MDaemon Server v16.5 Release Notes
MDaemon 16.5.1 - October 11, 2016
 Hosted email options with MDaemon Private Cloud are now available. To learn more, please
-  Updated Remote Administration's Host and IP Screening pages to match updates
-  Updated Remote Administration's RA Options page.
-  MDPGP: Changed overall system default to disabled.
-  Ctrl+S|Sender Authentication|SMTP Authentication now has a white list for
the 'Credentials mustmatch...' options found there. A button was added to edit the
-  Ctrl+S|Screening|HiJack Detection|From Header Modification now has a
white list button.
-  Added proxy server support for license requests. If the installer
is unable to download a license file it now prompts for a proxy server address
and credentials which it will use to retry the HTTPS request.
-  Urgent Update system has been deprecated and removed (redundant these
-  fix to defaults for Outbreak Protection inconsistent between MDaemon and
-  fix to Mail List Member Edit screen remaining open after user clicks
Cancel in Remote Administration
-  fix to Outlook Connector Client Settings pages remain open after user
clicks Cancel in Remote Administration
-  fix to small GUI inconsistency on DNS-BL Settings page in Remote
-  fix to small GUI issue on Spam Filter Updates tab in Remote
-  fix to ActiveSync MaxPublicFolders setting not saving correctly in Remote
-  fix to DKIM option on the wrong dialog in Remote Administration
-  fix to encoded body text of calendar items created by Outlook 2016 with
OC is not decoded
-  fix to WorldClient may crash when importing an .ics attachment
-  fix to WorldClient's Lite theme - Issue changing password
-  fix to non-ASCII characters in a calendar item created by Outlook 2016
with Outlook Connector are corrupted after editing the item in WorldClient
-  fix to WorldClient and LookOut themes - if Virtru is disabled on
the Domain level, the Compose view does not finish loading
-  fix to potential crash processing certain oddly formed messages
-  fix to disabled XMPP server starts back up when Windows is restarted
-  fix to account editor preventing disabling an account with a weak
-  fix to MD GUI log windows needlessly display internal color code for each
-  fix to incorrect verbiage describing an option at Ctrl+S|SSL&TLS
-  fix to Outlook 2016 using ActiveSync may crash when marking a recurring
task as complete
-  fix to LookOut theme - IE8 - cannot send emails when Warn On Missing
Attachments is enabled
-  fix to LookOut and WorldClient theme - When right-clicking to perform
copy or move to another calendar nothing happens
-  fix to possible MDaemon hang when MultiPOP downloads put an account over
-  fix to one more issue with Public Folder rights not matching up between
MDaemon and Remote Administration
-  fix to session timeout not always redirecting properly in Remote
-  fix to Mailbox Reports view in Remote Administration not handling a
session timeout properly
-  fix to some pages not redirecting properly upon session timeout in
-  fix to unable to use Group Membership as Content Filter Rule criteria in
-  fix to accepting a TNEF (Winmail.dat) formatted meeting cancellation in
WorldClient for a single occurrence of a recurring meeting will remove all
occurrences of the meeting
-  fix to formatting problem in an error when saving an account in Remote
Administration with a weak password
-  fix to WorldClient's web server directs all "/.well-known" requests
-  fix to ActiveSync policies set at the account level are not applied
MDaemon 16.5.0 - September 13, 2016
 F2|Server Settings|IPv6 has changed default to "off" (unchecked) for the
option to use IPv6 with outbound hosts for new installs. This option can
cause delivery issues for those who are not prepared for IPv6.
 F2|Logging|Log Mode option to "log by day of the week" (ie, Monday.log, Tuesday.log, etc) has been deprecated and
removed. If you were using this option you are now using "log by date" (ie, MDaemon-2016-02-22-X.log, etc). As a result,
the F2|Logging|Maintenance checkbox to overwrite log files is no longer necessary and has been removed.
Also, there is a new setting added to F2|Logging|Maintenance which lets you set
the number of .OLD backups that are created once the max log file size is
reached (previously only one was possible). These backups are numbered (the
number is part of the file name) with the newest data always first (for example,
SMTP(out).log.01.old has newer data than SMTP(out).log.02.old, etc. Finally, added hyphens into the
file name to make the date easier to read.
 Ctrl+S|Sender Authentication|SMTP Authentication has a new checkbox which requires all incoming messages arriving
from local IPs to use authentication and be rejected if lacking. Trusted IPs are exempt. This setting is enabled by default
for first time new installs. However, it is disabled by default for upgraders to avoid delivery issues from clients or other
services that don't authenticate and aren't currently listed as a trusted IP. Please enable this option if you can as it is
a good security practice.
 In previous versions, gateway address verification never verified senders
(only recipients). A new checkbox at Ctrl+G|Gateway Manager|Global Gateway
Settings can toggle this behavior. It is enabled by default which means this
is a change from previous behavior. It is now possible that messages sent
from addresses which can not be verified will be refused whereas they may have
been accepted before. If this is not to your liking disable this option.
 The logic behind the AccountPrune tool's message pruning operation has been changed.
This tool is called when MDaemon needs to delete old messages from user and public mail folders.
In the past this tool used the "last modified" date from the message file on disk.
MDaemon now looks first at the Date: header within the message itself. If the Date: header is
present and complies with standards then that date is used to determine message age instead of
the file's "last modified" date. This represents a change from previous behavior.
