----------------------------------------------------------------------------- MDaemon Server v9.X Release Notes ----------------------------------------------------------------------------- --------------------------- MDaemon 9.66 - June 4, 2008 --------------------------- o [7473] fix to WC vulnerabilities described in Secunia Advisory SA30474 o [4711] fix to WC address book lookup not resizing properly ----------------------------- MDaemon 9.65 - March 14, 2008 ----------------------------- o [7224] fix to IMAP FETCH vulnerability o [7088] fix to Korean characters dropping in WC emails o [7098] fix to IMAP server error when attempting to fetch many email headers o [7118] fix to MD crash routing local mail to disabled users with LDAP user backend o [4711] fix to WC Lookout theme unable to resize address book o [7122] fix to IMAP EXPUNGE responses not always sent o [6314] fix to descriptions are cut off in German version of WC o [7206] fix to SyncML annual recurrence YM0 problem o [7211] fix to SyncML server ignores timeout value set in MDaemon GUI o [7227] fix to invalid vCalendar EXDATE property causes SyncML server to crash o [6965] fix to 'contains in file' content filter rule not matching when certain characters are used ------------------------------- MDaemon 9.64 - January 15, 2008 ------------------------------- o [6900] Added option to the Active Directory monitoring feature which will show/log all attributes and values discovered during processing. This can aid in debugging problems and assist in picking the right attributes to map to account properties (remember, you can use any AD attribute(s) you want). This switch is enabled by default and the results show up in the System log. o [6831] The Active Directory monitoring feature has been improved to include a character conversion feature. See ActiveDS.dat file [CharacterConvert] section for an explanation of how it works. By default, it will convert numerous 8-bit characters to their ASCII equivalents for the Mailbox field only. You can setup the conversions you want and the fields you want to convert (see ActiveDS.dat). Also, streamlines the Active Directory query so that it makes less demands on the AD server. o [6884] Messages moved into the bad message queue should have a new header inserted called X-MDBadQueue-Reason which explains why the message was moved there. The content of this header will also be logged into the Routing tab in the MDaemon UI. o [6626] MDaemon will now prepend rather than append the various headers that it inserts into messages. So, MDaemon will insert it's various X-MD* and other headers immediately following insertion of the required trace headers (return-path and Received). This is a best practice recommendation since always appending headers to the end of the header section makes it impossible to tell which server inserted them. o [6874] fix to DomainKeys verification fails when multiple instances of header in h= value are present o [6875] fix to DKIM bugs found during interop testing o [6543] fix to IMAP rules not working for folder names starting with "!" o [6745] Added clarifying text to DNS UI concerning DK/DKIM use of DNS o [6766] fix to double-menu hot key items o [6810] fix to ability to create accounts using reserved "noreply" o [6893] fix to various text input UI elements being enabled/disabled improperly based on whether the spam filter was enabled/disabled o [6896] fix to loop detection not working on remoteq messages o [6898] fix to spam/content filter being restarted needlessly by UI o [6899] fix to DNSBL results taken from Received header IPs being documented in X-DNSBL-IP-Result header rather than X-DNSBL-Result header o [6832] fix to AD integration not creating correct mailbox value for AD accounts with a UPN >= 29 chars (domain piece not being stripped first) o [6922] fix to disabled accounts able to receive list and queued mail o [6935] fix to wrong "message" returned with DNSBL hits sometimes o [6936] fix to wrong prvs encoded TO: in delivery warning messages o [6940] fix to CF "Copy to folder" action not moving the .rte file o [6943] fix to FixupMessageInMemory function not working right o [6901] fix to list editor using notepad rather than internal file editor o [6944] fix to long data fields received from client may be truncated o [6959] fix to Authentication-Results having incorrect x-ip-mail and x- ip-helo values at times o [6932] fix to LookOut theme's calendar not allowing you to delete events in the day view o [6966] fix to IMAP server does not strip trailing whitespace from Content- Type values for BODYSTRUCTURE response o [6995] fix to ComAgent IM HTTP requests timing out too quickly o [6996] fix to ComAgent notification actions display corruption after checking item o [7006] fix to Calenadar/Contacts/Tasks/Notes lock files may be orphaned o [6985] fix to missing .dat files in some distributor builds o [7030] fix to auto whitelist UI typo error o [7032] fix to queue scan not happening when inline scan errors out o [7056] added logging around midnight maint event to system log o [7039] fix to possible crash if SMTP session is closed while processing certain SPF records o [7040] fix Comagent crash after updating buddy list with a particular Comagent.ini file o [7041] fix possible Comagent crash on startup and shut down o [7055] fix to possible WC crash when composing a message o [7057] fix to WC crash if XceedZIP.dll not present when user attempts to download ComAgent installer o [6537] (Japanese version only) fix to Japanese file names are messed up when opening from WorldClient using IE o [7002] fix to MD3Conv.exe not comparing versions correctly o [7059] fix possible MD deadlock when sending messages to the holding queue o [7062] fix to MDaemon not quoting long filenames when calling ODBC wizard o [7003] fix to WorldClient cannot decode message correctly o [7064] fix completion date of task item not synching between OC and WC o [6837] fix to shared Notes folder not showing up in WorldClient o [7077] fix to ETRN advertised on MSA channel - RFC 2476 says MUST NOT ------------------------------- MDaemon 9.63 - November 6, 2007 ------------------------------- * MDaemon's implementation of Sender Signing Practices for DKIM has been updated to a more recent IETF draft. I am hopeful that this draft will be substantially close to what the final version will look like (although work is ongoing). A copy of this draft proposal can be found here: http://www.dkim.org/specs/draft-ietf-dkim-ssp-00.txt. MDaemon no longer supports the older SSP draft. MDaemon will not query DNS for older SSP records nor will it recognize the format of those older records. The current SSP draft has a new format and location in DNS for this data. Assuming you are using SSP, Alt-N recommends updating it as follows: (a) Create a DNS TXT record containing the following (minus the quotes): "dkim=unknown" - if you are signing some, but not all, of your mail "dkim=all" - if all mail is signed by you or someone else "dkim=strict" - if all mail is signed only by you (b) Place the TXT record at "_ssp._domainkey." (minus the quotes) where is the domain name specifying the SSP policy. For example: "_ssp._domainkey.altn.com". (c) Remove any old SSP record which may exist at "_policy._domainkey." (minus the quotes) where is the domain name specifying the older SSP policy. Alternatively, you could leave this record in place for a time for legacy verifiers. Any dns_readme.txt files generated by MDaemon prior to this version of the software will contain incorrect instruction on how to configure SSP. These changes DO NOT affect DKIM signing or verifying (RFC4871). These changes DO NOT affect selectors, public or private keys, or data stored in DNS related to selectors or any other aspect of RFC4871 behavior. * MDaemon's implementation of Minger has been updated to the most recent draft. A copy of the most recent draft proposal will be available from the IETF web site soon (or you can email me - arvel@altn.com - and I can send you a copy). It was necessary to change the way the Minger query string is formed. As a result the Minger server and client included in this version of MDaemon is not compatible with previous MDaemon versions. For Minger to