MDaemon Server v21.5 Release Notes
MDaemon 21.5.0 - November 9, 2021
 Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.
 The 'X-MDOrigin-Country' header, which Location Screening can add to messages, now has the two-letter
ISO 3166 country and continent codes instead of full country and continent names. Be sure to update any
filters you may have that look for particular values in this header.
 With the renaming of the Webmail Mobile theme to Pro, there is a possible side effect for users that
are using the Mobile theme and have remember me enabled. These users may find that they cannot open attachments.
To work around this, the user must simply log out and log back in.
MAJOR NEW FEATURES
 APP PASSWORDS
App passwords are long randomly generated passwords that clients can be configured to log in with instead
of a user's account password. When used along with Two-Factor Authentication, which is supported by MDaemon
Webmail and Remote Administration, they can help protect an account from unauthorized access. App passwords
are supported by MDaemon's SMTP, POP, IMAP, ActiveSync, WebDAV, and XMPP servers.
App passwords are enabled by default. They can be disabled at Accounts | Account Settings | Other | Passwords.
Two-Factor Auth can optionally be required for users to set up app passwords (enabled by default). The Web
Services screen in the account editor and account templates has an "edit app passwords" permission, enabled by
default. The Settings screen in the account editor and account templates has an option for whether an app
password must be used to log in to the account using one of the supported protocols, disabled by default.
Users can manage app passwords in Webmail, at Options | Security, or Remote Administration, at My Account |
App Passwords. The UI displays a list of the user's app passwords, with their name, creation timestamp, last
used timestamp, and last used IP address. App passwords can be created, renamed, and deleted (revoked). An
app password is displayed only once, when it is generated. If a password is lost, delete it and generate a
new one. A different app password should be generated for each of a user's clients. If the user stops using
a client or loses a device, any app passwords for them should be deleted. As a security measure, all of an
account's app passwords are deleted when the account's password is changed.
CHANGES AND NEW FEATURES
-  Renamed the Mobile theme to the Pro theme.
-  Added an Unsubscribe link next to the From address when the List-Unsubscribe header exists in a message.
This can be disabled at Settings | Personalize.
-  Added ability to import email into the current message list.
-  Pro theme - Added Cross-Site-Request-Forgery tokens for more secure transactions. The feature is
disabled by default. To enable it through MDRA go to Main | Webmail Settings | Web Server and check "Use
-  Pro theme - Added an option at Settings | Personalize to enable Dark mode.
-  Pro theme - Added a link to "Track my package" in opened messages.
- Carrier tracking numbers being watched by default are USPS, UPS, OnTrac, FedEx, and DHL.
- The default configuration file is \MDaemon\WorldClient\package_tracking.json
- Admins can add more carriers by creating \MDaemon\WorldClient\package_tracking.custom.json using the
same format as the default config file.
- At least one service name, a tracking url, and at least one valid regular expression is required.
- Include service names that may appear in a message to reduce the chances of false positive matches.
-  Updated the Dropbox integration to use the refresh_token provided by Dropbox to reconnect users
without interaction with the OAuth dialog. When the access_token expires, Webmail will attempt to use the
refresh_token to get a new access_token. No longer necessary settings have been removed from the Cloud Apps
page. The admin does NOT need to make any changes to the Dropbox app at Dropbox.com.
-  Pro theme - Added a password strength meter.
-  Search All / Subfolders requests no longer search unsubscribed folders when unsubscribed folders are hidden.
-  Added a checkbox named "Skip Search" to exclude specific folders from Search All / Subfolders requests.
-  Added a setting in Remote Admin that allows the Two Factor Authentication Remember Me checkbox to be hidden.
-  Added a blur effect for the background when the user session is expired.
-  Pro theme - Added the Message List Layout dialog to the smaller browser size. Only the Message List
Density setting is displayed.
-  Added an Automatic CC and BCC feature at Settings | Compose.
-  Added an option in WorldClient\Domains.ini [Default:Settings] PreventComposeWithAlias. Setting is off by default.
-  Lite theme - Added auto-save draft message to the Compose view.
-  Pro theme - Added the Voice Recorder.