 F2|Logging|Maintenance has a new setting which governs the maximum number
of days the SecurityPlus update log will keep data
(MDaemon\SecurityPlus\avupdate.log). The new default setting is to keep data going
back 30 days. At midnight each night, and the first time MDaemon starts up after
upgrading, MDaemon will delete older data from this file.
 As part of the work related to task 16924 (see below) some bugs
preventing the immediate sending of "urgent" priority remote mail were found and
fixed. Urgent priority messages are defined as message files who's name matches
the pattern: "<root>\Queues\Remote\p?10*.msg". Messages found with that
file name pattern will now be properly detected and will trigger a remote queue
processing event within 5 seconds regardless of scheduled remote queue
processing timers (this was broken). Also, RAW messages were always
expanded out to queue as MD_PRECEDENCE_LOW (the lowest priority value) even when
created with higher values. As a reminder, "urgent" priority messages will
trigger a queue run where "high" priority messages merely sort to the top of the
queue and wait for the next scheduled queue run. As a reminder, you can
use F2|Server Settings|Priority Mail to define your own criteria for important
mail that should trigger immediate queue runs. Finally, IMAP logon failures
due to bad credentials were not being written to the event log when so
configured (only SMTP and POP failures were). This has been fixed.
 Mailing list digest messages are supposed to be UTF-8 but several bugs were preventing this from working.
As a result of fixing these problems it is no longer possible to trigger digest delivery based on the number of
lines in the digest data file. So the option to do so has been removed from Alt+G|<list-name>|Digest. Also,
the API function MD_ListMaxLineCount has been changed to always return ZERO (meaning disabled).
Next, the need for the DIGEST.MBF file is no longer present and so that file has been removed.
The MD_ListInfo structure and API functions related to its DigestMBF member have been left
in place however changes made to this member are not saved and always contain DIGEST as the
value. Finally, the $BODY-DIGEST$ macro is no longer needed and has been removed.
 LDAP: added checkbox to Ctrl+G|Verification and Ctrl+U|Active
Directory|LDAP screens which lets you elect to chase referrals. MDaemon now
explicitly disables referrals for every LDAP connection it makes unless this
checkbox is set. This represents a change from previous behavior which defaulted
to always enabling referrals. That seemed to cause issues for people so it is
now disabled always UNLESS you set these options to enable it.
 Ctrl+S|Sender Authentication|SMTP Authentication has a new setting which
requires the credentials used for AUTH to match those of the address in the FROM
header. This prevents cases in which one person authenticates as user X
while claiming to be user Y within the message. This is similar to the
existing setting we've always had which compares against the return-path value.
The wording of that option was also slightly changed. This switch is enabled by
default and handles aliases as if they were the real account email.
 Ctrl+S|Sender Authentication|SMTP Authentication screen has two options related to forcing authentication
credentials to match something else about the message (either the return-path or the From: header address). Both
of these options can potentially cause issues for gateway mail storage/forwarding. Therefore a third option has
been added to Ctrl+G|Gateway Manager|Global Gateway Settings which exempts gateway mail from them both. This option
is enabled by default.
 MDPGP: Several default settings related to MDPGP use have been changed. If you are installing for the first time
or have never accessed the UI to view these settings then
these are your settings now so please check them carefully. If you are updating a previous installation and have accessed the MDPGP UI in the past
then your existing settings are untouched however you may wish to check and change your settings as follows:
All these options can be found within the MDPGP GUI which is accessible from the Security top-level menu. Even though several of these settings are now enabled by default (including
the entire MDPGP server itself) no work will be or can be done until keys are known and have been added to the key-ring. With this
version of MDaemon there are a lot more ways to automate getting that done. Yet this may not be desired in all cases. Please
check and change settings to meet your needs.
- "Enable MDPGP" (enabled by default)
- "Authorize all local MDaemon users for all services" (enabled by default) (previously called: "All MDaemon users on this server can use MDPGP")
- "Sign mail automatically when sender private-key is known" (disabled by default)
- "Encrypt/Sign mail sent to self" (enabled by default)
- "Email public-key when requests are made (--pgpk command)" (enabled by default)
- "Email details of encryption failures (--pgpe command)" (enabled by default)
- "Expires in 0 days" (changed to 365 by default)
 When MX record lookups during message delivery result in a DNS server failure result
then the message will be left in the queue for attempted delivery during the next processing
cycle. This change is in conformity with RFC guidelines. Previously, MDaemon would attempt
direct delivery and, failing that, immediately bounce the message in some configurations.
 This version of MDaemon is not compatible with old versions of BlackBerry
Enterprise Server (BES) for MDaemon. BES will be disabled when MDaemon is installed.
To continue running BES, update to BES for MDaemon version 2.0.3 after updating MDaemon.
MAJOR NEW FEATURES
 WORLDCLIENT/PKA1 PUBLIC-KEY SERVERS (MDaemon PRO only)
WorldClient: WorldClient has been taught to be a very basic public-key server.
A new checkbox on the MDPGP GUI enables/disables this. If enabled, WorldClient will
honor requests for your users' public-keys. The format of the URL to make the
request looks like this: "http://<WorldClient-URL>/WorldClient.dll?View=MDPGP&k=<Key-ID>". Where <WorldClient-URL> is
the path to your WorldClient server (for example, "http://wc.altn.com")
and <Key-ID> is the sixteen character key-id of the key you want (for example,
"0A1B3C4D5E6F7G8H"). The key-id is constructed from the last 8 bytes of the key fingerprint
- 16 characters in total.
DNS (PKA1): MDPGP now supports collection of public-keys over DNS using PKA1.