continue to work you will need to update all your 9.6x installs to this patch. * The following changes to MDaemon's use of SpamAssassin have been made: (a) MDaemon installs the current default rule set into a new folder called default_rules. This folder should never be used by customers. (b) The existing rules folder was purged of all .cf files which were included in previous default installations. (c) Learn.bat was updated to reflect the new default_rules path. * [6723] The address book white listing feature has been improved in order to enhance security and prevent abuse. In order for a message to trigger the address book white listing system it's FROM address must have been authenticated with either SIDF or DKIM. In the case of DKIM, the signing domain must match to the domain taken from the FROM header. A new switch governing this behavior has been added to a slightly reworked Spam Filter White List (auto) UI tab. This new requirement is enabled by default and it is strongly recommended that you keep it enabled. o [6813] Some performance enhancements have been made. First, a partial fix to the "create fail for window" errors and "Thread Creation Error: 12" problems have been found. Although a complete fix will come in a future version, this version of MDaemon should be able to handle many more simultaneous connections than previous versions. The hard limit is imposed by Windows which limits the amount of resources granted to any process. o [3128] In WorldClient added the ability to delete individual occurrences of recurring events in the desktop themes. This will allow users to delete events that happen on holidays without removing all of the instances of the event from their calendar. SyncML has also been updated to support deleted occurrences or recurring events. o [6692] MDaemon's implementation of AUTH-RES has been updated to reflect the most recent draft which has several excellent changes. There is now a single Authentication-Results header which documents the result of all authentication processing. For more information on AUTH-RES read: http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-08.txt o [6685] By default, MDaemon will no longer insert "Recieved-SPF" headers into messages when no SPF data is available. If you would like to continue to have MDaemon insert this header even when no data is available you can configure for that using Alt+X | SPF/Sender-ID tab and unchecking the "...except when the SPF result is 'none'" option. o [6682] Backscatter Protection processing will copy its results into a new header called X-MDBP-Result. This header will be present for all messages sent to a single RCPT which trigger BP processing. The header will contain the result of the BP test (pass, fail, or fail expired) as well as the reason the message wasn't outright rejected (matched to a white list, not configured to reject, etc). o [6696] MDaemon inserts various new headers into messages in a more organized fashion now. o [6700] The X-Lookup-Warning header has been deprecated. It suffers from the following problems: (a) It is not stripped on incoming which means it can't be reliably used for filtering. (b) It is a single header trying to represent three different lookup results which is impossible (subsequent lookups overwrite previous results thus causing data loss). (c) It is configurable (even the header name!) which makes it impossible to police. The header was replaced with three non-configurable, purpose built headers that do not suffer from such problems. They are X-MDPtrLookup-Result, X-MDHelo-Lookup-Result, and X-MDMailLookup-Result. Eventually, all these headers will be deprecated in favor of exclusively using Authentication-Results. o [6701] The X-RBL-Warning header has been deprecated. It turns out that the feature to automatically generate account filter rules to move messages with this header into the Junk Email folder automatically has never worked because the rule tested for "is equal to 'Yes'" when this header never contained that value. The installation process will remove this worthless rule for all accounts. If you want to reapply a working filter rule to all accounts you can enable the option to do so in the DNSBL Options UI. The X-RBL-Warning header has been replaced by a new header called X-MDDNSBL-Result. This header documents the results of all the DNSBL processing including the IP result returned from each DNSBL for your filtering pleasure. The 80_MDaemon_scores.cf file has been updated to reflect these changes but by default it does not inspect the results of the header for distinct action. It simply scores if the header exists. o [6669] Added option to Setup->Primary Domain->Archival to allow you to control whether messages marked as spam should be included in the archival process or not. By default they are not included however you must open and close the dialog box once to enact this change. o [6348] It is no longer possible to change the primary domain name using a detached "configuration session" UI. This must be done using the actual service UI or WebAdmin. This was causing numerous problems. o [6728] Several improvements were made to the Routing log to help track what's going on during message processing: (a) The Routing log should now always show where a message was ultimately delivered. (b) Forwarding failures will be logged (c) Each forwarded recipient will receive a line item entry in logging (d) Fixed several code paths were nothing was being logged at all (e) Format slightly changed to be consistent with other logs (f) If any errors occuring causing a message to not be forwarded then the original copy will be retained regardless of whether the account or gateway is configured to not do so. o [6730] Account filter rules will be processed now even when the IMAP and WorldClient servers are disabled. In previous versions at least one of those servers had to be enabled. o [6736] Added option to Accountprune to skip pruning of inactive account if account is a forwarding mail account. Add the following setting in the Domains.dat file to turn on the feature: [primary.domain.com] SkipForwardAccount=Yes (default = No) o [6822] When not archiving spam, message sent to spam trap email addresses will now be excluded from the archive. You will need to hit F2, switch to the Archival tab, and hit OK once to enable this behavior. o [4037] DomainPOP and MultiPOP use TLS/SSL when connecting to port 995. o [451] fix to IMAP sessions in Session pane sometimes incomplete o [6846] fix Accountprune doesn't work using foreign characters in midnight.bat o [6778] fix to errant error message when entering invalid domain forms o [6775] fix to VBR code not honoring all types returned from certifier o [6776] fix to VBR sign file not editable at times o [6802] fix to BATV file not editable at times o [6800] fix to CFEngine.exe crash when processing messages with TNEF o [6812] fix to log archives having incorrect date in zip file name o [6622] fix to digests not using list's reply-to address o [6630] fix to german installer not properly creating start menu link o [6552] fix to content scanning problems with certain messages o [6623] fix to midnight crash when using MS SQL ODBC backend o [6638] fix to gateway message forwarding ignoring SMTP MAIL value o [6646] fix to inbound SMTP spam trap flag not reset properly at times o [6655] fix to WC crash when opening a draft in the LookOut theme o [6639] fix to edituser.sem trashing autoresponder start/end times o [6659] fix to shared folders list limited to 32KB o [6663] fix to MDCalendar.dll may attempt to close an invalid handle o [6580] fix to forwarding+account restrictions not working right o [6672] fix to not able to edit accounts when us MySQL ODBC backend o [6673] fix to forwarded mail not using BATV properly o [6677] fix to dynamically screened IPs unable to log into WorldClient o [6693] fix to Domainkeys processing rejecting message against policy o [6705] fix to errant Authentication-Results inserted in local msgs o [6706] fix to errant handling of irrelevant RR records at times o [6695] fix to LookOut display issue related to invalid UTF-8 sequences o [6717] fix to inline spam scan not working with greylist right o [6718] fix to X-Spam-Flag header being