Notes de mise à jour de SecurityGateway for Email Servers v12.0

SecurityGateway 12.5.0a

CONSIDÉRATIONS SPÉCIALES

• [29217] The default Host Screening blocklist now includes domain.

  Many spam bots send EHLO domain instead of a real hostname. This new default helps stop those connections earlier in the SMTP conversation. It is added automatically on new installations and during upgrades.

NOUVELLES FONCTIONNALITÉS MAJEURES

• [29180] Refreshed and modernized web interface

  The web interface has been updated with a cleaner layout, improved visual hierarchy, and a more polished overall look. The default light and dark themes have both been refreshed. Mobile browsers are better supported, particularly on the dashboard page. A new classic theme is available for users who prefer an experience closer to earlier versions.

• [29042] New REST API for automation and integration

  SecurityGateway now includes a standard, OpenAPI-described REST/JSON API that makes it easier to automate administration and connect the product to provisioning systems, identity platforms, and custom workflows.

  Manage core objects: The API supports users, domains, domain aliases, administrators, API keys, server/domain/user settings, allowlists, blocklists, mail servers, verification sources, DKIM selectors, archive stores, Sieve content-filter scripts, IP Shield entries, Dynamic Screening entries, and webhook subscriptions, plus read-only performance counters.

  Secure access with API keys: Administrators can create API keys from Settings > API Keys.

  Built-in documentation: machine readable OpenAPI documentation is available via the web server at /api/v1/openapi and can be imported directly into tools such as Postman. Generated HTML documentation is available on disk at /docs/api/api_openapi.htm or via the web server at /api_openapi.html.

  Compatibility note: The existing XML-RPC API remains available, but new automation should use the REST API. This is an initial release; more endpoints and capabilities will be added in future versions.

• [28787] Feature permissions for domain administrators

  Global administrators can now control which product areas each domain administrator may manage. Permissions are configured per administrator from the administrator edit dialog. A new Default Domain Administrator Permissions page (Setup > Administrators > Default Administrator Permissions) defines starting permissions for new domain admins and can apply those defaults to existing admins in bulk. Defaults can be overridden per domain.

  Read-only access: Domain admins without permission to manage a feature area retain read-only access to it for their domains. Archiving and RMail™ are the exception. Rather than dropping to read-only, their pages are hidden entirely from domain administrators who lack permission to manage them. This preserves their behavior prior to 12.5 and lets providers who don't offer these features keep them out of view for their domain admins.

  Delegation: The "Domain Admins (Delegation)" permission controls whether a domain administrator can create or manage other administrators for their domains. A domain admin cannot grant a permission they do not themselves hold.

  Upgrade behavior: All feature areas available to domain administrators prior to this version remain enabled by default for existing domain admins after upgrading.

• [29266] Dynamic Screening enhancements for authentication failure tracking

  Dynamic Screening has been extended with additional controls for how failed authentication attempts are tracked and blocked. Configure under Security > Anti-Abuse > Dynamic Screening.

  Flexible timing: Block durations and tracking windows can now be set in minutes, hours, or days.

  Escalating block duration: A repeat-offense multiplier can extend block duration on subsequent violations without changing the base rule.

  Subnet-level blocking: Optional CIDR aggregation blocks a wider network range when attacks originate from many nearby IP addresses.

  Duplicate failure suppression: Failures that repeat the same password can be excluded from the failure count, reducing unnecessary blocking from cached credentials while still counting distinct failures.

• [26290] Google Workspace API supported as user verification source

  Domains using Google Workspace can now verify local users through the Google Workspace API instead of SMTP callbacks. The integration resolves aliases and uses a Google Cloud service account and OAuth 2.0. Configure under Setup > Verification Sources.

• [1710] Attachment filtering by content type

  Attachment Filtering rules can now match on detected file type in addition to, or instead of, file extension. Configure under Security > Filtering > Attachments.