A new checkbox on the MDPGP GUI enables/disables this. If enabled, PKA1 queries
are made and any key URI found is immediately collected, validated, and added to the key-ring. To publish your own public-keys to your domain's DNS you must create special TXT records.
An example of how to do this is as follows: Suppose user
email@example.com has key-id 0A2B3C4D5E6F7G8H.
Then, in the DNS for domain "altn.com" create a TXT record at
"arvel._pka.altn.com" (replace the @ in the email address with the string
"._pka."). The data for the TXT record would look something like this:
"v=pka1; fpr=<key's full fingerprint>;
<key's full fingerprint> is the full fingerprint of the key (40 characters long
representing the full 20 byte fingerprint value). You can see a key's full
fingerprint value by double clicking on the key in the MDPGP GUI. Keys
successfully collected and imported to the key-ring using this method are
tracked in a new file called fetchedkeys.txt. Keys will auto-expire and be
forgotten according to the TTL value of the PKA1 record which referred them -or-
when X hours have passed (a value which you can configure using a new control
on the MDPGP GUI) - whichever is GREATER. So, this means that the value
you configure here can be thought of as a minimum length of time (in hours)
that a key will be cached. The default value is 12 hours and the lowest
acceptable value is 1 hour.
For more discussion and examples on using the pka1 method do a google search for
"pka1 keys in dns" and you will find it.
Tracking Keys: As part of this work some internal changes were made such that MDPGP tracks keys by their primary key-ids always and
everywhere now rather than a combination of sometimes the key-id and other times the sub-key-id which was messy. The UI was
cleaned up to remove two unnecessary columns in the list box related to superfluous (for display purposes anyways) key-ids.
Also, this work required me to more strictly control the content of MDPGP's
"exports" folder. As a result you will always find exported copies of
local user keys there. Please use OS tools to protect this folder (and
indeed the entire PEM folder structure) from unauthorized access because,
although they are themselves encrypted, the private keys of users are stored
Preferred Keys: Some problems arose as part of this work when multiple different keys for the
same email address are on the key-ring. In past versions MDPGP would
simply use the first one that it found. You can now right-click on any key and
set it as preferred. When a preferred key is found then that key will be used
whenever there are more than one to choose from. When there is only one key for
an email address then that key is preferred automatically even if not selected
as preferred (but you can still select it as preferred if you want). When
multiple keys for the same address are present and none are selected as
preferred then the first one found is used. When
a key is selected as preferred an asterisk is set in the first column of the UI.
Preferred.txt stores the preferred key selections.
Disabled Keys: As part of this work it was necessary to change how
disabled keys are tracked. Previous versions tracked disabled keys by placing
their key-ids into the plugins.dat file. This version migrates those settings
out of plugins.dat and into a new file called oldkeys.txt. Deleted keys are now tracked
 XMPP INSTANT MESSAGING SERVER (MDaemon PRO only)
An XMPP server is now included that allows MDaemon users to instant message using
third-party XMPP clients. Clients are available for most OSes and mobile devices.
For a complete list please refer to http://xmpp.org/xmpp-software/clients/.
XMPP instant messaging is completely independent of MDaemon's current chat system (WorldClient Instant Messenger).
The server is installed as a Windows service and a configuration screen for it can be
found in the MDaemon UI at Ctrl+W|XMPP. The default XMPP server ports are 5222 (SSL via STARTTLS) and
5223 (dedicated SSL). The XMPP server will use MDaemon's SSL configuration if enabled in MDaemon.
For multi-user chat service, when asked the default is "conference.(your-domain)".
For user search service, if asked the default is "search.(your-domain)". Often this will be pre-filled in or assumed by clients.
The search fields are 'Name' and 'Email'. The % symbol may be used as a wildcard.
Some XMPP clients use DNS SRV record for auto-discover of host names. Please refer to http://wiki.xmpp.org/web/SRV_Records.
For more info on XMPP please refer to http://xmpp.org.
 FROM HEADER PROTECTION/MODIFICATION
The purists out there are going to hate this but users who
have been tricked in the past will
love it. Sometimes users are fooled into thinking an email comes from one person when
it is actually from an attacker. This happens because email clients often display only the
sender's name and not his email address. This new option defeats such an attack
at the cost of altering the From: header value. If
enabled, the From: header is modified. For example:
From: "Spartacus" <firstname.lastname@example.org> would become From: "email@example.com
<firstname.lastname@example.org>. This only happens to messages arriving for local
users. This option is disabled by default and can be found at
Ctrl+S|Screening|Hijack Detection screen. Enable with care as users are
not expecting the From: header to be altered in this way even in order to help
recognize an attacker.
 CENTRALIZED MANAGEMENT OF OC CLIENT SETTINGS
(MDaemon PRO only)
MDaemon has been taught how to push client settings to Outlook Connector users.
Setup|Outlook Connector (or Alt+O|OC Client Settings) opens up a set of screens where you
can configure default client settings for all OC users of all domains. On the MDaemon
Private Cloud version, the same screens appear within the Domain Manager for each of your
individual domains. All these screens mirror those found within
the OC client and are intended to allow you to create a set of values which are pushed out
to OC users the next time they connect. This feature is disabled by default. Settings
are only sent when they are new or have changed since the last time the OC client
connected and received them.
Obviously, several of these client settings (like "Your Name" for
example) can not be configured with a single value that works for all OC users.
