MDaemon Server v23.5 Release Notes
MDaemon 23.5.1 - November 29, 2023
 Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: https://mdaemon.com/pages/mdaemon-email-msp.
CHANGES AND NEW FEATURES
-  Pro theme - Publish Schedule - Added optional location and comment fields that will be included in any event created through the schedule page.
-  Pro theme - Improved the organization of the Folder Actions page.
-  The WebAuthn feature on the 2FA page now automatically starts the authentication process when WebAuthn is the only option.
-  AV log will log attachment file names.
-  IMAP server excludes trusted IPs from virus scanning when option is enabled.
-  Turned off HTTPS for Outbreak Protection due to possible crashes.
-  fix to ActiveSync - Performance issues when servicing 4000+ clients
-  fix to AntiVirus - AV Updater screen shows 0 for IKARUS signature version
-  fix to ActiveSync and Autodiscover servers and MDPGP do not hide software version information by default
-  fix to possible crash in DynScrn.dll related to Location Screening
-  fix to WorldClient theme - When you right-click a contact and click Send vCard, the VCF file is not attached to the new message
-  fix to Webmail - Verification email has lines longer than some email servers will allow.
-  fix to MDRA - Enabling/Disabling Greylisting leaves the Save button greyed out
-  fix to Webmail - When publicly publishing your calendar, the hyperlink does not work
-  fix to Pro theme - Drafts are not auto saved if the user's most recent keystroke is a space
-  fix to Webmail - When viewing an MS Teams invitation, there are broken links found at the bottom of the message
-  fix to Pro theme - Category colors missing from the category selection page
-  fix to mailing list subscription reminder emails are missing a Message-ID header and are not DKIM signed
-  fix to incorrect text in message logged to Windows event log after AV or Spam Filter timeout
-  fix to MDRA - landing page links for Spam Filter | Blocked senders, Allowed senders are incorrect, and blocklist_from is being prepended with blacklist_from
-  fix to MDSpamD leaving temp folder after shutting down
-  fix to possible ClamAV/CFengine hang
-  fix to Content Filter copy user action places message in wrong queue
-  fix to Webmail - Two Factor Auth Setup on sign-in - Options are not displayed correctly
-  fix to Pro theme - Reminders are not saved correctly until the user changes the default reminder
-  fix to Pro theme - When replying to emails with large bodies the reply window is very slow
-  fix to Webmail - Setting up 2FA using an authenticator app is not working
-  fix to MDaemon may generate extra meeting invitations when it processes an invitation to the meeting organizer
-  fix to ActiveSync - Unable to re-schedule meeting when using WindowsOutlook15
-  fix to MDRA - Accounts created using deleted mailing lists addresses are still treated as mailing lists
-  fix to Pro theme - A blank window is displayed when clicking a mailto link
-  fix to Webmail - Filters - The OK button is barely visible when selecting a custom header
-  fix to MDRA - Learn Spam button in Spam Trap Queue menu does not work
-  fix to performance counter for ActiveSync server state is 0 until the MD GUI is opened
-  fix to accepting a meeting invitation in eM Client results in a duplicate event being added to the user's calendar
-  fix to Header Translation - When translating forwarded messages, the X-Return-Path and X-MDRedirect_From headers are unchanged
-  fix to Dynamic Screening - Unable to disable "Attempted AUTH on port with AUTH disabled" notifications
-  fix to MDaemon allows creation of mailing lists with accented characters
-  fix to Installer - possible "There was a problem encountered. This program will exit." popup when updating
-  fix to CalDAV - Tasks do not support attachments
-  fix to DSN messages disclose the MDaemon version when "Hide software version identification" is enabled
-  fix to ActiveSync - unable to open shared calendar folder until the folder owner has used ActiveSync
-  fix to possible crash in MDaemon.exe
-  fix to CardDAV - The contact "office" field is not synchronized
-  fix to CalDAV - Attendee properties in VTODO data uploaded via CalDAV are not persisted
-  fix to CalDAV - Location property in VTODO data uploaded via CalDAV is not persisted
-  fix to CardDAV - IM Address type is lost and IM addresses are duplicated when synchronized with eM Client
-  fix to CardDAV - Business/Home Website contact fields are not synchronized with eM Client
-  fix to CardDAV - Children contact field is not synchronized with eM Client
-  fix to ClamAV reporting "Heuristics.Limits.Exceeded.MaxFileSize" as infected instead of non-scan
-  fix to MDaemon GUI - Webmail Enable Password Recovery setting is not honored. Enable Password Recovery is now a domain level setting and enabled by default.
