Hallo, MDaemon 16.5 release pagi ini.
http://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/ ftp://ftp.dutaint.com/altn-mdaemon/md1650_en_x64.exe ftp://ftp.dutaint.com/altn-mdaemon/md1650_en.exe MDaemon Server v16.5 Release Notes MDaemon 16.5.0 - September 13, 2016 http://files.altn.com/mdaemon/release/relnotes_en.html SPECIAL CONSIDERATIONS *[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: *http://www.altn.com/Products/MDaemon-Private-Cloud/. [17268] F2|Server Settings|IPv6 has changed default to "off" (unchecked) for the option to use IPv6 with outbound hosts for new installs. This option can cause delivery issues for those who are not prepared for IPv6. [11436] F2|Logging|Log Mode option to "log by day of the week" (ie, Monday.log, Tuesday.log, etc) has been deprecated and removed. If you were using this option you are now using "log by date" (ie, MDaemon-2016-02-22-X.log, etc). As a result, the F2|Logging|Maintenance checkbox to overwrite log files is no longer necessary and has been removed. Also, there is a new setting added to F2|Logging|Maintenance which lets you set the number of .OLD backups that are created once the max log file size is reached (previously only one was possible). These backups are numbered (the number is part of the file name) with the newest data always first (for example, SMTP(out).log.01.old has newer data than SMTP(out).log.02.old, etc. Finally, added hyphens into the file name to make the date easier to read. [17076] Ctrl+S|Sender Authentication|SMTP Authentication has a new checkbox which requires all incoming messages arriving from local IPs to use authentication and be rejected if lacking. Trusted IPs are exempt. This setting is enabled by default for first time new installs. However, it is disabled by default for upgraders to avoid delivery issues from clients or other services that don't authenticate and aren't currently listed as a trusted IP. Please enable this option if you can as it is a good security practice. [16797] In previous versions, gateway address verification never verified senders (only recipients). A new checkbox at Ctrl+G|Gateway Manager|Global Gateway Settings can toggle this behavior. It is enabled by default which means this is a change from previous behavior. It is now possible that messages sent from addresses which can not be verified will be refused whereas they may have been accepted before. If this is not to your liking disable this option. [4884] The logic behind the AccountPrune tool's message pruning operation has been changed. This tool is called when MDaemon needs to delete old messages from user and public mail folders. In the past this tool used the "last modified" date from the message file on disk. MDaemon now looks first at the Date: header within the message itself. If the Date: header is present and complies with standards then that date is used to determine message age instead of the file's "last modified" date. This represents a change from previous behavior. [17099] F2|Logging|Maintenance has a new setting which governs the maximum number of days the SecurityPlus update log will keep data (MDaemon\SecurityPlus\avupdate.log). The new default setting is to keep data going back 30 days. At midnight each night, and the first time MDaemon starts up after upgrading, MDaemon will delete older data from this file. [16924] As part of the work related to task 16924 (see below) some bugs preventing the immediate sending of "urgent" priority remote mail were found and fixed. Urgent priority messages are defined as message files who's name matches the pattern: "<root>\Queues\Remote\p?10*.msg". Messages found with that file name pattern will now be properly detected and will trigger a remote queue processing event within 5 seconds regardless of scheduled remote queue processing timers (this was broken). Also, RAW messages were always expanded out to queue as MD_PRECEDENCE_LOW (the lowest priority value) even when created with higher values. As a reminder, "urgent" priority messages will trigger a queue run where "high" priority messages merely sort to the top of the queue and wait for the next scheduled queue run. As a reminder, you can use F2|Server Settings|Priority Mail to define your own criteria for important mail that should trigger immediate queue runs. Finally, IMAP logon failures due to bad credentials were not being written to the event log when so configured (only SMTP and POP failures were). This has been fixed. [11777] Mailing list digest messages are supposed to be UTF-8 but several bugs were preventing this from working. As a result of fixing these problems it is no longer possible to trigger digest delivery based on the number of lines in the digest data file. So the option to do so has been removed from Alt+G|<list-name>|Digest. Also, the API function MD_ListMaxLineCount has been changed to always return ZERO (meaning disabled). Next, the need for the DIGEST.MBF file is no longer present and so that file has been removed. The MD_ListInfo structure and API functions related to its DigestMBF member have been left in place however changes made to this member are not saved and always contain DIGEST as the value. Finally, the $BODY-DIGEST$ macro is no longer needed and has been removed. [16664] LDAP: added checkbox to Ctrl+G|Verification and Ctrl+U|Active Directory|LDAP screens which lets you elect to chase referrals. MDaemon now explicitly disables referrals for every LDAP connection it makes unless this checkbox is set. This represents a change from previous behavior which defaulted to always enabling referrals. That seemed to cause issues for people so it is now disabled always UNLESS you set these options to enable it. [16698] Ctrl+S|Sender Authentication|SMTP Authentication has a new setting which requires the credentials used for AUTH to match those of the address in the FROM header. This prevents cases in which one person authenticates as user X while claiming to be user Y within the message. This is similar to the existing setting we've always had which compares against the return-path value. The wording of that option was also slightly changed. This switch is enabled by default and handles aliases as if they were the real account email. [17465] Ctrl+S|Sender Authentication|SMTP Authentication