MDaemon Server v16 Release Notes

MDaemon 16.0.4 - July 6, 2016

SPECIAL CONSIDERATIONS

[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit http://www.altn.com/Products/MDaemon-Private-Cloud/.

FIXES

MDaemon 16.0.3 - June 21, 2016

FIXES

MDaemon 16.0.2 - May 3, 2016

CHANGES AND NEW FEATURES

FIXES

MDaemon 16.0.1 - March 23, 2016

SPECIAL CONSIDERATIONS

[6781] Instructions below regarding item [6781] advise you to remove the Mail Archive public folder to improve server performance. Doing so however can cause Outlook users who previously had access to the Mail Archive public folder to start sending "Not Read" notifications errantly. To avoid this problem Outlook users with access to the Mail Archive public folder must disable creation of these notifications FIRST - before the Mail Archive public folder is removed - and keep it disabled until AFTER the Mail Archive public folder is removed and Outlook is restarted and/or re-syncs the mail folders. How to disable these notifications probably depends on the version of Outlook being used. For example, in Outlook 2013 the setting is at "Tools|Options|Preferences|E-Mail Options|Tracking Options - Never send a response". So, the process is (1) disable the notifications in Outlook for those users who had access to the Mail Archive public folder then (2) delete (or move) the old Mail Archive public folder structure as you like then (3) restart Outlook or cause Outlook to re-check for new mail (4) reenable the notification settings in Outlook as you desire. This only need be done for Outlook users with access to the Mail Archive public folder. Moving forward, MDaemon will detect and strip out the header(s) which trigger Outlook to behave this way (but only from archived copies of messages).

FIXES

MDaemon 16.0.0 - March 8, 2016

SPECIAL CONSIDERATIONS

[6781] The "Archive to Public Folders" feature has been reworked as it was the cause of a lot of slow performance. No real functionality has been lost but it has been re-designed. You can no longer archive to public folders. Instead, you can now archive to an arbitrary folder of your choice anywhere (as long as MDaemon can access it).  To browse the archive folder use one of your mail accounts (or create a new one) and point its mail folder to the same folder used for the archive (C:\MDaemon\Archives\Email\ is the default). If multiple people need access to the archive then either log into the account and share them with other users or just give the other users the logon/password to the account you used.  All the old archive settings still work but have been simplified. The "Inbound to" and "Outbound from" sub-folders have been shortened to "In" and "Out". MDaemon only archives messages sent /to/ your local users or sent /from/ your local users (or both). Messages just relaying through are not archived by this simple system. Virus and mailing list messages are not archived. The messages that are archived are the ones going into a local user's mail folder and the ones sent by local users but not until each message is in "ready to be delivered" condition.  Note that this means what appears in the archive is what the users see and not necessarily the message as it was when it first arrived at the server.  For example, if a content filter rule adds a header to the message then the archived version has the header.  The old "Mail Archive" public folder is now no longer updated. However, it was left in place so that you can decide what to do with that folder. For example, copy it somewhere else and then delete it - get it OUT of MDaemon's Public Folders directory (please do this as it greatly improves performance of the server for all users). The installation and update process will not do this for you because (a) it would cause the installation process to take too long and (b) it would lead to a wave of "WHERE'S MY ARCHIVE!!  I'M GONNA KILL ARVEL!" heart-attacks for lots of people.  Some changes to the UI at F2|Server Settings|Archiving were required.

[15733] MDPGP: There are numerous draw-backs and much confusion when sharing the same encryption keys across one or more aliases. Aliases should have their own set of keys so that various identities are safely kept separate. Therefore, the option to use or not use aliases has been removed from the UI. If you have special circumstances where you need to preserve previous behavior please add "Aliases=Yes" (without the quotes) to the [MDPGP] section of \App\Plugins.dat and restart MDaemon. Use of aliases creates many problems so this is NOT recommended.

[16324] MDaemon no longer leaves Everyone@, MasterEveryone@, and DomainAdmins@ mailing list .GRP files in the APP folder when the options to use those features are disabled.  Previously, these list files were left in the APP folder even when the features were disabled. This can cause issues because the API assumes the lists are valid if the file exists. So, with this version these files are removed if the features associated with their use are disabled. If you (for some unknown reason) do NOT want these files updated or deleted you can ATTRIB them read-only from the Windows command shell (not recommended). A better approach in such cases would be to create your own lists which can use the same "Send to everyone" macros that these system maintained lists can.

[5044] MDaemon was not honoring the mailing list setting which hides the mailing list from the domain's public contacts folder.  This has been fixed.  When this version of MDaemon starts for the first time any errors in the contact folders related to mailing lists will be corrected.  If a contact is found when it should not be the contact is removed and any missing mailing list contacts are created.  This will trigger re-sync of the contact folder for all devices that are linked to it.

