-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo,


MDaemon versi 18.0 release 18 April 2018 (Waktu Indonesia Barat)

http://files.altn.com/mdaemon/release/relnotes_en.html


  MDaemon Server v18.0 Release Notes


    MDaemon 18.0.0 - April 17, 2018


      SPECIAL CONSIDERATIONS

*[16456] Hosted email options with MDaemon Private Cloud are now available. To
learn more, please visit: * http://www.altn.com/Products/MDaemon-Private-Cloud/.

[20008] Alt-N Technologies has changed its name to MDaemon Technologies.
WorldClient is now MDaemon Webmail, WorldClient Instant Messenger is now MDaemon
Instant Messenger, SecurityPlus is now MDaemon Antivirus, and Outlook Connector
is now MDaemon Connector.

[19546] The MDaemon installer now includes MDaemon AntiVirus and MDaemon
Connector, which are licensed separately.

[19512] The "From Header Modification" feature has changed. It operates as
before however the format of the final modified From data has changed from this
format: "Email -- Name" <Email> to this format: "Name (Email)" <Email>. This new
format is more readable/usable/sortable etc. If you would rather keep the old
format (your users may be used to it already) you can check a box at
Ctrl+S|Screening|Hijack Detection|From Header Modification.

[19577] A past installer reset the option "Ctrl+S|Sender Authentication|SMTP
Authentication|Authentication is always required when mail is sent from local
IPs" to disabled for upgraders.  The installer has been changed to ignore this
setting.  You must manually check that this option is set to your desire.  The
default is for it to be checked (enabled) but you should check to be sure it is
set how you want.

[19703] The following settings have had default values changed.  Existing
installations should check to be sure the following settings are as desired:
Ctrl+S|Security Settings|SSL & TLS|MDaemon: Enable the dedicated SSL ports...
and SMTP server requires STARTTLS... options have had defaults changed from
disabled to enabled. Ctrl+S|Security Settings|Sender Authentication|DMARC
verification|Honor p=reject... has changed from disabled to enabled. Ctrl+S|
Security Settings|Sender Authentication|SPF Verification|User local address in
SMTP envelope...has changed from disabled to enabled. Ctrl+S|Security Settings|
Screening|IP Screen|Apply IP Screen to MSA connections has changed from disabled
to enabled. Ctrl+S|Security Settings|Screening|Host Screen|Drop connection after
EHLO has changed from disabled to enabled.

[19612] Catalog functionality has been deprecated and removed from the UI.

[20220] All Virtru related support has been removed from MDaemon Webmail. Old
encrypted messages can still be viewed in the Virtru Secure Reader.

[20339] Previously when a message was sent to an alias, MDPGP would encrypt it
using the key for the actual email address. Now that same message won't be
encrypted. To encrypt it now requires a key for the alias.


      MAJOR NEW FEATURES


      [19571] DNSSEC

Ctrl+S|SSL&TLS|DNSSEC allows you to request DNSSEC service from your DNS
server(s). When enabled, MDaemon sets the AD bit when making DNS queries and
checks for it in the answers. This may not work with all DNS server(s) (not
sure) so you'll have to try with yours. DNSSEC service is only applied to
messages that meet your selection criteria. DNSSEC service can be "requested" or
"required" on a per-message basis. If "required" and DNS results fail to include
authenticated data then the message is bounced back to sender. If "requested"
then DNSSEC service is attempted but nothing happens if it fails.

Mail session logs will include a line at the top if DNSSEC service was used and
"DNSSEC" will appear next to secure data in the logs.

IMPORTANT: MDaemon is a non-validating stub-resolver. This means that it will
request authenticated data from DNS server(s) but it has no way to independently
verify that the data it gets from them is secure. However, if you know/trust
your connection to your DNS server(s) (for example, it runs on localhost or
within a secure LAN or workplace) then you should use this as it will boost
security.