screen has two options related to forcing authentication credentials to match something else about the message (either the return-path or the From: header address). Both of these options can potentially cause issues for gateway mail storage/forwarding. Therefore a third option has been added to Ctrl+G|Gateway Manager|Global Gateway Settings which exempts gateway mail from them both. This option is enabled by default. [16638] MDPGP: Several default settings related to MDPGP use have been changed. If you are installing for the first time or have never accessed the UI to view these settings then these are your settings now so please check them carefully. If you are updating a previous installation and have accessed the MDPGP UI in the past then your existing settings are untouched however you may wish to check and change your settings as follows: * "*Enable MDPGP*" (enabled by default) * "*Authorize all local MDaemon users for all services*" (enabled by default) (previously called: "All MDaemon users on this server can use MDPGP") * "*Sign mail automatically when sender private-key is known*" (disabled by default) * "*Encrypt/Sign mail sent to self*" (enabled by default) * "*Email public-key when requests are made (--pgpk command)*" (enabled by default) * "*Email details of encryption failures (--pgpe command)*" (enabled by default) * "*Expires in 0 days*" (changed to 365 by default) All these options can be found within the MDPGP GUI which is accessible from the Security top-level menu. Even though several of these settings are now enabled by default (including the entire MDPGP server itself) no work will be or can be done until keys are known and have been added to the key-ring. With this version of MDaemon there are a lot more ways to automate getting that done. Yet this may not be desired in all cases. Please check and change settings to meet your needs. [17263] When MX record lookups during message delivery result in a DNS server failure result then the message will be left in the queue for attempted delivery during the next processing cycle. This change is in conformity with RFC guidelines. Previously, MDaemon would attempt direct delivery and, failing that, immediately bounce the message in some configurations. [17522] This version of MDaemon is not compatible with old versions of BlackBerry Enterprise Server (BES) for MDaemon. BES will be disabled when MDaemon is installed. To continue running BES, update to BES for MDaemon version 2.0.3. MAJOR NEW FEATURES [15733] WORLDCLIENT/PKA1 PUBLIC-KEY SERVERS (MDaemon PRO only) *WorldClient:* WorldClient has been taught to be a very basic public-key server. A new checkbox on the MDPGP GUI enables/disables this. If enabled, WorldClient will honor requests for your users' public-keys. The format of the URL to make the request looks like this: "http://<WorldClient-URL>/WorldClient.dll?View=MDPGP&k=<Key-ID>". Where <WorldClient-URL> is the path to your WorldClient server (for example, "http://wc.altn.com";) and <Key-ID> is the sixteen character key-id of the key you want (for example, "0A1B3C4D5E6F7G8H"). The key-id is constructed from the last 8 bytes of the key fingerprint - 16 characters in total. *DNS (PKA1):* MDPGP now supports collection of public-keys over DNS using PKA1. A new checkbox on the MDPGP GUI enables/disables this. If enabled, PKA1 queries are made and any key URI found is immediately collected, validated, and added to the key-ring. To publish your own public-keys to your domain's DNS you must create special TXT records. An example of how to do this is as follows: Suppose user [email protected] has key-id 0A2B3C4D5E6F7G8H. Then, in the DNS for domain "altn.com" create a TXT record at "arvel._pka.altn.com" (replace the @ in the email address with the string "._pka."). The data for the TXT record would look something like this: "v=pka1; fpr=<key's full fingerprint>; uri=<WorldClient-URL>/WorldClient.dll?view=mdpgp&k=0A2B3C4D5E6F7G8H" where <key's full fingerprint> is the full fingerprint of the key (40 characters long representing the full 20 byte fingerprint value). You can see a key's full fingerprint value by double clicking on the key in the MDPGP GUI. Keys successfully collected and imported to the key-ring using this method are tracked in a new file called fetchedkeys.txt. Keys will auto-expire and be forgotten according to the TTL value of the PKA1 record which referred them -or- when X hours have passed (a value which you can configure using a new control on the MDPGP GUI) - whichever is GREATER. So, this means that the value you configure here can be thought of as a minimum length of time (in hours) that a key will be cached. The default value is 12 hours and the lowest acceptable value is 1 hour. For more discussion and examples on using the pka1 method do a google search for "pka1 keys in dns" and you will find it. *Tracking Keys:* As part of this work some internal changes were made such that MDPGP tracks keys by their primary key-ids always and everywhere now rather than a combination of sometimes the key-id and other times the sub-key-id which was messy. The UI was cleaned up to remove two unnecessary columns in the list box related to superfluous (for display purposes anyways) key-ids. Also, this work required me to more strictly control the content of MDPGP's "exports" folder. As a result you will always find exported copies of local user keys there. Please use OS tools to protect this folder (and indeed the entire PEM folder structure) from unauthorized access because, although they are themselves encrypted, the private keys of users are stored here. *Preferred Keys:* Some problems arose as part of this work when multiple different keys for the same email address are on the key-ring. In past versions MDPGP would simply use the first one that it found. You can now right-click on any key and set it as preferred. When a preferred key is found then that key will be used whenever there are more than one to choose from. When there is only one key for an email address then that key is preferred automatically even if not selected as preferred (but you can still select it as preferred if you want). When multiple keys for the same address are present and none are selected as preferred then the first one found is used. When a