Therefore macros are used such as $USERNAME$ which expands to the correct value
for the individual user when the settings are sent to the OC client. Take
care not to place hard-coded values (like "Arvel Hathcock") in the "Your Name"
field or every OC client will get "Arvel Hathcock" after the settings are
received and applied. The UI will help police this but it is a point you
should keep in mind. A button in the UI will remind and serve as a reference for
MDaemon's macro system. A checkbox on the OC Client Settings screen controls whether OC users are
allowed to override these settings or not. If you don't want them to be able to
change these settings then set the checkbox accordingly and the controls within
their OC client will be disabled.
None of this works unless the OC user is using Outlook Connector v4.0.0 or
As part of this work the Outlook Connector screens were moved from Accounts|Account Settings to
 IMPROVED IP SCREENING
Ctrl+S|Screening|IP Screen has a new Import button. MDaemon has been partially taught
how to import APF (typically used by firewalls) and .htaccess format files (typically used
by web servers). MDaemon understands only a sub-set of this file format (for now).
For example, "deny from" and "allow from" are understood but other verbs may not be. Only IP
values are imported (not domain names). CIDR notation is OK but partial IP addresses are
not. Each line can contain any number of space (or comma) separated IPs. For example,
"deny from 220.127.116.11 18.104.22.168/16" is OK. So is "22.214.171.124, 126.96.36.199, 188.8.131.52". These files are designed to control access to services
so they are really IP deny/allow lists. You can find these files online to download and
can (for example) block all IPs from a certain region or nation and there are even files
that contain lists of compromised IPs. For example, google search for "List of all IPs
from <country>". Lines starting with # are ignored. Lines can
contain things other than IP addresses and that should not stop the IP addresses
from importing properly. I hope to improve this in future versions so
if you have a specific example of a file that you need MDaemon to import properly
(but it won't) you
can send it to me and I will look into it (email@example.com).
 AUTOMATIC INSTALLATION OF PRODUCT UPDATES
Ctrl+O|Preferences|Updates is a new screen with several controls that allow you to configure
whether and when unattended installation of automatically downloaded product updates will be
performed (or not). When enabled, MDaemon can automatically update itself, SecurityPlus (if
you have it), and Outlook Connector (if you have it). The Outlook Connector update covers just
the server piece. Updating Outlook Connector client plugins is covered elsewhere.
When MDaemon detects new versions of these products it will download and queue the update for
installation at an hour configured by you (2 AM is the default). Queued updates are remembered
across server restarts so they will be performed eventually (even if the server is periodically
switched off for whatever reason). Queued updates are listed in a new file called
so you can always delete all pending updates by deleting this file. The
update installers themselves are kept in a new folder called "Updates" off the
MDaemon root. If there are multiple products
to update they are done one at a time and each one absolutely requires a system reboot when it
finishes. If you don't like that then do not enable these settings (they are all disabled by default).
When automatic updates are performed the email to postmaster/admins about an update that they can
go and download manually is not generated. Instead, these people receive the post-installation
"Special Considerations" email normally sent as well as a separate email stating
that the update was performed. Also, the System log tracks all installation activity.
For example: "Installing update: <path to installer>" and "MDaemon will be
stopped by the installation process" and "Server will be rebooted after
installation completes" etc can all be seen there. Lastly, the process can take
a long time (many minutes) so the time between the start of the update and the
unavoidable server reboot is to be expected. Did I mention that there will be a
server reboot? Get over yourself - its gonna happen :)
As part of this work "MDLaunch /stop" no longer causes MDaemon to prompt for confirmation.
As part of this work the option to inform the postmaster about updates has been moved from
Ctrl+O|Preferences|Miscellaneous to the new screen mentioned above.
 IMPROVED WORLDCLIENT
 WorldClient now supports categories for email in the LookOut and
WorldClient themes. Users can add the Categories column to the message list by
going to Options | Columns and checking "Categories" in the Message List
section. To select categories for one or multiple messages, select the
message(s) in question and right click on one of the messages. In the
context menu there is a "Categories >" option. Click the option and a list
of all the available categories will be displayed. If there are more than
27 category options, an up arrow and a down arrow will be displayed at either
end of the list. To view more options click the down arrow, and to go back
up the list click the up arrow. If a user has permissions to edit categories,
the user can choose the "Edit Categories" option in the toolbar in the LookOut
theme or the "more" drop down menu in the WorldClient theme. If a single message
is selected in the list, any saved changes will be applied to the message in
question. Users can also use the Set Categories option in the external message
view to choose/edit categories. Users can also sort and search by Categories.
 WorldClient now allows admins to create
custom categories. There are two files for this purpose;
DomainCategories.json and PersonalCategories.json. Domain Categories are enabled
globally by default. To disable it, change the value of DomainCategoriesEnabled in
MDaemon\WorldClient\Domains.ini [Default:Settings] to "No". Users are able
to add and edit their own categories by default. To disable this either
per user (in the user's User.ini under [User]) or globally (in
MDaemon\WorldClient\Domains.ini [Default:UserDefaults]) change the value of
CanEditPersonalCategories to "No". If Domain Categories is enabled, and a
user is not allowed to edit personal categories, the user will only see the
categories listed in DomainCategories.json. However, if Domain Categories
is disabled, and a user is not allwed to edit personal categories, the user will
see the categories listed in PersonalCategories.json. Users that already
have a UserCategories.js file will not lose any changes they have made upon
upgrade to MD 16.5, but with Domain Categories enabled, any category in their
UserCategories.js file that matches the DomainCategories.json categories will
become read only. There are also two translation files that have been
added in order to attempt to handle multi-lingual users on the same server;
DefaultCategoriesTranslations.js and CustomCategoriesTranslations.json. The
DefaultCategoriesTranslations.js file will be overridden each time MDaemon is
upgraded, but the CustomCategoriesTranslations.json file will not be, so add any
necessary custom category translations to the CustomCategoriesTranslations.json
file. These files make it possible for WorldClient to recognize a category
saved to an event/note/task in one WC supported language as the equivalent
category in any other WC supported language. For more detailed information
relating to the files mentioned here, see the
 LookOut and WorldClient themes - Added option to check a composed message for attachments
prior to sending, when attachments are mentioned in the subject or body of the message
 Admins can now hide the WhiteList and BlackList folders for
WorldClient users. To do so, HideWhiteListFolder=Yes and/or
HideBlackListFolder=Yes in the MDaemon\WorldClient\Domains.ini file under the
[Default:UserDefaults] section. Individual users can continue to see the
WhiteList and/or BlackList folders if the their User.ini has
HideWhiteListFolder=No and/or HideBlackListFolder=No in the [User] section.