-  fix to duplicate reminders are created for a recurring event with multiple reminders
MDaemon 23.5.0 - September 26, 2023
CHANGES AND NEW FEATURES
-  Added a Public Schedule option, so that users can allow others to schedule a meeting.
-  Added support for WebAuthn (formerly FIDO U2F) as a passwordless authentication method or as a Two Factor Auth method.
 Pro theme - Added AI based functionality to summarize a message, suggest a reply, and improve an email being composed by the user.
This feature submits message data to openai.com, so please be cautious about the information you submit.
Webmail's AI message features are disabled by default for all domains. They can be enabled by checking "Enable AI message features" in
the MD GUI at Setup | Webmail & IM Services | Webmail | Settings and the Domain Manager's Webmail screen, or in MDRA at
Main | Webmail Settings | Settings and Main | Domain Manager | Webmail Settings.
Webmail's AI message features are disabled per user by default. You can enable them as part of a Group controlled by an Account Template or per user.
The Domain setting takes precedence over the user setting. If it is disabled on the Domain level, then enabling it on the Group or user level does nothing.
If the feature is disabled, the WCAPI will return a 404 Not Found error.
-  Made some visual updates to Pro theme.
-  Added a warning message on the login screen when the caps lock is turned on.
-  Updated CKEditor to v4.20.1.
-  Added an option in webmail to hide the "Help" link on the login page. Add HideLoginHelp=Yes to the MDaemon/WorldClient/Domains.ini [Default:Settings] or [%DOMAIN%:Settings] section to hide the link.
-  Separated Two Factor Auth email verification from authenticator app verification.
-  Password Recovery feature now sends an email without revealing to the user where the email was sent. Two Factor Auth occurs after clicking the recovery link in the email.
-  Pro theme - Added a dialog on the Compose view contact picker for adding a contact with three fields (Name, Email, Mobile Phone).
-  Changed how Webmail authenticates to MDaemon's SMTP server so the user's password is not needed.
-  Added an option to delete all attachments from a given message in the WorldClient and Pro themes.
-  Pro theme - Updated the Tiny Editor to not include the path information.
-  Pro theme - Reduced the size of the first letter/checkbox in the mail list for desktop sizes.
-  Pro theme - Added new Style options at Settings | Personalize.
-  Pro theme - Added a total new messages count, and current folder unread count badge for less than 992px browser widths.
 Webmail will now by default use STARTTLS when sending mail to MDaemon via SMTP. It can also be configured to use port 465
and implicit TLS. To change this, edit \MDaemon\WorldClient\Domains.ini and set [Default:Settings] SmtpPort, SmtpUseImplicitTLS,
SmtpUseStartTLS, and SmtpRequireTLS.
-  Webmail - Added an option to "Mark deleted messages as read" at Settings | Personalize.
-  Pro and WorldClient themes - Added a Description column to the Documents view.
-  Added an All Documents toggle button in the Documents view.
-  Changed the compose <P> replacement from <DIV> to <BR> + <DIV>.
-  Pro theme - Added support for multiple event reminders.
REMOTE ADMINISTRATION (MDRA)
-  Added editor GUIs for all direct edit files.
-  Added a button to hide any given chart in the Traffic and Mailboxes summary pages. Once hidden, charts can be displayed in the current user settings (top right) or by click the related button.
-  Added a warning message below the password field when the caps lock is turned on.
-  Made some modernizing updates to the list views.
-  Updated CKEditor to v4.20.1.
-  Added a "Delete All" button to the Mailing List Members page.
-  Added support for WebAuthn (formerly FIDO U2F) as a passwordless authentication method or as a Two Factor Auth method.
-  Added the ability to choose a folder to nest under in the public folder and shared folder editors.
-  Added a note that a user might show as a member of a mailing list due to membership in a Group.
-  Added the ability to view the email message as a user would see it in addition to being able to view the source in the Message Search and Queues. RAW messages are still only in text/plain.
-  Added links to the Queues on the Status page.
-  Added the ability to include multiple addresses on the public folder access control page, but only for New rights.
