SecurityGateway for Email Servers v9.0 Release Notes

Developed with 20 years of proven email security expertise, SecurityGateway provides affordable email security. It protects against spam, viruses, phishing, spoofing, and other forms of malware that present an ongoing threat to the legitimate email communications of your business.

Click here to learn more about SecurityGateway for Email Servers.

SecurityGateway 9.0.0 - January 10, 2023

SPECIAL CONSIDERATIONS

• [25882] By default, mailbox names that contain a plus character (+) will now be considered to be subaddressed. The user verification process will consider the subaddress to be an alias. For example, user+folder@example.com will resolve as user@example.com and an alias where user+folder@example.com = user@example.com. New users for which the mailbox name contains a plus character cannot be created. Existing users for which the mailbox name contains a plus character are not automatically removed. They can be fixed up (renamed or merged) by running the Setup | Accounts | User Verification Sources | Verify Users process. An option to restore the previous behavior "Allow user mailbox name to contain plus (+) character" has been added to Setup | Accounts | User Options. When enabled, these mailbox names will not be considered aliases/sub-addresses. For example, user+folder@example.com will be considered its own user and not an alias of user@example.com.

MAJOR NEW FEATURES

• From Header Screening
  • [24420] New options have been added (Security | Anti-Spoofing | From Header Screening) to help expose fraudulent (spoofed) from headers sent from spammers that could potentially trick users into believing a message was submitted from a legitimate source.
• Web Interface Usability Enhancements
  • [13473] Added the ability to include up to four additional search header patterns, results, and reasons on message pages. Header patterns can be separated by AND/OR using a button toggle. Results and Reasons are always separated by OR
  • [4152] Added basic search to Setup/Users | Accounts | Domains and Users
  • [25743] Added the ability to resize, move, or maximize pop up windows
  • [26055] Added a mobile friendly list editor
  • [25119] Changed the Search dialog toggle feature to use a "Show/Hide" search paradigm and an additional Cancel Search button in the main toolbar.
  • [21150] Added Previous/Next buttons to the archived message view
  • [21291] Added a "Message(s) Restored" status message to the bottom right hand corner of the Search Archive pages
• Administrative Dashboard Page Improvements
  • [1073] Added display of available disk space for global admins on the dashboard page, and Setup/Users | System | Disk Space
  • [4622] Added count of active SMTP inbound and outbound sessions to the dashboard page
  • [4622] Added count of messages in administrative quarantine queue to the dashboard page for global administrators
  • [4622] Added count of messages in any user quarantine queue to the dashboard page for global administrators
  • [26183] Added ability to freeze the inbound and remote delivery queues

CHANGES AND NEW FEATURES

• [16162] Added option to include an HTTP Strict Transport Security (HSTS) header to HTTPS responses to Setup | System | HTTP Server. This option is enabled by default. When a browser that supports HSTS receives an HSTS header and the SSL certificate is valid, and any future HTTP requests made to the same domain will be automatically upgraded to HTTPS.
• [25874] SecurityGateway now supports TLS 1.3 on newer versions of Windows. Windows Server 2022 and Windows 11 have TLS 1.3 enabled by default. Windows 10 versions 2004 (OS Build 19041) and newer have experimental TLS 1.3 support that can be enabled for inbound connections by setting the following in the registry:

              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server
                  DisabledByDefault (DWORD) = 0
                  Enabled (DWORD) = 1

• [26075][23613] Extracting plain text from attachments now occurs in a separate process (filterhost.exe). This prevents a hung iFilter .dll from impacting the SecurityGateway process.
• [26348] Added "Referrer-Policy" and "Content-Security-Policy" HTTP headers
• [26325] Updated ClamAV to version 0.105.1
• [26477] Updated Cyren Outbreak Protection engine to version 8.2.0.10
• [5098] Added proxy support to Cyren AV updater, Cyren CloudAssist, and software update checks/downloads.
• [25197] Added an option to allow users to view their messages listed in the quarantine report. Global Admins can enable it at Setup/Users | Mail Configuration | Quarantine Configuration or Main My Account | Settings.
• [21166] Added a confirmation prompt when clicking on options in a quarantine report email
• [25544] Added an option to disable remember me on the current device/browser at Main -> My Account -> Settings and Settings for secure message users.
• [25992] Added a setting to Setup/Users | Secure Messaging | Recipient Options to allow admins to include contact information or a contact link on the sign-in page.
• [25994] Added a setting to Setup/Users | Accounts | User Options to allow admins to include contact information or a contact link on the sign-in page.
• [1472] Added a "Save and Test" button to the User Verification Source editor.
• [26167] Added a CSRFToken to the sign-in page
• [26166] Added a secondary session ID to web interface URLs to mitigate CSRF attacks
• [26168] Added a public/private key verification method as part of the Remember Me feature
• [25538] Updated the secure message notification emails with styles and slightly different language.
• [26074] Reduced number of database transactions.  This helps prevent the database from growing in size.
• [23493] The VBR certification host "vbr.emailcertifcation.org" has been deprecated and removed from VBR settings.
• [26281] Made the Change Password page have the Change Password button disabled until the passwords are valid.
• [26324] Added an option "Only delete messages from active archive stores" to Setup | Archiving | Compliance that controls if the "Automatically delete archived messages older than X days(s)" option only applies to active archive stores.  This option is enabled by default.  When enabled, the behavior is unchanged from previous versions.
• [26252] SMTP socket connection is now disconnected for SIEVE actions "error" or "reject" if they occur during the IP phase.
• [26251] At startup, locked messages in the inbound queue are now moved to the CrashDumps\InboundQueue directory. Messages in the inbound queue are unlocked when a response is sent to the sender. Locked messages may be orphaned in the inbound queue if the SecurityGateway process crashes or is terminated before it has a chance to shut down. Since the sender did not receive a response to the SMTP DATA command, they should send the message again. Delivering the message may result in the recipient receiving multiple copies. However, the content of these messages may be helpful for debugging crashes.  Any messages moved to this directory are automatically deleted after 30 days.
• [25712] LetsEncrypt - Changed the Log function to use add-content instead of out-file. Add-content uses the default system code page which should enable the log file to be viewed in SecurityGateway. No change will be made to the encoding of the log file until a new log file is created.
• [25713] LetsEncrypt - Updated the script to work with PS 7.

FIXES

• [25997] LetsEncrypt - Fix references to variable that was not being set
• [26288] fix to "aspmx.l.google.com" is not considered a Google Workspace (AKA GSuite) domain mail server
• [26308] fix to ClamAV doesn't run on Windows 2008 R2
• [26199] fix to Performance Monitor - Inbound Queue Messages only displays 0 or 1
• [26378] fix to Automatic Domain Creation adds an account that already exists as an external administrator
• [26374] fix to local global admin account is deleted after changing the password via the Administrators list
• [26443] fix to when used as a URIBL host Spamhaus SBL return codes "Query via public/open resolver (127.255.255.254)" and "Excessive number of queries (127.255.255.255)" are mistakenly considered as a "LISTED" response
• [23613] fix to "Error loading ifilter for file" errors when scanning messages with certain file types in sieve scripts
• [26571] fix to unable to add IP to a whitelist or blacklist where a wildcard character spans multiple octets, i.e. 192.168.*
• [26572] fix to SMTP Call Forward User Verification Source fails server does not advertise support for AUTH until after STARTTLS
• [26500] fix to when logging in with a space in front of the email address, a new account may be created containing the space if the user verification source returns a positive result
• [26585] fix to User Verification Source: maximum length of the search filter field may be too short. The maximum length has been increased from 256 characters to 1024 characters.