MDaemon Email Server | Secure On-Premise Email

Overview \| Features \| Pricing \| Purchase \| Download \| Support \| Anti-Virus\| Contact Us \| Blog Articles

MDaemon Server v18.0 Release Notes

MDaemon 18.5.3 - March 15, 2019

CHANGES AND NEW FEATURES

[21424] Updated to MDaemon Connector version 5.6.2

FIXES

[21312] fix to Webmail - Warn on Missing Attachments always warns in German
[21278] fix to Webmail - LookOut and WorldClient themes - Using "Add to Contacts" option causes Russian names to be corrupted
[21337] fix to Webmail - Attached EML files do not open up in a new tab when you click on them
[21350] fix to ActiveSync - When disabling ActiveSync for a secondary domain via Domain Manager, it disables it for the primary domain instead

MDaemon 18.5.2 - February 12, 2019

CHANGES AND NEW FEATURES

[20986] Webmail - Removed the "Click here to edit your signature" button by default (which allows the signature to always be edited). To require the button in order to edit the signature add ProtectSignature=Yes to the [User] section of the User.ini.
[21279] Updated to MDaemon Connector version 5.6.1

FIXES

[21084] fix to Webmail - Missing attachment warning is not displayed when using non-ASCII characters
[21105] fix to MDRA - Domain admins cannot create the allowed number of mailing lists
[21108] fix to WorldClient theme - "New Email" is not translated in the compose window heading
[21088] fix to Content Filter "Search and replace within HEADER" does not work for header values that have leading whitespace
[21128] fix to MDRA - ActiveSync Assigned Policy screen does not default to having the currently assigned policy selected
[21135] fix to Webmail - WebIM (XMPP) client's multi-user chat not working correctly
[21156] fix to Webmail displays incorrect sizes for very large attachments
[21144] fix to Webmail - Accepting a recurring meeting invitation may only place the first occurrence in the calendar
[21145] fix to hijack detection account frozen notification says the cause was dynamic screening
[21165] fix to CalDAV - iOS devices adding calendar events with no reminder have a 22467964 minute reminder applied
[21152] fix to MDaemon's "Maximum simultaneous connections to any single IP" setting does not work properly
[21171] fix to MDaemon.exe memory leak on Windows XP and Server 2003
[21210] fix to LetsEncrypt script may return an error when running under an external web server
[21094] fix to read-only iOS ActiveSync user can decline another user's meeting request within their shared calendar
[21226] fix to Webmail - XSS vulnerabilities
[21230] fix to MX lookups performed on smart host name when a route slip is used
[21240] fix to route slip is not moved along with message file when quarantined
[21245] fix to MDaemon fails to validate remote SMTP server's certificate when MX cache file is used
[21244] fix to Webmail - When removing an event via a cancellation e-mail, the calendar event is not removed

MDaemon 18.5.1 - November 13, 2018

CHANGES AND NEW FEATURES

[20982] The AV update schedule now defaults to once every hour. Existing AV schedules set to update daily will be reset to hourly. Please check your AV schedule at Setup | Event Scheduling and make whatever changes you feel necessary.
[20945] The options to refuse messages that are not RFC compliant or incompatible with DMARC do additional checks for invalid syntax in the From header.
[18790] Added support for a $COMPANYNAME$ macro that can be used in the MDaemon Connector pushed settings which returns the value of the CompanyName setting in the section for the user's domain in \MDaemon\App\Domains.dat. There is no UI for this setting.
[20944] Settings for the XMPP BOSH server have been added to the UI at Setup | Web & IM Services | XMPP.
[20474] Webmail - Changed the view snoozed messages option to display only snoozed messages, instead of displaying snoozed messages in addition to other messages.
[20847] MDRA - Added "Enable password recovery" and "Enable Remember Me" options to the Webmail domain settings at Main | Domain Manager | %DOMAIN% | Edit | Webmail Settings, and added "Enable password recovery" to Main | Webmail Settings | Settings.
[20854] MDRA - Added the Full Wipe button on the ActiveSync Clients page. The button is only enabled when the device has agreed to the designated policy.
[20879] MDRA - Added the Policy Usage page when clicking on the Usage button at Mobile Devices | ActiveSync | Policy Manager.
[21036] Webmail - Added a status message when the user clicks "Apply Changes" on the Signatures page and the request to the server completes.
[21056] AntiVirus - Updated Cyren AV to version 6.2.0r2. This version fixes a few reported scanning errors.

