MDaemon Server v17.0 Release Notes
MDaemon 17.0.0 - March 21, 2017
 The option "Enable APOP & CRAM-MD5" found at F2|Server Settings|Servers
has changed to disabled by default for security and technical reasons. Using TLS
is the preferred way to avoid transmission of passwords in the clear.
 The "Global AUTH Password" setting at Ctrl+S|Sender Authentication|SMTP
Authentication has been deprecated and removed.
 All settings related to ADSP found at Ctrl+S|Sender Authentication|DKIM
Verification and a single option related to the use of the RS= tag found at Ctrl+S|Sender
Authentication|DKIM Settings have been deprecated and removed.
 In-browser WorldClient Instant Messenger (WCIM) has been removed from the
LookOut and WorldClient themes due to incompatibility with the new XMPP WCIM server.
 The option "Store mailbox passwords using non-reversible encryption"
(see below) is disabled by default for existing installs to avoid breaking anything
for anyone who depends on incompatible features, but for security reasons we recommend
enabling it if you can.
 WorldClient Instant Messenger (WCIM) now uses the XMPP protocol for instant
messaging, which is not compatible with the old chat protocol. Users who do not
update to the new version will not be able to instant message with users who have
updated. Address book synchronization with Outlook has been removed from WCIM.
MAJOR NEW FEATURES
 XMPP support for WorldClient Instant Messenger (WCIM)
WCIM now uses the XMPP protocol for instant messaging instead of WorldClient's proprietary
protocol. This allows the WCIM desktop client to communicate not only with other
WCIM clients, but any third-party XMPP clients (including mobile clients) connected
to your MDaemon's XMPP server.
WCIM now has two types of connections, "WCMailCheck" which connects to
WorldClient for new mail notifications and message counts, and "WCIMXMPP"
which connects to the XMPP server for instant messaging. When updating to version
17, WCIM will automatically migrate IM contacts from the old system to XMPP and
create a WCIMXMPP account.
 WORLDCLIENT DROPBOX INTEGRATION
A new screen has been added to Ctrl+W|WorldClient (web mail)|Dropbox. Here you will
find controls where you can enter your Dropbox "app key", "app secret",
and they are all obtained when you register your WorldClientas a Dropbox "app"
by visiting the Dropbox website. We cannot do this for you but it only needsdoing
once. Please see
Knowledge Base article 1166 for complete instructions on how to register
your WorldClient as an app with Dropbox.
Once the "app key" and "app secret" are configured WorldClient
will be able to connect their accounts to a Dropbox account. The first time a user
logs into WorldClient theme or LookOut theme, the user will be presented with a
dropdown at the top of the page. The user has three options, view the dropdown on
next login, never show it again, or go to the new Options | Cloud Apps view. On
the Options | Cloud Apps view, the user can click the Setup Dropbox button. Doing
so will open an OAuth 2.0 popup. The popup details what the user is connecting to,
and what authorizations WorldClient is requesting. There is also a link to the privacy
policy, and "Connect to Dropbox" button. Once the user clicks the "Connect
to Dropbox" button, the page will navigate to Dropbox. If the user is not logged
into Dropbox, Dropbox will present a site for them to either login or create an
account. Once this step is completed, the user will be presented with another Dropbox
page that asks if the user would like to allow WorldClient to have full access to
his/her account. Clicking "Allow", will take the user back to WorldClient
and tell the user whether or not the authorization was a success. This authorization
is good for one week after which time the same screen is presented again and another
access token is obtained and used for a subsequent week. Once authorization is completed,
the user will be presented with a Dropbox icon next to each message attachment.
Clicking the icon will result in the attachment being saved to the user's Dropbox
account under the /WorldClient_Attachments folder.
In the Compose view for WorldClient and LookOut themes, users will be able to choose
files from their Dropbox accounts by clicking the Dropbox icon in the HTML editor's
toolbar (top left). This feature does not require the users to setup access to their
accounts via the Options | Cloud Apps view and OAuth 2.0. It only requires the "app
key" and "app secret".
Dropbox integration is disabled by default. The "Enable Dropbox Integration"
checkbox will enable it for all users, or the admin can enable access on a per-user basis
by adding "DropboxAccessEnabled=Yes" to the User.ini.
CHANGES AND NEW FEATURES
-  Option to store mailbox passwords using non-reversible encryption
Added a checkbox at Ctrl+U|Other|Passwords to store mailbox passwords using non-
reversible encryption. This protects the passwords from being decrypted by MDaemon,
the admin, or a possible attacker. When enabled, MDaemon uses the bcrypt password
hashing function. It allows for longer passwords (up to 72 characters), and for
passwords to be preserved yet not revealed when exporting and importing accounts.