stripped errantly o [6719] fix to possible mail loop when using account forwarding o [6720] fix to spam trap msgs getting spam scanned at times o [4282] fix to IPScreen not being cached in memory o [6382] fix to a meeting event at the original time being recreated after changing the meeting's time in Outlook Connector o [6729] fix to local mail being left in the queue forever when using a particular combination of "strip x headers" + account filter rules o [6678] fix to content filter's extract attachment creating 0 byte files o [6748] fix to auto-responder responding to messages from RelayFax@ o [6747] fix to spam to unknown local users routing to postmaster/sender o [6749] fix to forwarding to mailing lists able to start a loop o [6753] fix to ldapcache.dat not working only caching a single lookup o [6751] fix to DeleteAlias not work using MDCOM-API o [6754] fix to messages from trusted/auth'ed sources getting scanned even when configured not to do so o [6757] fix to RAW 'Received' headers being created improperly (using incorrect host/domain names) o [6636] fix to AD monitoring not disabling accounts properly o [6871] fix to Backscatter sometimes rejecting addresses improperly ----------------------------- MDaemon 9.62 - August 7, 2007 ----------------------------- o [6434] Added a white list to the Backscatter Protection system. There is a new white list button on the UI. The white list allows you to specify IP addresses and domain names. The white list is only employed when you have enabled Backscatter Protection's "reject" option. Connections from white listed IPs will not be rejected by Backscatter Protection. White listed domain names are matched against the PTR lookup results on the connecting IP. So, you must enable PTR lookups if you want to white list using domain names. o [6551] Improved antispam's ability to detect PDF based spams. o [6498] MDStats strips backscatter information from addresses it parses from log files o [6524] Global and domain level admins will have star icon in account mgr. o [6447] Midnight config file backup event now occurs in a separate thread. o [6132] SMTP delivery to multiple RCPTs will bypass the SMTP based spam scan if any one of the RCPTs has white listed the sender. Otherwise, the SMTP spam scan will take place. o [6444] fix to Comagent crashes when clicking on Auto Update dialog box after another Comagent dialog box opens o [6445] fix to possible Comagent crash on icon right-click o [6449] fix to truncation on # in dat files o [6452] fix to duplicate public contact when new account added with Configuration Session o [6453] fix to "local mail only" restrictions not working correctly o [6454] fix to default action "Refused" not being selected in "local mail only" restriction settings o [6493] fix to $SENDER$ expanding to Return-Path header address rather than to the From header address within the content filter rules and notification message processing systems. $SENDER$ should always be the address taken out of the From header. o [6505] fix to the following problems when appending a ":port" to the smart host value: a) if the smart host domain is down, an endless delivery loop results b) port value is ignored and treated as part of the smart host domain name c) use of default port when connection to give port failed o [6499] fix to auto responders triggered by mail with NULL reverse path o [6506] fix to spam filter address book white listing not working with DPOP o [6416] fix to postmaster auth requirement not honored with wildcard aliases o [6466] fix to WC error when attempting to create a folder that already exists o [6470] fix to queue lock when using the option to send only X messages per thread o [6463] fix to procnow.sem not working o [6467] fix to DomainPOP real name matching feature not working with aliases o [6474] fix to AntiSpam server missing from File menu o [6576] fix to apply button not working right on spam filter heuristics tab o [6482] fix to IP screen hits logging to system rather than screening log o [6464] fix to MDStats not parsing Subject from SMTP-Out logs o [6535] fix to certain Japanese characters preventing messages from being sent in WorldClient using the iso-2022-jp encoding o [6538] fix to Minger authentication fails when verifying certain addresses o [5545] fix to RTE files are orphaned when messages are deleted by WC o [6526] fix to "update webadmin" program manager group item being created o [6549] fix to possible crash when processing the local queue o [6567] fix to "noreply@" being refused when referencing foreign domains --------------------------- MDaemon 9.61 - July 5, 2007 --------------------------- o [6427] When using the IMAP filter rule "redirect" feature, if the address you are redirecting the message to is a local mailing list then it will actually be forwarded (meaning the headers will be changed) however the original FROM: header will be preserved just as with a redirected email. List messages are not capable of true redirection since they require lots of changes to headers. o [5693] When using summary logging DomainPOP and MultiPOP collections will log the attempt as well as the message ID's of each collected message. o [6392] fix to MPOP not remembering what it has downloaded or not o [6407] Add ComAgent checkbox to suppress public folder synch warning o [5951] fix to "Allow per-account authentication" option getting in the way of mail delivery in some configurations. o [6368] fix ComAgent mailto link not launching WorldClient o [6371] fix ComAgent autoupdate isn't triggered when server upgrades from beta to release of same version number o [6372] fix to duplicate alias warning not always displayed when entering a duplicate o [6374] fix to Max accounts to display setting is not working correctly o [6375] fix to MDaemon Help does not open PDF manual in translated versions when running as a service o [6388] fix to content filter's auto-compression sometimes getting corrupted o [6390] fix to MDaemon deleting messages from MPOP after 1 day even if option not configured to do so o [6393] fix to long host screen entries eventually causing a crash o [6394] fix to acl account selection not allowing multiple selection o [6395] fix to ComAgent crashes if folder name is at least 60 characters long o [6400] fix to WC does not encode Japanese address headers correctly o [6401] fix to MDaemon crashing when reading the LDAPcache.dat file o [6402] fix to possible WC crash when ComAgent logs in o [6404] fix to minger socket setting an incorrect socket parm o [6405] enabled TEST button for Minger configurations o [6406] fix to manually upgrading MD does not provide trial information o [6413] fix to multiple zen entries added to spamblck.dat sometimes o [6410] fix to UI not allowing ZERO for max domain/toolwnd nodes o [6412] fix to route slip messages not releasing from holding to remoteq o [6424] fix to DomainPOP crash when processing certian mal-formed messages o [6425] fix to MD generated NDR's placing BATV encoded form in TO headers o [6427] fix to IMAP filter redirect not working with list mail o [6302] fix to double hotkeys on a spam filter UI tab o [3323] fix to IMAP COPY not preserving message file's timestamp o [6432] fix to local only restriction default not applying to new accounts o [6430] fix to accounts GAB option reset upon public folder export o [6433] fix to BATV confusing auto-responder "once-per-day" system ---------------------------- MDaemon 9.60 - June 12, 2007 ---------------------------- ---------------------- SPECIAL CONSIDERATIONS ---------------------- * MDaemon 9.60 is capable of taking advantage of the new Outbreak Protection features shipping with the next version of SecurityPlus. These features include improved image spam detection and support for the Internet Watch Foundation's efforts to expose and classify child pornography and other sites promoting or involved in illegal activities. SecurityPlus is a separately licensed product: http://www.altn.com/SecurityPlus/. * [5128] MDaemon's DNS-BL system is once again able to skip the oldest X "Received" headers when processing SMTP and POP collected messages. There are new controls for configuring this in the DNS-BL options UI. Note: Your existing configuration for the