 Added a Health Check page at Security | Health Check, which allows global admins to see all the important security settings values and compare them with the default values.
Admins can also select multiple settings to change to the default value or click a link to go to the page where the setting is located.
In addition, admins can undo the most recent change made on the page, or view previous changes made during the current browser session and undo specific changes.
-  Updated ClamAV to 1.0.3.
-  Added HTTPS support for Outbreak Protection.
-  Updated SpamAssassin to 4.0.0.
-  Added MDaemon Connector management.
-  Added administrative user interface for the XMLAPI service.
-  Added SPF management.
-  Added Bandwidth Throttling management.
-  Added IPShield management.
-  Added Site Policy management.
-  Added DNSBL management.
-  Added Spam Honeypot management.
-  Added Hijack Detection management.
-  Added Recipient Block management.
-  Added Spambot Detection management.
-  Added SMTP Screen management.
-  Added Location Screen management.
-  Added IPScreen management.
-  Added HostScreen management.
-  Added Sender Block management.
-  Added 'Mark all as read' feature to 'FolderOperation'.
-  The FolderOperation 'list' action returns IMAP flags for mail folders.
-  Added API functions/methods to update an existing Dynamic Screening Allow/Block/Gateway list entry.
-  Added more detailed warnings and error messages to API clients.
-  Added option at Accounts | Account Settings | Other | Passwords for whether to delete an account's app passwords when the account's password is changed. It's enabled by default.
 Added Restrictions to the Account Templates. When an account is removed from a group with an account template
that controls restrictions, the account's restrictions revert to their previous values, or possibly to another group's
account template if the account is a member of multiple groups.
 The Location Screening option "SMTP connections are accepted but authentication is blocked" is now per country instead
of global. Blocking SMTP connections prevents your server from receiving mail from a country. Allowing SMTP connections with
authentication disabled lets your server receive mail from a country while blocking brute force / dictionary attacks from them.
Configure this at Security | Security Manager | Screening | Location Screening. Protocols other than SMTP are not affected.
-  MDaemon ignores CRYPT_E_NO_REVOCATION_CHECK errors when validating remote servers' SSL certificates.
-  Removed obsolete "Compose in new browser window" Webmail option from the UI.
-  Dynamic Screening - Added single record Get API functions for DS Block and Allow records: HrDSGetBlackItem and HrDSGetWhiteItem. See DynScrn.h for additional information.
-  Dynamic Screening - Added API functions/methods to update an existing Allow/Block/Gateway list entry. (ie. Change Expiration, Comment, etc.)
-  Dynamic Screening - Spam Honeypot trigger address is included in the comment when blocking an IP address.
-  ActiveSync - Logging for Dynamic Screening Access Denied now includes the reason (blocklist, location screening, policy violation).
-  LetsEncrypt - Added support for TLS 1.3.
-  fix to Webmail - SendCode link does not work on the Two Factor Auth verification page
-  fix to Webmail - Compose attach view reloads the folders
-  fix to Pro theme - "List refresh time" setting not being honored
-  fix to Pro theme - With Voice Recorder disabled, you can still access it using the Pro theme via HTTPS
-  fix to Pro theme - Use APOP displays as true in Mailboxes where it is false
-  fix to WorldClient theme - "Do not ask me again" option is missing the checkbox in confirmation popups
-  fix to Pro theme - Dropbox reconnect account statement appearing for all OAuth connections
-  fix to Pro theme - Unsubscribe by email opens a blank page
-  fix to MDRA - Unable to add IPv6 address with CIDR notation to Dynamic Screening Allow or Block lists
-  fix to MDRA - Unable to delete an account via Domain Manager
-  fix to Pro theme - Some non-ASCII characters are HTML encoded in Notes, Tasks, Contacts, and Event bodies
-  fix to Pro theme - Error when changing the text of the default signature when using a non-English language
-  fix to MDRA - Security | Content Filter | Compression, Unchecking used fixed archive name should disable the input field for the archive name
-  fix to MDRA - "Current password" not being translated
-  fix to Pro theme - Google Drive folders do not show up immediately after setup is completed
-  fix to Webmail vulnerability
-  fix to MDRA - Both Add Email Address and Replace Mismatched Email can be enabled when only one should be able to be selected
-  fix to Pro theme - Shared documents not allowing files to be downloaded