FIXES

[20910] fix to LetsEncrypt error emails not being sent when specific errors occur
[20918] fix to IMAP server does not return failure when AUTHENTICATE PLAIN authorization fails
[20951] fix to MDRA - a global or domain administrator can delete their own account
[18603] fix to Spam Filter max size setting is disabled in the GUI when using a remote MDSpamD
[19957] fix to Webmail - a long "cke_protected" line may be added to messages when replying in IE and Firefox
[17950] fix to Webmail Mobile theme - cannot scroll left to right on HTML emails on iPhones
[20990] fix to MDRA - unable to add entries to the Spam Filter White and Black lists
[20703] fix to MDRA - non ASCII characters in mailing list member names are not displayed correctly
[20996] fix to "Authenticated SMTP sessions are exempt from OP processing" option does not work
[20999] fix to Webmail - compose toolbar tooltips are not translated
[20998] fix to HTML markup in account signatures is escaped when inserted into HTML messages
[21003] fix to Webmail LookOut theme - hang while loading on IE 8 and IE 9
[21002] fix to reminder message is still sent after a calendar event's reminder is turned off
[21005] fix to ActiveSync XML/WBXML archiving does not function correctly
[21012] fix to clamd.exe is started even if ClamAV is disabled when MDaemon runs the first time after installing
[21014] fix to Webmail - non-ASCII characters in full name of meeting organizer are corrupted when creating an event in a shared calendar folder
[21019] fix to ActiveSync RequireAdminApproval not enforced when assigned at User Level
[21015] fix to Webmail - Autocomplete returns an old distribution list found in the common contacts list
[21021] fix to Webmail - meeting organizer is not able to edit attendees when creating a meeting in a shared calendar folder
[21022] fix to WorldClient theme - selecting messages and clicking "more" then "Toggle Flag" does nothing
[20991] fix to the "credentials must match" white list is not checked for the return path address
[20930] fix to MDRA - registration links are hard coded. Added dynamic Pricing, Purchase, and Upgrade links to each product.
[20243] fix to DKIM verification fails when using a domain or default signature that contains an inline image
[19777] fix to outbound message restrictions may not be enforced when sending from an alias
[19935] fix to SPF failure on HELO value can reject the connection before the client can authenticate
[21031] fix to ActiveSync MaxClientsPerUser not being enforced correctly at all levels of inheritance
[18972] fix to Content Filter "If RETURN-PATH and FROM HEADER differ" condition only works on inbound email
[19809] fix to MD GUI's Queues list includes Bayesian Spam and non-Spam folders when the paths have not been set
[19533] fix to MD GUI may crash when disabling the Enable XMPP Server option
[19817] fix to message body may be stripped when using a signature with inline image and DKIM signing is enabled
[17689] fix to From Header Modification not always handling parsing correctly
[2083] fix to MDIM contact list expand/collapse buttons do not work properly
[9322] fix to Webmail error importing particular calendar CSV file
[19236] fix to archive copy of a message may be sent to a recipient when using a smart host
[20674] fix to incorrect MIME parsing causing message to not display in Webmail or MDaemon Connector
[21042] fix to signature images added using the $ATTACH_INLINE$ macro may be duplicated
[18854] fix to MDIM notifies about all online XMPP contacts when logging in
[14427] fix to MDIM window pops up after switching away from General Preferences
[18428] fix to MDIM window does not save its size or location
[18062] fix to corrupted non-ASCII characters in MDPGP public key creation emails
[20987] fix to Webmail may not show a paperclip for a message with a PDF attachment
[21045] fix to XMPP server is slow to send the roster presence after login
[21025] fix to duplicate public contact may be created when changing an account's domain
[21048] fix to gateway recipient verification is skipped if sender is noreply@domain
[20950] fix to Webmail - XMPP - client translations are missing for most languages
[21058] fix to error when attempting to download an MDPGP public key via HTTP

MDaemon 18.5.0 - September 25, 2018

SPECIAL CONSIDERATIONS

[18211] BlackBerry Internet Service feature integration has been deprecated and removed. The BIS service (if it still exists) will now interact with MDaemon as it would any other SMTP/IMAP server.

[20768] WAB functionality has been deprecated and removed from Ctrl+U|Other.

MAJOR NEW FEATURES

[19813] MDaemon Instant Messaging in Webmail

The WorldClient and LookOut themes now feature a browser-based XMPP client that lets users instant message without needing to run the MDaemon Instant Messenger desktop application or some other XMPP client application. Users can enable it from Webmail's Options | Personalize screen, "Enable MDaemon's Instant Messaging feature in browser". Admins can enable or disable instant messaging per domain using the Domain Manager, per account using the Account Editor, or per group using the Group Manager. It operates on ports 7070 (HTTP) and 7443 (HTTPS).

[19962] Exempt Webmail from Location Screening

Added a user option in Webmail to exempt Two Factor Authentication logins from Location Screening. If a user has BypassLocationScreeningTFA=Yes in the [User] section of their User.ini file, and Two Factor Auth is enabled for the user, Location Screening is bypassed. This allows users to login to Webmail in countries that would normally be blocked by Location Screening.

[20395] Improved AD Integration

Users whose accounts are set to use AD authentication can now change their AD password in Webmail if the "AllowADPasswordChange" setting is enabled in \MDaemon\WorldClient\Domains.ini. It is disabled by default.

[12576] Signature Macros

MDaemon signatures now support macros that insert contact information from the sender's contact in its domain's Public Contacts folder. This allows default and domain signatures to be personalized with the sender's information. $CONTACTFULLNAME$, for example, inserts the sender's full name, and $CONTACTEMAILADDRESS$ inserts the sender's email address. Use Webmail, MDaemon Connector, or ActiveSync to edit the public contacts. Blank values are used if no contact exists for the sender. See the documentation for a full list of supported macros.

The placement of MDaemon signatures can now also be controlled, if the sender wants them somewhere other than the bottom of the message. Use $SYSTEMSIGNATURE$ to place the default/domain signature, and $ACCOUNTSIGNATURE$ to place the account signature.