-  Added an option in the Options | Folders view to allow users to skip contact folders in auto-complete
searches. Added the option in the right click menu as well.
-  Pro theme - Added the image slideshow feature for the message view.
-  Pro theme - Added a card view for the contacts list.
-  Added a Webmail log entry for the User-Agent when a user logs in.
-  Added a notification in the Compose view if a local recipient has their autoresponder enabled.
-  WorldClient theme - Added a paperclip icon to event tiles that have attachments.
-  Maximum attachment size is set to 25 MB for new installs.
-  Pro theme - Moved the "new item" button from the toolbar to the space above the folder list for desktop sizes.
-  Pro theme - Added a plus icon next to "Personal" to create a new calendar in the calendar view.
-  Pro theme - Added an event tooltip with edit options and send an email to an attendee option.
-  Pro theme - Made the search bar always visible for browser window widths of 1200px or greater.
-  Pro theme - Added a dialog to allow users to remove a contact from the the BlackList when adding them
to the WhiteList and vice versa.
-  Pro theme - Added an error message when there is an error creating or renaming a folder.
-  Pro theme - Added support for HTML notes in Events, Contacts, Tasks, and Notes.
-  Pro theme - Replaced the current HTML editor (CKEditor) with Jodit.
-  Pro Theme - Changed the basic header view to show the From email address.
-  Changed the "Delete All" folder action to "Empty Folder"
-  WorldClient theme - Added "Change Password" and "Change Recovery Email" buttons to the Security page
-  Pro theme - Changed the refresh button to refresh all folder counts
-  Messages are sent to MDaemon's MSA port (587) by default instead of the SMTP port (25).
REMOTE ADMINISTRATION (MDRA)
-  Updated trusting local domain host warning to prevent adding the local domain host when clicking "No".
-  Added the ability to drag and drop content filter rules. The copy, edit, and delete buttons are now on each respective rule.
-  Added Cross-Site-Request-Forgery tokens for more secure transactions. The feature is enabled by default.
To disable it go to Main | Remote Admin Settings | Settings and uncheck "Use Cross-Site-Request-Forgery tokens".
-  Added a password strength meter to some password fields.
-  Added an option for Webmail and Remote Admin Two Factor Authentication Remember Me at Main | Webmail Settings
| Settings and per domain at Setup | Domain Manager | Edit | Webmail Settings.
-  Added Blocked IPs and Refused IPs reports for Dynamic Screening.
-  Added the Groups and Client Types views under ActiveSync.
-  Updated the ActiveSync | Diagnostic and Tuning pages.
-  Added a browser usage by OS chart and table at Reports | Traffic | Webmail Login Statistics.
-  Added buttons to open a popup for browsing users and groups to add to mailing lists at Main | Mailing Lists |
Edit | New. Only Domain Admins or Global Admins have access to the buttons.
-  Added Account Only Wipe options at Main | My Account | ActiveSync Clients and at ActiveSync | Client Management.
-  Change logging has been added. It will log every change that is made via Remote Administration.
-  Updated Message Recall to match the MDaemon GUI.
-  Added the "Extract attachments from winmail.dat" option at Security | Content Filter | Compression.
-  Added Slovenian language to MDaemon Remote Administration.
 Added support for SMTP Command Pipelining (RFC 2920). MDaemon will send MAIL, RCPT, and DATA commands
in batches instead of individually, which improves performance over high latency network links. SMTP pipelining
is always enabled for inbound connections. It is enabled by default for outbound connections, but can be disabled
at Setup | Server Settings | Servers & Delivery | Servers.
 Added support for SMTP CHUNKING (RFC 3030). CHUNKING allows non-line-oriented messages to be transferred.
It is enabled by default for inbound connections, but disabled by default for outbound. Bare line feeds in
received messages are converted to carriage return line feeds by default. These defaults can be changed by
setting [Special] SMTPChunkingInbound=Yes/No, SMTPChunkingOutbound=Yes/No, and SMTPChunkingAllowBareLF=Yes/No
-  Content Filter - Updated the default restricted attachments list.
-  XMLAPI - Added Support to report/modify settings from Setup/Server Settings/Logging.