[2524] A fix to a long standing content filter parsing bug could potentially (rarely) lead to the following issue:  In the past, content filter rules which compare the value of a message header would fail to work if the test string being looked for started with a space character.  For example, testing whether a header contained the string ' test ' (note the spaces) would sometimes fail.  This problem has been fixed but it could mean that rules which previously did not match, now might.  Just FYI.

[16214] The "Account can modify the public address book" setting has been removed from Account Editor|Settings and Template Manager|Settings.  Access to any public address book is now managed only through the ACL editor for the specific address book folder in question (including any defaults which will apply to newly created accounts).  As a result of these changes the MD_SetCanModifyGAB() function in the API has been deprecated and changed to do no work (but left in place for backward compatibility).  Also, the CanModifyGAB member of MD_UserInfo structure is now read-only.  Any changes you make to this member will not be saved.  Changes to ACLs are strictly a function of the ACL editor from here forward.

[16230] MDaemon's list engine no longer uses the message-id value of the original list message at all.  Each list message will get the same, single, newly generated message-id.  The mailing list engine makes many changes to the original list message.  Thus it must take ownership and issue a new message-id.  However, the old option to generate a unique message-id per recipient still works but has been disabled by default for new lists and should not be used unless special circumstances require.

[16044] Experimentation has revealed several host screen values which are effective in blocking unwanted connections.  These have been added as defaults to HostScreen.dat for new installs.  Existing installations can rename or remove HostScreen.dat and restart MDaemon (I don't want to overwrite your file myself) to get this new version.

[16274] The default "low disk space value" (the value below which MDaemon believes the disk is running low and starts complaining about it) was changed from 100MB to 1000MB.  Likewise, the "auto-shutoff value" (the value below which MDaemon will disable mail services due to critically low disk space) was changed from 10MB to 100MB.  Please check and change the values at Ctrl+O|Preferences|Disk if they present a problem for you. 

[16404] Minger queries now include the email address (sender) making the request. This allows personal blacklists to be checked. If the sender is on the minger recipient' s personal blacklist then a result of "user unknown" will be returned to the minger client. This change is backward compatible with older minger servers. As a result of this change the LDAPCache.dat file format had to be changed. Your old LDAPCache.dat file has been renamed LDAPCache.dat.old.

MAJOR NEW FEATURES

[15918] MDaemon Remote Administration (MDRA) GUI Update

The GUI for MDRA no longer uses frames and has been updated to use a mobile first responsive design.  Browser supported is limited to IE10+, the latest Chrome, the latest Firefox, and the latest Safari on Mac and iOS.  Android stock browsers have been known to have issues with scrolling, but Chrome on Android devices works well.

This design is based entirely on the size of the window being used.  Whether the user is on a phone, tablet, or PC, the appearance is the same for the same window size.  The most important change here is the menu.  From 1024 pixels width on down the menu is hidden on the left side of the browser.  There are two methods that can be used to display the menu.  If a touch device is in use, swiping to the right will show the secondary menu.  Whether or not the device is in use, there is also a "menu" button in the top left corner that will display the secondary menu.  Tapping or clicking the menu title with the left arrow next to it at the top of the menu will display the primary menu.  The help, about, and sign out menu in the top right corner changes based on the width of the screen as well.  From 768 pixels up shows the words Help, About, and Sign Out, from 481 pixels to 767 pixels only displays the icons, and 480 pixels or less displays a "gear" icon which when clicked or tapped will display a drop down menu with the Help, About, Sign Out options.  List views with more than one column have column on/off buttons that are accessed by clicking or tapping the gray right arrow button on the far right of the toolbar container.  The settings pages are no longer designed to be exact copies of the MDaemon GUI, but are instead designed to reposition and resize based on the width/height of the browser.

[16095] SPAMBOT DETECTION (MDaemon PRO only)

A new feature called Spambot Detection has been added to Ctrl+S|Screening. This feature tracks the IP addresses that every SMTP MAIL (return-path) value uses over a given period of time. The idea is that if the same return-path is used by multiple IP addresses (more than can be expected from typical user device switching) and all within a short time frame this may indicate a spambot network at play. Of course, it may also indicate totally legitimate use of the mail system (there are no rules against what this feature detects). Nevertheless, experimentation has shown that this can be effective in limited cases at detecting a distributed spambot network as long as the same return-path is utilized throughout.  If a spambot is detected the current connection talking to it is immediately dropped and the return-path value is optionally blacklisted for a length of time you specify.  You can also optionally blacklist all the spambot IPs then known for a user-defined period.  This feature can be enabled at Ctrl+S|Screening.

[10729] CARDDAV (MDaemon PRO only)

Support for synchronizing contacts via the CardDAV protocol has been added.  Notable CardDAV clients are Apple Contacts (included with Mac OS X), Apple iOS (iPhone), and Mozilla Thunderbird via the SOGO plugin.

