------------------------------------------------------------------------------------------- SecurityGateway for Exchange/SMTP v2.0 Release Notes ------------------------------------------------------------------------------------------- ----------------------------------------- SecurityGateway 2.0.1 - November 17, 2009 ----------------------------------------- FIXES [4427] fix to domain administrator scheduled statistics report contains statistics for all domains [4467] fix to incorrect disclaimer may be applied when there are multiple RCPTs in the SMTP session [4511] fix to report drill down results for a specific email address may return messages for multiple addresses. The SQL query is returning all records that "contain" the address, it needs to return all records that "match" the address. [4527] fix to URIBL is not excluded when the "Do not perform anti-spam tests..." option is enabled for the recipient [4531] fix to message log "Subject Starts With" search condition returns no results if the subject starts with a capital letter [4574] fix to custom_quarantine_report.xsl template file is not used [4623] fix to sorting message list by subject is case sensitive [4632] fix to SPF "ptr" mechanism is not correctly processed. In order to pass a valid PTR hostname must exactly match the domain. The SPF spec states that the hostname only needs to end with the domain. [4661] fix to scheduled database backup may not run as scheduled [4683] fix to messages collected via POP3 may be mistakenly routed to "bad" queue [4703] Installer: The external administrator email address field does not scroll to allow additional characters --------------------------------------- SecurityGateway 2.0.1 - August 25, 2009 --------------------------------------- CHANGES AND ADDITIONAL NEW FEATURES [4436] To reduce the size of the database, the admin may choose to not log certain types of messages to the database. These items will not appear in the message log and will not be included in report statistics. However, all messages will be logged to the appropriate log file (e.g. Inbound.log). FIXES [4355] fix to dashboard for domain administrators, the "Total Bandwidth Used by Email", "Good vs. Junk Messages", and "Junk Email Breakdown" graphs show global statistics [4451] fix to greater than and less than characters in session transcript need to be escaped for NDR messages -------------------------------------- SecurityGateway 2.0.0 - August 4, 2009 -------------------------------------- MAJOR NEW FEATURES [179] Scheduled Statistics Report: On a nightly or weekly basis, a statistics report can be sent to all global administrators, all domain administrators, or a manually defined list of email addresses. This report allows the filtering effectiveness and health of the server to be quickly ascertained. For domain administrators, the report will only contain statistics for the domain(s) which the administrator has administrative rights. [201] Disclaimers (Headers / Footers): Added the ability to add simple headers and footers to messages. One use of this is to add a "--- Message scanned by SecurityGateway for Exchange/SMTP ---" footer to all messages. This feature will be expanded in future versions. [1757] Extract text from attachments: Content filter rules and custom Sieve scripts can perform actions based upon the content of an attachment. The Sieve body test "text" tag automatically extracts text from several popular attachment formats. The iFilter interface is used to extract plain text from Microsoft Office and PDF documents. In order to search PDF documents, Adobe Acrobat Reader must be installed on the SecurityGateway server. Office 2007 documents require the 2007 Office System Converter: Microsoft Filter Pack to be installed. [3892] Dashboard for domain administrators. Only statistics for the domain(s) managed are displayed. [4082] Collect mail from a POP3 mailbox: This feature allows mail for a domain to be collected from a POP3 mailbox. It is modeled after MDaemon's DomainPOP functionality. For each POP3 mailbox you configure, mail will be collected and parsed among valid recipients at the domain you specify. [4060] Domain aliases: Aliases may be defined for a domain. All of the domain's users are assumed to be valid for each domain alias. This is useful if a domain has registered multiple domain names, e.g. altn.com, altn.us, altn.biz, etc. [4072] Define multiple search strings for a single content filter condition: The content filter is a graphical interface for building Sieve scripts. Multiple search strings may now be defined for a single condition. The user may specify if the condition must match any or all or the defined strings. This is useful for searching a message header or body against a list of keywords. [4254] Added the following statistics (charts) to the "My Account" page for local users. Only statistics for the user's account are displayed. Good vs. Junk Messages Junk Email Breakdown Inbound vs. Outbound Messages Top Spam Sources [4063] Improved heuristic rule update process: The heuristic rule update process now has the ability to pull updates from updates.spamassassin.org in addition to updates from Alt-N. The SGSpamD Configuration UI has a new checkbox which controls this capability. This will make sure your