-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hallo,
MDaemon 9.6.3 release pagi ini :
ftp://ftp.dutaint.com/altn-mdaemon/md963_en.exe
http://ftp.dutaint.com/altn-mdaemon/md963_en.exe
- -------------------------------
MDaemon 9.63 - November 6, 2007
- -------------------------------
* MDaemon's implementation of Sender Signing Practices for DKIM has been
updated to a more recent IETF draft. I am hopeful that this draft will be
substantially close to what the final version will look like (although work
is ongoing). A copy of this draft proposal can be found here:
http://www.dkim.org/specs/draft-ietf-dkim-ssp-00.txt.
MDaemon no longer supports the older SSP draft. MDaemon will not
query DNS for older SSP records nor will it recognize the format of
those older records. The current SSP draft has a new format and
location in DNS for this data.
Assuming you are using SSP, Alt-N recommends updating it as follows:
(a) Create a DNS TXT record containing the following (minus the
quotes):
"dkim=unknown" - if you are signing some, but not all, of your mail
"dkim=all" - if all mail is signed by you or someone else
"dkim=strict" - if all mail is signed only by you
(b) Place the TXT record at "_ssp._domainkey.<domain>" (minus the
quotes) where <domain> is the domain name specifying the SSP
policy. For example: "_ssp._domainkey.altn.com".
(c) Remove any old SSP record which may exist at
"_policy._domainkey.<domain>" (minus the quotes) where <domain> is
the domain name specifying the older SSP policy. Alternatively,
you could leave this record in place for a time for legacy
verifiers.
Any dns_readme.txt files generated by MDaemon prior to this version of
the software will contain incorrect instruction on how to configure
SSP.
These changes DO NOT affect DKIM signing or verifying (RFC4871).
These changes DO NOT affect selectors, public or private keys, or data
stored in DNS related to selectors or any other aspect of RFC4871
behavior.
* MDaemon's implementation of Minger has been updated to the most recent
draft. A copy of the most recent draft proposal will be available
from the IETF web site soon (or you can email me - [EMAIL PROTECTED] -
and I can send you a copy).
It was necessary to change the way the Minger query string is formed.
As a result the Minger server and client included in this version of
MDaemon is not compatible with previous MDaemon versions. For Minger
to continue to work you will need to update all your 9.6x installs to
this patch.
* The following changes to MDaemon's use of SpamAssassin have been made:
(a) MDaemon installs the current default rule set into a new folder
called default_rules. This folder should never be used by
customers.
(b) The existing rules folder was purged of all .cf files which were
included in previous default installations.
(c) Learn.bat was updated to reflect the new default_rules path.
* [6723] The address book white listing feature has been improved in
order to enhance security and prevent abuse. In order for a message
to trigger the address book white listing system it's FROM address
must have been authenticated with either SIDF or DKIM. In the case of
DKIM, the signing domain must match to the domain taken from the FROM
header. A new switch governing this behavior has been added to a
slightly reworked Spam Filter White List (auto) UI tab. This new
requirement is enabled by default and it is strongly recommended that
you keep it enabled.
o [6813] Some performance enhancements have been made. First, a partial
fix to the "create fail for window" errors and "Thread Creation Error:
12" problems have been found. Although a complete fix will come in a
future version, this version of MDaemon should be able to handle many
more simultaneous connections than previous versions. The hard limit
is imposed by Windows which limits the amount of resources granted to
any process.
o [3128] In WorldClient added the ability to delete individual
occurrences of recurring events in the desktop themes. This will allow
users to delete events that happen on holidays without removing all of
the instances of the event from their calendar. SyncML has also been
updated to support deleted occurrences or recurring events.
o [6692] MDaemon's implementation of AUTH-RES has been updated to
reflect the most recent draft which has several excellent changes.
There is now a single Authentication-Results header which documents
the result of all authentication processing. For more information on
AUTH-RES read:
http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-08.txt
o [6685] By default, MDaemon will no longer insert "Recieved-SPF"
headers into messages when no SPF data is available. If you would
like to continue to have MDaemon insert this header even when no data
is available you can configure for that using Alt+X | SPF/Sender-ID
tab and unchecking the "...except when the SPF result is 'none'"
option.
o [6682] Backscatter Protection processing will copy its results into a
new header called X-MDBP-Result. This header will be present for all
messages sent to a single RCPT which trigger BP processing. The
header will contain the result of the BP test (pass, fail, or fail
expired) as well as the reason the message wasn't outright rejected
(matched to a white list, not configured to reject, etc).
o [6696] MDaemon inserts various new headers into messages in a more
organized fashion now.
o [6700] The X-Lookup-Warning header has been deprecated. It suffers
from the following problems:
(a) It is not stripped on incoming which means it can't be reliably
used for filtering.
(b) It is a single header trying to represent three different lookup
results which is impossible (subsequent lookups overwrite previous
results thus causing data loss).
(c) It is configurable (even the header name!) which makes it
impossible to police.
The header was replaced with three non-configurable, purpose built
headers that do not suffer from such problems. They are
X-MDPtrLookup-Result, X-MDHelo-Lookup-Result, and
X-MDMailLookup-Result.
