MDaemon Server v17.5 Release Notes
MDaemon 17.5.0 - September 26, 2017
 Hosted email options with MDaemon Private Cloud are now available. To learn
more, please visit:
 BlackBerry Enterprise Server (BES) for MDaemon is not compatible with MDaemon
17.5 or newer. There will not be a new version of BES for MDaemon that is compatible.
MDaemon's installer will disable BES if it is detected. Uninstall BES to not be
prompted about it. Screens about BES have been removed from the MDaemon UI.
 Added quarantine exclusion lists to allow password-protected files from or to
configured senders and recipients. At Security | AntiVirus, enable "Allow password-protected
files in exclusion list..." and click the "Configure Exclusions" button.
Note that as of SecurityPlus 5.1.0, the ClamAV Plugin may quarantine password-protected
files before the main AV engine can scan them. An option is to disable the ClamAV Plugin.
MAJOR NEW FEATURES
 LOCATION SCREENING
A geographically based blocking system has been developed which allows you to block
incoming SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration,
CalDAV/CardDAV, XMPP, and Minger connections being attempted from unauthorized regions
of the world. A new screen has been added at Ctrl+S|Screening|Location Screening
to configure this.
When the connecting IP is from a blocked country an entry can be logged in the Dyanmic Screening Log.
 DYNAMIC SCREENING FOR ALL PROTOCOLS/SERVICES
MDaemon's dynamic screening has been expanded to operate with SMTP, POP, IMAP,
WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV,
XMPP, and Minger. Authentication failures are tracked across all of these services and
IPs can be blocked for all of them. Settings are in the UI at Security | Dynamic
Screening. The log is on the Plug-ins | Dynamic Screen tab. WorldClient's separate
Dynamic Screening system has been removed.
 PIM ATTACHMENTS
PIM (calendar, contact, tasks, notes) items now support attachments.
Attachments may be added to a PIM item via WorldClient, Outlook Connector, or
CalDAV/CardDAV. When scheduling a meeting, any attachments will be sent to
the meeting attendees.
LookOut and WorldClient themes - Implemented PIM attachments for
Calendars. A new tab was added in the Calendar Edit view that allows users to
add file attachments to an event/meeting. As long as a user has read access to
an event, the attached files can be downloaded by the user. Only users with edit
access can upload or remove attachments from a given event/meeting. Other themes
will not be able to edit the attachments, but the attachments will not be lost
when an event/meeting is edited.
 PGP KEY-EXCHANGE DURING SMTP
A new checkbox on the MDPGP GUI enables/disables automatic transaction of
public keys as part of the SMTP message delivery process. If enabled,
MDaemon's SMTP server will honor an SMTP command called RKEY.
When sending an email to a server that supports RKEY MDaemon will offer to transmit
the sender's then current and preferred public-key to the other host. That host
will respond indicating that it either already has that key and thus no further
work need be done ("250 2.7.0 Key already known") or that it needs that key in which
case the key is immediately transferred in ASCII armored form right then and there
("354 Enter key, end with CRLF.CRLF") just like an email message. Keys that are
expired or revoked are never transmitted. If MDaemon has multiple keys for the sender
it will always offer up the key that is currently marked as preferred. If no key
is preferred then the first one found is offered. If no valid keys are available
then no work is done. Only public-keys that belong to local users are offered.
Public-key transfers take place as part of the SMTP mail session that delivers the
message from the user. In order for the public-keys transmitted in this way to be
accepted the public-key must arrive along with a message that has been DKIM signed
by the domain of the key owner with the i= set to the address of the key owner which
also must exactly match the From: header address of which there can be only one.
The "key owner" is taken from within the key itself. Also, the message must arrive
from a host in the sender's SPF path. Finally, the key owner (or his entire domain
via use of wildcards) must be authorized for RKEY by adding an appropriate entry
to the MDPGP rules file (instructions are in the rules file for this) indicating
that the domain can be trusted for key exchange. All this checking is done automatically
for you but you must have DKIM and SPF verification enabled or no work can be done.
The MDPGP log will show the results and details of all keys imported or deleted
and the SMTP session log will also track this activity. When it works right your
SMTP session logs will show details of key transactions and the MDPGP log file will
fill with details.