CHANGES AND NEW FEATURESS

[20550] ActiveSync: Enforcing the EAS spec so that full wipe of clients is only possible if a policy has been applied.
[18707] Report Weak Password feature now reports an error if invalid or non-local recipient is entered.
[20628] Errant AV definition count removed from UI and auto-generated emails. This information is no longer available/relevant.
[20381] Added ActiveSync to the Accounts section in the left pane of the MDaemon GUI.
[20587] Low disk space calculations updated for large drives and auto generated warning emails use MB now rather than bytes.
(MDPC ONLY) [13955] MDRA - Added ability for domain admins to export users
[8856] MDRA - Added mail list views (except List Administrators) for list admins.
[20091] Webmail - Added options in the Compose and Options | Compose views to toggle the direction of the editor.
[20083] Webmail - Added ability for remembering the collapsed state between sessions for Favorite, Saved Search, Personal, Shared, Public, and My Folders.
(MDPC ONLY) [11594] MDRA - Added ability for Domain admins to give users access to MDaemon Connector
[20081] MDRA - Added a completed action notification to the bottom of the page when the user saves or takes an action on a page
[9286] MDRA - Added the rest of the Event Scheduling dialog for Mail Scheduling
[20114] Webmail - Added a plugin to the HTML editor that automatically converts a pasted URL into a link
[18829] MDRA - Added options to set custom HTTP response headers for the built in Webserver that WC and RA run on. Main->Webmail Settings->Web Server and Main->Remote Admin Settings->Settings. The option to UseHttpStrictTransport security is migrated when the server starts.
[13357] Webmail - Added an option to edit a contact after it is added from the From header in the message preview and external message views
[17397] Webmail - Added the Days selection checkboxes to the Options | Autoresponder view
[18810] Webmail - Added the ability to import an external calendar via URL on the Calendar Import view. Added External Calendars view to manage added URLs.
[14994] MDRA - Added MultiPOP-retrieved messages to all inbound charts
[20250] WorldClient theme - Added an "urgent" indicator in front of the subject heading on the compose view when a message is marked urgent
[20394] MDaemon can be configured to not create POP lock files, which prevent multiple POP3 clients from accessing the same account at the same time, by editing MDaemon.ini and setting [Special] CreatePOPLockFiles=No.
[20516] The Account Manager right-click menu has a new "Move Mail" option which lets you select a new root path for the account folder structure (ie.. this means you can replace the default C:\MDaemon\Users\ with an alternative). Selected accounts will have their entire folder structure moved to the new location. This includes all emails, folders, calendars, and really all data for the account. Although you select the new root folder MDaemon will automatically append "$DOMAIN$\$MAILBOX$\" to it so that the resulting filtered mail folder paths stay properly separated. Keep the number of characters in the root path as few as possible because there is still a 90 character limit on the total length of the account mail directory field. The "New Accounts" template's default mail folder path is also updated with this new value. This operation can be used to easily migrate user data from one volume to another either all at once or in blocks of users at different times. Pay heed to warning screens. This operations moves and deletes your user's critical data and there is always a potential for a mistake or failure to cause the entire loss of it. Therefore make a backup of the user data before migrating. This is easy by copying the existing root mail folder (C:\MDaemon\Users\ by default) somewhere else manually (Windows Explorer).
[18444] Webmail - Added the ability to change the categories on a per occurrence basis for calendar events.
[20476] Webmail - Added an option that allows a saved search to be cancelled upon selecting a different message folder.
[20535] Webmail - Added an HTTP JSON API with full documentation located at \MDaemon\Docs\API\WorldClient\WorldClientAPI.html
[18845] Webmail - Signature text in the compose editor now starts out read-only, to prevent users from accidentally typing message text there and having it erased when switching the From address.
[20616] MDRA - Frozen accounts are no longer allowed to login.
[20446] MDRA - Added Release and Re-Queue buttons to the Quarantine Queue
[20275] MDRA - Updated FusionCharts to 3.12.2
[20637] MDRA and Webmail - Updated CKEditor to 4.9.2 and added Speech Recognition plugin.
[4976] MDRA - Added "Importing Members" status indicator
[7889] MDRA - Added "Importing User Accounts" status indicator
[5665] MDRA - Added button to restrict MD folder access to Admins, Backup Operators, and SYSTEM accounts at Setup | Preferences | Disk
[19619] The ATRN password field was moved from the Settings page to the Dequeue page within the Gateway Editor and the ATRN field will not enable without a password.
[20491] MDRA - Added more Recommended Settings buttons to the following views:
- Security | Screening | Hijack Detection, Location Screening
- Security | Dynamic Screening | Options / Customize, Dynamic Whitelist, Protocols, Notifications
- Security | Content Filter | Attachments, Notifications, Recipients, Compression
- Spam Filter | Spam Filter | Spam Daemon (MDSpamD)
- Spam Filter | Spam Honeypots
- Logs | Log Settings | Log Mode, Statistics Log, Windows Event Log, Maintenance, Settings, Remote Admin Log Settings
[18846] MDRA - When deleting a message in the Queues the next message is selected in the list
[20214] MDRA - When a log is filtered a user can click on a line and it will open a frame to the page where that line is located, scroll to that line in the log, and highlight the line.
[19773] MDRA - Added button in the log viewer to turn on AutoRefresh. The setting for the auto refresh interval is located at Logs | Log Settings | Remote Admin Log Settings and the value has a minium of 5 with a maximum of 9999 in seconds.
[17841] MDRA - Added sorting to the ActiveSync Devices list under Mobile Devices | ActiveSync | Domains | Manage Devices. Sorting column and direction persist between sessions in the same browser (saved to browser storage).
[18414] MDRA - Added ability to monitor, start, and stop SMTP, IMAP, POP3, and MultiPOP services to Main | Status
[8782] MDRA - Added the 'Remove contacts which are missing name or phone data' button to Spam Filter | Spam Filter | Whitelist (auto) page
[9331] MDRA - Added the Restore Queues page at Setup | Mail Queues/DSN | Restore Queues Settings
[9289] MDRA - Added avupdate.log to the log files list at Logs | Log Files.
[20763] Changed installer to only overwrite Cyren AV definitions if older or missing
[20513] Webmail - Added the ability to remove a contact from the common contacts list when selecting a contact from the autocomplete list by using the "Delete" key (in Windows) on the selected contact.
[20261] WorldClient theme - Made MDaemon PGP encryption options more visible to the user
[16956] MDRA - Added ability to assign/edit policy settings per account at Mobile Devices | Active Sync | Account Management
[16955] MDRA - Added "Revoke All Accounts" button at Mobile Devices | Active Sync | Account Management
[16954] MDRA - Added the Client Management page at Mobile Devices | Active Sync | Client Management
[16953] MDRA - Added option to "Enable all domains unless explicitly disabled" at Mobile Devices | Active Sync | Domain Management
[16952] MDRA - Added "Day of month reset bandwidth statistics" option at Mobile Devices | Active Sync | Client Management | Select a client and click "Client Settings"
[16951] MDRA - Added "Enforce protocol restrictions" option at Mobile Devices | Active Sync | Client Settings | Edit an item in the list to view the client settings.
[12309] MDRA - Added more options to the Mobile Devices | Active Sync | Diagnostics page
[10850] MDRA - Added the "Create Tasks/Reminders for Flagged Mail Items" option at Mobile Devices | Active Sync | Client Settings | Edit an item in the list to view the client settings.
[20837] Updated to MDaemon Connector version 5.6.0
[11468] MDRA - Added a session cookie to increase the session security
[20849] CalDAV and WebDAV now support the creation and deletion of calendar, task, and contact folders from clients that support the MKCalendar and MKCol commands.
[20877] CalDAV server now stores the calendar color property and returns it to other CalDAV clients. At this time CalDAV calendar colors are not synchronized with Webmail.
[19472] Added support for the SASL-IR IMAP extension (RFC 4959).
[19470] Added IPv6 support to the XMPP server. Requires Vista/Server 2008 or newer.