• [29394] Attachment Disguise Protection

  SecurityGateway can now detect attachments whose actual file type does not match their file extension (for example, an executable renamed to .pdf). Mismatched attachments can be refused, quarantined, or accepted, with optional subject tagging and score adjustment. Configure under Security > Filtering > Attachment Disguise.

CHANGEMENTS ET NOUVELLES FONCTIONNALITÉS

• [29406] Added optional DNS-based domain ownership verification. When the new Require domain ownership verification setting is enabled Setup > Server > Domain Settings, off by default, newly created domains enter a pending state and do not accept mail until the owner publishes a TXT record at _sgverify.<domain> with the token shown on the domain edit page. Verification runs on demand from the domain edit page or POST /api/v1/domains/{id}/verify, and hourly in the background. A new domain.verified webhook event fires on success. Global administrators can skip verification per-domain when creating a domain.
• [29208] New installations now enable SSL/TLS and HTTPS by default with an auto-generated self-signed certificate. Replace it with a trusted certificate for production use.
• [29156] Updated OpenSSL from 1.0.2o to 3.x for stronger security and modern cryptographic support.
• [29504] Domain administrators can now self-serve Domain Mail Servers and User Verification Sources for the domains they manage. New permissions Can Manage Domain Mail Servers and Can Manage Verification Sources let global admins delegate these areas without granting full control. Delegated admins can create, edit, delete, and assign mail servers or verification sources to their own domains; resources shared with a domain they don't administer are visible as read-only and Test still works. A new Created By column shows resource origin. Test runs asynchronously and shows the SMTP transcript in the dialog.
• [29380] Ajout des commandes SGDBTool pour la récupération après verrouillage : sethttpport (changer le port HTTP), disablehttpsredirect (désactiver la redirection HTTPS), disabletfa (désactiver l'authentification à deux facteurs pour un utilisateur) et disablerequiretfa (désactiver l'exigence de TFA globalement ou par domaine).
• [29292] SGDBTool createadmin and resetadmin no longer hard-code the administrator name and password. The email address and password may now be specified on the command line, or entered interactively when omitted.
• [29245] Added PROXY protocol support (v1 and v2) so SecurityGateway can run behind HAProxy and similar load balancers while still receiving the original client IP address and SNI hostname. Configure under Setup > System > PROXY Protocol.
• [27530] Added SNI-based domain identification for SMTP connections so the correct domain can be identified earlier in the session and its SMTP hostname can be used immediately after STARTTLS. See also [27489].
• [27489] Domain SMTP hostnames can now be configured without requiring IP binding. Hostname fields are now grouped under a Hostnames section on the domain properties tab.
• [23581] Added DNSSEC support for outbound SMTP delivery. When DNS validation is available, DNSSEC-signed domains can satisfy REQUIRETLS without needing MTA-STS.
• [28327] SMTP now rejects MAIL FROM and RCPT TO addresses longer than 254 characters instead of silently truncating them.
• [29171] Added an option to limit the size of messages attached to delivery failure notifications. If the original message is too large, only headers are attached.
• [23803] Archived messages can now still be viewed from Message Log after routine maintenance purges the message body from the primary database. This applies to messages archived from this version forward.
• [26248] Les paramètres du rapport de quarantaine administrative peuvent désormais être personnalisés pour chaque domaine. La nouvelle page de configuration de la quarantaine administrative prend en charge les dérogations indépendantes par domaine.
• [29202] Quarantine report links now take users to the correct page after login. "View All Quarantined Messages" opens quarantine, and "Manage Preferences" opens quarantine options.
• [29547] Improved bad archive queue notifications by showing the web interface path Archiving > Failed Messages, and linking directly to that view after login.
• [4576] User allowlist and blocklist pages now show when each entry was added, support column sorting, and can automatically purge entries created by outbound auto-exempt after a configurable retention period. New installations enable a 90-day default. The combined Blocklist/Allowlist Configuration page has been split into separate pages; allowlist auto-purge settings now live under Security > Allowlists > Configuration, with per-domain overrides correctly honored.
• [15630] Content Filter and DLP transcripts now show which address or envelope condition matched, making rule troubleshooting easier.
• [17768] Upgraded the content-filter regex engine from PCRE 8 to PCRE2 with JIT compilation and a compiled-pattern cache, reducing CPU use for regex-heavy Content Filter and DLP rules.
• [4664] Added audit logging for bulk domain and account imports, including summary results in the system log and individual change-log entries for imported users and domains.
• [16159] Added a Notes field to domain properties for documenting domain-specific information in the web UI, REST API, and XML-RPC API.
• [29373] Added a global default theme with per-domain override so administrators can choose the default UI theme for users. The login page also follows this setting unless a user has already chosen a personal theme.
• [29544] Improved the non-admin My Account navigation by hiding the redundant single-item Main top-level menu and renaming the account landing tab to Overview.
• [29461] Updated the bundled Firebird database engine to version 5.0.4.
• [28933] Updated SpamAssassin from 4.0.1 to 4.0.2.
• [29343] Correctif pour LetsEncrypt insérant des espaces supplémentaires dans l'empreinte numérique, provoquant l'échec de la comparaison
• [29338] LetsEncrypt: Updated the script to support multiple nodes in a cluster. This requires Windows Remote Management.
• [29345] LetsEncrypt: The script now ignores certificate errors by default.