DNSSEC lookups take more time and resource and I think less then 7% of domains
have currently deployed it. That is why this is not configured to apply to every
message delivery by default. However, if you want that, you can force every
email sent to use DNSSEC by adding one line like "To *" into the configuration
file (see Ctrl+S|SSL&TLS|DNSSEC).


      [15288] Email Snooze

MDaemon Webmail was updated to allow a user to snooze an email. When a message
is snoozed it will be hidden from the user for a designated period of time. To
snooze a message, right click on it and choose the "Snooze for..." option in the
context menu. Then choose how long you wish to snooze the message for. The
"Choose a date and time" option is only available for browsers that support the
date and time inputs. Hidden messages can be viewed in LookOut theme by clicking
the "View Snoozed Messages" icon in the toolbar and WorldClient theme by
choosing "view snoozed" from the view drop down menu in the toolbar. This
feature is on by default. To turn off the feature, go to Options | Personalize,
and find the Inbox Settings. Uncheck the "Enable Message Snooze" box. There are
no snooze controls in Lite and Mobile theme, but snoozed messages are still 
hidden.


      [1520] Public Calendars

In MDaemon Webmail users can publish a calendar to a publicly accessible link.
Users have the option to password protect the calendar. To disable this
globally, change the value of [Default:Settings] EnablePublicCalendars to No. To
disable it on a per user basis, add CanPublishCalendars=No to a user's User.ini
file. To publish a calendar, in LookOut or WorldClient theme, go to Options |
Folders and click the "Share Folder" button next to the calendar you wish to
publish. In the dialog, open the Public Access tab and if desired, fill in the
display name or require a password, then click the "Publish Calendar" button. A
confirm dialog will show up to tell the user what is about to happen. After
clicking OK, an alert will display the new URL where the calendar is available.
There will also be a link displayed on the page once the calendar has been
published. To unpublish the calendar, click the "Unpublish Calendar" button. To
change the password or the display name, click the "Update" button.


      [10886] Remember Me

A "Remember Me" option has been added to the logon page of MDaemon Webmail. This
feature is disabled by default. The default expiration is 30 days, and the
maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under
Main->Webmail Settings->Settings. Users can check the "Remember Me" option on
the logon page to be remembered on a specific device. Then if they have a
bookmark with any of three View URL variables set (View=Main, View=Logon, or
View=List) (or no View URL variable set), the user will be automatically logged
in. Two Factor Authentication (2FA) is separate and will still be required when
the 2FA remember me token expires.

[19865] "Remember Me" was also added to the Remote Administration logon page.
This feature is disabled by default. The default expiration is 30 days, and the
maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under
Main->Remote Admin Settings->Settings. Users can check the "Remember Me" option
on the logon page to be remembered on a specific device. Two Factor
Authentication (2FA) is separate and will still be required when the 2FA
remember me token expires.


      [19738] Exempt Known ActiveSync Devices from Location Screening

An option has been added to allow a previously known ActiveSync device to bypass
location screening. Administrators can enable this option to allow users to
continue to access their account via ActiveSync from a location that is
configured to block authentication attempts. In order to exempt the device it
must have connected and authenticated using ActiveSync within the time frame
configured to remove inactive clients. To exempt a device go to Setup / Mobile
Device Management / Clients, select the client and click Settings, then check
the box for Exempt from Location Screening.

You can also choose to Whitelist the address the client is connecting from. This
can be used to allow other clients that might be connecting from the same IP
address to also bypass location screening.