SpamAssassin rule-sets are always kept current. This functionality is enabled by default. CHANGES AND ADDITIONAL NEW FEATURES [1237] Added option to redeliver message(s) from the message log. This option requires that the content of the message has not been deleted from the database. [1711] Added a per user language option. System generated messages sent to the user will be translated to this language. A default value may be applied on a server and individual domain basis. [3204] Added the ability for SGDBTool.exe to create a global administrator. This is useful in cases where the global administrator account created during installation is not accessible. [3205] Added the ability for SGDBTool.exe to promote a user to a global administrator. [4062] Updated SpamAssassin (SGSpamD) to version 3.2.5. [4066] Updated ClamAV engine to version 0.95.1. [4128] Updated CommTouch Outbreak Protection engine to version 5.08.0002. [4131] Changed default log rotation for new installations to "Create a new set of log files each day". [4140] Add to message score content filter action [4167] A transient delivery failure notification is sent to the sender, if a message cannot be delivered after one hour. [4193] Verify users for a single domain. The "Verify Users" toolbar button on the User Verification Source list honors the domain chosen from the drop down list. [4194] Created additional indexes for "lists" table. This will improve the performance of white/black list lookups. [4221] Greylisting is now supported for Sieve scripts that run during the DATA event. While it is preferred to greylist at RCPT, before the message is transferred, conditional greylisting in response to the DATA command can be a useful tool. This may be an attractive alternative to quarantining mid scoring messages. With the flexibility of SIEVE, large messages can be excluded. [4241] NDRs are no longer sent to "noreply" addresses. [4256] Scale of "Total Bandwidth Used by Email" report is now automatically formatted. For example 140000KB is now displayed as 140MB. [4257] Added "Total" summary line for numerical reports [4323] Changed defaults for "Relay Control | SMTP MAIL address must exist..." to exclude domain mail servers and authenticated sessions by default. This only applies to new installations. [4326] Changed installer to make installing registered or trial version more clear. An email address and country are now required for trial installations. [4337] A different path/drive may be specified for the database file. This must be a path on the same computer, UNC paths are not supported. To configure the path, create a string value "DBPath" under the HKEY_LOCAL_MACHINE\SOFTWARE\Alt-N Technologies\SecurityGateway registry key. The path does not need to contain the name of the database file, i.e. E:\SG_Database FIXES [1732] fix to if SecurityGateway is installed to a different location, unable to load web interface after restoring configuration [3936] fix to when using Italian installation file, registration key is lost when upgrading [3937] fix to when using Italian installation file, uninstall shortcut created in same folder as installation file [3971] fix to new version available email may not be sent to global administrators [4029] fix to extra line breaks after saving Sieve script in MSIE [4044] fix to log entries truncated at 1024 characters [4046] fix to in specific circumstances duplicate domains may be created [4091] fix to refreshing log file returns view to first page [4092] fix to list view sort order is reset after going back, and then to next page [4130] fix to file may be orphaned in temp directory if socket times out when attempting to deliver a message [4132] fix to log archive .zip file may be created which contains zero files [4134] fix to OutbreakProtection is not enabled when expired ProtectionPlus is updated [4147] fix to if a user's nightly quarantine report is generated after 1:00AM, the user will not receive a quarantine report the next night [4171] fix to when viewing a message with an attachment, from the message log, the size of the attachment is not displayed [4172] fix to when viewing the source of a message from the message log, tab characters are not displayed correctly [4184] fix to multi-line message headers are not properly unfolded when viewing message from the message log [4185] fix to a user can white/black list their address [4218] fix to malformed DNS response may cause service to terminate [4219] fix to domain administrator cannot perform any action when viewing messages queued for delivery (access denied) [4222] fix to message submitted via SMTP to the spam Bayesian learning address routes to non-spam folder [4223] fix to message headers may be corrupted for messages submitted via SMTP to the Bayesian learning address [4243] fix to no error is logged to the session log if a message addressed to a Bayesian learning address is rejected because the session is not authenticated or from a domain mail server [4328] fix to dynamic SMTP Authentication does not pass full email address to user verification source [4330] fix to when using German installation file, uninstall shortcut link points to wrong location -------------------------------------- SecurityGateway 1.1.4 - March 24, 2009 -------------------------------------- CHANGES