SecurityGateway for Email Servers v10.0 Release Notes

Developed with 20 years of proven email security expertise, SecurityGateway provides affordable email security. It protects against spam, viruses, phishing, spoofing, and other forms of malware that present an ongoing threat to the legitimate email communications of your business.

Click here to learn more about SecurityGateway for Email Servers

SecurityGateway 10.0.0c

FIXES

• (beta only) [27716] fix to when enabled IP Shielding is not allowing sessions from defined ip addresses

SecurityGateway 10.0.0b

FIXES

• (beta only) [27714] fix to crash when DKIM signing a message

SecurityGateway 10.0.0a

MAJOR NEW FEATURES

• [27462] Added the ability to create custom reports for the administrative dashboard.
• [25127] CPU and memory counters have been added to the administrative dashboard for the SecurityGateway, SpamAssassin, Ikarus AV, and ClamAV processes.
• [27148] "QRshing" Protection - SecurityGateway can detect and take action if a QR code image is attached to a message. QR Code Detection can be enabled and configured at Security | Anti-Abuse | QR Code Detection.
• [19951] Setup | System | Encryption | Select Certificate now includes a new option titled "Configure Let's Encrypt". This option allows you to automate a PowerShell script that downloads SSL certificates from Let's Encrypt. Let's Encrypt is a Certificate Authority that offers free certificates through an automated process. This process is designed to simplify the traditionally complex procedure of manual creation, validation, signing, installation, and renewal of certificates.

CHANGES AND NEW FEATURES

• [27073] A new option has been added (enabled by default): "Use the newest certificate automatically". When this option is enabled, the system will perform a check during its nightly maintenance process. For each active certificate, it will check if there's another certificate on the system that expires later, is for the same hostname, and includes all alternative hostnames. If such a certificate exists, the system will automatically make it the active certificate.  This feature is particularly useful when there's a scheduled task on the system that automatically updates the certificate, such as Let's Encrypt.
• [26409] A warning email is now sent to global administrators when an SSL certificate configured for use is about to expire.
• [27606] A Secure Message Recipient can use the "Forgot Password" link on the login page, even if they have not completed the setup process.  In this scenario, the account setup invitation message will be resent.
• [23357] Added a new log file that logs failed authentication attempts.
• [24248] Updated the default Security | Filtering | Attachments | Attachments to Block list for new installations. A new action link, "Block recommended files" allows these extensions to be applied to upgraded installations.
• [26593] The Location Screening option "SMTP connections are accepted but authentication is blocked" is now per country instead of global. Blocking SMTP connections prevents your server from receiving mail from a country. Allowing SMTP connections with authentication disabled lets your server receive mail from a country while blocking brute force / dictionary attacks from them. Configure this at Security | Anti-Abuse | Location Screening. Protocols other than SMTP are not affected
• [27665] Updated Acme-PS PowerShell module used by the Let's Encrypt PowerShell script to version 1.5.9
• [26924] ESMTP support for AUTH is not advertised if not allowed by location screening policy

FIXES

• [27556] fix to when upgrading the country is changed to "United States (US)" in Setup / Users | Registration | License Information
• [27201] fix to after restarting the system service all users are logged out of the web interface
• [26496] fix to self-signed certificates generated by SecurityGateway cannot be trusted by recent versions of Chrome and Android
• [14014] fix to deleting the last active SSL certificate and creating a new one disables SSL
• [27182] fix to Setup | System | Encryption unchecking the "Active" checkbox for an SSL certificate immediately deactivates the certificate
• [27660] fix to possible crash if external Firebird database server cannot be reached
• [27619] fix to IP addresses being looked up on Spamhaus DBL.  The Spamhaus DBL only supports querying domain names.
• [27620] fix to URIBL result codes matching pattern they should not match
• [27621] fix to URIBL engine is reversing numeric URIs even though they are not IP addresses
• [27622] fix to URIBL engine incorrectly parsing URIs that contain a port number
• [27594] fix to external administrator account is unable to configure two factor authenticator application due to "access denied" error
• [27501] fix to exceptionally large values in the "Maximum acceptable SMTP message size" setting result in a negative size attribute in the EHLO response
• [27613] fix to "ReadDataFilterHostProcess failed" error attempting to extract text from attachments
• [27561] fix to if the SPF DNS lookup result contains a CNAME record that points back to the queried domain, it could cause the thread to hang and consume excessive CPU time
• [19111] fix to Setup | Database | Restore the displayed size for database backup files larger than 2GB is incorrectly shown as a negative value
• [27492] fix to "May be forged" returned in EHLO response even if EHLO DNS lookup was not performed
• [27016] fix to no action is taken when the Account Hijack Detection threshold is reached. When this occurs, a database error "multiple rows in singleton select" is logged to the system log file.
• [27676] fix to access denied error when domain administrators access Security | Anti-spoofing and Security | Anti-abuse menus
• [27677] fix to potential SQL exception related to "violation of foreign key constraint".  This issue can occur when sending quarantine reports if a user is deleted during the report generation process.