SMTP and POP "Skip the X most recent "Received" headers" option has been reset to a default of 0 and 1 respectively. This will be fine in most cases. If you have special needs you might need to adjust these settings. * [498] DomainPOP and MultiPOP mail collection has changed. The old option which retained a certain number of messages on servers was removed. In it's place, new options to delete messages stored on servers after XX days have been added to the DomainPOP and MultiPOP UI. This has required several changes to the API and MD_UserInfo structure which may require your custom applications and plug-ins to be recompiled. * [5513] relays.ordb.org will be removed from the DNS-BL host list. This RBL is history. Also, any entry for sbl-xbl.spamhaus.org will be changed to the new zen.spamhaus.org. * You might need to generate and deploy new DKIM keys. This would only be necessary if in the past you manually generated keys of 512 bits or less (it is not possible to do this via the UI). So, if your outbound message signing is failing with error 4 you will need to generate and deploy new DKIM keys. The default for bit size is 1024. ------------------ MAJOR NEW FEATURES ------------------ * [4388] ACCOUNT GROUPING * Added grouping support for accounts. Groups can be defined via a new option off the Accounts menu. Within the account editor you can make the account a member of one of more groups by entering group names into a new edit control on the Mailbox tab. Two new content filter conditions have been added which allow you to con- figure rule actions based on group membership. Also, ACLs for public folders can be specified for groups in addition to email addresses. * [6182] SUBADDRESSING * Added support for subaddressing. Subaddressing is a system for including a folder name in an email address. Replies or emails sent to that email address will pull the folder from the address and move the message into folders automatically without the need to setup filtering rules. The syntax is: "mailbox+folder@domain". So, for example, the email address "arvel+ietf@altn.com" would route messages directly into arvel@altn.com's "ietf" IMAP folder (assuming that folder exists). Nested folders can be specified using period characters. For example, "arvel+industry.ietf@altn.com" would route messages directly into arvel@altn.com's "industry\ietf" IMAP mail folder (again, assuming that folder exists). Underscores are used for spaces in folder names. For example, "arvel+my_friends.frank@altn.com" would route messages directly into arvel@altn.com's "my friends\frank" IMAP mail folder. How you might configure your mail client to use various subaddresses depends on the mail client. Alternatively, the content filter could do a header search/replace based on the message destination or some other criteria. The folder must exist prior to being used with subaddressing. Otherwise, the address will be treated as unknown. This is necessary to prevent abuse. You can not subaddress an alias. You must use the actual address. However, you can create an alias which refers to an entire subaddressed form. A new switch has been added to the Filters tab within the account editor which will allow you to enable/disable subaddressing on a per account basis. As a result of the need to delimit using the + character this feature will be unavailable to accounts which include + in their email address local-part (mailbox). This feature can be shut down globally irrespective of individual account configuration via a new switch on the Misc Options|Misc UI. By default, each account has this feature disabled individually. * DKIM IS NOW AN INDUSTRY STANDARD! * http://mipassoc.org/pipermail/ietf-dkim/2007q1/007026.html http://www.emediawire.com/releases/2007/3/emw508676.htm http://www.altn.com/Company/PressRoom/PressRoomViewer/Default.aspx?ID=/PressReleases/20070301-DKIMStandardization After much hard work, DKIM has been approved by the IETF as an Internet standard! MDaemon's DKIM implementation has therefore been updated to the final IETF version. However, MDaemon will maintain back-compatibility with our pre-IETF version as well for at least the next 6 months to a year. DKIM checks will now take place before DomainKeys checks. In addition, when DKIM checks produce a "pass" result, no DomainKeys check is made at all. By default, MDaemon will now sign according to the final IETF stand- ard requirements (v=1, SHA256, and bh=, etc). MDaemon will continue to honor the older pre-IETF DKIM standard signatures for the near term. Congratulations to all of us and you should smile knowing that you've en- joyed a nearly two year head start in this important email security area and have helped to perfect it. * [5645] MESSAGE CERTIFICATION (MDaemon PRO only) * Alt-N Technologies, through its participation in the Domain Assurance Council (DAC) is working to create an extension to Internet mail called "Vouch By Reference" (or "VBR" for short). VBR provides a mechanism through which certification providers may vouch for the email messages sent by others. VBR is based on the idea of adding an additional header to the outgoing mail and providing a very simple way to check whether cer- tification providers vouch for a particular sender. VBR does not require the certification provider to sign (or even know about) any mail that is sent. MDaemon includes the world's first commercial implementation of VBR and handles all the details for you. All you have to do is configure your MDaemon with one or more certification providers you trust to vouch for incoming mail and one or more certification providers which are willing to vouch for your outgoing mail. Ultimately, it is our goal to have all the major reputation service pro- viders create certification servers for your use. They will certify only those who meet their criteria for "good email practices". Until that day arrives, Alt-N Technologies will step into the role and provide certifica- tion services for the MDaemon community. To submit a request for Alt-N Technologies to certify your domain's messages visit: http://www.altn.com/email-certification/signup/ To configure your MDaemon to use Alt-N Technologies as a certification provider use the MDaemon GUI thus: hit Alt+X, switch to the Certification tab, select "Enable certification of incoming messages", enter "vbr.emailcertification.org" into the "Host name(s) of certification serv- ices that I trust" edit control. Note: MDaemon 9.6 will set this up auto- matically when run for the first time. Next, if you have signed up for Alt-N's certification service, click the "Configure a domain for message certification" button and enter the required information there. Be sure to use "vbr.emailcertification.org" in the "Host name(s) of services willing to certify messages..." edit control. A "Certification" tab was added to MDaemon's "Security" log window. Also, logging of certification processing can be toggled via new settings within MDaemon's logging options. Certification of incoming messages is only possible when an authenticated identity can be obtained from the incoming message. This is possible using DomainKeys, DKIM, SPF, and/or Sender ID/PRA. Therefore, one or more of these authentication features must be enabled. Similarly, certifica- tion of your messages by others requires the authentication of your ident- ity so we recommend enabling DomainKeys and DKIM signing of your outbound mail and/or sending your outbound traffic over an SPF or Sender ID approved path. For more information on VBR and message certification visit: http://www.domain-assurance.org. For more information on DKIM visit: http://www.dkim.org. IETF submission of VBR: http://www1.ietf.org/mail-archive/web/i-d-announce/current/msg14053.html VBR technical inner-workings: http://files.altn.com/MDaemon/drafts/draft-hoffman-dac-vbr-00.txt * [5833] BACKSCATTER PROTECTION (MDaemon PRO only) * MDaemon now includes an implementation of the BATV protocol to fight against the problem of email backscatter. Backscatter occurs when spam or viruses send mail using a forged address as the return path. This can lead to thousands of bogus delivery status notifications, vacation and out-of-office messages, autoresponders, etc., ending up in the