CORRECTIFS

• [28528] Fixed relayed messages (non-local sender and non-local recipient) being shown as Inbound in the message log. They are now classified as Outbound, while inbound mail rejected before RCPT keeps its Inbound classification.
• [17477] Fixed the Stop Delivery action for queued messages taking effect immediately with no confirmation prompt. Users are now asked to confirm before delivery is stopped.
• [29468] Improved performance when stopping delivery for a large remote queue. SecurityGateway now marks and removes affected queued messages in bulk, reducing cleanup time and database load.
• [29451] Fixed messages for invalid local recipients being accepted and queued for outbound relay when an external Firebird database became temporarily unreachable during an SMTP session. The server now replies with a 421 temporary failure instead of treating the recipient as external.
• [29430] Correction du problème où SMTP EmergencyCutoff laissait des messages partiels et des fichiers de verrouillage dans la file d'attente entrante lorsqu'un transfert DATA était interrompu, ce qui pouvait entraîner le déplacement de ces fichiers vers Crashdumps\InboundQueue lors du redémarrage du service.
• [26771] Fixed SMTP/HTTP binding problems with compressed IPv6 notation and with mixed IPv4 and link-local IPv6 bindings.
• [29229] Fixed RCPT TO incorrectly accepting multiple comma-separated addresses instead of returning a syntax error.
• [28854] Fixed MAIL lookup checking only the domain's A record instead of also checking MX host IP addresses.
• [28536] Fixed BATV tags not being removed from the sender address in Message Log when a message was rejected for an invalid recipient.
• [28582] Correctif pour les messages sortants rejetés qui n'apparaissent pas dans la liste des messages de l'expéditeur en raison de FROMUSERID non défini lors de l'enregistrement du rejet
• [29207] Fixed NDR messages showing only the last line of multi-line SMTP error responses.
• [26034] Fixed long UTF-8 headers being encoded as one oversized RFC 2047 encoded word instead of being folded correctly.
• [27245] Fixed quarantine reports, password resets, secure message notifications, and 2FA emails using the wrong hostname in links. A new per-domain Host Name setting now controls the hostname used for login links.
• [29125] Fixed users not being flagged for re-verification when a domain mail server rejected them and the re-verification timer option was disabled.
• [29529] Correction des transcriptions de vérification de renvoi d'appel SMTP qui n'apparaissaient pas dans le journal de session entrant. La conversation SMTP entre SecurityGateway et le serveur de messagerie distant lors de la vérification du destinataire est désormais incluse dans la transcription du journal.
• [29458] Correction des connexions de base de données mises en pool de longue durée qui ne se rétablissaient pas automatiquement lorsque SecurityGateway était temporairement incapable de communiquer avec une base de données Firebird externe.
• [29261] Fixed failed authentication attempts not causing IP to be blocked when connecting from IPv6 address.
• [29399] Fixed failed authentication logs showing ACCOUNT: @domain.com instead of ACCOUNT:none when the account does not exist.
• [29508] Fixed administrators being able to accidentally downgrade or disable their own account via the web UI or REST API, and disabled accounts' API keys remaining usable.
• [29591] Fixed domain administrators assigned to multiple domains seeing the wrong domain's address allowlist on the initial Allowlist page load.
• [28112] Fixed SMTP Authentication Required and Authentication Mismatch filters checking only valid local accounts instead of all local domains, which could reveal valid mailbox names through different SMTP responses.
• [28455] Fixed external administrators receiving "Access Denied" when setting up two-factor authentication for the first time with the 2FA requirement enabled.