   Account Editor|Web Services and Ctrl+T|Template Manager|New Accounts|Web
Services have each had two new checkboxes added which
control whether an account is allowed or required to use WorldClient's Two-Factor
Authentication (2FA) system. When the checkbox to allow 2FA is enabled then users
decide whether to use 2FA or not (see users manual for details on setting up
2FA). However, if both the allow and require 2FA checkboxes are enabled then
users who have not setup 2FA will be given a session and redirected to a page to setup
2FA the next time they login to WorldClient. To force 2FA use immediately you
must restart the WorldClient server to force all users to login anew. Once a
user's authentication application's pairing has been verified with WorldClient,
the user will be redirected to the normal WorldClient view. When 2FA is
required then it cannot be disabled from within WorldClient's Options|Security
page. However, the same users can still use the Get A New Shared Secret and Show
My Shared Secret buttons.
 MDPGP SIGNATURE VERIFICATION (MDaemon PRO only)
MDPGP can now verify embedded signatures found within messages. Previously it
was not able to do this unless the message was also encrypted and signed. With
this change signatures appearing without encryption can now be verified. You
will see appropriate logging in the MDPGP log when this happens along with new
icon and/or text which WorldClient will show
when it displays a verified message. As a result of this change a new check-box has been added
to the MDPGP GUI which enables signature verification for all non-local users (enabled by
default) or you can specify exactly which email addresses can and can not use
the service if you need (click the "Configure exactly who can and can
not use MDPGP services" button for that).
CHANGES AND NEW FEATURES
-  MDaemon will refuse MAIL and RCPT parms that are missing their "@domain.com" component. In the past, MDaemon tried to "fix" things by making
assumptions and appending any missing pieces. MDaemon now insists these parms
comply with RFC specifications which require the "@domain.com" part. The
only exception to this allowed by MDaemon and RFC rules is the reserved mailbox
"postmaster" which must be accepted as a valid RCPT parm even when no
"@domain.com" is given.
-  MDaemon's SMTP and POP clients now validate SSL certificates presented
to them by remote hosts. However, no action other than a line added to the log
is taken at this time pending further work in the IETF regarding the various
competing STS-like proposals. So for now you will only see a line in the log
indicating whether the remote host's name is a match for the certificate it
presents (or not) and whether that certificate chains to a valid certificate
authority recognized by Windows (or not). Don't panic if you see a lot of
"invalid" SSL certificates presented. Such certificates are perfectly fine for
encrypting data transmission. They are "invalid" because they are either
self-signed or do not match the host name expected (or both). In such cases you
can be sure encryption is happening. Various weaknesses in TLS (of which its
opportunistic nature and acceptance of nearly all certificates are major
examples) are being worked on by industry experts and will make their way into
products and services once that work has completed.
-  MDaemon UI changes: Items have been added to the Servers list on the Stats pane for
Auto-Discovery Service and XML API Service. The right click menu for the ActiveSync server
has additional commands. "Enable ActiveSync Server" has been removed from the File
menu. The ActiveSync server log is now a sub-tab of Plug-ins instead of WorldClient, and logs
for the Auto-Discovery Service and XML API Service are there as well.
-  F2|Logging|Windows Event Log has several new checkboxes added and an
edit control. These allow you to specify the email address to your phone
carrier's email-to-SMS (text message) gateway. For example, with Verizon, the
address is PhoneNumber@vtext.com (ex:
firstname.lastname@example.org). When a value is specified here you can then enable
individual checkboxes next to the various events. When these events occur a
message will be sent to the SMS gateway address you specify. I was not able at
this time to have shutdown notifications sent immediately because MDaemon needs
to do it and it has shut down. Until I can figure this out shutdown
notifications are not sent. Also, any event which triggers this
feature will cause instant remote queue processing (notifications are treated as
-  Ctrl+S|Sender Authentication|SPF Verification now allows domains in the
white list file to be included in SPF lookups. See descriptive text on that
screen for how it works. Often you need to white list your backup MX
provider(s) from SPF lookups but you do not know or can not configure all of
their IPs. To safely solve this problem you can now specify your backup MX
provider(s) by using a new "spf" tag to white list them and MDaemon will do the
required lookups in real-time. MDaemon does this by adding its own "wlinclude:"
tag to the actual SPF results for a queried domain. Although this "wlinclude"
data is logged it is important to realize that "wlinclude" tags are your
white-listed entries and are not actually part of the queried domain's SPF data
taken from DNS.