inbox. You can enable Backscatter Protection from the Security menu to greatly aid in solving this problem. Backscatter protection uses HMAC SHA-1 digests with a private key and mit- igates against replay attacks by imposing a 7 day life-time for all return path values. BATV technical inner-workings: http://files.altn.com/MDaemon/drafts/draft-levine-batv-03.txt * [5889] MINGER (MDaemon PRO only) * Alt-N Technologies has created a new email address verification protocol called Minger. The original Minger was loosely based on the Finger proto- col [RFC 1288] and thus the name. However, it has evolved and doesn't look much like Finger anymore; but the name stuck. Minger includes the following improvements over Finger: (a) requires authentication so it's se- cure (b) uses UDP rather then TCP. Minger allows others to query your server for user information. It is primarily intended to provide a simple and efficient mechanism for verifying whether an account exists or not. MDaemon's Minger server can be enabled/disabled via the UI in the usual way. A Minger user name and password may be configured from Ctrl+M on the Minger tab to use the server. A Minger client has been embedded in the "Gateways" feature-set. The old "LDAP Verify" tab has been renamed "Verification" and the existing controls have been reworked slightly to allow configuration for Minger. Finally, a new top level UI tab and log file for the Minger server was added. Minger technical inner-workings: http://files.altn.com/MDaemon/drafts/draft-hathcock-minger-02.txt * PERFORMANCE ENHANCEMENTS * The entire product and development process was re-tooled, setup, compiled and built using Visual Studio 2005 and Team Foundation Server (previously, Visual Studio 6 and SourceSafe were used). Three specific performance enhancements were made with respect to queuing and message delivery efficiency: [5549] Added a connection failure cache system which can be configured via a new option on the Setup | Primary Domain | Sessions tab. If an SMTP session results in a connection error or connection failure the IP is cached in memory for XX minutes. Once cached, further connection attempts to that IP are not attempted until the cache expires. The cache is main- tained in memory and is reset on a restart and at midnight. [5582] When large numbers of messages are waiting to be delivered a prob- lem occurs when MDaemon continually rebuilds its internal message delivery memory structure. This problem leads to very slow message processing be- cause the CPU is split between actually doing the delivery and continually rebuilding this memory structure. To address this problem, when MDaemon's internal memory structure already has 1000 or more messages queued up it will not dynamically rebuild this structure. This preserves the benefi- cial nature of dynamic queuing for the vast majority of MDaemon users who rarely have 1000 or more messages awaiting simultaneous delivery and at the same time better serve the performance needs of those who do. You can raise or lower this 1000 message limit by manually editing the following MDaemon.ini key: [Sessions] MaxQueuedCount=1000 [5546] There's a new option which can be used with the default schedule. When using the immediate delivery option you can now specify that only mail which is XX minutes or newer should be delivered by that option. This will increase mail processing efficiency since an incoming message will no longer trigger the delivery of everything. Of course, the entire queue will spool when the toolbar button is pressed or when any other queue run trigger fires. This new option only applies to queue runs which are triggered by the "Send mail immediately after getting queued" feature. By default, 1 minute has been set as the limiting factor. You can change that if you like using the schedule GUI. You can set it to ZERO to dis- able this behavior completely (which will cause MDaemon to behave as in previous versions - send all queued mail every time (inefficient)). [1077] Added a "Maximum simultaneous connections to any single IP" option which can be configured via a new option on the Setup|Primary Domain| Sessions tab. This setting limits the number of simultaneous connections to any IP address during delivery of queued outbound mail. It is useful to prevent making too many connections all at once to various IPs. During delivery, if a message would require a connection to an IP that would ex- ceed this connection limit, then the connection is skipped and the next MX host (or smart host) is used. If no additional hosts are available the message is queued for the next delivery cycle. By default, this option is completely disabled which preserves existing behavior. Also, by default, connections to trusted IPs are exempt from this feature. However, if you'd like to enforce it for trusted IPs you can set the following switch in the MDaemon.ini file: [Sessions] TrustedIPsUseConnectionLimit=Yes (default No) Also, by default, connections to IPs reserved for intranet use are exempt from this feature. These are 127.0.0., 192.168., 10., and 172.16.0.0/12. However, if you'd like to enforce it for reserved IPs you can set the following switch in the MDaemon.ini file: [Sessions] ReservedIPsUseConnectionLimit=Yes (default No) * IMPROVED GATEWAY SUPPORT (MDaemon PRO only) * [6118] Valid email addresses for gateways can be configured by just enter- ing them into a text file now. A new button was added to the gateway Verification tab which will let you add addresses to GatewayUsers.dat. Any gateway message sent to a email address found within this file will be considered valid. You can also setup gateway verification to use a new "File" option which requires that the address be present within the text file in order to be considered valid. When using other verification meth- ods, the text file is just an extra source for address data but not a definitive source. [6127] Gateway LDAP verification settings have been changed to better sup- port Exchange/Active Directory in the following ways: (a) The default search filter strings created for new gateways will use an objectclass of "user" rather than "MDaemonContact". (b) The default search filter strings will now include (proxyAddresses=SMTP:$EMAIL$) [6129] The format of the LDAP cache file has changed in order to fix a bug preventing multiple base DNs at the same host from working. As a result, all existing cached values are invalid. You can either delete the entire file and let MDaemon rebuild it or do nothing and allow the invalid entries to expire automatically over time. [6126] Added LDAP/Minger cache enable/disable to the Gateway Options UI. [6128] Added button to the Gateway Verification UI to edit the LDAP cache. ----------------------------------- CHANGES AND ADDITIONAL NEW FEATURES ----------------------------------- o [4262] Added an option to the DKIM signing properties which allows a single checkbox which configured all local domains (the primary domain and all secondary domains) for signing. You will no longer have to specify each domain individually within the DKSign.dat file. This option is enabled by default. o [5497] WorldClient has better character set support for composed messages. Previously, WorldClient would use the utf-8 character set for message that contained any characters not in iso-8859-1. Now the preferred character sets can be configured by the administrator with the "ComposeCharsets" INI value in WorldClient's Domains.ini or User.ini files. The default character set for the Japanese version is iso-2022-jp, Chinese is gb2312, and Russian is koi8-r. o [5254] MDaemon will now send emails to all users who are approaching their quota limitation informing them of the number of messages and size of their mailbox as well as percentages used and remaining. These emails are sent at midnight. If an existing warning is found in the users mailbox it is replaced with an updated message. You can configure a percentage value in the Misc Options|Misc tab which controls when these emails are sent. That UI has been redesigned slightly to make room for this new control. The number of allowable files or the amount of disk remaining must drop below this value in order for an account to receive a