This process tracks the deletion of existing keys and the selection of new preferred
keys and updates all participating servers it sends mail to when these things change.
CHANGES AND NEW FEATURES
-  Added a new option to Ctrl+S|Sender Authentication|SPF Verification which allows
you to apply SPF processing to the HELO/EHLO value. This option is enabled by default.
-  The \MDaemon\Data\ folder is now included in the config file backup system.
-  The LetsEncrypt script no longer needs to shut down MDaemon and its associated
programs prior to writing content out to INI files. This reduces the potential
down time, but you are still required to restart MDaemon in order for the changes
to be recognized.
-  The LetsEncrypt script no longer writes out the certificate information
to the INI files and restarts MDaemon even if nothing has been changed.
-  As part of the new Dynamic Screening work, the option "Limit simultaneous
connections by IP to (0 = no limit)" has been moved from Ctrl+S|Screening|
SMTP Screen to F2|Server Settings|Sessions. Also, the SMTP Screening UI has been
adjusted. The settings here apply only to SMTP screening and use the Dynamic Screening
system so some explanatory text was added.
-  LookOut and WorldClient themes - Added the option to export and import Groups/Distribution
Lists from and to a contact folder in WorldClient. The format is WorldClient specific,
since Outlook does not support exporting and importing Groups. The format is as
columns - Group GUID, Group Name, GUID, Full Name, Email
Each line that contains either a Group Name or a Group GUID is
considered the beginning of a new group. Any GUID, Full Name or Email on that line
is considered the first member of the group/list. An Example from Excel follows:
When importing, the Group GUID is replaced with a freshly generated GUID. If no
Group Name is included, the name will be displayed without translation as "ImportedFromCSV_%GUID%",
where %GUID% is replaced with the first five characters of the GUID. Leaving the
cells to the right of a group name empty will result in the next line being the
first member of the group/list. The Email field is required for a member to be added.
-  LookOut and WorldClient themes - Added Voice Recording feature. This feature
requires a microphone and is only available in certain browsers. It can be disabled
by the admin on a per user basis by adding EnableVoiceRecorder=No to the User.ini.
Users are limited to five tracks of five minutes each. Attempting to record more than
5 tracks will result in either the selected track, or the first track, being replaced
by the new recording (the user will be prompted). After recording is stopped (either
automatically or by the user), the track is converted to an mp3 and uploaded to the
server. Users have four options regarding each track:
Users can only act on one track at a time. For example, only one track can be attached
to a message. If a user wants to attach multiple tracks to a message, the user will
need to save each track to the default documents, and do the attaching from there.
- Save to the desktop
- Save to default WorldClient documents folder
- Send in an email using a quick dialog that only includes To, CC, BCC, Subject,
and a plain/text Message Body
- Only the To is required. There are canned Subject and Message Body
phrases used when no Subject or Message Body is input by the user.
- Open a new Compose view with the track attached
-  LookOut and WorldClient themes - Users can now reorder favorite folders
by dragging and dropping them in the favorites list.
-  LookOut and WorldClient themes - New folder management features in the Options
| Folders view and in the main folder list view.
In the folder list view (left pane):
In the Options | Folders view, the folder tree is now collapsible, and the New Folder
dialog has been moved to an external window like in the WorldClient theme.
- Users can drag and drop to move folders from one parent to another
- Users can rename folders and give favorites nicknames by clicking on them a second
time (shortly after folder selection)
- Show Folders by Type is now available in the LookOut theme
- If there is already at least one favorite folder (because favorites are hidden until
one is added), users can drag and drop a folder to favorites in order to add it
(dragging a folder out of the favorites does nothing).
- The new folder and rename folder dialogs were added to the LookOut theme
-  Lite, LookOut and WorldClient themes - Added an option to choose the font
size for plain text Compose under Options | Compose. The option (Compose Font Size)
is always visible in Lite theme, and only visible in LookOut and WorldClient themes
when HTML Compose is turned off.
-  WorldClient - The paperclip is no longer displayed in the message list for
new messages that only include inline images, unless the "List All Attachments"
option is turned on under Options | Personalize. This only affects new messages,
so old messages will continue to show the paperclip in the case that only inline
images are attached to the message.