Eventually, all these headers will be deprecated in favor of
exclusively using Authentication-Results.
o [6701] The X-RBL-Warning header has been deprecated. It turns out
that the feature to automatically generate account filter rules to
move messages with this header into the Junk Email folder
automatically has never worked because the rule tested for "is equal
to 'Yes'" when this header never contained that value. The
installation process will remove this worthless rule for all accounts.
If you want to reapply a working filter rule to all accounts you can
enable the option to do so in the DNSBL Options UI.
The X-RBL-Warning header has been replaced by a new header called
X-MDDNSBL-Result. This header documents the results of all the DNSBL
processing including the IP result returned from each DNSBL for your
filtering pleasure.
The 80_MDaemon_scores.cf file has been updated to reflect these
changes but by default it does not inspect the results of the header
for distinct action. It simply scores if the header exists.
o [6669] Added option to Setup->Primary Domain->Archival to allow you to
control whether messages marked as spam should be included in the
archival process or not. By default they are not included however you
must open and close the dialog box once to enact this change.
o [6348] It is no longer possible to change the primary domain name
using a detached "configuration session" UI. This must be done using
the actual service UI or WebAdmin. This was causing numerous
problems.
o [6728] Several improvements were made to the Routing log to help track
what's going on during message processing:
(a) The Routing log should now always show where a message was
ultimately delivered.
(b) Forwarding failures will be logged
(c) Each forwarded recipient will receive a line item entry in logging
(d) Fixed several code paths were nothing was being logged at all
(e) Format slightly changed to be consistent with other logs
(f) If any errors occuring causing a message to not be forwarded then
the original copy will be retained regardless of whether the
account or gateway is configured to not do so.
o [6730] Account filter rules will be processed now even when the IMAP
and WorldClient servers are disabled. In previous versions at least
one of those servers had to be enabled.
o [6736] Added option to Accountprune to skip pruning of inactive
account if account is a forwarding mail account. Add the following
setting in the Domains.dat file to turn on the feature:
[primary.domain.com]
SkipForwardAccount=Yes (default = No)
o [6822] When not archiving spam, message sent to spam trap email addresses
will now be excluded from the archive. You will need to hit F2, switch
to the Archival tab, and hit OK once to enable this behavior.
o [4037] DomainPOP and MultiPOP use TLS/SSL when connecting to port 995.
o [451] fix to IMAP sessions in Session pane sometimes incomplete
o [6846] fix Accountprune doesn't work using foreign characters in midnight.bat
o [6778] fix to errant error message when entering invalid domain forms
o [6775] fix to VBR code not honoring all types returned from certifier
o [6776] fix to VBR sign file not editable at times
o [6802] fix to BATV file not editable at times
o [6800] fix to CFEngine.exe crash when processing messages with TNEF
o [6812] fix to log archives having incorrect date in zip file name
o [6622] fix to digests not using list's reply-to address
o [6630] fix to german installer not properly creating start menu link
o [6552] fix to content scanning problems with certain messages
o [6623] fix to midnight crash when using MS SQL ODBC backend
o [6638] fix to gateway message forwarding ignoring SMTP MAIL value
o [6646] fix to inbound SMTP spam trap flag not reset properly at times
o [6655] fix to WC crash when opening a draft in the LookOut theme
o [6639] fix to edituser.sem trashing autoresponder start/end times
o [6659] fix to shared folders list limited to 32KB
o [6663] fix to MDCalendar.dll may attempt to close an invalid handle
o [6580] fix to forwarding+account restrictions not working right
o [6672] fix to not able to edit accounts when us MySQL ODBC backend
o [6673] fix to forwarded mail not using BATV properly
o [6677] fix to dynamically screened IPs unable to log into WorldClient
o [6693] fix to Domainkeys processing rejecting message against policy
o [6705] fix to errant Authentication-Results inserted in local msgs
o [6706] fix to errant handling of irrelevant RR records at times
o [6695] fix to LookOut display issue related to invalid UTF-8 sequences
o [6717] fix to inline spam scan not working with greylist right
o [6718] fix to X-Spam-Flag header being stripped errantly
o [6719] fix to possible mail loop when using account forwarding
o [6720] fix to spam trap msgs getting spam scanned at times
o [4282] fix to IPScreen not being cached in memory
o [6382] fix to a meeting event at the original time being recreated
after changing the meeting's time in Outlook Connector
o [6729] fix to local mail being left in the queue forever when using a
particular combination of "strip x headers" + account filter rules
o [6678] fix to content filter's extract attachment creating 0 byte
files
o [6748] fix to auto-responder responding to messages from RelayFax@
o [6747] fix to spam to unknown local users routing to postmaster/sender
o [6749] fix to forwarding to mailing lists able to start a loop
o [6753] fix to ldapcache.dat not working only caching a single lookup
o [6751] fix to DeleteAlias not work using MDCOM-API
o [6754] fix to messages from trusted/auth'ed sources getting scanned
even when configured not to do so
o [6757] fix to RAW 'Received' headers being created improperly (using
incorrect host/domain names)
o [6636] fix to AD monitoring not disabling accounts properly
o [6871] fix to Backscatter sometimes rejecting addresses improperly
- --
syafril
- -------
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 9.6.3 Beta RC1 under WinXP
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFHMSnjJDdq0WWNVhYRApKBAJ0ftjEBMOhtNciywH7p6F+4pITU9ACeNPS8
5247BiOrwW2Uv9FwKaAGHHM=
=QZOx
-----END PGP SIGNATURE-----