Some features such as APOP & CRAM-MD5 authentication and weak password detection
depend on MDaemon being able to decrypt passwords, so they are not compatible.
This option is enabled by default for new installs and disabled by default for existing
As part of this change, the Account Editor's "Mailbox password" fields
are no longer populated when editing an account in the UI. Enter a new password
(twice) to change the password or leave them blank to keep the current password.
-  Integration with Let's Encrypt via PowerShell script
Let's Encrypt is a certificate authority that provides free certificates for
Transport Layer Security (TLS) encryption via an automated process designed to eliminate
the current complex process of manual creation, validation, signing, installation,
and renewal of certificates for secure websites.
A PowerShell script that supports LetsEncrypt is now installed to the MDaemon\LetsEncrypt
directory. A dependency of the script, the ACMESharp module,
requires PowerShell 3.0 . This means this script will not work on Windows
WorldClient must be listening on port 80 or the HTTP challenge cannot be completed
and the script will not work. You will need to correctly set the execution policy
for PowerShell before it will allow you to run this script. Running the script will
set everything up for LetsEncrypt, including putting the necessary files in the
WorldClient HTTP directory to complete the http-01 challenge. It uses the SMTP host
name of the default domain as the domain for the certificate, retrieves the certificate,
imports it into Windows, and configures MDaemon to use the certificate.
The script creates a log file in the MDaemon\Logs\ directory called LetsEncrypt.log.
This log file is removed and recreated each time the script runs. The log includes
the starting date/time of the script but it does not include a date/time stamp for
each action. Notification emails can be sent when an error occurs. This is done
using the $error variable which is automatically created and set by PowerShell.
If you have an FQDN setup for your default domain that does not point to the MDaemon
server, this script will not work. If you want to setup alternate host names in
the certificate you can do so. You need to pass the alternate host names on the
Example usage: ..\LetsEncrypt.ps1 -AlternateHostNames mail.domain.com,imap.domain.com,wc.domain.com
-IISSiteName MySite -To "email@example.com"
You do not need to include the FQDN for the default domain in the AlternateHostNames
list. For example, our default domain, altn.com, is configured with an FQDN of mail1.altn.com.
We use an alternate host name of mail.altn.com. When I run the script, I only pass
mail.altn.com as an alternate host name. If you pass alternate host names, an HTTP
challenge will need to be completed for each them. If the challenges are not all
completed the process will not complete correctly.
If you do not need to pass in alternate host names then do not include the –AlternateHostNames
parameter in the command line. If you do not want to have email notifications sent
when an error occurs do not include the –To parameter in the command line.
If you are running WorldClient via IIS, you will need to pass this script the name
of your site using the -IISSiteName parameter. You must have Microsoft's Web Scripting
tools installed in order for the certificate to be automatically setup in IIS.
-  Added a new troubleshooting utility called MDaemon Health Check located
at MDaemon\App\MDHealthCheck.exe. Running it will check MDaemon security related
settings (AV, SPAM, SSL, etc.) for settings that are not recommended. It allows
the user to change any settings that are not recommended to the recommended setting.
It also creates a log file of the process in MDaemon\Logs which also includes any
errors (errors about missing settings are not a concern) or warnings found. The
user can open the most recent log from the utility. It can be launched from the
MDaemon UI using the new toolbar button or menu item in the Help menu.
-  Added Content Filter option to quarantine the entire message when it contains
a restricted attachment.
-  Added means to "authorize/approve" new devices that are allowed
to use ActiveSync.
To require approval of any new client that connects, simply set the checkbox in
the client settings dialog for the level at which you wish to enforce it, either
global, domain or user.
A new Filter combobox is preset on the client list dialog, which allows the admin
to look at all clients or clients awaiting approval.
To Authorize a client that requires approval... one can right click on the client
in the list of clients and choose "Authorize client..."
-  LookOut and WorldClient themes - Added Desktop Notifications for event reminders
and task reminders.
-  Ctrl+Q|Mail Queues|Retry Queue has a new checkbox which enables sending
of a "successful delivery" DSN any time a message is delivered which has
previously been delayed and placed in the retry queue for whatever reason.
-  Ctrl+S|Preferences|Headers option to create optional "For" clause
in Received headers has been deprecated and removed. MDaemon no longer generates
this optional clause when creating Received headers.