warning. Also, unrelated but tagged onto 5254 was a slight redesign of the default account options UI. The quota options have been isolated to a separate tab and the button(s) to restore installation defaults have been removed for now pending a sync-up with WebAdmin. o [5953] When sending messages to a smart host MDaemon already has the op- tion to authenticate using a configured user name and password. However, this is a single set of authentication credentials that is used for each message sent. Some ISPs are requiring a different set of credentials based on the sender of the message (the SMTP MAIL value). Therefore, it is now possible to configure independent smart host user name and pass- word values for each account. When authenticating to a smart host during outbound message processing these credentials will be used, if provided. When not provided, the existing single set of credentials that MDaemon has always supported will serve as a default. A new edit control was added to the Account Editor which will allow you to configure a smart host password. By default, the smart host user name will always match the account's email address. If, for some reason, this is not desired, a separate smart host user name can be manually configured by editing the HIWATER.MRK file found in the account's root mail folder and adding the following key: [AUTH] ISPAUTHUserName=- (example: ISPAUTHUserName=-arvel@altn.com) Preface with a dash character "-" so that MDaemon will recog- nize the value as unencrypted and will encrypt it for security. Additionally, the following MDaemon.ini settings are available for use: [AUTH] ISPAUTHByAccount=Yes (default No) This option enables or disables the entire thing we're talking about here. When disabled, behavior is as MDaemon has always done - all messages are sent to the smart host after authenticating via a single user name and password. When enabled, particular authentication credentials will be used for messages sent from a local account to the smart host only when those credentials are either explicitly provided -or- when the options be- low force the use of defaults. A checkbox for this was added to the Setup |Primary Domain|Delivery UI as "Allow per-account authentication". ISPAUTHUseEmails=No (default Yes) This option causes MDaemon to always use the account's email address as the smart host user name unless HIWATER.MRK overrides (see above). When this option is set to No (disabled) and nothing is configured in the HIWATER.MRK for use then nothing special happens. ISPAUTHUsePasswords=Yes (default No) This option causes MDaemon to always use the account's POP/IMAP password as the smart host password unless HIWATER.MRK overrides. When this option is set to No (disabled) and no smart host password is configured for use then nothing special happens. SECURITY NOTE: Enabling the ISPAUTHUsePasswords option will effectively communicate all your account's local mail passwords to the smart host over time. This is not a good idea since it provides sensitive information (enough to compromise mail security) to somebody else. Use only if re- quired to do so by a smart host you absolutely trust. This system is shipped disabled because no account will have a smart host password value available for use. o [6251] When installing in silent mode (using the /s option) the installer will no longer show a "you need to reboot" dialog box. Instead, if a reboot is needed, the installer will create \App\RebootNeeded.sem. It's up to you to do the needed rebooting in these cases. o [6225] Added an new UI tool to pick users, lists, catalogs, or mailing lists where appropriate and retired the older tool. This new UI element ties in at various places (such as a button to the right of UI elements that allow user selection). It will support multiple selection when appropriate. o If you are adding DNS-BL hits to the IP screen you'll need to set the following MDaemon.ini switch to continue to make that happen: [SpamBlocker] AddToIPScreen2=Yes (default No) This is not recommended as it amounts to a permanent caching of DNS-BL results. It is provided for backward compatibility only. o [3678] Added account option to cause automatic processing of meeting requests, changes, and cancellations. When MDaemon encounters a message for a local user that contains a meeting request it will update the users calendar automatically if this option is enabled. This option is disabled for all users by default. o [5834] Removed option to force a reverse-path when none is provided in an outbound message. This was preventing the proper sending of mail with a NULL reverse path. If this is a problem use the content filter to insert an X-Return-Path header. The MDaemon.ini setting [Special] ForceFrom= is no longer used. o [6089] Alt-N supports only the SpamHaus RBL. Therefore, default installs of MDaemon will be configured with only this RBL. Alt-N does not recom- mend other RBL services however you are free to use whatever services you wish. o RAW message processing will no longer append "Message contains [X] file attachments" to message bodies. If you want that, you can enable this MDaemon.ini setting: [Special] ShowRAWAttachmentCountString=Yes. o [5875] Added two new IMAP filter rule options: Redirect Message - re- directs incoming messages EXACTLY as they arrived - no changes to the headers or body are made. The only thing changed is the SMTP envelope re- cipient. Forward Message - forwards the incoming message to a new recip- ient by introducing a new message into the mail stream (with the Subject header and body content taken from the original message). o [5678] Added SyncML password to the account editor. You only need to specify a SyncML password if your account is setup for Dynamic Authentica- tion. However, you can specify a SyncML password at any time. If speci- fied, that is the password that you must use when your account interacts with MDaemon's SyncML server. o [6002] The Alt-N web site now includes pages to provide more details on how to configure SyncML clients for various platforms. The SyncML server UI page has changed to include links to these new pages. o [5955] The account editor UI has seen additional descriptive text changes including: 1) SyncML password edit box added to Mailbox tab 2) Smart Host password edit box added to Mailbox tab 3) Better wording to describe various options on Options tab 4) "Aliases" button moved to Options tab to make room for 1) and 2) 6) "IMAP Filter Rules" is now just "Filters" to be consistent with WorldClient/WA o Some changes to better support Vista: [5640] Popups will not occur from MDaemon running as a service in session zero under Vista. This was causing nag screens. [5638] Mutex and shared memory problems fixed which were causing a break down of inter-process communication and leading to several odd issues (like double WorldClient.exe and MDSpamD instances, re-initing sockets). Help file converted to Microsoft HTML Help (MDaemon.chm) for Vista compat- ibility. "What's This? Help" is still only supported in 2000/XP. o [5886] Updated AntiSpam system to include SpamAssassin 3.18. o [5832] Added option to spam filter to toggle sending a spam trap public folder summary email to the postmaster each day. o [5852] The option "Send to next MX host when an SMTP error occurs" has been removed from Setup|Primary Domain|DNS. MDaemon will always send to the next MX host as appropriate. o [5854] An option was added to Setup|Primary Domain|DNS which will bounce a message upon the first 5xx error returned from any MX host. When uncheck- ed, messages will not be immediately bounced as long as at least one MX returns a 4xx error. o [5653] The RBL caching system was removed. It's redundant since DNS al- ready does caching and was needlessly CPU/disk intensive. o [5580] A new switch was added to Misc Options|Servers. You can now indiv- idually enable message and SMTP parameter RFC compliance checking. o [5581] Authenticated sessions are always exempt from SMTP parameter and message RFC compliance checks. o [5525] Slight restructuring to the DNS-BL UI to make it more efficient. o [5467] Changed several references from "AntiVirus" to "AntiVirus/SecurityPlus" o [6014] A warning message will appear when enabling message relaying. o [5539] The option "Enable disk checking for waiting message counts" was renamed to "Update GUI with queued message counts" and moved from the Misc Options|Misc to the Misc Options|GUI tab. o [5336] By default, automatic attachment extraction will no longer extract text/plain attachment types. You can change this with a new switch on the Misc Options|Misc tab. o [5540] The option to relay for trusted IPs has been disabled by default. You can change this with a switch on the Security|Relay...