key is selected as preferred an asterisk is set in the first column of the UI. Preferred.txt stores the preferred key selections. *Disabled Keys:* As part of this work it was necessary to change how disabled keys are tracked. Previous versions tracked disabled keys by placing their key-ids into the plugins.dat file. This version migrates those settings out of plugins.dat and into a new file called oldkeys.txt. Deleted keys are now tracked there. [2214] XMPP INSTANT MESSAGING SERVER (MDaemon PRO only) An XMPP server is now included that allows MDaemon users to instant message using third-party XMPP clients. Clients are available for most OSes and mobile devices. For a complete list please refer to http://xmpp.org/xmpp-software/clients/. XMPP instant messaging is completely independent of MDaemon's current chat system (WorldClient Instant Messenger). The server is installed as a Windows service and a configuration screen for it can be found in the MDaemon UI at Ctrl+W|XMPP. The default XMPP server ports are 5222 (SSL via STARTTLS) and 5223 (dedicated SSL). The XMPP server will use MDaemon's SSL configuration if enabled in MDaemon. For multi-user chat service, when asked the default is "conference.(your-domain)". For user search service, if asked the default is "search.(your-domain)". Often this will be pre-filled in or assumed by clients. The search fields are 'Name' and 'Email'. The % symbol may be used as a wildcard. Some XMPP clients use DNS SRV record for auto-discover of host names. Please refer to http://wiki.xmpp.org/web/SRV_Records. For more info on XMPP please refer to http://xmpp.org. [16575] FROM HEADER PROTECTION/MODIFICATION The purists out there are going to hate this but users who have been tricked in the past will love it. Sometimes users are fooled into thinking an email comes from one person when it is actually from an attacker. This happens because email clients often display only the sender's name and not his email address. This new option defeats such an attack at the cost of altering the From: header value. If enabled, the From: header is modified. For example: From: "Spartacus" <[email protected]> would become From: "[email protected] -- Spartacus" <[email protected]>. This only happens to messages arriving for local users. This option is disabled by default and can be found at Ctrl+S|Screening|Hijack Detection screen. Enable with care as users are not expecting the From: header to be altered in this way even in order to help recognize an attacker. [8526] CENTRALIZED MANAGEMENT OF OC CLIENT SETTINGS (MDaemon PRO only) MDaemon has been taught how to push client settings to Outlook Connector users. Setup|Outlook Connector (or Alt+O|OC Client Settings) opens up a set of screens where you can configure default client settings for all OC users of all domains. On the MDaemon Private Cloud version, the same screens appear within the Domain Manager for each of your individual domains. All these screens mirror those found within the OC client and are intended to allow you to create a set of values which are pushed out to OC users the next time they connect. This feature is disabled by default. Settings are only sent when they are new or have changed since the last time the OC client connected and received them. Obviously, several of these client settings (like "Your Name" for example) can not be configured with a single value that works for all OC users. Therefore macros are used such as $USERNAME$ which expands to the correct value for the individual user when the settings are sent to the OC client. Take care not to place hard-coded values (like "Arvel Hathcock") in the "Your Name" field or every OC client will get "Arvel Hathcock" after the settings are received and applied. The UI will help police this but it is a point you should keep in mind. A button in the UI will remind and serve as a reference for MDaemon's macro system. A checkbox on the OC Client Settings screen controls whether OC users are allowed to override these settings or not. If you don't want them to be able to change these settings then set the checkbox accordingly and the controls within their OC client will be disabled. None of this works unless the OC user is using Outlook Connector v4.0.0 or higher. As part of this work the Outlook Connector screens were moved from Accounts|Account Settings to Setup|Outlook Connector. [16758] IMPROVED IP SCREENING Ctrl+S|Screening|IP Screen has a new Import button. MDaemon has been partially taught how to import APF (typically used by firewalls) and .htaccess format files (typically used by web servers). MDaemon understands only a sub-set of this file format (for now). For example, "deny from" and "allow from" are understood but other verbs may not be. Only IP values are imported (not domain names). CIDR notation is OK but partial IP addresses are not. Each line can contain any number of space (or comma) separated IPs. For example, "deny from 1.1.1.1 2.2.2.2/16" is OK. So is "3.3.3.3, 4.4.4.4, 5.5.5.5". These files are designed to control access to services so they are really IP deny/allow lists. You can find these files online to download and can (for example) block all IPs from a certain region or nation and there are even files online that contain lists of compromised IPs. For example, google search for "List of all IPs from <country>". Lines starting with # are ignored. Lines can contain things other than IP addresses and that should not stop the IP addresses from importing properly. I hope to improve this in future versions so if you have a specific example of a file that you need MDaemon to import properly (but it won't) you can send it to me and I will look into it ([email protected]). [10239] AUTOMATIC INSTALLATION OF PRODUCT UPDATES Ctrl+O|Preferences|Updates is a new screen with several controls that allow you to configure whether and when unattended installation of automatically downloaded product updates will be performed (or not). When enabled, MDaemon can automatically update itself, SecurityPlus (if you have it), and Outlook Connector (if you have it). The Outlook Connector update covers just the server piece. Updating Outlook Connector client plugins is covered elsewhere. When MDaemon detects new versions of these products it will download and queue the