-  First time access to SMTP/IMAP/POP server from any IP having previously
provided incorrect credentials will result in a warning added to the Screening log
along the lines of "<Protocol> access granted to <IP> using <email
address>'s credentials after having FAILED previous on <Date>"
-  WorldClient - Added an option under Options | Personalize to allow inline
images in messages from Whitelisted senders and contacts from the user's default
-  LookOut and WorldClient themes - Added an option next to attachments in the
attachment list to remove attachments from a message
-  LookOut and WorldClient themes - Added the ability to create multiple signatures,
and assign them on a per email address basis. Users can create, edit, and
delete signatures in the Options | Compose view. In the Compose view, changing
the from address will change the signature, and there is also a list of signatures
to choose from in the advanced options. Each time a user opens a Compose view,
all the signatures are loaded. The number of signatures per user is limited
to 30 in order to prevent slow load times.
-  LookOut and WorldClient themes - Added ability to import vCards (.vcf files)
into WorldClient default contacts folder. There will be an icon next to any
vcf file in the message attachment list.
-  LookOut and WorldClient themes - Added an option in the compose view for
users to send a message at a future date and time. Users can set the date
and time fields which will set the Deferred-Delivery message header for the email
when saved as a draft or when sent. Deferred Delivery must be enabled in MDaemon
at F2|Server Settings|Message Recall.
-  Dynamic Authentication was renamed to Active Directory or AD Authentication
which is what is it and I'm trying to use the correct terms. This caused a change
to UI verbiage at Account Settings|Account Details screen and Ctrl+U|Active Directory|Monitoring.
As part of this work the Account Settings|Account Details screen was also changed
to remove the "Optional sync password" field (UI change only) and add
a field to specifying an optional AD account name to be used with authentication
(UI change only).
-  Several problems were fixed related to mail folder relocation when an account
changes email address or mail folder. The option at Ctrl+O|Preferences|System which
controlled whether mail folders were relocated has been deprecated and removed.
MDaemon will always attempt to move mail folders when necessary.
-  A new checkbox was added to Ctrl+O|Preferences|Headers which toggles whether
host names & IPs are included when "Received:" and potentially other
message headers are constructed. This option is disabled by default.
-  A new checkbox was added to Ctrl+P|DNS-BL|Settings which allows you to ignore
DNS-BL results that are outside the range of 127.0.0.1 to 127.255.255.255.
This option is disabled by default.
-  Remote Administration can now edit per-user or global permissions for the
WorldClient Documents folder.
-  Added missing Domain Manager screens to Remote Administration.
-  Remote Administration now allows certain edits to more than one list member
at a time.
-  The UI status bar up-time indicator has a changed layout for easier reading.
-  MDPGP: improved logging of certain error conditions
-  SMTP Mailbox Invalid error response will now include the value that was
determined to be invalid
-  Reworked the Global Mailing List Subscriptions Options in Remote Administration.
These settings are now in the Remote Admin settings rather than on their own page
under "My Mailing Lists."
-  LookOut and WorldClient themes - Added ability to search all folders or sub
folders of the selected folder. To use this feature open the Advanced Search options
and select the Search All Folders or Search Sub Folders radio button. If a message
in the search results is from a folder with limited permissions, the message will
have a redish-orange color to it, and most actions a user would normally be able
to perform on the message will not be permitted. If a user has very large folders,
Search All is NOT recommended due to the long wait for the request. However, canceling
a search no longer leaves the user waiting, but instead cancels any search on the
server and returns the client to a normal folder view without search results.
-  WorldClient theme - increased the effective area for clicking a checkbox
in the list views (Email, Contacts, Tasks, Notes, Documents)
-  WorldClient will no longer display DKIM validated icon after 7 days from
the Date header value of a message
-  LookOut and WorldClient themes - Added the ability for users to import to
the Inbox or download (instead of only view) a .eml message attachment.
-  LookOut and WorldClient themes - added ability to quick search for a folder
when moving/copying messages
-  LookOut theme - Changed the calendar events in LookOut to use the calendar
color for the entire border instead of only the left border
-  WorldClient - Compose view - Updated the HTML editor to CKEditor version
4.6.1. The new version now includes a Copy Formatting feature.
-  LookOut and WorldClient themes - Added an option to Edit a meeting after
accepting an invitation in the Invitation Dialog. After the user clicks the "Accept"
or "Accept Tentatively" box, the Invitation Dialog opens. If the
user wishes to edit the meeting after accepting the invite, the user can click the
"Edit the meeting" checkbox. After the user clicks OK, the Calendar
Event editor will open to the meeting in question. If the user chose to edit
the response, the Calendar Event editor will open after the response is sent.