      CHANGES AND NEW FEATURES

  * [19372] Added ability to specify which protocols use Location Screening.
  * [19507] LookOut and WorldClient themes - Added PIM attachments for Contacts,
Tasks, and Notes
  * [19575] IP and Host Screening UI previously shared controls at the bottom of
their configuration screens but now the items related to IP Screening will be on
the IP Screening screen and the Host Screening on the Host Screening screen (can
I say screen one more time).
  * [13359] MD Webmail - Added options to decide how to handle the original
message when replying or forwarding on the Options | Compose page under
"Replying and Forwarding". The options are as follows: Do not include, Attach,
Include, Include and Indent, Prefix. The option "Do not include" is unavailabe
when forwarding a message. For plain text messages the user can configure their
own prefix up to 4 characters long. A space will be included after the 4 
characters.
  * [5652] MD Webmail- Added the ability to customize the attribution of
original messages in replies and forwards on the Options | Compose page under
"Replying and Forwarding". The options are as follows: None, Include From, Date,
To, and Subject lines from original message, Custom format (plain-text only).
Custom format has two required macros, %SENTDATEANDTIME% and %SENDER%. If either
macro is not used, then MD Webmail will default to the second option.
  * [19558] MD Webmail- increased the length of the private ical feed token
found in the Folder Share and Calendar Export views. The token will only
increase in length if it has yet to be created, or the user resets it.
  * [19547] MDRA - Made the "No Results" box in Message Search grey so that it
does not look like a button
  * [19462] MDRA - Moved the "Edit Mailing List Admins" button to the "Mailing
List Subscription Manager Options" section under Main -> Remote Admin Settings
  * [19460] MDRA - Increased the height of the Gateway Manager Settings window
  * [19499] MD Webmail - Added an option to include a Terms of Use
acknowledgment on the logon page. When Terms of Use is required, user's will not
be able to login without clicking the checkbox.
  * [19568] A new screen exists at Ctrl+W|Terms of Use which allows you to
configure a Terms of Use message that will appear to Webmail and Remote Admin
users which they must agree to before the services can be used.
  * [19500] MDRA - Added an option to include a Terms of Use acknowledgment on
the logon page. When Terms of Use is required, user's will not be able to login
without clicking the checkbox.
  * [18868] MDRA - Added button to set the settings on a page to the
"Recommended" settings. So far, only some security related pages have this 
button.
  * [19657] MD Webmail - Added an option to increase/decrease the spacing
between lines in the Compose view's HTML editor
  * [19444] MDRA - Added ability for Message Search to return messages that were
not accepted after the DATA command by searching the From and/or Recipients 
fields.
  * [19688] MD Webmail - Added better logging information for session failures
when debug level logging is enabled
  * [15557] MD Webmail - Added MDaemon PGP options to the Compose view for
WorldClient and LookOut themes
  * [19022] MD Webmail - Added the Country to Login History in Options | 
Security
  * [19702] MDRA - Added a Last Accessed column under the Main | Accounts 
settings
  * [19737] MD Webmail - The "UserCategories.js file has malformed data" message
will only be displayed when the data returned from the server is not in an array
format.
  * [19744] MDRA - Added SSL & HTTPS views for RA and Webmail under Main |
Webmail Settings and Main | Remote Admin Settings.
  * [4368] MDRA - Added the SSL & TLS views from the MDaemon GUI under Security
| Security Settings | SSL & TLS. STARTTLS White List and STARTTLS List are
buttons located under the Security | SSL & TLS | MDaemon link.
  * [12548] MDRA - Added more filtering options to the Account list. Added the
Groups column to the filter column options. Display ActiveSync, Outlook
Connector, IMAP Access, POP Access, Over Quota, Near Quota, Frozen, Disabled,
and/or Active accounts.
  * [14013] MDRA - Improved filter ability. If no wildcards are included by the
user, the filter term is treated as though it were surrounded by wildcards. So
"test" would be treated as "*test*".
  * [13358] MD Webmail - Added an automatic feature to the auto complete
functionality that will display the three most commonly used contacts related to
the search string at the top of the list. Auto complete is used in multiple
views, and the feature is active wherever auto complete is used.
  * [4636] MDPC/MDRA - Added the Web Services tab for domain administrators when
editing user accounts other than their own. The "...edit quota settings" option
is disabled for domain administrators.
  * [9361] MDPC/MDRA - Added the Security->Screening->Sender Blacklist and
Recipient Blacklist views for domain admins. Additional options, "Check message