FIXES

[17185] fix to Webmail - Folder ACL editor corrupts non-ASCII characters in Hiwater.mrk and AclShLookup.dat
[16925] fix to MDRA - When you create a new mailing list with a group as a member, a notification is sent to the actual "GROUP" entry
[20203] fix to LookOut theme - User Permissions for shared folder not displayed
[20228] fix to Mobile theme - Events are not loaded in the calendar view when switching months or years
[20542] fix to MDRA - "To address is missing" appears in "send note" content filter rules created by MDRA
[20575] fix to Webmail - In certain instances, a recipient's Display Name will be sent in punycode
[20618] fix to MDRA - Unable to add Dynamic Screening blacklist entry to an empty list
[20643] fix to whitelist@ and blacklist@ message parser ignoring \"From\" data when split to multiple lines
[20639] fix to pfdata.dat file not updating when renaming a public folder via the GUI
[20574] fix to mail folders are not moved during domain rename operation
[20520] fix to errant data in email sent when accounts are frozen by hijack detection
[20227] fix to possible crash when closing Mailing List Manager
[20661] fix to MDRA - Up/Down arrows don't move content filter rules
[20663] fix to MDRA - Domain Admins cannot apply the password options in an account
[9842] fix to MDRA - Added the De-list button to the Account Manager page
[20662] fix to Webmail - When the Edit IMAP Filters option is disabled, the Add Filter option is available
[20524] fix to Webmail - Forwarding mail in the Edge browser causes message body to disappear
[19660] fix to MDRA - excess whitespace on DS White and BlackList dialogs in Firefox
[19784] fix to MDRA - DS notification address can be saved without entering an email address
[19364] fix to MDRA - DS system options visible on Protocols dialog
[20678] fix to MDRA - Dynamic Screening Options lists an "Always" log level
[15210] fix to MDRA - When moving a user from one domain to another, MDaemon Connector permissions don't migrate
[15211] fix to MDRA - IMAP public folder extension is case sensitive
[16113] fix to MDRA - Going from ActiveSync Client Settings to Mailing Lists in the pop-out account editor results in mailing lists without a side menu
[16988] fix to MDRA - Alias selection does not remain highlighted when moving up/down
[18732] fix to MDRA - Cannot select default DKIM selector without selecting another first
[18735] fix to MDRA - Have to select No and then Yes to be able to save in Remove Attachments
[18738] fix to MDRA - Exit Code condition in Content Filter allows non-number entry, saves as NaN
[19781] fix to MDRA - The 'default notification address' field in the Dynamic Screen feature does not support external addresses
[20061] fix to MDRA - German account creation error is partial in English
[19398] fix to MDRA - the Log Parser is only parsing the Routing log file for English servers
[20702] fix to MD_VerifyUserInfo() not returning MDDLLERR_INVALIDFWD when account forwarding address field is not a valid email address
[20669] fix to Minger server refusing "noreply@" as invalid address when it shouldn't
[20701] fix to Webmail may truncate To header when sending a message to many addresses
[20747] fix to Webmail - Opening non-ASCII attachment on the Compose window in IE causes a 404 error
[20413] fix to LookOut and WorldClient themes - opening Webmail using MDIM by clicking on a folder other than Inbox, results in the clicked folder missing from the list
[20630] fix to Webmail - Pasting print screen image when composing message in Firefox using print screen button displays image twice
[8289] fix to MDRA - DomainPOP rules do not show up translated
[20762] fix to MDaemon Statistics Database fails to upgrade from version 17 to 18 and causes a hang
[20761] fix to possible MDaemon crash when archiving is enabled
[20792] fix to MD does not fully evaluate SPF records with deeply nested includes
[20808] fix to WorldClient theme - Other Headers prompt is missing the OK button
[20800] fix to MDRA - A message forwarded to a local account is routed to Remote queue when released
[16974] fix to MDRA - Unable to click the "Client Blacklisted/Whitelisted" boxes
[16967] fix to MDRA -"Replicate aliases to LDAP" in Alias settings is not disabled when LDAP is not being used
[16819] fix to MDRA - Shared Folders page doesn't refresh after adding new folder from Account Editor page
[20836] fix to MDRA - LAN Domains and LAN IPs are not listed
[19823] fix to MDRA - Invalid email address allowed at Main->Webmail Settings->RelayFax
[20838] fix to MDRA - missing string for Bandwidth chart
[19739] fix to MDRA - Alert does not work when Accessing Subscriptions page
[13619] fix to MDRA - Creation of user doesn't auto populate in list
[20786] fix to Webmail - Meeting request attendee is able to add additional attendees to the event
[20840] fix to LookOut and WorldClient themes - Compose attachments screen may not list all documents
[20844] fix to several MDaemon whitelists do not support IPv6 addresses
[20826] fix to Webmail - Meeting invite attachments that are included in the message instead of the ics file are not added to the meeting when accepted
[20841] fix to MDaemon Configuration Session is not updated with changes made in Remote Administration to LAN Domains, LAN IPs, IP Shield, and Domain Sharing
[20843] fix to MDRA - The Webmail Settings screen in Remote Admin's Domain Manager doesn't show the default values for most settings
[20860] fix to possible WorldClient.exe crash
[20874] fix to MDRA - Always allow connections from IP doesn't accept IPv6 address at Setup | Server Settings | Servers
[20873] fix to MDRA - Refuse messages larger than field can be set to negative values at Setup | Server Settings | Servers
[20803] fix to recipient blacklist is not checked when a null reverse path is used
[2339] fix to non-ASCII characters in signatures may not appear in received messages
[20835] fix to accounts are able to access ActiveSync even though ActiveSync is disabled for the domain if auto-provisioning is enabled. Note: You must also un-authorize any existing users from the domain that have already been granted access.
[20905] fix to MDaemon Connector release notes are sent to admins even when it's not licensed

MDaemon 18.0.2 - June 12, 2018

CHANGES AND NEW FEATURES

[20572] MDaemon Connector has been updated to version 5.5.2.
[19480] The MDaemon GUI does not display the toolbar at startup after it has been closed. Select Windows | Reset Toolbar to get it back.
[20223] Webmail - Added address validation to the default reply-to address field in Options | Compose