-  ActiveSync Server start/stop entries are written to MDaemon's System log.
-  ActiveSync - Corrupt Message Notifications are sent less often.
-  Clustering - Added support for synchronizing reminders from secondary nodes.
-  Dynamic Screening - Added option to log location data using ISO codes instead of names.
-  Dynamic Screening - Improved the logic used for ignore attempts using identical passwords.
-  XMLAPI - Added support for ActiveSync AlwaysSendMeetingUpdates setting.
-  XMLAPI - Added support for semaphore file creation.
-  MDaemon Instant Messenger - Improved group chat feature by adding ability to multi-select chat
buddies for group chat. Also added an option to auto-accept chat room requests.
-  MDaemon GUI - Location Screening has a new option for whether a 'X-MDOrigin-Country' header
is added to messages. It is enabled by default.
-  Content Filter - Added rule action to add attachment to message.
-  MDaemon GUI - An option for whether to allow logon using aliases has been added at Accounts | Account
Settings | Aliases | Settings. It is enabled by default.
-  MDaemon Connector has been updated to version 7.0.5.
-  The default delivery confirmation message text (in \MDaemon\App\Receipt.dat) has been changed to
use the $HEADER:X-RCPT-TO$ macro instead of $RECIPIENT$ to avoid disclosing the actual email address an
alias resolves to.
-  fix to SMTP server may allow out of sequence commands
-  fix to Pro theme - Folder list updates inconsistently
-  fix to MDRA - Cannot disable feature "Only send antivirus update notification on failure"
-  fix to Pro theme - info icon in Message View Layout popup should not exist
-  fix to Webmail and MDRA - Two Factor Authentication one time password is reusable
-  fix to Pro theme - Autocomplete box never goes away
-  fix to Pro theme - Session has expired error when logging out
-  fix to Pro theme - Body of message is not focused on when replying
-  fix to Webmail - MDaemon sends the accepted meeting request message addressed from the wrong user when accepting in calendar view
-  fix to MDRA - Problems with the "Use HTML" setting when adding a footer or adding to the top
-  fix to Pro theme - Unable to open a new message after using Shift+Del to permanently delete a message
-  fix to MDRA - Enabling a group in an account does not apply its selected template
-  fix to Webmail - Email search results do not clear when selecting another section in webmail
-  fix to Pro theme - Importing Events or Contacts with attachments takes time and there is nothing to inform the user that the import is ongoing
-  fix to MDRA - domain editor has blank SMTP host name for domain admins
-  fix to Pro theme - onSpam is not a function in external message window
-  fix to XMPP Server - Server does not create chat rooms correctly
-  fix to Webmail - Corrupted text added to message body when removing an attachment
-  fix to ASMCUI - Command line still contains XMLAPI options though /ImportFile method is selected
-  fix to ASMC - When importing contacts, duplicate GUID and Modified entries are created.