• [29050] Correctif concernant l'expiration de session déconnectant les utilisateurs même lorsque l'option "Se souvenir de moi" est activée. Les utilisateurs disposant de cookies de rappel valides seront désormais automatiquement ré-authentifiés lorsque leur session expire.
• [25947] Fixed an external administrator being created with the same email address as an existing secure recipient, preventing the administrator from signing in with admin privileges.
• [21821] Fixed Location Screening not blocking connections when MaxMind geolocation returns only a continent (e.g., "Europe") with no specific country code.
• [21926] Fixed duplicate IP entries in Dynamic Screening when block occurs due to concurrent SMTP sessions.
• [27721] Fixed IP Shielding DATA event rejection error displaying the SMTP envelope sender instead of the From header domain.
• [29518] Fixed Passwordless Sign-In and Device Authentication credential registration failing with "Something went wrong while trying to register your credentials".
• [28637] Fixed URIBL spam score being incorrectly added to recipients who have spam filtering disabled in multi-recipient SMTP transactions.
• [28727] Fixed URIBL score being inflated when a message contains multiple subdomains of the same base domain (e.g., i1.example.com and i2.example.com both resolving to example.com). Now only one hit is counted per unique base domain, matching SpamAssassin behavior. URIBLs with "Do not trim domain names" enabled continue to count full hostnames separately.
• [29260] Correctif pour URIBL qui interrogeait incorrectement des noms à étiquette unique contre les listes de blocage URI lorsque la journalisation de débogage URIBL est désactivée
• [29226] Fixed SpamAssassin scores being incorrectly applied to recipients who have spam filtering disabled in multi-recipient SMTP transactions.
• [29414] Fixed Bayesian classification being enabled in the UI but disabled in SpamAssassin's local.cf on clean installs, which caused sa-learn to fail.
• [17011] Fixed SPF recursive lookup errors (e.g., "too many lookup terms" or "more than 10 loops") not being logged when SPF evaluation exceeds RFC 7208 limits.
• [8610] Fixed SPF evaluation returning a result based on the first v=spf1 TXT record found when a domain publishes multiple SPF records. Per RFC 7208 Section 4.5, multiple SPF records now correctly return PermError.
• [24488] Fixed DMARC aggregate reports having duplicate rows when there are multiple envelope from addresses with the same domain.
• [28566] Fixed DMARC verification ignoring exclusion settings such as domain mail servers and authenticated senders because the wrong configuration section was being read.
• [26072] Fixed DMARC tests running unnecessarily on messages collected through Remote POP when the sender IP address was not known.
• [27237] Fixed PTR lookup test only logging the first time it is executed in an SMTP session. Session logs now include whether a PTR record was found and whether it matched the client IP when later scripts reuse cached PTR lookup results.
• [29471] Fixed HELO lookup test only logging the first time it is executed in an SMTP session. Session logs now include the cached HELO lookup result when later scripts reuse it, including when the Reverse Lookups forged-identification rule disconnects the session.
• [29413] Fixed sgdbtool importselector reporting success but the imported DKIM selector not appearing in the web interface because the selector's usage type was not being set when the row was inserted.
• [14008] Fixed multi-recipient messages having attachments stripped when one recipient matched a Content Filter discard rule.
• [26150] Fixed user-created Sieve scripts not respecting script order configured in the web interface.
• [26690] Fixed Sieve body :content behaving identically to :text — applying text extraction and HTML-to-plaintext conversion instead of matching the decoded body of the selected MIME parts, contrary to RFC 5173. :content now matches the decoded body without text extraction or HTML-to-plaintext conversion. Rules that relied on the old behavior should switch to :text; rules that need to match raw source (for example, to detect <script> redirects in HTML attachments) will now work with :content.