update for installation at an hour configured by you (2 AM is the default). Queued updates are remembered across server restarts so they will be performed eventually (even if the server is periodically switched off for whatever reason). Queued updates are listed in a new file called "QueuedUpdates.dat" so you can always delete all pending updates by deleting this file. The update installers themselves are kept in a new folder called "Updates" off the MDaemon root. If there are multiple products to update they are done one at a time and each one absolutely requires a system reboot when it finishes. If you don't like that then do not enable these settings (they are all disabled by default). When automatic updates are performed the email to postmaster/admins about an update that they can go and download manually is not generated. Instead, these people receive the post-installation "Special Considerations" email normally sent as well as a separate email stating that the update was performed. Also, the System log tracks all installation activity. For example: "Installing update: <path to installer>" and "MDaemon will be stopped by the installation process" and "Server will be rebooted after installation completes" etc can all be seen there. Lastly, the process can take a long time (many minutes) so the time between the start of the update and the unavoidable server reboot is to be expected. Did I mention that there will be a server reboot? Get over yourself - its gonna happen :) As part of this work "MDLaunch /stop" no longer causes MDaemon to prompt for confirmation. As part of this work the option to inform the postmaster about updates has been moved from Ctrl+O|Preferences|Miscellaneous to the new screen mentioned above. [16810] IMPROVED WORLDCLIENT [7937] WorldClient now supports categories for email in the LookOut and WorldClient themes. Users can add the Categories column to the message list by going to Options | Columns and checking "Categories" in the Message List section. To select categories for one or multiple messages, select the message(s) in question and right click on one of the messages. In the context menu there is a "Categories >" option. Click the option and a list of all the available categories will be displayed. If there are more than 27 category options, an up arrow and a down arrow will be displayed at either end of the list. To view more options click the down arrow, and to go back up the list click the up arrow. If a user has permissions to edit categories, the user can choose the "Edit Categories" option in the toolbar in the LookOut theme or the "more" drop down menu in the WorldClient theme. If a single message is selected in the list, any saved changes will be applied to the message in question. Users can also use the Set Categories option in the external message view to choose/edit categories. Users can also sort and search by Categories. [15829] WorldClient now allows admins to create custom categories. There are two files for this purpose; DomainCategories.json and PersonalCategories.json. Domain Categories are enabled globally by default. To disable it, change the value of DomainCategoriesEnabled in MDaemon\WorldClient\Domains.ini [Default:Settings] to "No". Users are able to add and edit their own categories by default. To disable this either per user (in the user's User.ini under [User]) or globally (in MDaemon\WorldClient\Domains.ini [Default:UserDefaults]) change the value of CanEditPersonalCategories to "No". If Domain Categories is enabled, and a user is not allowed to edit personal categories, the user will only see the categories listed in DomainCategories.json. However, if Domain Categories is disabled, and a user is not allwed to edit personal categories, the user will see the categories listed in PersonalCategories.json. Users that already have a UserCategories.js file will not lose any changes they have made upon upgrade to MD 16.5, but with Domain Categories enabled, any category in their UserCategories.js file that matches the DomainCategories.json categories will become read only. There are also two translation files that have been added in order to attempt to handle multi-lingual users on the same server; DefaultCategoriesTranslations.js and CustomCategoriesTranslations.json. The DefaultCategoriesTranslations.js file will be overridden each time MDaemon is upgraded, but the CustomCategoriesTranslations.json file will not be, so add any necessary custom category translations to the CustomCategoriesTranslations.json file. These files make it possible for WorldClient to recognize a category saved to an event/note/task in one WC supported language as the equivalent category in any other WC supported language. For more detailed information relating to the files mentioned here, see the MDaemon\WorldClient\CustomCategories.txt file. [16497] LookOut and WorldClient themes - Added option to check a composed message for attachments prior to sending, when attachments are mentioned in the subject or body of the message [5304] Admins can now hide the WhiteList and BlackList folders for WorldClient users. To do so, HideWhiteListFolder=Yes and/or HideBlackListFolder=Yes in the MDaemon\WorldClient\Domains.ini file under the [Default:UserDefaults] section. Individual users can continue to see the WhiteList and/or BlackList folders if the their User.ini has HideWhiteListFolder=No and/or HideBlackListFolder=No in the [User] section. [16545] [16729] [16728] Account Editor|Web Services and Ctrl+T|Template Manager|New Accounts|Web Services have each had two new checkboxes added which control whether an account is allowed or required to use WorldClient's Two-Factor Authentication (2FA) system. When the checkbox to allow 2FA is enabled then users decide whether to use 2FA or not (see users manual for details on setting up 2FA). However, if both the allow and require 2FA checkboxes are enabled then users who have not setup 2FA will be given a session and redirected to a page to setup 2FA the next time they login to WorldClient. To force 2FA use immediately you must restart the WorldClient server to force all users to login anew. Once a user's authentication application's pairing has been verified with WorldClient, the user will be redirected to the normal WorldClient view. When 