-  LookOut and WorldClient themes - Added an option under Options | Personalize
to Display New Messages Count in the page title. This setting is enabled by default.
-  WorldClient theme - Added the message count to the hover title/tooltip for
-  WorldClient - Added city and state to fields searched when searching contacts
-  Ctrl+Q|Mail Queues|Retry Queue has a new option to toggle sending of delivery
-  The ActiveSync log level can now be set at a per user/domain basis.
-  The GetVersionInfo XMLAPI command now reports PRO/Cloud information.
-  Added the ability to alter/control log entries that use a 0x######## status
code in ActiveSync, AutoDiscover, XMLAPI modules.
Log Entry modification flags include:
- [Logs:IgnoreSession] Aborts the logging if the Session ID specified is to be ignored...
- [Logs:InfoToWarning] Elevates an Info level log entry to a warning level (ie. 0x########=1)
- [Logs:DebugToWarning] Elevates a Debug level log entry to a warning level (ie. 0x########=1)
- [Logs:WarningToInfo] Deprecates an Error or Warning level level log entry to an
Info level (ie. 0x########=1)
- [Logs:IgnoreEntry] Aborts logging that event id (ie. 0x########=1)
-  ActiveSync Sync Rollback Notifications
The ActiveSync Service can now notify the administrators if a client is repeatedly/frequently
sending expired Sync Keys in Sync operations.
These merely inform the admin that the server issued a rollback for a given collection
because a client made a sync request with the most recently expired Sync Key. The
subject states "ActiveSync Client Using expired Sync Key". This could
occur because of a network issue or something about the content previously sent
to the client in that collection. In some cases, the item id will be there, it merely
depends upon whether or not the previous sync on that collection sent any items.
Rollback warnings do not mean the client is out of Sync, it means that the client
has the potential to go out of Sync and our internal system detected it. Rollback
warnings are issued for a collection no more than once per 24 hour period.
- [System] SendRollbackNotifications=[0|1|Yes|No|True|False]
- [System] RollbackNotificationThreshhold=[1-254] : The number of rollbacks that must
occur on a given collection prior to a notification being sent to the admin. We
recommend a value of at least 5 here, since Network hiccups play a part in this.
- [System] RollbackNotificationCCUser=[0|1|Yes|No|True|False] : Whether or not to
CC the user whose client sent that expired Sync Key.
-  ActiveSync Corrupt Message Notifications
The ActiveSync Service can now notify the administrators if a particular message
cannot be processed. These are sent in real time to inform the admin of a mail item
that could not be parsed and that further action on this item is not possible. The
subject states "Corrupt message notification". These items, in previous
versions, could lead to a crash. In most cases, the content of the msg file will
not be MIME data, however, if it is MIME data, it is likely corrupt. You can choose
to CC the affected user of these notifications with the CMNCCUser key so that they
are aware that an email has arrived in their mailbox that is un-readable. The appropriate
action for these is to move the designated msg file from the user's mailbox and
analyze it to determine both why it is not able to be parsed and how it came to
exist in the state that it is in.
- [System] CMNCCUser==[0|1|Yes|No|True|False]
-  An option to allow file transfers in WCIM has been added at
Ctrl+W|WorldClient (web mail)|WCIM.
-  The ActiveSync Service now cleans up old archived Xml and WbXml archives
during its nightly maintenance processing. The number of days for retention can
be specified from the Service Diagnostics Page. This assists you in maintaining
a fixed window of archival data for diagnostic purposes without having to monitor
and remove them manually. Also, ActiveSync Xml and WbXml archives can be configured
to go to the Logs\AirSync directory has it has done historically, or to go to a
Debug directory under the User's _ActiveSync/Client directory.
-  Updated MDSpamD to include Encode module for charset conversion and normalization.
-  Screens about BlackBerry Enterprise Server (BES) have been removed from
the 64-bit MDaemon's UI, since BES is only compatible with the 32-bit MDaemon.
-  The ActiveSync Client Information dialog now displays complete IP address
-  Added a simple searching function to Remote Administration's Queue Management.
The "*" wildcard can be used when the exact search text is not known.
-  Remote Administration will now validate email addresses added as List or
-  Added 32-bit/64-bit info to MDaemon.ini and MDStats Configuration Report.