-  Ctrl+P|DNS-BL|White List now permits white-listing FROM values.
See descriptive text on that screen for how it works.
-  Ctrl+S|Screening|Dynamic Screening has a new option which omits accounts from being frozen due to multiple
authentication failures when the same password is used every time. This option is useful to prevent lockouts when
users change passwords legitimately. This option is enabled by default.
-  Authentications over POP, IMAP, or SMTP servers will add a line to the Screening log showing the
IP that was granted access if that IP has never been seen before. This aids in debugging access problem.
-  Ctrl+S|Screening|Hijack Detection has a new setting that includes LAN
IPs when limiting Local IPs. This setting is enabled by default.
-  Ctrl+S|Screening|Hijack Detection has a new setting that controls
whether connections are refused with a 5XX or a 4XX reply code.
-  Ctrl+U|Other|Quotas - slightly changed wording on first checkbox option
to make more clear what it does.
-  Content Filter will track and log the total number of times a rule was
used. This is tracked as HitCount=XX in CFRules.dat for each rule.
-  MDPGP: The results header better calculates the FQDN value used within the header data.
-  When deleting a domain the confirmation dialog will only mention
deleting public folders if the option to delete public folders is enabled
at F2|Server Settings|Public & Shared Folders.
-  Several screens had bad tab-order or no tab-order at all and you could
never tab from the left-hand tree-view through to the selected right-hand dialog
box nor to the OK/Cancel/Help buttons. These matters have been fixed. As part of
this work the controls on the F2|Logging|Log Mode had to be reorganized.
-  Ctrl+A, Ctrl+C, Ctrl+V should now work where appropriate throughout the UI.
-  The top-level Windows|Composite Log View and the "Activate Composite
Log" button within the logging UI will now activate and bring to the top any
existing composite log window or create a new one if there isn't one.
-  Changed composite log window caption to include the names of the items
being included in the log. Note: if you change the items you wish to
include in the composite log you will need to close and restart any already
running composite log to update the window caption.
-  Added some descriptive text to New List Member dialog to explain how to
use path to arbitrary addrbook.mrk file as list member.
-  LDAP: ldapcache.dat was caching the sender value needlessly for LDAP lookups. Since this value is
ignored when checking the cache during LDAP processing its presence there served
no purpose. Future items added to cache will not include this piece and existing
items will eventually expire out that currently include it.
-  LDAP: added checkbox to enable/disable LDAP cache to LDAP options screen and
also moved this screen and the LDaemon settings screen out of F2|Server Settings
and into Ctrl+U|Active Directory. This is where I want LDAP related settings to
-  LDAP: logging was improved and fixed in a few places. First, the system
log gets nothing now. All goes to the LDAP log tab like it should. Errors
are simplified and properly logged. The composite log was not being used
properly. Now it is.
-  LDAP: exporting speed improved and just general improvement to address
several things that would just bore you and are internal to my programming style.
Anyway, its better trust me.
-  LDAP: added checkbox to Ctrl+U|Active Directory|LDAP which lets you use
protocol version 3 servers correctly.
-  LDAP: added checkbox to Ctrl+G|Verification which lets you use
protocol version 3 servers correctly.
-  The SyncML log tab has been removed and replaced with a WebDAV log tab.
SyncML functionality has not been removed and its log file can be viewed from
disk with Notepad.
-  ActiveSync log file contains data on day-of-week and milliseconds
already but GUI was not showing it. Now it does.
-  LDAP: Normally when MDaemon exports aliases to an LDAP address book it
puts the accounts' actual email address in the CN field (not ideal but a long
standing practice). However, non-alias exports place the accounts' full
name value there (more correct). A new checkbox was added to Ctrl+U|Active
Directory|LDAP which causes the export process to always put the accounts' full
name value in CN (if known). This option is disabled by default to preserve
-  SMTP server responds with "500 5.0.0 Unrecognized command" (correct)
rather than "501 5.0.1 Missing or errant parameters" (technically incorrect)
when encountering an unrecognized command.
-  Moved call to AV update function from MDaemon to SecurityPlus code-base.
-  Added link and text reminding about free support to "Help|Register your
-  Archiving tool uses MDaemon's temp folder now rather then Windows temp
folder to solve some access permissions problems.
-  Work was done to prevent the UI from needlessly refreshing itself when
nothing was changed. This was visible as a "flashing" of the tool window pane
(especially noticible over remote connections). The items in this window will
now only update if something has actually changed.
-  Added "apply to all accounts" button to New Accounts template Quotas
-  Alt+F2|Domain Manager|Settings has a new control that allows you to
specify the maximum number of messages per hour that a domain can send (zero
means no limit). Once this limit is reached further messages are left in queue
and a line is logged about it to the System log. All counts are reset hourly or
on a server restart. This option is only available in MDaemon Private Cloud
-  Alt+F2|Domain Manager|Settings has a new control that allows you to
specify the maximum disk space quota for a domain's accounts. This option is
only available in MDaemon Private Cloud version.
-  Alt+F2|Domain Manager|Host Name & IP has a new control that allows you
to enable/disable a domain. When domains are disabled users can no longer
send or retrieve their mail and all new messages sent to the domain are rejected with
"User Unknown". This option is only available in MDaemon Private Cloud
-  MDaemon no longer accepts MAIL <forward-path> or RCPT <reverse-path>
values which are enclosed in tick marks ( ' chars) or quote marks ( " chars).
These forms are not in accord with the standards and although MDaemon accepted
and tried to "fix" them in the past they end up causing problems for down-stream
modules so they are now refused during the SMTP session.