FIXES

[20421] fix to LookOut and WorldClient themes - Cannot use dot (.) in folder names
[20415] fix to MDaemon-Statistics database grows boundlessly due to Message Log parsing feature and causes high processor usage in Remote Admin
[20440] fix to MDRA - Dropbox - Using this dialog to add the App Key and App Secret saves the data with a different salt each time
[20439] fix to Webmail - Dropbox - Cannot save email attachments to Dropbox
[20441] fix to MD UI issues with the Start Time column on the Sessions pane
[18789] fix to Active Webmail Sessions performance counter is not always updated
[18131] fix to truncated DNS response when doing reverse lookup may cause mail to be refused
[20435] fix to MDRA - Webmail sessions listed as "WorldClient" instead of "Webmail"
[20433] fix to Webmail - "permanently delete" notification not translated
[20355] fix to Webmail - Creating an event from a message changes & to &
[20289] fix to Webmail - Creating an event from an HTML message results in styles showing up in the notes
[20349] fix to MDRA - Unable to edit a mailing list with a name that starts with "Everyone"
[20288] fix to LookOut theme - Long subject causes unexpected behavior when forwarding as attachment
[20125] fix to LookOut theme - Vertical scroll bar is not reset when switching to the next page of messages
[20463] fix to possible Webmail crash
[19554] fix to MDRA - Some default list outputs are not translated
[20492] fix to MDaemon server may hang while upgrading the statistics database
[20494] fix to Webmail - X-Mailer header in sent messages is "WorldClient"
[20450] fix to ActiveSync sessions not displaying in MD Configuration Session
[20499] fix to Webmail - PIM item attachments are not copied with the PIM item when it is moved or copied to another folder
[20504] fix to Webmail - Cannot upload a picture to a contact
[20501] fix to MDRA - Multiple submission addresses can be added to the same public folder
[20507] fix to Webmail - When common_contacts.json file contains null values, autocomplete stops returning queries
[20510] fix to MDPGP --pgpk not always honoring disable checkbox and also fixing a case-sensitivity issue
[20512] fix to Webmail - After setting a category on a message, sort order is changed to category
[20511] fix to Webmail - Import EML with no subject results in an error message but the message is still imported
[20509] fix to MDRA - possible high CPU usage
[20521] fix to Webmail - Removing the snooze from a categorized message also removes the category, and adding a category to a message might cause the message to be snoozed.
[20538] fix to MDRA - "Limit Simultaneous connections by IP to" can only be set to zero or 1
[19790] fix to Dynamic Screening does not honor the setting "Ignore authentication attempts using identical passwords"
[20540] fix to Content Filter may duplicate attachments extracted from winmail.dat
[20544] fix to missing client information on the ActiveSync wipe confirmation dialog
[20545] fix to calendar notes created on iPhone will not sync to server
[20547] fix to LookOut and WorldClient themes - the day view does not auto scroll to 7 am in non side by side view
[20542] fix to "To address is missing" appears in "send note" content filter rules created by MDRA
[20548] fix to meeting requests generated by MDaemon Webmail are not automatically accepted by Exchange servers
[20562] fix to MDaemon adding Kaspersky URLs to \MDaemon\SecurityPlus\antivirus.ini on a clean install
[20529] fix to Dynamic Screening may re-freeze an unfrozen account after a single authentication failure
[20525] fix to ActiveSync changes to tasks are not synced to MDaemon Connector
[20569] fix to a user may be able to post to a mailing list when they do not have rights to post
[20570] fix to old TarpitConnect.dat entries are not removed
[20561] fix to possible crash in MDAirSync.dll
[20586] fix to possible CFEngine.exe crash

MDaemon 18.0.1 - May 15, 2018

CHANGES AND NEW FEATURES

[20483] MDaemon Connector has been updated to version 5.5.1. Please see what changed in MDaemon Connector 5.5.1 here:
http://archive.altn.com/outlookconnector/Archive/5.5.1/RelNotes_en.html
[20005] The "Registration Information" screens have been removed from the MDaemon installer. The MDaemon GUI now asks for this information when it starts up for the first time and whenever the registration key or major version number changes.

FIXES

[20426] fix to possible Webmail crash when deleting meeting occurrences
[20443] fix to AntiVirus error message is logged at MDaemon startup on systems that have never used AV
[20445] fix to SMTP MSA port may require STARTTLS even when STARTTLS is disabled
[20478] fix to Remote Administration text editor removes the first 3 characters of signatures and administrator notes
[20480] fix to some MDaemon Connector features are not disabled when using an expired MDaemon Connector registration key
[20508] fix to PGP related vulnerability as described at https://efail.de/

MDaemon 18.0.0 - April 17, 2018

[20008] Alt-N Technologies has changed its name to MDaemon Technologies. WorldClient is now MDaemon Webmail, WorldClient Instant Messenger is now MDaemon Instant Messenger, SecurityPlus is now MDaemon Antivirus, and Outlook Connector is now MDaemon Connector.

[19546] The MDaemon installer now includes MDaemon AntiVirus and MDaemon Connector, which are licensed separately.

[19512] The "From Header Modification" feature has changed. It operates as before however the format of the final modified From data has changed from this format: "Email -- Name" <Email> to this format: "Name (Email)" <Email>. This new format is more readable/usable/sortable etc. If you would rather keep the old format (your users may be used to it already) you can check a box at Ctrl+S|Screening|Hijack Detection|From Header Modification.

[19577] A past installer reset the option "Ctrl+S|Sender Authentication|SMTP Authentication|Authentication is always required when mail is sent from local IPs" to disabled for upgraders. The installer has been changed to ignore this setting. You must manually check that this option is set to your desire. The default is for it to be checked (enabled) but you should check to be sure it is set how you want.

[19612] Catalog functionality has been deprecated and removed from the UI.

[20220] All Virtru related support has been removed from MDaemon Webmail. Old encrypted messages can still be viewed in the Virtru Secure Reader.

[20339] Previously when a message was sent to an alias, MDPGP would encrypt it using the key for the actual email address. Now that same message won't be encrypted. To encrypt it now requires a key for the alias.