• [29365] Fixed Sieve greylist actions set during pre-RCPT phases (AUTH, IP, HELO, MAIL) not being carried into the RCPT phase.
• [29437] Fixed DLP "contains the word(s)" conditions reopening with empty quotes in the rule editor even though the saved words were still present in the rule.
• [29442] Fixed Sieve :proximity allof() constraints being silently dropped when the first test was a regex or glob term, which could cause some content-filter rules to fire outside the configured character window. Logging now also distinguishes proximity anchor matches from matches that satisfy the proximity window.
• [29488] Fixed Sieve body :text :contains not matching messages that have no Content-Type header (bare RFC 2822 plaintext). Chilkat returns an empty content-type for such messages; the filter now treats an absent content-type as text/plain per RFC 2822.
• [29410] Fixed Display Name Protection flagging a protected user as not authorized when sending from their own local account or one of its aliases. The verified MAIL FROM identity is now used to suppress the false positive; messages whose only match is in the From header continue to be flagged.
• [26659] Fixed domain-specific greylisting not excluding messages sent from domain mail servers.
• [28849] Fixed greylisting being incorrectly triggered when sending mail from a local domain with greylisting enabled to a local domain with greylisting disabled.
• [27811] Fixed Ikarus returning a "could not be scanned" status for documents containing macros, which caused messages to be quarantined instead of applying the configured virus action.
• [11048] Fixed allowlist and blocklist not matching senders whose email address contains a Backscatter Protection (BATV) code.
• [28825] Fixed IP blocklist/allowlist search not finding entries with CIDR notation.
• [29133] Fixed duplicate entries in block/allow lists not showing a warning message.
• [29335] Correctif pour les exportations de listes d'autorisation et de blocage ne contenant que les en-têtes de colonnes sans données
• [29390] Correctif pour le bouton Retour qui ne fonctionnait pas après avoir cliqué sur Actualiser dans le visualiseur de journal de mise à jour de l'Anti-Virus — chaque actualisation ajoutait une entrée en double dans l'historique du navigateur
• [28364] Fixed page title bar not displaying domain name and navigation context at desktop screen widths.
• [29264] Fixed landing page links not highlighting the correct navigation menu item due to typos and missing submenu values.
• [29368] Fixed the tertiary navigation menu disappearing from Secure Messaging after clicking Save.
• [28605] Correctif pour le problème de non-sélection du message lors de la navigation en arrière après avoir suivi un hyperlien dans la transcription du message qui mène à une vue en liste
• [3331] Fixed domain changes (add/edit/delete) made outside of the current session not being reflected in the web interface.
• [29297] Fixed the Search Settings close icon (red X) wrapping to a new line instead of staying inline with the search field.
• [1310] Fixed Message Log "Result" and "Reason" columns not sorting correctly when clicking the column header.
• [27313] Fixed folded RFC 2047 encoded subjects being truncated in Message Log. Message Log subjects are still limited to 256 UTF-8 chars.
• [29298] Fixed Message Log not showing the admin email address when an administrator released a message from the user quarantine queue.
• [28719] Fixed quarantined messages being redeliverable from the All Messages log, and the redeliver action not displaying a success/failure summary. Quarantined messages are now skipped with a message indicating they must be released from quarantine first.
• [24702] Fixed users being able to open, download, or redeliver quarantined messages from their message log when they were not allowed to access quarantine.