DKIM ADSP processing has been enabled by default for new installations and possibly for your installation as well. You should check Security | Anti-Spoofing | DKIM Verification to make sure ADSP processing is enabled. The state of the ADSP specification in IETF is firming up and it looks as if we're ready to start using this on a larger scale. ADSP allows you to reject or treat with suspicion messages which are missing a DKIM signature which should be present. You can configure what you want to happen using settings found at Security | Anti-Spoofing | DKIM Verification. [3738] Added a "Delete All Messages" link to the quarantine report [3739] Improved appearance and added "helpful text" to the quarantine report [3720] Exposed option to delete log archive .zip files older than X days [3721] Improved layout of logging maintenance options, added checkboxes to enable options ----------------------------------------- SecurityGateway 1.1.3 - February 17, 2009 ----------------------------------------- FIXES [3746] fix to if the language of the user's browser is not supported, the language selection dropdown defaults to German. The language selection dropdown should default to English in this scenario. [3654] fix to access denied returned when non administrator attempts to view message from quarantine or message log [3718] fix to malformed DomainKey signature causes unhandled exception [3719] fix to Top Spam Domains report is not displayed after upgrade from SG 1.0.0 to 1.1.3 [3757] fix to quarantine report email does not render properly with Outlook 2007 [3763] fix to :raw tag for sieve body test has no effect, only the body is searched not the entire RFC822 message [3774] fix to unable to view blacklist or whitelist, if an entry contains a JavaScript escape character SecurityGateway 1.1.3 - February 17, 2009 CHANGES [3426] Updated DomainKeys verifier to improve compliance with RFC 4870 [3435] Associated "Insert" and "Delete" keyboard keys with "New" and "Delete" toolbar buttons [3595] Local domains are now excluded from the "Top Spam Domains" report FIXES [1709] fix to domain administrator who has rights to multiple domains cannot view all messages in message log [3434] fix to in Microsoft Internet Explorer all list views contain a horizontal scroll bar [3438] fix to when running a beta, update checker does not detect that final release is available [3446] fix to incorrect string displayed when message transcript is not available [3452] fix to a specially crafted HTTP request causes process to terminate, a special thanks to Hamid Ebadi from Amirkabir University for reporting this [3524] fix to when user clicks on link in quarantine report, the branding image is not displayed on quarantine confirmation page [3594] fix to from header of system generated message which contains non-ascii characters is not properly encoded [3598] fix to no records returned when exporting (CSV) domain specific whitelist or blacklist [3609] fix to global administrator account may be deleted, if the user verification source returns that it is invalid [3632] fix to ActiveDirectory password verification only works if Window's domain name is the same as the mail domain --------------------- SecurityGateway 1.1.2 - January 20, 2009 --------------------- SPECIAL CONSIDERATIONS The DNSBL entry for zen.spamhaus.org and the URIBL entry for sbl.spamhaus.org have been disabled. These may be re-enabled, via the web interface, if you are eligible to use them, please refer to http://www.spamhaus.org/organization/dnsblusage.html. CHANGES [3119] Login link in quarantine report now populates the Email Address field of the login form [3363] Each DNSBL host may now be independently enabled/disabled [1612] A log entry has been added to indicate when a message does not contain a DomainKeys or DKIM signature FIXES [3330] fix to unable to start on Windows 2000, cannot find DnsFree entry point in Dnsapi.dll [3333] fix to NOD32 incorrectly reports securitygateway.exe as a virus [3358] fix to language selection on login page may not default to correct language [3361] fix to database query to determine if domain can have additional user counts negative cache entries [3365] fix to NDR from address does not contain domain name (noreply@@) [3366] fix to "Bayesian Auto Learning" SIEVE script is not loaded [3391] fix to Backscatter Protection option "Exclude messages from whitelisted IP addresses and hosts" excludes all messages not just those from whitelisted IP addresses or hosts [3412] fix to session log for message is truncated if multiple line response is returned from DomainKey lookup --------------------- SecurityGateway 1.1.1 - December 16, 2008 -------------------- CHANGES [3308] Updated ClamAV to version 0.94.2 [3174] Improved appearance of paging/status bar FIXES [1358] fix to SIEVE syntax checker needs to validate that "regex" is in the require statement if used in the script [1399] fix to for system messages use "noreply@" for return path, if a NULL return path is not required [1456] fix to quarantine view does not refresh after whitelisting message [1516] fix to bounces (NDR) may be addressed to BATV encoded address [1785] fix to SGDBTool.exe manifest file needs to request administrator access. This is necessary for Vista and Windows Server 