|Relay Settings tab. o [5949] The following INI file keys are no longer used: [RAS] EncryptName and EncryptPassword (MDaemon.ini) [AUTH] EncryptDequeueLogon and EncryptDequeueSharedSecret (MDaemon.ini) [DomainPOP] EncryptName and EncryptPassword (DomainPOP.ini) The proper way to have MDaemon encrypt these values is to make the first character a dash "-" char. Also, the following keys were renamed for MDaemon 9.60: [AUTH] ISPAuthLogon -> [AUTH] ISPAuthUserName [AUTH] ISPAuthSharedSecret -> [AUTH] ISPAuthPassword [AUTH] DequeueSharedSecret -> [AUTH] DequeuePassword o [5542] By default, MDaemon will strip out X-MDOP-RefID headers from in- coming messages. These are headers generated by Outbreak Protection. If you'd like to retain these headers you can set the following switch in MDaemon.ini: [Special] StripOPRefIDHeaders=No (default Yes) o [4241] Added additional reminder times for WorldClient events. o [5612] * and ? chars will now be accepted in RCPT values. However, if you have accounts that use * and ? chars within the mailbox value be aware that aliases will not work properly for such accounts. You should not setup accounts with * and ? chars in mailbox values. o [5361] Details related to the meeting are now included in the subject of iCalendar invitations. This works around an issue where Exchange uses the RFC message subject and not the iCalendar summary field for the meetings description. o [5839] Added menu and toolbar button for editing SyncML server options. o [5465] User can specify default browser when ComAgent launches WorldClient. Edit the Comagent.ini file: [ComAgent] DefaultBrowser=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.exe -url "%1" o [6062] Route slips will honor the "Abort delivery on 5XX after RCPT" op- tion. Previously they used an MDaemon.ini setting called IgnoreRcptErrors. This has been deprecated. o [6004] Auto-responders will never be triggered by a spam messages regard- less of whether they are explicitly listed on the auto-responder exception UI or not. o [6005] MDaemon's internal resource string ids were changed in order to assist localization efforts and prevent errant string translations from causing software crashes and bugs. As a result, the "custom SMTP" and "custom POP" string systems for which support ceased a long time ago has now been completely deprecated. o [6013] Secondary domains can now be configured with a unique FQDN value. This value will be used with incoming SMTP connections. IP binding is not required in order for this to work. However, if you have two or more domains using the same unbound IP then the FQDN used will be the one associated with the domain that is first in alphabetical order. If each domain is bound to its own IP then the proper FQDN will be used in all cases. Also, this value will be used with outgoing SMTP sessions in the HELO/EHLO. When no FQDN value is specified, MDaemon will use the primary domain's FQDN value as a default. o [6016] The option to use the FQDN host name in SMTP when required and the option to use the same in "Received" headers were both removed from Setup| Primary Domain. The former options were eliminated completely from the software and the FQDN will always be used when required by RFC. The latter option still exists in the Misc. Options however it's default has been changed to TRUE. o [6025] Outbound socket IP binding has been changed. MDaemon will always bind outbound sockets if the domain has binding in place on inbound sockets and if the option to enable outbound IP binding is enabled. The IP used in this case is the one associated with the handling of inbound mail. If no IP can be determined then MDaemon can use a specific IP which you can configure by editing the following in MDaemon.ini: [Domain] OutboundSocketIP= All of this functionality requires that outbound socket binding be enabled via a new UI switch added to Misc Options|System. The following setting is no longer used: [Domain] BindToBoundDomains= o [6045] DK/DKIM processing will properly handle keys with CR, LF, and SP embedded within them. Some examples of keys that have been errantly white- space folded were encountered in the wild. o [6049] Uninstall will automatically invoke a deactivation of the software. o [2725] System log will note the queue status on startup (frozen/active). o [6113] Removed "Check for update now" option from all installers. Check- ing for updates from within the installer is no longer technically poss- ible for us. Update checks can only be safely performed using the MDaemon UI. o [6205] Changed list digests slightly. First, the format of the digest mail was simplified and is always sent with basic HTML codes inserted. The option to create HTML digests has been removed. The button to edit the digest format was also removed from the UI. MDaemon will always rebuild DIGEST.MBF every time it starts. So, DIGEST.MBF, like RFC822. MBF is now a reserved file and shouldn't be changed by end users. If you want to create a custom DIGEST.MBF file for use with certain lists you should copy DIGEST.MBF to another file name of your choice, make the changes you need using notepad, and then configure the list to use your new MBF file. o [6212] RFC822.mbf and DIGEST.mbf are important system files that can cause MDaemon to operate strangely if they are modified. These files are no longer eligible for modification. MDaemon will rebuild these files to system defaults at each startup. o [6193] MDaemon's service startup procedure has been internally changed. It is in a separate thread now which should keep the Windows SCM updated properly. Also, MDaemon will report its status as SERVICE_RUNNING when connections are ready to be serviced rather than when the main window is initialized as in previous versions. o [4146] Added an option to the Logging Mode UI which allows you to config- ure a log file path. The resulted in a slight reorganization of the con- trols on that UI tab. o [6142] MDaemon no longer sends auto-generated messages using "BadMsgQ@" as the Reply-to. MDaemon will use "Noreply@". Therefore, if you have an account using that mailbox it will no longer be able to receive mail. o [6143] Auto-generated emails sent from MDaemon which should not receive replies will be sent with a reply-to and reverse-path of "noreply@". Messages received for "noreply@" will be refused by the SMTP server. o [6120] It is no longer possible to use the envelope sender value to verify list membership. Doing so is an improper use of the envelope value result- ing in the breakage of systems like BATV. List related checks will be performed on the value of the FROM header after the message body is re- ceived. o [6123] ComAgent warning will popup on public folder synch when user lacks permission to modify the public address book. o [6214] Tarpit.dat was renamed DynamicScreen.dat. o [6131] The feature which automatically updates local address books with the email addresses of folks to whom mail is sent was broken. So was the DomainPOP "real name matching" feature. Both were using the return-path address rather than the address taken from the message's From: header. This has been fixed. o [6132] The feature which checks local address books to determine whether a message should be exempt from the spam filter was broken in two ways. First, a single address book match for a RCPT white listed the message for all RCPTs. For this reason, messages to multiple RCPTs will be handled by the MTA rather than the SMTP server. Second, the return-path address was the one being matched to the address books. This should be the ad- dress of the sender of the message as taken from first the Sender: header and failing that, the From: header. o [6135] Some changes were made regarding the logging of