headers for blacklisted addresses", and "Notify blacklisted senders that their
message was refused" on the Sender Blacklist view are not available for domain
admins because they are not domain specific options.
  * [19937] MDRA - Users are now prevented from setting the Webmail List Refresh
Time to anything less than 1
  * [19943] MD Webmail - Added workaround to a bogus vulnerability detected by
PCI compliance scan
  * [19971] MD Webmail - Added an option for signed messages with p7s and p7b
attachments to import the S/MIME public certificate to the sender's contact 
data.
  * [14141] LookOut and WorldClient themes - Added an option to include a custom
image/icon with each custom link. After the CustomButtonLink1 entry, add
CustomButtonImage1=filename.extension. Place filename.extension in the
MDaemon\WorldClient\HTML\All\Images directory in order for it to be used. The
expected image size is 32x32. It will be automatically resized, so the original
image should also be 32x32 for the sake of aesthetics.
  * [19939] MD Webmail - changed the autocomplete feature to include domain name
matches with contact email addresses
  * [19931] MD Webmail - Added autocomplete="off" to the "Verify Pairing" field
for the Two Factor Authentication setup
  * [19973] MD Webmail - Updated the Voice Recorder error message for the cases
where microphone permission is off or the user is not using HTTPS
  * [20021] LookOut, WorldClient, and Mobile themes - Added speech synthesis to
the message views. Users can click the "Read Message" button to listen to the
message. Only supported in the latest Chrome and Firefox.
  * [16747] MDRA - Added the options to Allow or Require Two Factor
Authentication to the user Web Services page
  * [19867] MD Webmail - Added phone number links to all themes in the contact
list view to allow users to click on the phone number to make a call
  * [16806] MDRA - Added Learn Spam and Learn Non-Spam buttons to all Queues.
The buttons copy the selected messages into the Bayesian Spam and Non-Spam
folders respectively.
  * [14268] MDRA - Added the Max Records field to Reports that are using bar
graphs. Maximum is no greater than 100 records for the views in question.
Inbound Email->Top Recipients,  Top Recipients by Size; Outbound Email->Top
Senders, Top Senders by Size; Anti-Spam->Top Spam Scores, Top Recipients;
Anti-Virus->By Name
  * [19268] MDRA - Message Search - Added a message for the case that the user
either does not have permission to view the logs or the statistics database is
not enabled. If the statistics database is not enabled, a button will be present
that will take the user to the Logs->Log Settings->Statistics Log view.
  * [19473] Added a counter to show connections refused by location screening.
  * [19579] Changed dynamic screening notifications to go to global
administrators by default instead of the postmaster, to avoid problems when the
postmaster alias is not set up.
  * [20085] MDLaunch /stop will try to forcibly terminate the MDaemon.exe
process if it has not stopped after two minutes.
  * [4270] The Content Filter can now extract files from inside of winmail.dat
and turn them into standard MIME message attachments. Enable this at Security |
Content Filter | Compression.
  * [20023] ActiveSync - Selected client Settings over-rides can now be applied
to specific device types and security groups. For example, one could ensure that
all ActiveSync connections with Outlook for Windows virtully merge their
domain's Public Contacts into the user's default contact folder, or enable
location screening exemptions for ActiveSync connections from members of a
specific group.
  * [19958] ActiveSync does not encode the name in the From header if it
contains only ASCII characters.
  * [19513] Ctrl+S|SSL & TLS has a new screen called Let's Encrypt where you can
configure automation of a PowerShell script that requests and sets up free TLS
certificates from Let's Encrypt.
  * [20216] Updated ClamAV to version 0.99.4, and the 64-bit version of MDaemon
now uses 64-bit ClamAV.
  * [20235] LetsEncrypt will now clean up files older than 180 days from the
Acme-Challenge and MDaemon\PEM directories. Only .PFX files that have a file
name beginning with the FQDN configured in MDaemon are removed. The names of the
files that are removed are logged in the LetsEncrypt Log file.
  * [20253] The right click menu commands to white list and black list from the
Queues screen have been removed. Also, the Spam Filter White List and Black List
screens now open in read only mode until an "Advanced" button is clicked.
  * [20311] Added Antivirus mailbox scanning.  Under Security->AntiVirus select
'Scan all mailboxes every n day(s)'.  This allows for detecting of any infected
messages that may have passed through before virus definition updates could be
updated to detect them.  Infected messages will be moved to the quarantine
folder with 'X-MDBadQueue-Reason' header added so that there will be an
explanation when viewed with MDaemon configuration screen. Messages that cannot
be scanned will not be quarantined.