-  LookOut and WorldClient themes - Users can now open file attachments in
the browser (if the browser supports it) by clicking on the name of the file in
the message preview or external message window. To download the attachment, click
the download icon next to the name.
-  LookOut and WorldClient themes - Added options to Export a contact in vCard
4.0 format. The "Export vCard" button will download the vCard. The "Send
vCard" will open a new Compose window with the vCard(s) attached.
-  LookOut and WorldClient themes - Added a "None" option in the
Compose view Signatures select dropdown
-  LookOut and WorldClient themes - Added a setting in Options | Personalize
to close the message window when the user deletes the message (external window only),
which also preempts the opening of the next message in the list.
-  WorldClient theme - Updated the look of Notes, and added an option to change
the color of the note by clicking on the note icon in the top left corner of the
-  LookOut and WorldClient themes - Added settings in the Options | Compose
view to allow users to choose a signature for replying and forwarding respectively.
-  LookOut and WorldClient themes - Added an option to not include signatures
in replies or forwards. Under the same settings for 18728 the user can choose "No
Signature" for replies and/or forwards.
-  All Themes - the User cookie is now set to the current value of the User
field on login form submission
-  LookOut and WorldClient themes - Added the ability to search for attachment
names in the advanced search
-  All Themes - Added indexed data search for message bodies and attachment
-  All Themes - WorldClient now includes the ability to choose between downloading
the 32 bit and 64 bit OC Plugin Installers.
-  Removed MSXML 4 from the installer.
-  Added support for password protected chat rooms to XMPP server.
-  Added support for password-protected chat rooms to WCIM client.
-  WorldClient theme - Simplified the look of the Compose view. Advanced options
can be displayed by clicking one button. Save (without closing) option added. Clicking
the X in the top right corner will discard a draft, instead of just closing the
window. The subject is displayed in the header as the user types it. Moved the Send,
Save, and Save and Close options to the footer. The entire attachments section is
the drag and drop area. Moved the paragraph justification buttons down to
the second level in the HTML editor options.
-  LookOut and WorldClient themes - Added message list context menu options
to "Whitelist Sender" and "Blacklist Sender". If clicked, the
sender of the selected message(s) will be added to the Whitelist or Blacklist contact
folder. These options can be hidden by adding HideEmailAddressHoverMenus=Yes in
the Domains.ini under [Default:UserDefaults], or adding the same to a user's User.ini
file. When using these options, users can select multiple messages to Whitelist/Blacklist.
-  LookOut and WorldClient themes - Added an option under Options | Compose
to allow users to use the Dropbox Preview Link. The default is the Dropbox Direct
-  Turned off EditBISInboxMapping in MDaemon\WorldClient\Domains.ini under
[Default:UserDefaults]. This hides the "Push to Blackberry" column in
WorldClient's Options | Folders view. This can be enabled for all by changing
it back to Yes in the MDaemon\WorldClient\Domains.ini or per user by adding it to
the [User] section of a user's User.ini file.
-  Increased the number of custom buttons allowed in WorldClient to eight.
-  WorldClient theme - Date now displayed when printing a calendar in Calendar
-  A new screen at Setup | Outlook Connector | OC Client Settings | Add-ins
lets the admin configure Outlook add-ins for Outlook Connector to disable. Requires
Outlook Connector 5.0 or newer. Select a default action, Allow or Disable, which
applies to new or unlisted add-ins. Individual add-ins and their actions (whether
to Allow, Disable, or use the default action), are displayed in a list box. OC
clients will populate the list, or admins can add them from the UI.
-  WorldClient - Added ability for users to view their last ten successful
logins on the Options | Security page. This is enabled by default. To disable this
option, set DisplayLoginHistory to No in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults].
-  WorldClient - Added Internationalized Domain Name support, so that IDNs will
not be displayed in punycode, but instead in UTF-8.
-  LookOut and WorldClient themes - under Options | Compose, the Compose Height
and Compose Width options have been removed when HTML Compose is unchecked, because
the height and width of the text area in the compose view is auto resized to fit
-  LookOut theme - Added a delete button to the appointment editor that works
like the one in the WorldClient theme.
-  Added ability to disable SSL in XMPP Server by adding in \MDaemon\XMPPServer\settings.ini...
