sender's contact in its domain's Public Contacts folder. This allows default and domain signatures to be personalized with the sender's information. $CONTACTFULLNAME$, for example, inserts the sender's full name, and $CONTACTEMAILADDRESS$ inserts the sender's email address. Use Webmail, MDaemon Connector, or ActiveSync to edit the public contacts. Blank values are used if no contact exists for the sender. See the documentation for a full list of supported macros.

The placement of MDaemon signatures can now also be controlled, if the sender wants them somewhere other than the bottom of the message. Use $SYSTEMSIGNATURE$ to place the default/domain signature, and $ACCOUNTSIGNATURE$ to place the account signature.

CHANGES AND NEW FEATURESS

FIXES

MDaemon 18.0.2 - June 12, 2018

CHANGES AND NEW FEATURES

FIXES

MDaemon 18.0.1 - May 15, 2018

CHANGES AND NEW FEATURES

FIXES

MDaemon 18.0.0 - April 17, 2018

[20008] Alt-N Technologies has changed its name to MDaemon Technologies. WorldClient is now MDaemon Webmail, WorldClient Instant Messenger is now MDaemon Instant Messenger, SecurityPlus is now MDaemon Antivirus, and Outlook Connector is now MDaemon Connector.

[19546] The MDaemon installer now includes MDaemon AntiVirus and MDaemon Connector, which are licensed separately.

[19512] The "From Header Modification" feature has changed. It operates as before however the format of the final modified From data has changed from this format: "Email -- Name" <Email> to this format: "Name (Email)" <Email>. This new format is more readable/usable/sortable etc. If you would rather keep the old format (your users may be used to it already) you can check a box at Ctrl+S|Screening|Hijack Detection|From Header Modification.

[19577] A past installer reset the option "Ctrl+S|Sender Authentication|SMTP Authentication|Authentication is always required when mail is sent from local IPs" to disabled for upgraders.  The installer has been changed to ignore this setting.  You must manually check that this option is set to your desire.  The default is for it to be checked (enabled) but you should check to be sure it is set how you want.

[19703] The following settings have had default values changed.  Existing installations should check to be sure the following settings are as desired: Ctrl+S|Security Settings|SSL & TLS|MDaemon: Enable the dedicated SSL ports... and SMTP server requires STARTTLS... options have had defaults changed from disabled to enabled. Ctrl+S|Security Settings|Sender Authentication|DMARC verification|Honor p=reject... has changed from disabled to enabled. Ctrl+S| Security Settings|Sender Authentication|SPF Verification|User local address in SMTP envelope...has changed from disabled to enabled. Ctrl+S|Security Settings| Screening|IP Screen|Apply IP Screen to MSA connections has changed from disabled to enabled. Ctrl+S|Security Settings|Screening|Host Screen|Drop connection after EHLO has changed from disabled to enabled.

[19612] Catalog functionality has been deprecated and removed from the UI.

[20220] All Virtru related support has been removed from MDaemon Webmail. Old encrypted messages can still be viewed in the Virtru Secure Reader.

[20339] Previously when a message was sent to an alias, MDPGP would encrypt it using the key for the actual email address. Now that same message won't be encrypted. To encrypt it now requires a key for the alias.

MAJOR NEW FEATURES

[19571] DNSSEC

Ctrl+S|SSL&TLS|DNSSEC allows you to request DNSSEC service from your DNS server(s). When enabled, MDaemon sets the AD bit when making DNS queries and checks for it in the answers. This may not work with all DNS server(s) (not sure) so you'll have to try with yours. DNSSEC service is only applied to messages that meet your selection criteria. DNSSEC service can be "requested" or "required" on a per-message basis. If "required" and DNS results fail to include authenticated data then the message is bounced back to sender. If "requested" then DNSSEC service is attempted but nothing happens if it fails.

Mail session logs will include a line at the top if DNSSEC service was used and "DNSSEC" will appear next to secure data in the logs.

IMPORTANT: MDaemon is a non-validating stub-resolver. This means that it will request authenticated data from DNS server(s) but it has no way to independently verify that the data it gets from them is secure. However, if you know/trust your connection to your DNS server(s) (for example, it runs on localhost or within a secure LAN or workplace) then you should use this as it will boost security.

DNSSEC lookups take more time and resource and I think less then 7% of domains have currently deployed it. That is why this is not configured to apply to every message delivery by default. However, if you want that, you can force every email sent to use DNSSEC by adding one line like "To *" into the configuration file (see Ctrl+S|SSL&TLS|DNSSEC).

[15288] Email Snooze

MDaemon Webmail was updated to allow a user to snooze an email. When a message is snoozed it will be hidden from the user for a designated period of time. To snooze a message, right click on it and choose the "Snooze for..." option in the context menu. Then choose how long you wish to snooze the message for. The "Choose a date and time" option is only available for browsers that support the date and time inputs. Hidden messages can be viewed in LookOut theme by clicking the "View Snoozed Messages" icon in the toolbar and WorldClient theme by choosing "view snoozed" from the view drop down menu in the toolbar. This feature is on by default. To turn off the feature, go to Options | Personalize, and find the Inbox Settings. Uncheck the "Enable Message Snooze" box. There are no snooze controls in Lite and Mobile theme, but snoozed messages are still hidden.

[1520] Public Calendars

In MDaemon Webmail users can publish a calendar to a publicly accessible link. Users have the option to password protect the calendar. To disable this globally, change the value of [Default:Settings] EnablePublicCalendars to No. To disable it on a per user basis, add CanPublishCalendars=No to a user's User.ini file. To publish a calendar, in LookOut or WorldClient theme, go to Options | Folders and click the "Share Folder" button next to the calendar you wish to publish. In the dialog, open the Public Access tab and if desired, fill in the display name or require a password, then click the "Publish Calendar" button. A confirm dialog will show up to tell the user what is about to happen. After clicking OK, an alert will display the new URL where the calendar is available. There will also be a link displayed on the page once the calendar has been published. To unpublish the calendar, click the "Unpublish Calendar" button. To change the password or the display name, click the "Update" button.

[10886] Remember Me

A "Remember Me" option has been added to the logon page of MDaemon Webmail. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Webmail Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Then if they have a bookmark with any of three View URL variables set (View=Main, View=Logon, or View=List) (or no View URL variable set), the user will be automatically logged in. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19865] "Remember Me" was also added to the Remote Administration logon page. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Remote Admin Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19738] Exempt Known ActiveSync Devices from Location Screening

An option has been added to allow a previously known ActiveSync device to bypass location screening. Administrators can enable this option to allow users to continue to access their account via ActiveSync from a location that is configured to block authentication attempts. In order to exempt the device it must have connected and authenticated using ActiveSync within the time frame configured to remove inactive clients. To exempt a device go to Setup / Mobile Device Management / Clients, select the client and click Settings, then check the box for Exempt from Location Screening.

You can also choose to Whitelist the address the client is connecting from. This can be used to allow other clients that might be connecting from the same IP address to also bypass location screening.

CHANGES AND NEW FEATURES

FIXES

MDaemon is a registered trademark of MDaemon Technologies, Ltd.
Copyright ©1996-2018 MDaemon Technologies, Ltd.