-  fix to Pro theme - Cannot edit an occurrence of a recurring event on small screen sizes
-  fix to Pro theme - Folders containing non-ASCII characters are not displayed correctly
-  fix to MDRA - Unable to see secondary drive when editing an account's mailbox path - it only displays the C: drive
-  fix to Pro theme - Weekly recurring event does not default to the day of the week for the date of the event
-  fix to MDaemon - Message is not sent to custom queue host name when a global smart host is set
-  fix to MDaemon - SPF verification exemption domain name not applied in SPF records with redirects
-  fix to MDRA - Unable to open file error after clicking "Edit Mailing List Admins" button
-  fix to MDRA - Enable mailing list subscriptions manager option re-enables after restart
-  fix to MDaemon - Failure to send outbound messages when sending restriction exception is used and To header exceeds 255 characters
-  fix to MDaemon - Minger lookup fails when address doesn't exist and is set as a public folder submission address
-  fix to MDaemon - Bandwidth throttling is not applied to LAN domains and IPs
-  fix to MDaemon - Requeing a message releases the message instead
-  fix to MDaemon - Domain and account signatures may be added to messages collected via DomainPOP and MultiPOP
-  fix to MDaemon - Messages released from quarantine are not processed by account IMAP filters
-  fix to MDRA - fusion charts are not showing up as dark when dark mode is enabled
-  fix to MDaemon Server - Success DSN not sent for messages that use a route slip
-  fix to MDRA - show password toggle and notification edit icons have poor contrast in Dark Mode
-  fix to MDaemon - wrong characters in messages such as autoresponders for Latvian and other languages, by changing the charset for auto generated messages from iso-8859-1 to utf-8
-  fix to Webmail - App Passwords list does not show up when 2FA is required, 2FA is enabled and the user uses 2FA Remember Me to sign-in
-  fix to Webmail - Cannot delete Notes from the note list in some themes
-  fix to process holding queue after each AV signature update not working with Ikarus AV
-  fix to WorldClient theme - recurring month interval input field is missing in the calendar editor
-  fix to MDRA - Wrong dialog shows up in Message Search view if user has been to the Account Manager recently
-  fix to MDRA - Clicking the type of search on the Messages and Queues landing page checks that type of search on the page
-  fix to LetsEncrypt not correctly processing requests with no alternate hosts
-  fix to SPF - Failure to match DNS record that contains macros when using IPv6
-  fix to ASLogView.exe - command line parameters not functioning as expected
-  fix to Cluster Service - Slow Primary shutdown
-  fix to Cluster Service - Slow Secondary shutdown
-  fix to XMLAPI - List Management operations do not enforce security
-  fix to XMLAPI - UpdateUser AutoResponder only updates if DaysActive is specified
-  fix to ActiveSync - Global/Domain Virtually Merge public contacts option does not work
-  fix to IKARUS AV sometimes fails to scan the first message when scanserver service starts
-  fix to message body search not finding Chinese text
-  fix to Pro theme - "Unable to evaluate: SESSIONID" error in Webmail logs
-  fix to WorldClient theme - When creating a task in a new Tasks folder and then changing the Complete value, duplicate entries are displayed in the list
-  fix to Webmail - With public contacts set as the default view, adding a contact from within a message stores the contact in the public contacts folder
-  fix to Webmail - When the UserOverrides:Theme is set to Pro then trying to access any other theme causes the page to reload over and over instead of sending the user to the Pro theme
-  fix to Webmail - Using the All Unread saved search, certain messages do not stay marked as read
-  fix to Pro theme - Adding event to second calendar in side-by-side view does not select the right calendar
-  fix to LookOut theme - Incorrect behavior occurs when checking/unchecking the "Complete" checkbox
-  fix to Webmail - Unable to create a new shared or public folder under a hidden folder
-  fix to MDRA - "Today Only" button does not work with a date format other than MM/DD/YYYY
-  fix to account settings not returning to New Accounts template settings when removed from a group using an account template
-  fix to Pro theme - Current calendar not selected when creating a new event
-  fix to Pro theme - Link in Signature or message body changed to relative path
-  fix to Pro theme - Selected signature not being used when composing
-  fix to possible crash in WorldClient.dll
-  fix to issues when logging in to Webmail without full email address when using Two Factor Auth
-  fix to Pro theme - clicking the expand button results in a duplicate of the top level message