      FIXES

  * [19567] fix to host name sometimes missing from SSL related logging
  * [19210] fix to DMARC contact email not accepting aliases to a subaddressed
account
  * [19683] fix to MD Webmail Compose page may take a very long time to load
when doing reply or forward on a large HTML message
  * [19621] fix to API not saving gateway configuration data in some cases
  * [19662] fix to MDRA - Public Folder Editor has old Alert message
  * [19663] fix to MDRA - Public Folders Access Control alert typo
  * [19747] fix to LookOut and WorldClient themes - PDF Viewer - If there are
non-breaking spaces (&nbsp;) in the name of the file, it will not load
  * [19761] fix to WorldClient theme - filters are not saved after being 
reordered
  * [19877] fix to WorldClient theme - Reply and forward flags are not updated
immediately after sending the message
  * [10595] fix to MD Webmail - Documents - Drag and drop of multiple files into
Documents folder results in only 1 file uploaded, no error message
  * [15747] fix to MD Webmail - French - When creating a folder called
"Courrier" in the root, the Inbox no longer displays messages
  * [16050] fix to MDRA - Active Sessions not showing MDaemon Webmail sessions
  * [18351] fix to CALDAV client may not display the last occurrence of
recurring event that occurs until a specific date
  * [17112] fix to if an attendee's email address is an alias, the attendee's
response status will not be recorded in the event
  * [19961] fix to potential crash in CalDAV server
  * [15184] fix to LookOut and WorldClient themes - Default Contacts View does
not apply to address book opened from the Compose view
  * [19978] fix to LookOut and WorldClient themes - When changing a category in
a shared folder, others do not see the change immediately
  * [19928] fix to MD Webmail - A meeting request attached to a message thread
displays the meeting information but not the message body
  * [19916] fix to MDRA - Deleting entry from ACL closes the dialog
  * [19946] fix to MDRA - German - When deleting an account, the confirmation
box cuts off the buttons
  * [17625] fix to WorldClient theme - Searching between two dates with more
recent date first gives results after more recent date
  * [19984] fix to MDRA - the Start / End Time field overlaps the Start / End
Date drop-down box on the Autoresponder view
  * [19990] fix to WorldClient theme - Calendar View - The add folder icon is
displayed below on languages where the name is too long
  * [19992] Fix to MD Webmail - the message list may show spoofed FROM headers
unless View Sender is set to All
  * [19669] fix to Lite and Mobile themes - Carriage returns are missing in the
body when viewing a message
  * [19996] fix to MDRA - Invalid forwarding address reported when attempting to
set account to forward to multiple addresses
  * [20031] fix to WorldClient theme - The + to add a folder does not show a
tooltip when hovered over
  * [20032] fix to WorldClient theme - Some of the background color is not being
hidden when printing a calendar
  * [20027] fix to MD Health Check - if you click Analyze again after copying an
entry to the clipboard the application crashes
  * [20052] fix to possible MDaemon crash when processing messages from the
local queue
  * [20059] fix to Webmail - When downloading a zip of files from a message with
multiple files of the same name, only the first file is included
  * [20082] fix to Webmail - Desktop Notifications are received, even though
they are disabled
  * [20074] fix to WorldClient and LookOut themes - An extra message may be
selected after copying messages
  * [20109] fix to MD Webmail - might incorrectly display a sender is DKIM 
verified
  * [20136] fix to CalDAV - Unable to change date of single occurrence of
recurring event
  * [20137] fix to CalDAV - In Thunderbird/Lightning an all day recurring event
where a specific occurrence has been changed to occur on a different date is not
displayed correctly.  The event is displayed on both the date the occurrence has