2FA is required then it cannot be disabled from within WorldClient's Options|Security page. However, the same users can still use the Get A New Shared Secret and Show My Shared Secret buttons. [16293] MDPGP SIGNATURE VERIFICATION (MDaemon PRO only) MDPGP can now verify embedded signatures found within messages. Previously it was not able to do this unless the message was also encrypted and signed. With this change signatures appearing without encryption can now be verified. You will see appropriate logging in the MDPGP log when this happens along with new icon and/or text which WorldClient will show when it displays a verified message. As a result of this change a new check-box has been added to the MDPGP GUI which enables signature verification for all non-local users (enabled by default) or you can specify exactly which email addresses can and can not use the service if you need (click the "Configure exactly who can and can not use MDPGP services" button for that). CHANGES AND NEW FEATURES * [17372] MDaemon will refuse MAIL and RCPT parms that are missing their "@domain.com" component. In the past, MDaemon tried to "fix" things by making assumptions and appending any missing pieces. MDaemon now insists these parms comply with RFC specifications which require the "@domain.com" part. The only exception to this allowed by MDaemon and RFC rules is the reserved mailbox "postmaster" which must be accepted as a valid RCPT parm even when no "@domain.com" is given. * [16884] MDaemon's SMTP and POP clients now validate SSL certificates presented to them by remote hosts. However, no action other than a line added to the log is taken at this time pending further work in the IETF regarding the various competing STS-like proposals. So for now you will only see a line in the log indicating whether the remote host's name is a match for the certificate it presents (or not) and whether that certificate chains to a valid certificate authority recognized by Windows (or not). Don't panic if you see a lot of "invalid" SSL certificates presented. Such certificates are perfectly fine for encrypting data transmission. They are "invalid" because they are either self-signed or do not match the host name expected (or both). In such cases you can be sure encryption is happening. Various weaknesses in TLS (of which its opportunistic nature and acceptance of nearly all certificates are major examples) are being worked on by industry experts and will make their way into products and services once that work has completed. * [16585] MDaemon UI changes: Items have been added to the Servers list on the Stats pane for Auto-Discovery Service and XML API Service. The right click menu for the ActiveSync server has additional commands. "Enable ActiveSync Server" has been removed from the File menu. The ActiveSync server log is now a sub-tab of Plug-ins instead of WorldClient, and logs for the Auto-Discovery Service and XML API Service are there as well. * [16924] F2|Logging|Windows Event Log has several new checkboxes added and an edit control. These allow you to specify the email address to your phone carrier's email-to-SMS (text message) gateway. For example, with Verizon, the address is [email protected] (ex: [email protected]). When a value is specified here you can then enable individual checkboxes next to the various events. When these events occur a message will be sent to the SMS gateway address you specify. I was not able at this time to have shutdown notifications sent immediately because MDaemon needs to do it and it has shut down. Until I can figure this out shutdown notifications are not sent. Also, any event which triggers this feature will cause instant remote queue processing (notifications are treated as "urgent" mail). * [17049] Ctrl+S|Sender Authentication|SPF Verification now allows domains in the white list file to be included in SPF lookups. See descriptive text on that screen for how it works. Often you need to white list your backup MX provider(s) from SPF lookups but you do not know or can not configure all of their IPs. To safely solve this problem you can now specify your backup MX provider(s) by using a new "spf" tag to white list them and MDaemon will do the required lookups in real-time. MDaemon does this by adding its own "wlinclude:" tag to the actual SPF results for a queried domain. Although this "wlinclude" data is logged it is important to realize that "wlinclude" tags are your white-listed entries and are not actually part of the queried domain's SPF data taken from DNS. * [12377] Ctrl+P|DNS-BL|White List now permits white-listing FROM values. See descriptive text on that screen for how it works. * [16517] Ctrl+S|Screening|Dynamic Screening has a new option which omits accounts from being frozen due to multiple authentication failures when the same password is used every time. This option is useful to prevent lockouts when users change passwords legitimately. This option is enabled by default. * [16518] Authentications over POP, IMAP, or SMTP servers will add a line to the Screening log showing the IP that was granted access if that IP has never been seen before. This aids in debugging access problem. * [16567] Ctrl+S|Screening|Hijack Detection has a new setting that includes LAN IPs when limiting Local IPs. This setting is enabled by default. * [16563] Ctrl+S|Screening|Hijack Detection has a new setting that controls whether connections are refused with a 5XX or a 4XX reply code. * [15869] Ctrl+U|Other|Quotas - slightly changed wording on first checkbox option to make more clear what it does. * [10055] Content Filter will track and log the total number of times a rule was used. This is tracked as HitCount=XX in CFRules.dat for each rule. * [16595] MDPGP: The results header better calculates the FQDN value used within the header data. * [16474] When deleting a domain the confirmation dialog will only mention deleting public folders if the option to delete public folders is enabled at F2|Server Settings|Public & Shared Folders. * [16634] Several screens had bad tab-order or no tab-order at all and you could never tab from the left-hand tree-view through to the selected right-hand dialog box nor to the OK/Cancel/Help buttons. These matters have been fixed. As part of this work the controls on