MDaemon Server v17.5 Release Notes

MDaemon 17.5.1 - October 24, 2017

SPECIAL CONSIDERATIONS

[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.

[19710] The Dynamic Screening option to freeze accounts after a number of authentication failures is now off by default. It will be turned off when updating to version 17.5.1. If you want to turn it back on, go to Security | Dynamic Screening | Auth Failure Tracking.

CHANGES AND NEW FEATURES

FIXES

MDaemon 17.5.0 - September 26, 2017

SPECIAL CONSIDERATIONS

[18481] BlackBerry Enterprise Server (BES) for MDaemon is not compatible with MDaemon 17.5 or newer. There will not be a new version of BES for MDaemon that is compatible. MDaemon's installer will disable BES if it is detected. Uninstall BES to not be prompted about it. Screens about BES have been removed from the MDaemon UI.

[10327] Added quarantine exclusion lists to allow password-protected files from or to configured senders and recipients. At Security | AntiVirus, enable "Allow password-protected files in exclusion list..." and click the "Configure Exclusions" button. Note that as of SecurityPlus 5.1.0, the ClamAV Plugin may quarantine password-protected files before the main AV engine can scan them. An option is to disable the ClamAV Plugin.

MAJOR NEW FEATURES

[11481] LOCATION SCREENING

A geographically based blocking system has been developed which allows you to block incoming SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger connections being attempted from unauthorized regions of the world. A new screen has been added at Ctrl+S|Screening|Location Screening to configure this.

When the connecting IP is from a blocked country an entry can be logged in the Dyanmic Screening Log.

[18722] DYNAMIC SCREENING FOR ALL PROTOCOLS/SERVICES

MDaemon's dynamic screening has been expanded to operate with SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger. Authentication failures are tracked across all of these services and IPs can be blocked for all of them. Settings are in the UI at Security | Dynamic Screening. The log is on the Plug-ins | Dynamic Screen tab. WorldClient's separate Dynamic Screening system has been removed.

[5801] PIM ATTACHMENTS

PIM (calendar, contact, tasks, notes) items now support attachments.  Attachments may be added to a PIM item via WorldClient, Outlook Connector, or CalDAV/CardDAV.  When scheduling a meeting, any attachments will be sent to the meeting attendees.

LookOut and WorldClient themes - Implemented PIM attachments for Calendars. A new tab was added in the Calendar Edit view that allows users to add file attachments to an event/meeting. As long as a user has read access to an event, the attached files can be downloaded by the user. Only users with edit access can upload or remove attachments from a given event/meeting. Other themes will not be able to edit the attachments, but the attachments will not be lost when an event/meeting is edited.

[15733] PGP KEY-EXCHANGE DURING SMTP

A new checkbox on the MDPGP GUI enables/disables automatic transaction of public keys as part of the SMTP message delivery process. If enabled, MDaemon's SMTP server will honor an SMTP command called RKEY.

When sending an email to a server that supports RKEY MDaemon will offer to transmit the sender's then current and preferred public-key to the other host. That host will respond indicating that it either already has that key and thus no further work need be done ("250 2.7.0 Key already known") or that it needs that key in which case the key is immediately transferred in ASCII armored form right then and there ("354 Enter key, end with CRLF.CRLF") just like an email message. Keys that are expired or revoked are never transmitted. If MDaemon has multiple keys for the sender it will always offer up the key that is currently marked as preferred. If no key is preferred then the first one found is offered. If no valid keys are available then no work is done. Only public-keys that belong to local users are offered.

Public-key transfers take place as part of the SMTP mail session that delivers the message from the user. In order for the public-keys transmitted in this way to be accepted the public-key must arrive along with a message that has been DKIM signed by the domain of the key owner with the i= set to the address of the key owner which also must exactly match the From: header address of which there can be only one. The "key owner" is taken from within the key itself. Also, the message must arrive from a host in the sender's SPF path. Finally, the key owner (or his entire domain via use of wildcards) must be authorized for RKEY by adding an appropriate entry to the MDPGP rules file (instructions are in the rules file for this) indicating that the domain can be trusted for key exchange. All this checking is done automatically for you but you must have DKIM and SPF verification enabled or no work can be done.

The MDPGP log will show the results and details of all keys imported or deleted and the SMTP session log will also track this activity. When it works right your SMTP session logs will show details of key transactions and the MDPGP log file will fill with details.

This process tracks the deletion of existing keys and the selection of new preferred keys and updates all participating servers it sends mail to when these things change.

CHANGES AND NEW FEATURES

FIXES

MDaemon is a registered trademark of Alt-N Technologies, Ltd.
Copyright ©1996-2017 Alt-N Technologies, Ltd.