2008. [1788] fix to whitelisted addresses are subject to SPF test [1798] fix to user verification source created by XML-RPC API is missing search filter [3137] fix to HTTPS requests are not logged to HTTP log when debug logging is enabled [3140] fix to AddUVSForDomain API method missing domain from UVS GUI page [3141] fix to AddUVSForDomain API method may cause SecurityGateway.exe process to crash [3154] fix to typo on software updates page [3165] fix to link in activation reminder/warning email message is missing href attribute [3169] fix to formating of quarantine report in SG 1.1.0 is difficult to read [3170] fix to create non-existent domains when calling CreateAlias and EditAlias methods [3189] fix to searching message log for subject with non-ASCII characters returns no results [3190] fix to unable to search message log after receiving message where MAIL FROM value contains non-ASCII character [3220] fix to user verification feature fails to display System log [3236] fix to message may be rejected due to "RFC Compliance" when it is in fact compliant [3237] fix to Ampersand in "Use Domain Keys & DKIM to verify senders" link should not be encoded [3244] fix to CBV "Try NULL from address first" option has no effect [3245] fix to SGDBTool.exe is unable to create configuration backup file [3270] fix to German text "für" is displayed as " für" in the From: header of system generated messages [3276] fix to administrator created during installation cannot login if user name or email address contains upper case letters [3286] fix to logging configuration option "Overwrite existing log files ..." is not saved --------------------- SecurityGateway 1.1.0 - November 4, 2008 --------------------- CHANGES [541] SecurityGateway for Exchange/SMTP now provides an XML-RPC API to manage domains, users, administrators, aliases, domain mail servers, and user verification sources. Using a standard XML-RPC client or library, customers can automate many tasks and integrate with their custom software applications. Complete documentation and examples may be found here or in the /docs/API subdirectory of the installation directory. [1475] Added automatic update checker. If enabled, each night at midnight, a check for software updates is performed. When an update is found, all global administrators are notified. The update can be downloaded and installed directly from the web interface. [1353] Added the ability to manually manage aliases on a per-user basis [1774] Added the ability to merge users. This is needed in instances where a user verification source mistakenly creates an alias as a user. [1669] Added the ability to define custom branding images on a per-domain basis [793] During installation, SMTP and HTTP ports are now validated to ensure that they are not in use by another application [1679] Added uninstall survey. The user is asked during uninstall if they wish to provide feedback. [1708] Updated ClamAV to version 0.94 [1113] Added option at end of installation, to specify if the system service should be started [1756] SecurityGateway will mask out IP address, PTR lookup results, and local machine when the IP is local or the IP is that of a domain mail server, or when the message comes in on an authenticated session. [1758] Updated FireBird database library to version 2.1.1 [1480] Exposed option to hide 'Forgot Password' link on login page [1784] Added the ability to list global administrators to sgdbtool.exe [1783] Added "Delete" link to quarantine summary email message [1742] Updated DKIM verifier to ADSP (was formerly called SSP) final draft which is now in working group last call within the IETF process and we believe soon will be published unaltered as a industry standard RFC document. The current document can be found here: http://www.ietf.org/internet-drafts/draft-ietf-dkim-ssp-06.txt If you have published an SSP (Sender Signing Practices) record in your DNS you should make note of the following. If you have not published an SSP record in your DNS then you can skip this section. In order to conform to the final draft for ADSP some changes are required. (a) First, the protocol name was changed from SSP (Sender Signing Practices) to ADSP (Author Domain Signing Practices). The term "SSP" was abandoned but the new ADSP is doing the same job. (b) Second, the location in DNS where your ADSP record must be placed has changed from _ssp.domainkey. to _adsp.domainkey.. The older _ssp.domainkey. entry in your DNS can be removed (or left in place as legacy for older software for a few months and then removed). (c) Third, the ADSP record syntax is different from the older SSP record syntax and so your ADSP record needs to be changed to one of the following (see the ADSP draft for complete information): dkim=unknown - The domain might sign some or all email dkim=all - All mail from the domain is signed dkim=discardable - All mail from the domain is signed and receivers are encouraged to discard unsigned mail SecurityGateway no longer supports the older SSP record syntax or location in DNS. Note that everything stated here applies to SSP or ADSP and NOT to DKIM key records. No changes are required or necessary to any DKIM key record. FIXES [1759] fix to when editing a content filter rule for a specific domain, the domain is reset to "global" [1764] fix to message with subject over 1000 characters causes process to terminate [1765] fix to unable to download backup file larger than 2GB from web interface [1766] fix to invalid response to SPF DNS lookup may cause process to terminate [968] fix to on restore page, text is truncated in list of backup files due to column sizes [1698] fix to SGDBTool.exe requires CRT runtime files, needs to be statically linked [1700] fix to incorrect port used in login links if host name option begins with https:// [1703] fix to possible DKIM exploit by inserting a FROM header [1705] fix to unable to sort domain list by user count [1706] fix to Outbreak Protection virus result = 3 is not flagged as a virus [1707] fix to installer may not terminate clamd.exe process [1712] fix to wrong domain name used in received header for outbound messages [1743] fix to help link displays "not found" if help file has not been translated. The English help file is now displayed. [1744] fix to BATV signature not removed from RCPT string when querying user verification source [1697] fix to local messages (to and from a local user) should not be BATV signed [1748] fix to BindDN and password needs to be optional for LDAP user verification sources [1718] fix to Active Directory user verification requires SG machine to be a member of the domain [1610] fix to aliases are not synchronized with user verification source [1600] fix to potential SQL error in system log, during database maintenance when deleting expired users [1773] fix to edit and delete buttons are always enabled for the list of URL Blacklist hosts [1780] fix to installer may not terminate SGSpamD and ClamD processes [1786] fix to crash occurs if a domain is deleted, while a member of that domain is logged in --------------------- SecurityGateway 1.0.5 - September 23, 2008 --------------------- CHANGES FIXES [1720] fix to crash occurs during database maintenance if more than 5000 transcripts will be deleted [1746] fix to crash may occur at startup if SMTP port is already in use [1747] fix to when delivering mail to a domain mail server, SMTP AUTH is performed before STARTTLS [1654] fix to after upgrade from 1.0.3 unable to activate due to invalid language code [1698] fix to SGDBTool.exe requires CRT runtime files, needs to be statically linked -------------------- SecurityGateway 1.0.4 - August 19, 2008 -------------------- CHANGES [1620] Added release dates to release notes [1622] Added ability for domain to not use default user verfication sources [1665] Improved performance of "Delete message transcripts every X days" data retention option [1667] Delivery Status Notifications link to http://www.altn.com/dsn/ [1653] Web interface URL is mirrored to registry FIXES [1619] fix to unable to save Logging Configuration, error "Form field [LogChildInfo] not found" [1614] fix to editing a content filter rule, with an alert action, adds an extra space to the end of the To, From, and Subject fields [1621] fix to worker thread list of SIEVE alerts is not cleared between sessions. This may result in erroneous alerts for future SMTP sessions. [1649] fix to CFV verification may query wrong host [1654] fix to unable to activate due to invalid language code [1657] fix to View Configuration does not display all settings [1652] fix to landing pages display links for which domain administrators have no access [1659] fix to unable to resolve domain name when bouncing a message [1661] fix to if a crash dump cannot be created, a 0 byte file is still created [1671] fix to domain specific greylisting interval is not honored [1663] fix to unable to save Outbreak Protection when using HTTPS [1658] fix to deleting a domain does not remove its records from the settings table [1673] fix to with FireFox 3.0 input control border disappears when mouse cursor hovers over [1674] fix to SMTP AUTH password verification via Active Directory fails [1675] fix to session is orphaned when main socket is closed during CFV or CBV operation [1676] fix to SpamAssassin score from previous session added when RCPT user has spam filtering disabled [1462] fix to Active Directory User Verification Source created by installer does not have search path [1680] fix to SG releases mail when blacklisting from user quarantine -------------------- SecurityGateway 1.0.3 - July 15, 2008 -------------------- CHANGES [1525] Updated ClamAV engine to version 0.93.1 [1524] Added the ability to send quarantine report every X hours [1454] Added negative search options for message log [1476] Added option to the web GUI to delete log files [1527] Added ability to set default value for "Disable Spam Filtering for My Account" user option [888] Added the ability to delete an IP address banned by Dynamic Screening [118] A memory dump file will be created when an unhandled exception occurs. A "CrashDump" directory, which will be automatically created under the root SecurityGateway directory. Up to five crash dump files will be retained in this directory. ALT-N's technical support team may request these files to assist in troubleshooting. [1551] Added exclusion options for Backscatter Protection. By default, messages from domain mail servers, authenticated sessions, white listed IP addresses, and white listed hosts will be excluded. Updated imag