MDaemon Server v21.5 Release Notes

MDaemon 21.5.0 - November 9, 2021


[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit:

[24475] The 'X-MDOrigin-Country' header, which Location Screening can add to messages, now has the two-letter ISO 3166 country and continent codes instead of full country and continent names. Be sure to update any filters you may have that look for particular values in this header.

[24943] With the renaming of the Webmail Mobile theme to Pro, there is a possible side effect for users that are using the Mobile theme and have remember me enabled. These users may find that they cannot open attachments. To work around this, the user must simply log out and log back in.



App passwords are long randomly generated passwords that clients can be configured to log in with instead of a user's account password. When used along with Two-Factor Authentication, which is supported by MDaemon Webmail and Remote Administration, they can help protect an account from unauthorized access. App passwords are supported by MDaemon's SMTP, POP, IMAP, ActiveSync, WebDAV, and XMPP servers.

App passwords are enabled by default. They can be disabled at Accounts | Account Settings | Other | Passwords. Two-Factor Auth can optionally be required for users to set up app passwords (enabled by default). The Web Services screen in the account editor and account templates has an "edit app passwords" permission, enabled by default. The Settings screen in the account editor and account templates has an option for whether an app password must be used to log in to the account using one of the supported protocols, disabled by default.

Users can manage app passwords in Webmail, at Options | Security, or Remote Administration, at My Account | App Passwords. The UI displays a list of the user's app passwords, with their name, creation timestamp, last used timestamp, and last used IP address. App passwords can be created, renamed, and deleted (revoked). An app password is displayed only once, when it is generated. If a password is lost, delete it and generate a new one. A different app password should be generated for each of a user's clients. If the user stops using a client or loses a device, any app passwords for them should be deleted. As a security measure, all of an account's app passwords are deleted when the account's password is changed.






MDaemon is a registered trademark of MDaemon Technologies, Ltd.
Copyright ©1996-2021 MDaemon Technologies, Ltd.