-  Added support for account IMAP filters with multiple conditions that can be
combined using AND or OR. The filter rule creation UI has links that let you edit
each part of the rule. Click the "[+]" link to add a condition and the
"[x]" link to remove a condition.
-  When MDaemon 17.5+ first starts up, if MDaemon has never been configured
to use SSL it will automatically generate a default self-signed certificate and
enable SSL for MDaemon, WorldClient, and Remote Administration.
-  POP3, IMAP, and SMTP server authentication changes to make them more
consistent, improve logging, and not give as much information about failures to
clients. When a username is sent to MDaemon in an encoded form, MDaemon logs
it in plain text. When authentication is successful MDaemon logs the account's
email address. When authentication fails MDaemon logs the reason but the error
message sent to the client is generic. Authentication failures due to invalid
username or password are reported to Dynamic Screening, but not those due to the
account being frozen, set to do not disturb, expired password, etc.
-  MDRA - Added a "Message Search" page under "Messages & Queues" for
Global Admins. This view allows the admin to search a single user's message
folders. The maximum number of messages returned is 10,000. After getting a list
of messages, the admin can view the message, and related log entries from the
Routing, SMTP(in and out), DomainPOP, and MultiPOP logs. Logs will only be
displayed if the Statistics Database is enabled under Setup | Server Settings |
Logging | Statistics Log.
-  Content Filter - Added ability to block attachments in nested ZIP files
up to 5 levels deep.
-  WorldClient theme - Increased the email address input length to 76
characters, which is the maximum length of an MDaemon email address.
-  The files NoTarpit.dat, DynamicScreen.dat, and AuthErrors.dat in the
\MDaemon\App directory are no longer used.
-  Added complex Filters to WorldClient. Unsupported themes will not be
able to save changes to existing filters.
-  WorldClient theme - Deferred Delivery - Added an alert that tells the
user when the message will be sent
-  MDaemon creates registry entries for Windows Error Reporting to save memory
dumps if MDaemon.exe, CFengine.exe, WorldClient.exe, WebAdmin.exe, or WCXMPPServer.exe
crash. This functionality requires Windows Server 2008/Windows Vista or later. Dump
files will be saved to the \MDaemon\Dumps folder. This location may be changed by
editing \MDaemon\App\MDaemon.ini and setting [Directories] CrashDumps.
-  Added performance counters for the number of connections refused by IP Screen,
Dynamic Screen, Host Screen, and Location Screen.
-  Added performance counters for whether a new version of a product is available
and the number of days left in the license for each product.
-  WCIM - Added buddy grouping. The default group is "Buddies".
-  Added an account settings option (enabled by default) to automatically
place new meeting requests on the receiving user's default calendar, marked
-  MDRA - Added Location Screening view
-  WorldClient - Improved the error message when entering an invalid
password on the change password page (when forced to change password by admin).
-  WorldClient - Improved the error message when a user uses an old
-  WorldClient and MDRA - Updated CKEditor to version 4.7.1
-  fix to LetsEncrypt generating a new certificate each time the script runs.