• [28123] Fixed clicking slightly off a checkbox in list views (quarantine, message log, etc.) deselecting all previously selected items.
• [28082] Fixed "Search My Message Archive" menu item being visible to users when archiving is not enabled for their domain.
• [29064] Fixed slow personal message archive search when filtering by date range.
• [29450] Fixed the Domains and Users list not sorting when clicking the Name or Users column header; the list was reversed instead of sorted.
• [1296] Fixed import button being enabled before a file is selected in import dialogs (whitelist, domain, user, terms, selector).
• [24656] Fixed quarantine configuration schedule day names not being translated for non-English languages.
• [27722] Fixed "Save and Close" button not being enabled when pasting text into IP Shield, Sieve script, content filter, disclaimer, and outbound footer editor fields.
• [28684] Correctif pour les administrateurs globaux incapables de voir le menu déroulant des domaines ou la liste des serveurs de messagerie lors de l'ajout de nouveaux utilisateurs si la description d'un serveur de messagerie contient un caractère de guillemet double
• [29342] Fixed the My Account change-password dialog not sending the user ID to the server, causing silent failure.
• [29310] Fixed the DKIM signing DNS configuration dialog not explaining the %DOMAIN% placeholder when viewing a shared selector. Also added a Copy DNS Record button and clearer guidance.
• [29346] Correction des inexactitudes de traduction en russe : le menu déroulant de la liste d'autorisation affichait le texte "liste de blocage", le domaine de l'expéditeur de la liste d'autorisation comportait une faute de frappe, et les étiquettes des boutons Afficher/Masquer la recherche étaient inversées.
• [29369] Fixed the AI Classification prompt editor showing {categorization_labels} instead of {classification_labels} in the variable list and example prompt.
• [29364] Fixed the QR Code Detection page missing the descriptive text shown on other Anti-Abuse pages.
• [29396] Fixed Settings Search not returning ARC verification settings from the DMARC verification page.
• [29167] Fixed local AI models (e.g., Ollama) incorrectly requiring API key to fetch model list.
• [29553] Fixed clicking "New" on the Admins tab of the Domain Properties dialog throwing an "Illegal qualified name character" XML parse error.
• [29579] Fixed clicking "Save and Close" on the Trusted ARC Sealers dialog throwing a JavaScript error and silently losing changes.
• [29216] Fixed SecurityGateway service failing to start on Windows Server 2012 and older Windows Server 2016 builds due to unsupported Windows APIs (GetThreadDescription/SetThreadDescription).
• [29228] Fixed service failing to start when the database version is newer than the executable version, allowing version downgrades and rolling cluster upgrades.
• [29316] Correctif pour éviter un plantage lors du traitement du rapport de quarantaine lorsque la base de données externe est inaccessible
• [28670] Correctif pour Configuration / Utilisateurs | Système | Répertoires – Impossible de spécifier un répertoire de sauvegarde de la base de données qui ne peut pas être créé localement. Cela peut être nécessaire lors de l'utilisation d'une base de données Firebird externe.
• [29485] Fixed configuration database backup failing with an IBPP::WrongType "BOOLEAN and int16_t" error on systems with AI Classification prompts configured.
• [29185] Fixed inaccurate system CPU usage reporting on dashboard.
• [29545] Fixed message archiving failing with "this IndexWriter is closed" errors until the service was restarted.
• [29549] Fixed the archive retry queue repeatedly retrying messages whose control files could not be read. Such messages now move to the bad archive queue for administrator review, and the Bad Archive Queue UI falls back to reading the message file's headers so the From, Recipient, and Subject columns are populated even when the control file is unreadable.
• [29347] Fixed LetsEncrypt not correctly detecting the redirect to HTTPS.