-  Added XMPP configuration screen to Remote Administration.
-  Added the Weak Password Report functionality to Remote Administration
-  Added button to Remote Administration's Password Options that goes through
all accounts and flags any of them with a weak password to require a password change.
Note that this could result in accounts being locked out, so there are warnings
in place. Passwords can be changed using the UI, WorldClient or MDaemon Remote
-  Added the ability to disable logging of messages in XMPP Server logs
-  Added missing Gateway Verification options to Remote Administration
-  Added case-insensitive search option to ActiveSync Log Viewer
-  Added the ability to download a read-only copy of a calendar in iCalendar/webcal
format. This allows for a calendar to be viewed and subscribed to in Outlook, Google
Calendar, Mac iCal, and other applications. A read-only private URL, which contains
a unique access token, allows for access without requiring an account’s login details.
To view or reset the private URL for a calendar, select "Share Folder"
from the calendar's context menu in WorldClient using the WorldClient or Lookout
theme. Viewing or resetting the private URL requires "Administer / Full Control"
-  Added support for Outlook 2007 and later's
"Publish your calendar on a WebDAV server" feature. Only the
"Limited details" and "Full details" options are supported,
as WorldClient does not support events without a subject. The URL must be
the CalDAV path of a existing WorldClient calendar. The CalDAV path for a
folder can be found from the "Share Folder" dialog for the calendar in
WorldClient. The calendar's CalDAV path is its "private iCalendar feed
URL" before "calendar.ics", i.e. https://company.test:3000/webdav/calendars/company.test/user1/.
Please note that any existing events in the WorldClient calendar will not be deleted,
however these will not be visible in Outlook.
-  An edit box was added to Account Editor|Account Settings|Settings which
lets you enter a short list of email addresses for use with the automatic
processing of calendar requests.
-  ASMC logging has been improved and is more readable for diagnostic purposes.
-  Added options to the Outlook Connector centralized management for local
cache filename and attachments directory. By default they are not pushed to OC
clients. Enable the option to tell OC clients to move their data to the default
or custom locations. Requires OC plugin version 4.5.0 or newer. An example
custom local cache filename is "%APPDATA%\Alt-N\Outlook Connector
-  Management Service (XMLAPI) now supports SetQueueState operation.
-  ASMC: Added the ability to select which folder types to migrate. Run ASMC /?
to see new /FolderTypes flags.
-  MDaemon starts warning about impending license deactivation 7 days in
advance (up from 5 days).
-  Removed obsolete settings from Ctrl+W|WorldClient (web mail)|WCIM.
-  XMLAPI: UpdateDomain/Parameters/Details/Disabled does not work. FIXED.
-  XMLAPI: UpdateUser operation does not enforce strong password requirement.
-  fix to incorrect tab order when adding a new List Member in Remote Administration
-  fix to options missing from Remote Administration's MultiPOP settings
-  fix to from header modification not happening when from header data split
to multiple lines
-  fix to Remote Administration defaults for Greylisting don't match MDaemon's
-  fix to Remote Administration defaults for DMARC Settings don't match
-  fix to Remote Administration defaults for IPv6 don't match MDaemon's
-  fix to Remote Administration's ActiveSync Device Details dialog will
not show details for anything but first listed device
-  fix to Remote Administration's Content Filter "rule jump"
action not showing all available rules
-  fix to incorrect wording of Strong Passwords error in Remote Administration
-  fix to Remote Administration allowing admin to attempt to modify several
accounts at once
-  fix to MDPGP decrypt/verify operations too strict with auth credentials
-  fix to inconsistent application of SMTP and queue-based spam scans in some
-  fix to Mailing Lists Administrators and Outlook Connector Authorized Users
not being saved properly in Remote Administration
-  fix to mailing list editor allowing lists called "noreply" to
-  fix to F3 not auto-selecting the full name field for typing once the dialog
-  fix to tab order not working properly in MDPGP UI, Domain Manager UI, and
Mailing List Manager UI
-  fix to disabled/frozen accounts sometimes improperly re-enabled in the UI
-  fix to Remote Administration's mailbox size reports tooltip not showing
correct value for very large mailboxes with quotas
-  fix to Unknown Error when attempting to re-use an old password in Remote
-  fix to slight error with IP Validating function in Remote Administration
-  fix to adding inline images to an email message breaks Domain Signatures
-  fix to LookOut theme - "Remote images were blocked" not being