-  fix to WorldClient - HTML messages with embedded CSS render poorly
-  fix to WorldClient - Message Preview - Malformed messages may have malformed
-  fix to WorldClient - extra space is shown between lines in an HTML message
that was composed using Outlook
-  fix to Mobile theme - Going back or using the refresh button in the list
view results in a mostly blank page
-  fix to MDPGP GUI showing aliases with macros in dropdown when creating keys
for specific users
-  fix to MSA connections not honoring local sources spam filter exemption
-  fix to WorldClient - Alert.sem file not currently working
-  fix to CalDAV: response is not sent to meeting organizer when accepting
a meeting request in Thunderbird/Lightning
-  fix to WebDAV log file created with name of ".log" if MDaemon
logging is disabled
-  fix to Remote Administration not forcing the recipient of the Weak Password
Report to be a local user
-  fix to able to enter non-numbers for max users per domain in Remote Administration
-  fix to Remote Administration does not force entry of a Smart Host when needed
in Domain Manager
-  fix to some options not enabled on Remote Administration's Domain Manager
| Calendar screen
-  fix to Remote Administration needlessly forcing a policy description in
ActiveSync Policy Editor
-  fix to Remote Administration forcing entry of a Dequeue String when it should
-  fix to Remote Administration not checking for a positive integer for time
to live in IP Cache
-  fix to Remote Administration missing some of the necessary new mailbox name
-  fix to Remote Administration not hiding "WC Documents Folder"
as an option when editing Account Templates
-  fix to LookOut and WorldClient themes - Cannot see new category added on
the Options | Categories view when adding by right clicking message | Categories
-  fix to LookOut and WorldClient themes - Current folder on server changing
if you right click and perform action on a non-selected folder
-  fix to LookOut and WorldClient themes - Applying changes to a signature
with more than one font-size results in all fonts changing back to the default
-  fix to WorldClient theme - After a search, if you click the X on the search
bar, only the message subjects are displayed
-  fix to Lookout theme Add button is not grayed out when editing a single occurrence
of a recurring event
-  fix to encoding issue when AV warning message text is added to HTML messages
-  fix to MDRA - When Free/Busy service for a domain has a password, the field
-  fix to MDRA - Passwords available in plain text on various pages
-  fix to LookOut and WorldClient themes - WorldClient does not display the
email address in the "Recipient unknown" error message
-  fix to WCIM client stripping CR/LF when sending multi-line messages
-  fix to WCIM client not sending status changes to server for 5 minutes
-  fix to remote IP not included in Received headers in some configurations
-  fix to DNSBL lookups on Received header IPs not honoring white list
-  fix to Mail List sending copy to sender errantly in some configurations
-  fix to invalid regular expression in bad passwords file causes problems
for the MDaemon GUI and Remote Administration
-  fix to MDRA - Content Filter shows "Process Exit Code" instead of
"SpamAssasin Score" popup when selecting a SpamAssasin Score entry
-  fix to MDRA - Subfolders are not always created correctly
-  fix to WorldClient - When composing a signature, then when using an
underline, it is not saved
-  fix to LookOut and WorldClient themes - Deferred Delivery sets year to
1601 when sent from the Spell-Check view
-  Fix to LetsEncrypt script not restarting MDaemon when WorldClient or MDaemon
Remote Administration are running under IIS and the WebScripting tools are not installed
-  fix to various problems with the Group Editor in Remote Administration
-  fix to various excessive whitespace on certain popup windows in Remote
-  fix to some text not being translated on Remote Administration's DomainPOP
page, User's Forwarding page, and Dropbox page
-  fix to incorrect prompt in Content Filter "Event Log" actions
in Remote Administration
-  fix to IP Shielding screen in Remote Administration not forcing entry of
an IP address
-  fix to Event Logging screen in Remote Administration not disabling some
options when it should
-  fix to From Header Modification not always handling parsing correctly
-  fix Mobile theme - Calendar months and days are displayed in English
when any other language is selected
-  WCIM client - fix to account not added to drop list on 'Add Contact'
-  WCIM client - fix to "Invisible" status change not working. It
will act as "Do not disturb" to other XMPP client.
-  fix to MDRA - Cannot edit or create new domain
-  fix to WorldClient theme - not able to sort messages by ascending date
when changing the sort order on the Options | Personalize page
-  fix to WorldClient - error message popup goes away too quickly before it
can be read
-  fix to LookOut and WorldClient themes - Unable to send faxes with no
-  fix to IPF.IMAP type folders being created when moving folders
from an IMAP PST to an Outlook Connector account
-  fix to LookOut theme - when switching messages the scroll bar is not
reset in the message preview
-  fix to Possible memory leak in the Thread Pool if Message Log Parser
-  fix to WCIM - if user changes status with multiple XMPP clients, WCIM
should only report offline if all instances go offline
-  fix to Mobile theme - First Day of week setting is not applied to the
-  fix to WCIM - when global status is set to "Online" WCIM should log
account back in
-  fix to contact notes changed on an ActiveSync client are not saved to the
-  fix to ACL entry in an account's root Hiwater.mrk is not added to
AclShLookup.dat during the ACL cleanup event
-  fix to a single instance of a recurring appointment deleted using an
ActiveSync client is not deleted on the server
-  fix to messages sent using ActiveSync may display incorrect date in
-  fix to Sent Items copy of message sent using ActiveSync is unread
-  fix to MD GUI crashes immediately when selecting the Use Small Display Font