the F2|Logging|Log Mode had to be reorganized. * [13601] Ctrl+A, Ctrl+C, Ctrl+V should now work where appropriate throughout the UI. * [16644] The top-level Windows|Composite Log View and the "Activate Composite Log" button within the logging UI will now activate and bring to the top any existing composite log window or create a new one if there isn't one. * [16645] Changed composite log window caption to include the names of the items being included in the log. Note: if you change the items you wish to include in the composite log you will need to close and restart any already running composite log to update the window caption. * [16649] Added some descriptive text to New List Member dialog to explain how to use path to arbitrary addrbook.mrk file as list member. * [16647] LDAP: ldapcache.dat was caching the sender value needlessly for LDAP lookups. Since this value is ignored when checking the cache during LDAP processing its presence there served no purpose. Future items added to cache will not include this piece and existing items will eventually expire out that currently include it. * [16648] LDAP: added checkbox to enable/disable LDAP cache to LDAP options screen and also moved this screen and the LDaemon settings screen out of F2|Server Settings and into Ctrl+U|Active Directory. This is where I want LDAP related settings to live. * [16654] LDAP: logging was improved and fixed in a few places. First, the system log gets nothing now. All goes to the LDAP log tab like it should. Errors are simplified and properly logged. The composite log was not being used properly. Now it is. * [16653] LDAP: exporting speed improved and just general improvement to address several things that would just bore you and are internal to my programming style. Anyway, its better trust me. * [16652] LDAP: added checkbox to Ctrl+U|Active Directory|LDAP which lets you use protocol version 3 servers correctly. * [16655] LDAP: added checkbox to Ctrl+G|Verification which lets you use protocol version 3 servers correctly. * [16661] The SyncML log tab has been removed and replaced with a WebDAV log tab. SyncML functionality has not been removed and its log file can be viewed from disk with Notepad. * [16679] ActiveSync log file contains data on day-of-week and milliseconds already but GUI was not showing it. Now it does. * [5000] LDAP: Normally when MDaemon exports aliases to an LDAP address book it puts the accounts' actual email address in the CN field (not ideal but a long standing practice). However, non-alias exports place the accounts' full name value there (more correct). A new checkbox was added to Ctrl+U|Active Directory|LDAP which causes the export process to always put the accounts' full name value in CN (if known). This option is disabled by default to preserve existing behavior. * [16705] SMTP server responds with "500 5.0.0 Unrecognized command" (correct) rather than "501 5.0.1 Missing or errant parameters" (technically incorrect) when encountering an unrecognized command. * [16732] Moved call to AV update function from MDaemon to SecurityPlus code-base. * [16704] Added link and text reminding about free support to "Help|Register your Alt-N products". * [16790] Archiving tool uses MDaemon's temp folder now rather then Windows temp folder to solve some access permissions problems. * [16795] Work was done to prevent the UI from needlessly refreshing itself when nothing was changed. This was visible as a "flashing" of the tool window pane (especially noticible over remote connections). The items in this window will now only update if something has actually changed. * [16579] Added "apply to all accounts" button to New Accounts template Quotas page. * [3267] Alt+F2|Domain Manager|Settings has a new control that allows you to specify the maximum number of messages per hour that a domain can send (zero means no limit). Once this limit is reached further messages are left in queue and a line is logged about it to the System log. All counts are reset hourly or on a server restart. This option is only available in MDaemon Private Cloud version. * [15148] Alt+F2|Domain Manager|Settings has a new control that allows you to specify the maximum disk space quota for a domain's accounts. This option is only available in MDaemon Private Cloud version. * [4442] Alt+F2|Domain Manager|Host Name & IP has a new control that allows you to enable/disable a domain. When domains are disabled users can no longer send or retrieve their mail and all new messages sent to the domain are rejected with "User Unknown". This option is only available in MDaemon Private Cloud version. * [16814] MDaemon no longer accepts MAIL <forward-path> or RCPT <reverse-path> values which are enclosed in tick marks ( ' chars) or quote marks ( " chars). These forms are not in accord with the standards and although MDaemon accepted and tried to "fix" them in the past they end up causing problems for down-stream modules so they are now refused during the SMTP session. * [16833] WorldClient - Added "Verified with key-id <key-id>" information to the message header in the message previews and external message views when the message contained a verified PGP signature. * [16836] The version node on the status bar at bottom of UI will show 32-bit or 64-bit. * [17086] UI nodes in toolwnd text changed from using "active/inactive" to using "enabled/disabled" * [3279] WorldClient - Added support for recurring tasks in the LookOut and WorldClient themes. The behavior matches that of Outlook. * [17100] Added icons for messages with valid DKIM signatures, messages decrypted by MDPGP, and messages signed with an MDPGP key * [16297] LookOut and WorldClient themes - Added the ability to accept, accept tentatively, or decline a meeting from the event editor * [17125] MDPGP: libraries and binaries updated to latest versions. * [17130] Moved cleanup event strings to resources for translations. * [6011] WorldClient - Added option to turn off display of the "Share Folder" button in the Options | Folders view and in the folders context menu. Use HideShareFolderOption=Yes in Domains.ini [Defaults:UserDefaults] to hide for all users. Setting HideShareFolderOption in the User.ini will override the setting from the Domains.ini * [6795] LookOut and WorldClient themes - Added context