-  fix to ASMC - Only create mailbox folders for Folder Types specified in migration
-  fix to MD GUI - Resetting Root Node counters does not reset Dynamic Screening or ActiveSync counters
-  fix to MD GUI - Wrong dialog opens when double clicking Accounts/ActiveSync
-  fix to MD GUI - ActiveSync Accounts and Clients dialogs in the Domain Manager may show the wrong domain
-  fix to Clustering - possible hang when moving mail queues
-  fix to Clustering - possible crash at startup
-  fix to Webmail - Invalid cookie for the requested session when downloading PDF files in Chrome
-  fix to MDRA - Cannot edit a domain that has capitalization in the Domain name
-  fix to MDRA - Cannot save autoresponder script in template
-  fix to Pro theme - Very long email addresses cause the address to overflow the container in the To field of the compose view
-  fix to MDRA - Attachment linking is not disabled when clustering is enabled
-  fix to MDRA - possible crash when clicking "Restrict MDaemon folder access to Admins, Backup Operators, and System"
-  fix to MDRA - Account Manager Filter does not display MDaemon Connector accounts
-  fix to Pro theme - Contact, Task, and Note list does not refresh when a new item is created
-  fix to Pro theme - DefaultFromAddress not being used in the Compose view
-  fix to MDRA - In the Quotas settings, any value containing Japanese characters displays corrupt
-  fix to LookOut theme - the "Show Snoozed" messages button does not do anything
-  fix to Webmail - Whitelist and Blacklist folders are not regenerated if accidentally deleted by users
-  fix to MDRA - Log actions taken on messages from the Queues pages
-  fix to AV updater - Send notification if virus definitions have not updated checkbox gets value from CyrenAV
-  fix to Pro theme - Enable/disable Two Factor Authentication options are reversed when logging out and back in
-  fix to Pro theme - Email admin lost TFA device does not work
-  fix to AV - When a virus is detected in winmail.dat the winmail.dat is removed from the message instead of the message getting quarantined
-  fix to AV - Scan fails with Winmail.dat files containing attachments with special characters
-  fix to DMARC processing is skipped for certain messages
-  fix to possible MDaemon.exe crash when generating quarantine queue summary email
-  fix to Pro theme - unable to send a message without a subject
-  fix to XMLAPI - Create/UpdateUser does not set NTAccount value when specified
-  fix to MDPGP - Invalid CRC error when decrypting particular messages
-  fix to DSN message has remote server's BATV tag removed, which may cause delivery failure
-  fix to Pro theme - Strings in folder context menu not translated
-  fix to WorldClient and LookOut themes - if you import an ics file with thousands of events it looks like nothing is happening
-  fix to Webmail - some HTML messages are not displayed properly
-  fix to Webmail - XSS vulnerabilities
-  fix to meeting updates can cause duplicates in Outlook if an account using MDaemon Connector is set to automatically process meeting requests
-  fix to MDMigrator Unable to export message, pConvSess->MAPIToMIMEStm failed [0x80070005] in WriteMimeMessage
-  fix to Pro theme - unable to clear search results after opening email
-  fix to MDRA - Message Search may not find words that contain non-ASCII characters
-  fix to Webmail - Attachments in meeting invites are not displayed correctly in Outlook
-  fix to MDaemon GUI - Header Translation edits are not saved
-  fix to MDaemon GUI - Domain Manager allows a domain with the same name as a disabled gateway to be created
-  fix to mailing list administrators are not updated when renaming a domain
-  fix to SPF lookups fail for certain multi-line SPF records
-  fix to only the first mailing list's Last Access value is updated when a message is sent to multiple mailing lists
-  fix to AD Monitoring replaces lowercase umlaut characters with uppercase letters
-  fix to forwarding to a public folder submission address fails
-  fix to possible hang in MdMbSrch.dll when indexing new mail items
-  fix to WorldClient theme - Contact phone number is displayed incorrectly when parentheses or a plus sign exist
-  fix to WorldClient theme - When setting invitee as Optional, it reverts to Required when saving
-  fix to ActiveSync - search of all mailboxes returns no results
-  fix to Content Filter - restricted attachment may not be quarantined
-  fix to Pro theme - Message view right, unable to resize preview window using FF
-  fix to Content Filter - "Compress outbound local domain attachments" option does not work
-  fix to STARTTLS white list not being honored in all cases
-  fix to Pro theme - IE11 - Users get a blank screen
-  fix to public contact for an account may not be deleted when setting it as private using a template
-  fix to MDaemon GUI - Domain Sharing password edit box does not allow enough characters
-  fix to Pro theme - right clicking on a message in the message list and selecting Spam/Not Spam is not moving the message
-  fix to high CPU usage in MDaemon.exe while verifying a particular DKIM signature
-  fix to Content Filter - sender/recipient password-protected exclusion "Apply" button disabled when removing entry
-  fix to MDRA - When editing group membership, the windows overlaps the last account in the list
-  fix to Content Filter - "Append a corporate signature" with HTML may cause DKIM signature to fail
-  fix to ATRN connections fail if they are on the STARTTLS Required List
-  fix to message recall fails for messages in the the Deferred queue with no To header
-  fix to Webmail - CKEditor upgraded to version 4.16.2 to get vulnerability fixes
-  fix to possible crash in MDaemon.exe