translated in external message window
-  fix to WorldClient theme - When printing a calendar, the print dialog window
does not launch
-  fix to Remote Administration's Mailing List Subscription Manager not
usable for non-local users
-  fix to IPv6 addresses not processed properly when computing Received headers
-  fix to LookOut theme - some languages - When selecting categories, the last
option is cut off at the bottom
-  fix to Mobile theme - no scroll bars on HTML emails
-  fix to WorldClient - When removing an attachment, browser ask if you want
to leave the page
-  fix to WorldClient theme - Search retains settings between switching folders
in Contacts but does not show search term
-  fix to WorldClient theme - Subject header text is truncated when viewed
with a right preview pane
-  fix to LookOut theme - Unable to create Contacts, Calendar, Tasks, or Notes
sub-folders in succession
-  fix to WorldClient - Japanese - When clicking Group By Company uncategorized
contacts are not displayed
-  fix to LookOut and WorldClient themes - Slideshow feature not working in
IE11 when message preview is enabled
-  fix to LookOut and WorldClient themes - The Default Contacts View setting
is not applied when clicking "To" in a composed message
-  fix to Remote Administration allowed non-local addresses to be added as
List or Domain Administrators
-  fix to XMPP Server sending Task/Calendar reminders with missing CR/LF
-  fix to MDPGP logging message init errors even when debug logging disabled
-  fix to confusing text in two MDPGP debug log strings
-  fix to unable to enable an account in Remote Admin that has an existing
-  fix to certain changes to DKIM Signing Settings in Remote Admin not seen
by MDaemon until server restart
-  fix to Account Editor items in Remote Admin out of order
-  fix to ActiveSync crash in mdmbsrch.dll when a search reads a corrupt .msg
-  fix to Winsock errors when using Outlook 2013 with ActiveSync
-  fix to possible MDASMgmt.dll crash when corrupt data is present in AirSync.ini
-  fix to non-ASCII characters are corrupt in read receipts generated by the
-  fix to no results when doing an ActiveSync DeepTraversal search on a virtual
-  fix to CalDAV/CardDAV GET responses do not contain a required ETag HTTP
header. This results in errors when attempting to synchronize a single item
with the "DAVdroid" client.
-  fix to incorrect label on the IPv6 screen in Remote Administration
-  fix to ActiveSync "Virtually merge public contacts into default contacts"
option not working
-  fix to LookOut theme - IE8 - the 'Delete' button on the button bar
above the message list does not delete messages when they contain attachments
-  fix to WorldClient - When exporting a calendar, the first Required Attendee
-  fix to possible WorldClient server crash
-  fix to possible CFEngine.exe crash
-  fix to CalDAV-Sync Android client unable to synchronize annual recurring
-  fix to LookOut and WorldClient themes - archive instances of recurring tasks
should include recurrence information
-  fix to iOS clients may not be sent all mail when doing an initial sync after
changing the filter type to "All"
-  fix to incorrect error response when an ActiveSync client requests to search
using an invalid collection ID
-  fix to invalid folder ID in Ping request may cause BlackBerry ActiveSync
client to resync
-  fix to MDaemon may hang for 10-30 seconds while attempting to validate a
remote SSL certificate if it cannot download certificate or revocation data from
the internet. Set MDaemon.ini [SSL] OfflineCertificateValidation=Yes to prevent
MDaemon from trying to download such data.
-  fix to Remote Administration allowing non-numeric characters on the Ports
-  fix for Outlook Connector, if the first instance of a recurring appointment
is changed outside of Outlook, the occurrence may no longer appear in Outlook
-  fix to ActiveSync recipient cache not retaining as many objects as it should
-  fix to LookOut and WorldClient themes - unread counts do not get updated
after deleting messages in a folder
-  fix to plugins log not archiving, not rolling-over by size, not updating
file name, etc.
-  fix to WorldClient - Safari 10 - LookOut and WC themes do not always
-  fix to absolute paths in some localized configuration files
-  fix to incorrect minger query results in some cases
-  fix to AccountPrune.log and ListPrune.log do not have file size limits
-  fix to Domain Sharing buttons disabled in Remote Administration
-  fix to minor formatting issue on Accounts page in Remote Administration
-  fix to meeting request notes are not read from iCalendar COMMENT field
-  fix to Outlook may crash after downloading an event with a start or end
date before 1900 using ActiveSync
-  fix to rare but potential crash when opening the Updates screen in
-  fix to memory leak in MDaemon UI while displaying ActiveSync sessions
-  fix to WorldClient memory leak
-  fix to possible memory corruption when sending DMARC aggregate reports