menu and shortcut key options to delete messages permanently without sending them to the Deleted Items folder. In the message list context menu (right click menu) choose "Delete Permanently" from the drop down or use "Shift + Del" to permanently delete selected messages. * [17203] WorldClient theme - Removed the "Click to add to contacts" in the message preview and external message window, because the user can simply hover and get the "Add to Contacts" option. * [17106] LookOut and WorldClient themes - Added an Options | Categories view for editing user categories. View is available as long as the user setting CanEditPersonalCategories equals Yes * [17295] Reversed order of operations to now check IP Screen before Dynamic Screen in order to reduce needless waste of CPU and logging. * [17293] Ctrl+U|Autoresponders has a new screen called Attachments. Only paths listed here are eligible to be used within autoresponder scripts. * [9291] WorldClient - Added option to turn off display of email address hover context menus in the message preview frame and the external message view. Use HideEmailAddressHoverMenus=Yes in Domains.ini [Defaults:UserDefaults] to hide for all users. Setting HideEmailAddressHoverMenus in the User.ini will override the setting from the Domains.ini * [17361] Changed message queue right-click menu text from "White List 'To'" to "White List Recipient", "White List 'From'" to "White List Sender" etc. Also message queue tab column header labels were changed from "From" and "To" to "Sender" and "Recipient". * [17363] Ctrl+P|Spam Filter|Settings had an option to configure spam score on a DNS-BL match. This option was removed as it's a duplicate of the same option which appears just a few tabs down on the same screen at Ctrl+P|DNS-BL|Settings. It also did not store state correctly at times. * [17192] MDPGP no longer logs data about messages when MDPGP is completely disabled (this was just wasting disk space). * [12944] LookOut theme - added ability to select multiple contacts from the Contacts folder and then send a message to all of them * [13360] WorldClient theme - changed the X that saves notes to a floppy disk (save icon) * [7722] Added the ability in WorldClient to modify the notes field of a single occurrence of a recurring appointment * [17374] Updated to new version of the HTML editor used by WorldClient and Remote Admin (CKEditor 4.5.10). * [17504] MDaemon will email the Outlook Connector release notes to the postmaster and global admins when a new version (4.0.0 or newer) is installed on the server. * [16807] An ActiveSync client setting has been added that allows iOS clients to be able to send mail using an alias, by returning the logon alias as the user's primary SMTP address. FIXES * [16520] fix to log file archives sometimes having incorrect files included * [16536] fix to MDPGP minor issues and processing bottle-necks * [16577] fix to spam filter "no filtering" white list not working for some queue based scans * [11768] fix to spam filter "no filtering" white list (and others) not always working properly with encoded header data * [15461] fix to MDPGP not reloading domain settings when they change * [16634] fix to left-hand tree-view in UI dialogs not accessible via tab key * [15223] fix to main menu not immediately available for key-board focus on startup * [16639] fix to MDPGP GUI options related to encrypting mail not disabled when services disabled * [13217] fix to encoded From and Subject header data lost by CF "copy to" action when destination is a mailing list * [16675] fix to X-MDArchive-Copy: header not inserted into messages archived to folder * [4926] fix to CF failing to detect and extract attachments in certain emails; also fixed lack of logging of these facts on success or failure * [11777] UTF-8: fix to list digests not in proper charset and thus unreadable for some; also simplified and updated logging of results * [14380] fix to X-MDAV-Infected header not always listing file names correctly * [14382] UTF-8: fix to calendar reminder data not encoding properly * [14755] fix to install process errors when moving from older 32-bit versions (< 13.5) to newer 64-bit versions * [4503] LDAP: fix to ldap export not automatically happening when enabling/disabling options to do so on Alt+G|Mailing List Settings; also the wording of this option was slightly improved * [14855] fix to content filter compressing inbound attachments when not configured to do so; also simplified logging related to compression * [16690] UTF-8: fix to incorrect full name sometimes added to contacts when forwarding mails to the special "add to whitelist/blacklist" address * [16689] fix to WorldClient - 2FA if a user cancels a new secret request the old secret is deleted, but 2FA remains enabled * [16759] fix to Screening log not getting "----------" lines added; wasteful but without this the search function fails to work correctly * [16789] fix to LookOut theme - Disable New Email Sound does not stay checked after saving * [16779] fix to config session needlessly writing/updating counts within the UI * [16796] Minger: fix to gateway "test" button returning "Success - these settings don't work" ROFL (should be "Success - look like it's working") * [7176] Minger: fix to minger not properly honoring options to allow over-quota accounts to send mail * [16835] fix to status bar at bottom of UI not showing IPv6 address in config session * [16785] fix to WorldClient - When setting up 2FA with long user names and long domain names, the bar code will not display * [16831] fix to WorldClient theme - When the Company field in a contact contains an apostrophe, the Edit button no loger works * [16715] fix to WorldClient theme - Comment field called Note when viewing contact * [16714] fix to WorldClient theme - Tab order off/confusing when creating new contact * [16856] fix to SPF processing not showing any error text when SPF records setup as errantly recursive * [16858] fix to DMARC white list not honoring DKIM/SPF Approved domains list * [16869] fix to WorldClient theme - Hitting enter in the text input of the New Folder dialog does nothing * [16868] fix to LookOut theme - Options | Folders - Notify checkbox is displayed for non-email type folders * [16090] fix to LookOut and WorldClient themes - the date on the day view and week view is incorrect for the Print a list view of calendar events printing format * [16668] fix to LookOut theme - Categories - In the Calendary Day View, all day events with a dark gray have the wrong font color * [16880] fix to LookOut and WorldClient themes - shortcut key to send email results in the "Are you sure you want to leave this page" alert * [16887] fix to LookOut theme - FF 45.0.2 German version forces refresh when clicking on Calendar in folder list * [16994] fix to Remote Administration not allowing enough digits for Bayesian Database Tokens field * [16971] fix to unable to toggle "Always log to screen" in Remote Administration * [16959] fix to unable to select IPv6 addresses for Host or IP Screening in Remote Administration * [17039] fix to "Undefined IPs should be..." value always blank on IP Screening page in Remote Administration * [17046] fix to forwarded messages not processing by CF rules when configured to do so * [17036] fix to creation of mail folders with trailing spaces being allowed * [16432] fix to queue status not written to system log when toggled via tool window controls * [16912] AD: fix to problems processing user data fields with a single % char in them * [17093] fix to errant "save changes first" box when canceling out of public folder manager with no changes made * [16849] fix to unable to set "Hide List from Global Address Book" in Remote Administration * [16854] fix to Domain Admin gets blank Attachments page in User Editor in Remote Administration * [16850] fix to Gateway Editor in Remote Administration not always showing the right value for certain options * [16855] fix to labeling error for a page in User Editor for Domain Admins in Remote Administration * [17134] fix to LookOut and WorldClient themes - Unable to edit an appointment in Day View due to the inability to select it * [16339] fix to LookOut and WorldClient themes - When setting the default contacts view to an alternate folder and then saving it twice, it changes to All Contacts * [16998] fix to Remote Administration allows non-local addresses to be added as Spam Honeypots * [17198] fix to Remote Administration unable to edit domains with certain special characters in them * [17056] fix to some windows display in the wrong size in Remote Administration * [17275] fix to LookOut theme - When there are several addresses in the CC field, the CC field will not wrap in the window frame * [17349] fix to LookOut and WorldClient themes - If a pdf attachment has spaces before .pdf in the filename the pdf viewer does not work * [17312] fix to WorldClient - AutoComplete - When an ampersand is used in a contact that is added as a recipient it shows the HTML encoding * [16605] fix to WorldClient theme - Unread view shows read messages after resizing window * [17319] fix to various spelling errors found within the product * [17316] fix to contacts with mobile numbers being removed incorrectly when UI button used in Account Editor|White List * [17180] fix to MDaemon alias sometimes lost or unchanged when primary domain changed (also fixes potential extra MDaemon account created) * [17413] fix to Content Filter GUI checkbox for "If the X-MDaemon-Deliver-To HEADER contains" is not checked when editing a rule using that condition * [17438] fix to MDaemon account not properly handling some multipart messages sent for learning/addressbook * [17442] fix to IP Syntax checker in Remote Administration not accounting for IPv6 addresses * [17439] fix to Remote Administration not saving the new default Host Screen entries properly * [17453] fix to Remote Administration not saving authorized Outlook Connector accounts properly * [17471] fix to CalDAV server does not honor SCHEDULE-AGENT=CLIENT ATTENDEE parameter * [17489] fix to possible crash when MDaemon is configured to send mail to a smart host and the smart host address is invalid * [17484] fix to unable to save changes to certain actions in the CF Rules in Remote Administration * [10012] fix to WorldClient tasks - In the Estimated Work and Actual Work fields, an entered decimal point is not saved * [16197] fix to WorldClient - Cannot replace signature image with new image of same name * [17461] fix to inconsistencies in MaxPingFolders configuration between MDaemon and Remote Administration * [17515] fix to ActiveSync may remove the flag on a message when it is replied to or forwarded * [17425] fix to domain specific smart hosts not being used in some situations * [17558] fix to accountprune sometimes making empty ZIP archive files; when this happens file will be deleted * [17563] fix to when removing a start date from a task in WorldClient the change may not be saved * [17540] fix to certain strings not showing up translated in Remote Administration * [17292] fix to "Access Denied" error when viewing certain MDAS pages in Remote Administration as a Domain Admin * [17586] fix to Remote Administration not showing the correct per-device AS Client Settings values * [17468] fix to Cancel button on Support Files Editor in Remote Administration does not close window * [17581] fix to Cancel button on Outlook Connector Users page in Remote Administration does not close window * [17585] fix to Ctrl+S|Other|BATV two checkboxes in UI not always working properly * [16267] fix to ActiveSync clients are sent attachments even when their device policy does not allow attachments if they request message bodies in MIME format * [17313] fix to accented characters in the From header of messages sent using iOS ActiveSync clients may be converted to ASCII * [17613] fix to hijack detection not always working correctly (allowing too many connections sometimes) * [17620] fix to DMARC report recipients may mistakenly be discarded * [17619] fix to MDaemon Account Editor truncates an account's smart host password to 15 characters * [17627] fix to Help links not working on some pages in Remote Administration * [17616] fix to calendar event recurrence end dates are not synced to ActiveSync clients -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, MDaemon 16.5-64, SP 5.0.1-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. In learning you will teach, and in teaching you will learn. --- Phil Collins
signature.asc
Description: OpenPGP digital signature