Note: As of OS X 10.11 (EL Capitan), the Apple Contacts application only supports a single collection/folder.  When the CardDAV server detects the Apple Contacts application, it will only return the authenticated user's default contacts folder.  In addition, OS X 10.11 (EL Capitan) has a known issue that prevents a CardDAV account from being added using the "Advanced" view of the dialog.

To configure clients that support RFC 6764 (Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV)), only the server address, username, and password should be required.  Apple Address Book and iOS support this standard.  DNS records can be setup that point to the client to the correct URL.  When a DNS record has not been configured, clients query a "well-known URL", which in the case of CardDAV is /.well-known/carddav.  WorldClient's built-in web server has been updated to support this well-known URL.

Clients that do not support automatically locating the CardDAV service will require a full URL.

Note: When an item is submitted from a CardDAV client, the full vCard data submitted is saved.  The data is saved as .vcf files in a "_DAV" subfolder.  When the item is later sent to an CardDAV client, this data is merged in with the data that the server generates.  This allows the server to persist unsupported and custom properties.  A new "PersistentData\DAVDataFile" node was added to the addressbook.mrk file.  The API has been updated to delete these files when an item is deleted.

Before reporting issues, please enable debug logging and the option to log HTTP messages and reproduce the issue.  This can be done via the configuration dialog, or by adding the following to the WorldClient.ini file.

[WebDAV]
LogLevel=1
LogMessages=Yes

Warning: Special care should be taken if testing the OutlookDAV client. OutlookDAV only supports the default MAPI profile. If multiple MAPI profiles exist, the client may issue delete commands to the server for all of the items that were returned by the server. 

[5715] TWO FACTOR AUTHENTICATION FOR WORLDCLIENT AND REMOTE ADMINISTRATION

WorldClient users who enable Two Factor Authentication will be required to enter a verification code before they can log into WorldClient or Remote Administration. This feature is designed for any client that supports Google Authenticator.

For users to setup 2FA, they need to go to Options | Authentication in any theme.  They must enter their current password in order to make any changes to 2FA.

If a user loses his/her 2FA device or is otherwise unable to obtain a verification code, the user can click the "I do not have a code." link below the "Verify" button.  This will do one of two things.  If the user has a password recovery email address setup, it will take the user to a page to request an email to be sent to his/her password recovery email address with a link to disable 2FA.  Otherwise, it will send an email to the address of SendLostTwoFactorAuthNotificationTo in MDaemoWorldClient\Domains.ini [Default:Settings] with the same link. Admins should do their best to confirm that a user has lost their 2FA or is otherwise unable to obtain a verification code prior to clicking the link provided.

There is also a button located in the MDaemon GUI's Account Editor under Web Services that can be used to disable a single user's 2FA upon request.

To prevent users from using 2FA, change the value of TwoFactorAuthDisabled from No to Yes in MDaemon\WorldClient\Domains.ini [Default:Settings]

Do not change TwoFactorAuthEnabled=No to Yes in MDaemon\WorldClient\Domains.ini [Default:UserDefaults], because this will prevents users from logging into their accounts if they do not already have 2FA enabled for their accounts. Changes to this functionality are already planned for a future version of MDaemon.

[13411] XML API FOR MANAGEMENT TASKS

MDaemon now ships with an XML over http(s) based API. The result of this is that MDaemon Management clients can be written using any language on any platform that can make http(s):// post requests to the server. In MDaemon Pro, this is only available to authenticated Global Admins, while in MDaemon Private Cloud, a subset of the available operations are accessible to authenticated domain admins as well. The API also produces a website with documentation on the API specification. The installation default is to have it installed at http://servername:RemoteAdminPort/MdMgmtWS/, however, this can be set to any url for the sake of additional security.

The available operations include ...
At this time, command line management clients have been written/tested in Javascript, Powershell, VBScript, C, C++ and Visual Basic. A simple HTML and Javascript test site has been used as a proof of concept for a web based management console that operates within several popular browsers. While not tested yet, it is fully expected that this API should work fine from web servers using PHP, Perl, and other development platforms.

[14651] ACTIVESYNC PROTOCOL MIGRATION CLIENT

MDaemon now ships with an ActiveSync protocol based Migration Client (ASMC.exe). It supports migrating mail, calendars, tasks, notes, and contacts from ActiveSync servers that support protocol version 14.1. Documentation for it can be found in \MDaemon\Docs.

CHANGES AND NEW FEATURES

ACTIVESYNC PROTOCOL RELATED CHANGES

FIXES

MDaemon is a registered trademark of Alt-N Technologies, Ltd.
Copyright ©1996-2016 Alt-N Technologies, Ltd.