been changed to and the original date of the occurrence.
  * [20159] fix to Webmail - Slideshow - if an image is taller than the height
of the screen, the width will be set to the screen width
  * [20113] fix to corrupt text in translated Dynamic Screening emails
  * [20000] fix to ActiveSync - various changed occurrence entries cause Outlook
to stop syncing the calendar
  * [20128] fix to IPs are still blocked by Dynamic Screening when Enable
Authentication Failure Tracking is disabled
  * [20101] fix to possible MDaemon crash when generating a Dynamic Screening
notifcation email
  * [20084] fix to possible MDaemon hang during shutdown
  * [19995] fix to ActiveSync - creating top-level folders in Outlook will also
create same folder name under Inbox
  * [19981] fix to possible ActiveSync server crash when a client replies to a
message
  * [19969] fix to ACL editor GUI may show extra character in Name field for
anyone@domain entry
  * [19967] fix to ActiveSync - last occurrence of recurring event may be
missing on iOS
  * [19960] fix to possible WorldClient.exe crash related to Dynamic Screening
  * [19941] fix to Chinese ActiveSync policy names are corrupt
  * [20177] fix to DAV server not properly enforcing dynamic and location 
screening
  * [20178] fix to XMPP server not using location screening
  * [20200] fix to Webmail - Cannot share a folder to a group
  * [20184] fix to Mobile theme - When sending to unknown user, no pop-up is
displayed
  * [2032] fix to LookOut theme - message preview does not block remote images
except in the Inbox
  * [20240] fix to Mobile theme - French - Unable to delete a calendar 
appointment
  * [20265] fix to specific messages locking the local queue with high CPU usage
  * [20229] fix to CALDAV: Report command with no date filter may not return all
calendar events
  * [20268] fix to List-Unsubscribe header is not automatically added to mailing
list messages when "Honor '<List>-subscribe' and '<List>-unsubscribe' addresses"
is enabled
  * [20273] fix to Webmail - Advanced Search - Searching for any text string in
the message body returns all messages in all folders in the user account in the
search results
  * [20271] fix to CALDAV: Specific data in calendar XML database file causes
Thunderbird/Lightning to hang when synchronizing calendar
  * [20278] fix to $CALTXT$ macro is not replaced in calendar reminder email
messages if the length of the comments/body field of the event exceeds 1000
characters
  * [20270] fix to Dynamic Blacklist GUI may not display all DSBlackList.dat 
entries
  * [20310] fix to recurring events from specific CalDAV clients are always
saved as all day events
  * [20320] fix to ActiveSync: Time of recurring events may shift on Android
devices by one hour after the start or end of daylight saving time
  * [20319] fix to MDRA - Any changes made to a global admin's ActiveSync Client
Settings are applied globally
  * [20092] fix to meeting responses may be sent from the wrong account
  * [20339] fix to MDPGP not properly using keys assigned to aliases
  * [20360] fix to when a 'GET' command is used with CalDAV, "private details"
of private calendar events are not filtered out
  * [20358] fix to possible MDaemon hang when the MDPGP option "Trade public
keys during SMTP mail sessions (MDaemon)" is enabled
  * [20352] fix to MDPGP not signing some messages when configured to do so
  * [20378] fix to CalDAV: Free/Busy lookups from Mac iCal calendar application
return no results
  * [20387] fix to MDaemon may send messages to the wrong smart host


- -- 
syafril
- -------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

You have to learn the rules of the game. And then you have to play better than
anyone else.
- --- Albert Einstein
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlrZK2UACgkQJDdq0WWNVhbRxQCeNISxxTdk4xiI1cNEuZg1pXbs
cOUAoJ4N3MLT49WjCyZ0zIwtJfJV+GbL
=41VI
-----END PGP SIGNATURE-----


-- 
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

Kirim email ke