tarpit and dynamic screening activity. First, these items are no longer tracked into the OS event log. This was just bloating the even log greatly. Second, a new "Screening" sub-tab has been added to the Security tab. Tarpit and dy- namic screening events will track into this tab and log file rather than the System tab and log. o [6145] The "Machine name" parm has been removed. MDaemon already has an FQDN value which is supposed to uniquely identify the machine. MDaemon will now use the FQDN value everywhere that it previously used the Machine name value. o [6146] Auto-generated messages are sent with a FROM field which indicates the FQDN of the server who sent the message. Something like this: From: "MDaemon at c3po.altn.com" . o If CLEARQUOTACOUNTS.SEM contains * on a line by itself the entire file will be deleted thereby invalidating all cached quota counts. ----- FIXES ----- o [6079] fix to session transcripts no always included in NDR when should be o [6090] fix to CRLF in Comments and UserDefined fields breaking CSV export o [550] fix to list digest messages not handling HTML mail properly o [2874] fix to RAW & CF generated messages not working with list digests o [6021] fix to list digest processing leaving orphaned temp files o [6023] fix to list digest processing handling only multipart/alternative o [5526] fix to truncated ACL help button text o [5462] fix to missing strings for translation o [5532] fix to DNS-BL not refusing connections when it should o [5534] fix to orphaned RTE files in Bayesian learning folders o [5448] fix to restricted account default setting only working in English o [4777] fix to unsubscribe emails not available for localization o [5541] fix to bad email addresses sometimes written to OC user data file o [5252] fix to OC user data file not updated when domain names change o [5543] fix to RTE files orphaned by IMAP server o [5545] fix to RTE files orphaned by POP server o [4866] fix to SMTP not sending to backup server on error during session o [5136] fix to SMTP not sending to backup server on error after EHLO o [5508] fix to ComAgent right-click lockup problem under some conditions o [5509] fix to ComAgent crashes when Outlook synchronization occurs when server connection had been lost o [5573] fix to apply button not working on some spam filter UI tabs o [5559] fix to more "MDaemon Antivirus" in UI when should be "SecurityPlus" o [6133] fix to BATV pvrs encoded return-paths not playing nice with greylisting o [5583] workaround for HiPath ProCenter bug which caused it to strip email attachments from unread messages o [5418] fix to MD not being able to delete a domain's public folders when removing the domain o [5599] fix to ComAgent not using translated folder name for new email notification o [5844] fix to DomainPOP "Default" button (removed it) o [5604] fix to Apply button not working in Queues UI o [5680] fix to ComAgent Outlook sync not synching job title field o [5681] fix to ComAgent Outlook sync not synching title in full name field o [5707] fix to ComAgent Outlook sync not synching suffix in full name field o [5847] fix to handle leak when using the gateway's LDAP "test" button o [5855] fix to plugin menu options appearing in menubar in simple mode o [5792] fix to attachments not being removed when using the 'extract attachment to folder' action in content filter o [5872] fix to cf and virus .dat files being overwritten by the installers o [5868] fix to content filter rules not able to be modified on some systems o [5876] fix to improper use of Resent-From in auto-forwarded mails o [5879] fix to stack corruption in SafeFormatResourceString function o [5621] fix to unable to set ham/spam sample count below 200 in UI o [5651] fix to spam filter's DNS-BL score not enabling/disabling correctly o [5652] fix to account filters UI not enable/disable match text correctly o [5467] fix to UI references to "AntiVirus" -> "SecurityPlus/AntiVirus" o [5663] fix to summary stats report file formatted improperly o [5882] fix to summary stats report leaving orphaned files in temp folder o [5784] fix to DPOP/MPOP not working with UIDLs that start with # properly o [5795] fix to some public folder UI text not in resources for translating o [5619] fix to import process breaking down when missing a last name field o [5622] fix to smart host being used immediately after first MX connect failure rather than trying all MX hosts first o [5665] fix to schedules added/changed by config session not taking effect o [5945] fix to 502 rather than 252 response when VRFY/EXPN disabled o [5871] fix to SyncML: server should log if directory does not exist o [5505] fix to SyncML: the fact that the Outlook Connector deletes and re- creates an item when editing causes the SyncML server to do the same o [6006] fix to Host Screen not working with PTR result at times o [5993] fix to tarpit.dat not purging matches to notarpit.dat on startup o [6011] fix to 250 EHLO/HELO response not including FQDN value o [6036] fix to ComAgent strings, "Could not connect to the server! Please verify that the server information is correct.", not translated o [6063] fix to QUIT sometimes being sent at the wrong time during SMTP o [6064] fix to "Bounce message on first 5XX from an MX host" not working in all cases o [6081] fix ComAgent's un-translated strings o [6102] fix to WorldClient does not recognize invitations from GoToMeeting.com o [6105] fix to errant text on Help menu regarding Top 10 support questions o [6106] fix to errant text on Help menu regarding Top KB articles o [6107] fix to redundant Help options (there's just one HELP option now) o [5609] fix to the contact picker not selecting the right contact folder after refreshing data when the contact folder is refreshed in some foreign languages o [5904] fix to activation resets when installed on Vista o [5899] fix to $LOCALDOMAIN$ aliases showing in WC o [6140] fix to ComAgent auto-update not working o [5655] fix to New Folder dialog from IMAP Rules editor not decoding or encoding folder names o [6147] fix to IMAP rules possibly using value from the wrong header o [6156] fix to crash at shutdown if Spam Filter dialog is open o [6157] fix to incorrect title for some tabbed dialogs o [6161] fix to DKIM signatures not using the i= domain properly o [6174] fix to SPF "PTR" tests not working properly in some cases o [6166] fix to accepting MAIL parms with | char (MDaemon reserves this char) o [6115] fix to server freeze states not honored by config session on new install o [6177] fix to ISO-2022-KR messages are corrupted in WorldClient o [6183] fix to IMAP parse error with search arguments containing parentheses o [5963] fix to QuotaCounts.dat not being updated after pruning o [6213] fix to digest special editions being folded into digest proper o [4530] fix to SyncML: database path containing non-ASCII characters not found o [5885] fix to SyncML: recurring events not synchronized with TBird extension o [6051] fix to WC and some IMAP clients not properly decoding a message that has trailing whitespace in the Content-Transfer-Encoding header value. o [6297] fix to SMTP based scan scoring for VBR and OP results o [5495] fix to a message composed in WorldClient with an improperly formatted email address may not be sent to all recipients o [6232] fix AccountPrune not accepting foreign and accented characters for folder name parameter(/p) o [6243] fix to MDaemon's "Log full WC/HTTP/IM activity" setting having no effect on WorldClient's HTTP log o [6250] fix to auth'ed sessions accepting, and then bouncing, messages sent to unknown local users (should not accept message in the first place) o [6237] fix to auto-generated messages being sent even when triggering message specified a NULL reverse path o [6141] fix to installer backup not taking place before file conversion o [6257] fix to Korean message not displaying in WC LookOut theme o [6278] fix to DomainAdmin.ini file key may contain unnecessary commas o [6279] fix to switch inserting X-Lookup-Warning header not working o [6199] fix to DKIM options tab not using Apply button correctly o [6305] fix to cfengine.exe crash when using search and replace rule action -----------------------------------------------------------------------------