MAJOR NEW FEATURES

[19571] DNSSEC

Ctrl+S|SSL&TLS|DNSSEC allows you to request DNSSEC service from your DNS server(s). When enabled, MDaemon sets the AD bit when making DNS queries and checks for it in the answers. This may not work with all DNS server(s) (not sure) so you'll have to try with yours. DNSSEC service is only applied to messages that meet your selection criteria. DNSSEC service can be "requested" or "required" on a per-message basis. If "required" and DNS results fail to include authenticated data then the message is bounced back to sender. If "requested" then DNSSEC service is attempted but nothing happens if it fails.

Mail session logs will include a line at the top if DNSSEC service was used and "DNSSEC" will appear next to secure data in the logs.

IMPORTANT: MDaemon is a non-validating stub-resolver. This means that it will request authenticated data from DNS server(s) but it has no way to independently verify that the data it gets from them is secure. However, if you know/trust your connection to your DNS server(s) (for example, it runs on localhost or within a secure LAN or workplace) then you should use this as it will boost security.

DNSSEC lookups take more time and resource and I think less then 7% of domains have currently deployed it. That is why this is not configured to apply to every message delivery by default. However, if you want that, you can force every email sent to use DNSSEC by adding one line like "To *" into the configuration file (see Ctrl+S|SSL&TLS|DNSSEC).

[15288] Email Snooze

MDaemon Webmail was updated to allow a user to snooze an email. When a message is snoozed it will be hidden from the user for a designated period of time. To snooze a message, right click on it and choose the "Snooze for..." option in the context menu. Then choose how long you wish to snooze the message for. The "Choose a date and time" option is only available for browsers that support the date and time inputs. Hidden messages can be viewed in LookOut theme by clicking the "View Snoozed Messages" icon in the toolbar and WorldClient theme by choosing "view snoozed" from the view drop down menu in the toolbar. This feature is on by default. To turn off the feature, go to Options | Personalize, and find the Inbox Settings. Uncheck the "Enable Message Snooze" box. There are no snooze controls in Lite and Mobile theme, but snoozed messages are still hidden.

[1520] Public Calendars

In MDaemon Webmail users can publish a calendar to a publicly accessible link. Users have the option to password protect the calendar. To disable this globally, change the value of [Default:Settings] EnablePublicCalendars to No. To disable it on a per user basis, add CanPublishCalendars=No to a user's User.ini file. To publish a calendar, in LookOut or WorldClient theme, go to Options | Folders and click the "Share Folder" button next to the calendar you wish to publish. In the dialog, open the Public Access tab and if desired, fill in the display name or require a password, then click the "Publish Calendar" button. A confirm dialog will show up to tell the user what is about to happen. After clicking OK, an alert will display the new URL where the calendar is available. There will also be a link displayed on the page once the calendar has been published. To unpublish the calendar, click the "Unpublish Calendar" button. To change the password or the display name, click the "Update" button.

[10886] Remember Me

A "Remember Me" option has been added to the logon page of MDaemon Webmail. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Webmail Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Then if they have a bookmark with any of three View URL variables set (View=Main, View=Logon, or View=List) (or no View URL variable set), the user will be automatically logged in. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19865] "Remember Me" was also added to the Remote Administration logon page. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Remote Admin Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19738] Exempt Known ActiveSync Devices from Location Screening

An option has been added to allow a previously known ActiveSync device to bypass location screening. Administrators can enable this option to allow users to continue to access their account via ActiveSync from a location that is configured to block authentication attempts. In order to exempt the device it must have connected and authenticated using ActiveSync within the time frame configured to remove inactive clients. To exempt a device go to Setup / Mobile Device Management / Clients, select the client and click Settings, then check the box for Exempt from Location Screening.

You can also choose to Whitelist the address the client is connecting from. This can be used to allow other clients that might be connecting from the same IP address to also bypass location screening.