-  WorldClient - Added "Verified with key-id <key-id>" information to the message
header in the message previews and external message views when the message
contained a verified PGP signature.
-  The version node on the status bar at bottom of UI will show 32-bit or
-  UI nodes in toolwnd text changed from using "active/inactive" to using
-  WorldClient - Added support for recurring tasks in the LookOut and
WorldClient themes. The behavior matches that of Outlook.
-  Added icons for messages with valid DKIM signatures, messages decrypted
by MDPGP, and messages signed with an MDPGP key
-  LookOut and WorldClient themes - Added the ability to accept, accept
tentatively, or decline a meeting from the event editor
-  MDPGP: libraries and binaries updated to latest versions.
-  Moved cleanup event strings to resources for translations.
-  WorldClient - Added option to turn off display of the "Share Folder"
button in the Options | Folders view and in the folders context menu. Use
HideShareFolderOption=Yes in Domains.ini [Defaults:UserDefaults] to hide for all
users. Setting HideShareFolderOption in the User.ini will override the
setting from the Domains.ini
-  LookOut and WorldClient themes - Added context menu and shortcut key
options to delete messages permanently without sending them to the Deleted Items
folder. In the message list context menu (right click menu) choose "Delete
Permanently" from the drop down or use "Shift + Del" to permanently delete
-  WorldClient theme - Removed the "Click to add to contacts" in the
message preview and external message window, because the user can simply hover
and get the "Add to Contacts" option.
-  LookOut and WorldClient themes - Added an Options | Categories view for
editing user categories. View is available as long as the user setting
CanEditPersonalCategories equals Yes
-  Reversed order of operations to now check IP Screen before Dynamic
Screen in order to reduce needless waste of CPU and logging.
-  Ctrl+U|Autoresponders has a new screen called Attachments. Only paths
listed here are eligible to be used within autoresponder scripts.
-  WorldClient - Added option to turn off display of email address hover
context menus in the message preview frame and the external message view.
Use HideEmailAddressHoverMenus=Yes in Domains.ini [Defaults:UserDefaults] to
hide for all users. Setting HideEmailAddressHoverMenus in the User.ini
will override the setting from the Domains.ini
-  Changed message queue right-click menu text from "White List 'To'" to
"White List Recipient", "White List 'From'" to "White List Sender" etc. Also
message queue tab column header labels were changed from "From" and "To" to
"Sender" and "Recipient".
-  Ctrl+P|Spam Filter|Settings had an option to configure spam score on a
DNS-BL match. This option was removed as it's a duplicate of the same
option which appears just a few tabs down on the same screen at
Ctrl+P|DNS-BL|Settings. It also did not store state correctly at times.
-  MDPGP no longer logs data about messages when MDPGP is completely
disabled (this was just wasting disk space).
-  LookOut theme - added ability to select multiple contacts from the
Contacts folder and then send a message to all of them
-  WorldClient theme - changed the X that saves notes to a floppy disk
-  Added the ability in WorldClient to modify the notes field of a single
occurrence of a recurring appointment
-  Updated to new version of the HTML editor used by WorldClient and Remote
Admin (CKEditor 4.5.10).
-  MDaemon will email the Outlook Connector release notes to the postmaster
and global admins when a new version (4.0.0 or newer) is installed on the server.
-  An ActiveSync client setting has been added that allows iOS clients to
be able to send mail using an alias, by returning the logon alias as the user's
primary SMTP address.
-  fix to log file archives sometimes having incorrect files included
-  fix to MDPGP minor issues and processing bottle-necks
-  fix to spam filter "no filtering" white list not working for some queue
-  fix to spam filter "no filtering" white list (and others) not always
working properly with encoded header data
-  fix to MDPGP not reloading domain settings when they change
-  fix to left-hand tree-view in UI dialogs not accessible via tab key
-  fix to main menu not immediately available for key-board focus on
-  fix to MDPGP GUI options related to encrypting mail not disabled when
-  fix to encoded From and Subject header data lost by CF "copy to" action
when destination is a mailing list
-  fix to X-MDArchive-Copy: header not inserted into messages archived to
-  fix to CF failing to detect and extract attachments in certain emails;
also fixed lack of logging of these facts on success or failure
-  UTF-8: fix to list digests not in proper charset and thus unreadable for
some; also simplified and updated logging of results
-  fix to X-MDAV-Infected header not always listing file names correctly
-  UTF-8: fix to calendar reminder data not encoding properly
-  fix to install process errors when moving from older 32-bit versions (<
13.5) to newer 64-bit versions
-  LDAP: fix to ldap export not automatically happening when
enabling/disabling options to do so on Alt+G|Mailing List Settings; also the
wording of this option was slightly improved
-  fix to content filter compressing inbound attachments when not
configured to do so; also simplified logging related to compression
-  UTF-8: fix to incorrect full name sometimes added to contacts when
forwarding mails to the special "add to whitelist/blacklist" address
-  fix to WorldClient - 2FA if a user cancels a new secret
request the old secret is deleted, but 2FA remains enabled
-  fix to Screening log not getting "----------" lines added; wasteful but
without this the search function fails to work correctly
-  fix to LookOut theme - Disable New Email Sound does not
stay checked after saving
-  fix to config session needlessly writing/updating counts within the UI
-  Minger: fix to gateway "test" button returning "Success - these settings
don't work" ROFL (should be "Success - look like it's working")
-  Minger: fix to minger not properly honoring options to allow over-quota
accounts to send mail
-  fix to status bar at bottom of UI not showing IPv6 address in config
-  fix to WorldClient - When setting up 2FA with long user names and long
domain names, the bar code will not display
-  fix to WorldClient theme - When the Company field in a contact contains
an apostrophe, the Edit button no loger works
-  fix to WorldClient theme - Comment field called Note when viewing
-  fix to WorldClient theme - Tab order off/confusing when creating new
-  fix to SPF processing not showing any error text when SPF records setup
as errantly recursive
-  fix to DMARC white list not honoring DKIM/SPF Approved domains list
-  fix to WorldClient theme - Hitting enter in the text input
of the New Folder dialog does nothing
-  fix to LookOut theme - Options | Folders - Notify checkbox
is displayed for non-email type folders
-  fix to LookOut and WorldClient themes - the date on the day view and
week view is incorrect for the Print a list view of calendar events printing
-  fix to LookOut theme - Categories - In the Calendary Day View, all day
events with a dark gray have the wrong font color
-  fix to LookOut and WorldClient themes - shortcut key to send email
results in the "Are you sure you want to leave this page" alert
-  fix to LookOut theme - FF 45.0.2 German version forces refresh when
clicking on Calendar in folder list
-  fix to Remote Administration not allowing enough digits for Bayesian Database
-  fix to unable to toggle "Always log to screen" in Remote Administration
-  fix to unable to select IPv6 addresses for Host or IP Screening in
-  fix to "Undefined IPs should be..." value always blank on IP Screening
page in Remote Administration
-  fix to forwarded messages not processing by CF rules when configured to
-  fix to creation of mail folders with trailing spaces being allowed
-  fix to queue status not written to system log when toggled via tool
-  AD: fix to problems processing user data fields with a single %
char in them
-  fix to errant "save changes first" box when canceling out of public
folder manager with no changes made
-  fix to unable to set "Hide List from Global Address Book" in Remote
-  fix to Domain Admin gets blank Attachments page in User Editor in Remote
-  fix to Gateway Editor in Remote Administration not always showing the
right value for certain options
-  fix to labeling error for a page in User Editor for Domain Admins in
-  fix to LookOut and WorldClient themes - Unable to edit an appointment in
Day View due to the inability to select it
-  fix to LookOut and WorldClient themes - When setting the default
contacts view to an alternate folder and then saving it twice, it changes to All
-  fix to Remote Administration allows non-local addresses to be added as
-  fix to Remote Administration unable to edit domains with certain special
characters in them
-  fix to some windows display in the wrong size in Remote Administration
-  fix to LookOut theme - When there are several addresses in the CC field,
the CC field will not wrap in the window frame
-  fix to LookOut and WorldClient themes - If a pdf attachment has spaces
before .pdf in the filename the pdf viewer does not work
-  fix to WorldClient - AutoComplete - When an ampersand is used in a
contact that is added as a recipient it shows the HTML encoding
-  fix to WorldClient theme - Unread view shows read messages after
-  fix to various spelling errors found within the product
-  fix to contacts with mobile numbers being removed incorrectly when UI
button used in Account Editor|White List
-  fix to MDaemon alias sometimes lost or unchanged when primary domain
changed (also fixes potential extra MDaemon account created)
-  fix to Content Filter GUI checkbox for "If the X-MDaemon-Deliver-To
HEADER contains" is not checked when editing a rule using that condition
-  fix to MDaemon account not properly handling some multipart messages sent for learning/addressbook
-  fix to IP Syntax checker in Remote Administration not accounting for IPv6 addresses
-  fix to Remote Administration not saving the new default Host Screen entries properly
-  fix to Remote Administration not saving authorized Outlook Connector accounts properly
-  fix to CalDAV server does not honor SCHEDULE-AGENT=CLIENT ATTENDEE
-  fix to possible crash when MDaemon is configured to send mail to a smart host
and the smart host address is invalid
-  fix to unable to save changes to certain actions in the CF Rules in
-  fix to WorldClient tasks - In the Estimated Work and Actual Work fields,
an entered decimal point is not saved
-  fix to WorldClient - Cannot replace signature image with new image of
-  fix to inconsistencies in MaxPingFolders configuration between MDaemon
and Remote Administration
-  fix to ActiveSync may remove the flag on a message when it is replied to
-  fix to domain specific smart hosts not being used in some situations
-  fix to accountprune sometimes making empty ZIP archive files; when this
happens file will be deleted
-  fix to when removing a start date from a task in WorldClient the change
may not be saved
-  fix to certain strings not showing up translated in Remote
-  fix to "Access Denied" error when viewing certain MDAS pages in Remote
Administration as a Domain Admin
-  fix to Remote Administration not showing the correct per-device AS
Client Settings values
-  fix to Cancel button on Support Files Editor in Remote Administration
does not close window
-  fix to Cancel button on Outlook Connector Users page in Remote
Administration does not close window
-  fix to Ctrl+S|Other|BATV two checkboxes in UI not always working
-  fix to ActiveSync clients are sent attachments even when their device
policy does not allow attachments if they request message bodies in MIME format
-  fix to accented characters in the From header of messages sent using iOS
ActiveSync clients may be converted to ASCII
-  fix to hijack detection not always working correctly (allowing too many
-  fix to DMARC report recipients may mistakenly be discarded
-  fix to MDaemon Account Editor truncates an account's smart host password
to 15 characters
-  fix to Help links not working on some pages in Remote Administration
-  fix to calendar event recurrence end dates are not synced to ActiveSync