CHANGES AND NEW FEATURES

[19372] Added ability to specify which protocols use Location Screening.
[19507] LookOut and WorldClient themes - Added PIM attachments for Contacts, Tasks, and Notes
[19575] IP and Host Screening UI previously shared controls at the bottom of their configuration screens but now the items related to IP Screening will be on the IP Screening screen and the Host Screening on the Host Screening screen (can I say screen one more time).
[13359] MD Webmail - Added options to decide how to handle the original message when replying or forwarding on the Options | Compose page under "Replying and Forwarding". The options are as follows: Do not include, Attach, Include, Include and Indent, Prefix. The option "Do not include" is unavailabe when forwarding a message. For plain text messages the user can configure their own prefix up to 4 characters long. A space will be included after the 4 characters.
[5652] MD Webmail- Added the ability to customize the attribution of original messages in replies and forwards on the Options | Compose page under "Replying and Forwarding". The options are as follows: None, Include From, Date, To, and Subject lines from original message, Custom format (plain-text only). Custom format has two required macros, %SENTDATEANDTIME% and %SENDER%. If either macro is not used, then MD Webmail will default to the second option.
[19558] MD Webmail- increased the length of the private ical feed token found in the Folder Share and Calendar Export views. The token will only increase in length if it has yet to be created, or the user resets it.
[19547] MDRA - Made the "No Results" box in Message Search grey so that it does not look like a button
[19462] MDRA - Moved the "Edit Mailing List Admins" button to the "Mailing List Subscription Manager Options" section under Main -> Remote Admin Settings
[19460] MDRA - Increased the height of the Gateway Manager Settings window
[19499] MD Webmail - Added an option to include a Terms of Use acknowledgment on the logon page. When Terms of Use is required, user's will not be able to login without clicking the checkbox.
[19568] A new screen exists at Ctrl+W|Terms of Use which allows you to configure a Terms of Use message that will appear to Webmail and Remote Admin users which they must agree to before the services can be used.
[19500] MDRA - Added an option to include a Terms of Use acknowledgment on the logon page. When Terms of Use is required, user's will not be able to login without clicking the checkbox.
[18868] MDRA - Added button to set the settings on a page to the "Recommended" settings. So far, only some security related pages have this button.
[19657] MD Webmail - Added an option to increase/decrease the spacing between lines in the Compose view's HTML editor
[19444] MDRA - Added ability for Message Search to return messages that were not accepted after the DATA command by searching the From and/or Recipients fields.
[19688] MD Webmail - Added better logging information for session failures when debug level logging is enabled
[15557] MD Webmail - Added MDaemon PGP options to the Compose view for WorldClient and LookOut themes
[19022] MD Webmail - Added the Country to Login History in Options | Security
[19702] MDRA - Added a Last Accessed column under the Main | Accounts settings
[19737] MD Webmail - The "UserCategories.js file has malformed data" message will only be displayed when the data returned from the server is not in an array format.
[19744] MDRA - Added SSL & HTTPS views for RA and Webmail under Main | Webmail Settings and Main | Remote Admin Settings.
[4368] MDRA - Added the SSL & TLS views from the MDaemon GUI under Security | Security Settings | SSL & TLS. STARTTLS White List and STARTTLS List are buttons located under the Security | SSL & TLS | MDaemon link.
[12548] MDRA - Added more filtering options to the Account list. Added the Groups column to the filter column options. Display ActiveSync, Outlook Connector, IMAP Access, POP Access, Over Quota, Near Quota, Frozen, Disabled, and/or Active accounts.
[14013] MDRA - Improved filter ability. If no wildcards are included by the user, the filter term is treated as though it were surrounded by wildcards. So "test" would be treated as "*test*".
[13358] MD Webmail - Added an automatic feature to the auto complete functionality that will display the three most commonly used contacts related to the search string at the top of the list. Auto complete is used in multiple views, and the feature is active wherever auto complete is used.
[4636] MDPC/MDRA - Added the Web Services tab for domain administrators when editing user accounts other than their own. The "...edit quota settings" option is disabled for domain administrators.
[9361] MDPC/MDRA - Added the Security->Screening->Sender Blacklist and Recipient Blacklist views for domain admins. Additional options, "Check message headers for blacklisted addresses", and "Notify blacklisted senders that their message was refused" on the Sender Blacklist view are not available for domain admins because they are not domain specific options.
[19937] MDRA - Users are now prevented from setting the Webmail List Refresh Time to anything less than 1
[19943] MD Webmail - Added workaround to a bogus vulnerability detected by PCI compliance scan
[19971] MD Webmail - Added an option for signed messages with p7s and p7b attachments to import the S/MIME public certificate to the sender's contact data.
[14141] LookOut and WorldClient themes - Added an option to include a custom image/icon with each custom link. After the CustomButtonLink1 entry, add CustomButtonImage1=filename.extension. Place filename.extension in the MDaemon\WorldClient\HTML\All\Images directory in order for it to be used. The expected image size is 32x32. It will be automatically resized, so the original image should also be 32x32 for the sake of aesthetics.
[19939] MD Webmail - changed the autocomplete feature to include domain name matches with contact email addresses
[19931] MD Webmail - Added autocomplete="off" to the "Verify Pairing" field for the Two Factor Authentication setup
[19973] MD Webmail - Updated the Voice Recorder error message for the cases where microphone permission is off or the user is not using HTTPS
[20021] LookOut, WorldClient, and Mobile themes - Added speech synthesis to the message views. Users can click the "Read Message" button to listen to the message. Only supported in the latest Chrome and Firefox.
[16747] MDRA - Added the options to Allow or Require Two Factor Authentication to the user Web Services page
[19867] MD Webmail - Added phone number links to all themes in the contact list view to allow users to click on the phone number to make a call
[16806] MDRA - Added Learn Spam and Learn Non-Spam buttons to all Queues. The buttons copy the selected messages into the Bayesian Spam and Non-Spam folders respectively.
[14268] MDRA - Added the Max Records field to Reports that are using bar graphs. Maximum is no greater than 100 records for the views in question. Inbound Email->Top Recipients, Top Recipients by Size; Outbound Email->Top Senders, Top Senders by Size; Anti-Spam->Top Spam Scores, Top Recipients; Anti-Virus->By Name
[19268] MDRA - Message Search - Added a message for the case that the user either does not have permission to view the logs or the statistics database is not enabled. If the statistics database is not enabled, a button will be present that will take the user to the Logs->Log Settings->Statistics Log view.
[19473] Added a counter to show connections refused by location screening.
[19579] Changed dynamic screening notifications to go to global administrators by default instead of the postmaster, to avoid problems when the postmaster alias is not set up.
[20085] MDLaunch /stop will try to forcibly terminate the MDaemon.exe process if it has not stopped after two minutes.
[4270] The Content Filter can now extract files from inside of winmail.dat and turn them into standard MIME message attachments. Enable this at Security | Content Filter | Compression.
[20023] ActiveSync - Selected client Settings over-rides can now be applied to specific device types and security groups. For example, one could ensure that all ActiveSync connections with Outlook for Windows virtully merge their domain's Public Contacts into the user's default contact folder, or enable location screening exemptions for ActiveSync connections from members of a specific group.
[19958] ActiveSync does not encode the name in the From header if it contains only ASCII characters.
[19513] Ctrl+S|SSL & TLS has a new screen called Let's Encrypt where you can configure automation of a PowerShell script that requests and sets up free TLS certificates from Let's Encrypt.
[20216] Updated ClamAV to version 0.99.4, and the 64-bit version of MDaemon now uses 64-bit ClamAV.
[20235] LetsEncrypt will now clean up files older than 180 days from the Acme-Challenge and MDaemon\PEM directories. Only .PFX files that have a file name beginning with the FQDN configured in MDaemon are removed. The names of the files that are removed are logged in the LetsEncrypt Log file.
[20253] The right click menu commands to white list and black list from the Queues screen have been removed. Also, the Spam Filter White List and Black List screens now open in read only mode until an "Advanced" button is clicked.
[20311] Added Antivirus mailbox scanning. Under Security->AntiVirus select 'Scan all mailboxes every n day(s)'. This allows for detecting of any infected messages that may have passed through before virus definition updates could be updated to detect them. Infected messages will be moved to the quarantine folder with 'X-MDBadQueue-Reason' header added so that there will be an explanation when viewed with MDaemon configuration screen. Messages that cannot be scanned will not be quarantined.

FIXES

[19567] fix to host name sometimes missing from SSL related logging
[19210] fix to DMARC contact email not accepting aliases to a subaddressed account
[19683] fix to MD Webmail Compose page may take a very long time to load when doing reply or forward on a large HTML message
[19621] fix to API not saving gateway configuration data in some cases
[19662] fix to MDRA - Public Folder Editor has old Alert message
[19663] fix to MDRA - Public Folders Access Control alert typo
[19747] fix to LookOut and WorldClient themes - PDF Viewer - If there are non-breaking spaces ( ) in the name of the file, it will not load
[19761] fix to WorldClient theme - filters are not saved after being reordered
[19877] fix to WorldClient theme - Reply and forward flags are not updated immediately after sending the message
[10595] fix to MD Webmail - Documents - Drag and drop of multiple files into Documents folder results in only 1 file uploaded, no error message
[15747] fix to MD Webmail - French - When creating a folder called "Courrier" in the root, the Inbox no longer displays messages
[16050] fix to MDRA - Active Sessions not showing MDaemon Webmail sessions
[18351] fix to CALDAV client may not display the last occurrence of recurring event that occurs until a specific date
[17112] fix to if an attendee's email address is an alias, the attendee's response status will not be recorded in the event
[19961] fix to potential crash in CalDAV server
[15184] fix to LookOut and WorldClient themes - Default Contacts View does not apply to address book opened from the Compose view
[19978] fix to LookOut and WorldClient themes - When changing a category in a shared folder, others do not see the change immediately
[19928] fix to MD Webmail - A meeting request attached to a message thread displays the meeting information but not the message body
[19916] fix to MDRA - Deleting entry from ACL closes the dialog
[19946] fix to MDRA - German - When deleting an account, the confirmation box cuts off the buttons
[17625] fix to WorldClient theme - Searching between two dates with more recent date first gives results after more recent date
[19984] fix to MDRA - the Start / End Time field overlaps the Start / End Date drop-down box on the Autoresponder view
[19990] fix to WorldClient theme - Calendar View - The add folder icon is displayed below on languages where the name is too long
[19992] Fix to MD Webmail - the message list may show spoofed FROM headers unless View Sender is set to All
[19669] fix to Lite and Mobile themes - Carriage returns are missing in the body when viewing a message
[19996] fix to MDRA - Invalid forwarding address reported when attempting to set account to forward to multiple addresses
[20031] fix to WorldClient theme - The + to add a folder does not show a tooltip when hovered over
[20032] fix to WorldClient theme - Some of the background color is not being hidden when printing a calendar
[20027] fix to MD Health Check - if you click Analyze again after copying an entry to the clipboard the application crashes
[20052] fix to possible MDaemon crash when processing messages from the local queue
[20059] fix to Webmail - When downloading a zip of files from a message with multiple files of the same name, only the first file is included
[20082] fix to Webmail - Desktop Notifications are received, even though they are disabled
[20074] fix to WorldClient and LookOut themes - An extra message may be selected after copying messages
[20109] fix to MD Webmail - might incorrectly display a sender is DKIM verified
[20136] fix to CalDAV - Unable to change date of single occurrence of recurring event
[20137] fix to CalDAV - In Thunderbird/Lightning an all day recurring event where a specific occurrence has been changed to occur on a different date is not displayed correctly. The event is displayed on both the date the occurrence has been changed to and the original date of the occurrence.
[20159] fix to Webmail - Slideshow - if an image is taller than the height of the screen, the width will be set to the screen width
[20113] fix to corrupt text in translated Dynamic Screening emails
[20000] fix to ActiveSync - various changed occurrence entries cause Outlook to stop syncing the calendar
[20128] fix to IPs are still blocked by Dynamic Screening when Enable Authentication Failure Tracking is disabled
[20101] fix to possible MDaemon crash when generating a Dynamic Screening notifcation email
[20084] fix to possible MDaemon hang during shutdown
[19995] fix to ActiveSync - creating top-level folders in Outlook will also create same folder name under Inbox
[19981] fix to possible ActiveSync server crash when a client replies to a message
[19969] fix to ACL editor GUI may show extra character in Name field for anyone@domain entry
[19967] fix to ActiveSync - last occurrence of recurring event may be missing on iOS
[19960] fix to possible WorldClient.exe crash related to Dynamic Screening
[19941] fix to Chinese ActiveSync policy names are corrupt
[20177] fix to DAV server not properly enforcing dynamic and location screening
[20178] fix to XMPP server not using location screening
[20200] fix to Webmail - Cannot share a folder to a group
[20184] fix to Mobile theme - When sending to unknown user, no pop-up is displayed
[2032] fix to LookOut theme - message preview does not block remote images except in the Inbox
[20240] fix to Mobile theme - French - Unable to delete a calendar appointment
[20265] fix to specific messages locking the local queue with high CPU usage
[20229] fix to CALDAV: Report command with no date filter may not return all calendar events
[20268] fix to List-Unsubscribe header is not automatically added to mailing list messages when "Honor '<List>-subscribe' and '<List>-unsubscribe' addresses" is enabled
[20273] fix to Webmail - Advanced Search - Searching for any text string in the message body returns all messages in all folders in the user account in the search results
[20271] fix to CALDAV: Specific data in calendar XML database file causes Thunderbird/Lightning to hang when synchronizing calendar
[20278] fix to $CALTXT$ macro is not replaced in calendar reminder email messages if the length of the comments/body field of the event exceeds 1000 characters
[20270] fix to Dynamic Blacklist GUI may not display all DSBlackList.dat entries
[20310] fix to recurring events from specific CalDAV clients are always saved as all day events
[20320] fix to ActiveSync: Time of recurring events may shift on Android devices by one hour after the start or end of daylight saving time
[20319] fix to MDRA - Any changes made to a global admin's ActiveSync Client Settings are applied globally
[20092] fix to meeting responses may be sent from the wrong account
[20339] fix to MDPGP not properly using keys assigned to aliases
[20360] fix to when a 'GET' command is used with CalDAV, "private details" of private calendar events are not filtered out
[20358] fix to possible MDaemon hang when the MDPGP option "Trade public keys during SMTP mail sessions (MDaemon)" is enabled
[20352] fix to MDPGP not signing some messages when configured to do so
[20378] fix to CalDAV: Free/Busy lookups from Mac iCal calendar application return no results
[20387] fix to MDaemon may send messages to the wrong smart host

MDaemon is a registered trademark of MDaemon Technologies, Ltd.