MDaemon Release Notes

MDaemon Server v18.0 Release Notes

MDaemon 18.0.2 - June 12, 2018

SPECIAL CONSIDERATIONS

[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.

CHANGES AND NEW FEATURES

FIXES

MDaemon 18.0.1 - May 15, 2018

CHANGES AND NEW FEATURES

FIXES

MDaemon 18.0.0 - April 17, 2018

SPECIAL CONSIDERATIONS

[20008] Alt-N Technologies has changed its name to MDaemon Technologies. WorldClient is now MDaemon Webmail, WorldClient Instant Messenger is now MDaemon Instant Messenger, SecurityPlus is now MDaemon Antivirus, and Outlook Connector is now MDaemon Connector.

[19546] The MDaemon installer now includes MDaemon AntiVirus and MDaemon Connector, which are licensed separately.

[19512] The "From Header Modification" feature has changed. It operates as before however the format of the final modified From data has changed from this format: "Email -- Name" <Email> to this format: "Name (Email)" <Email>. This new format is more readable/usable/sortable etc. If you would rather keep the old format (your users may be used to it already) you can check a box at Ctrl+S|Screening|Hijack Detection|From Header Modification.

[19577] A past installer reset the option "Ctrl+S|Sender Authentication|SMTP Authentication|Authentication is always required when mail is sent from local IPs" to disabled for upgraders.  The installer has been changed to ignore this setting.  You must manually check that this option is set to your desire.  The default is for it to be checked (enabled) but you should check to be sure it is set how you want.

[19703] The following settings have had default values changed.  Existing installations should check to be sure the following settings are as desired: Ctrl+S|Security Settings|SSL & TLS|MDaemon: Enable the dedicated SSL ports... and SMTP server requires STARTTLS... options have had defaults changed from disabled to enabled. Ctrl+S|Security Settings|Sender Authentication|DMARC verification|Honor p=reject... has changed from disabled to enabled. Ctrl+S| Security Settings|Sender Authentication|SPF Verification|User local address in SMTP envelope...has changed from disabled to enabled. Ctrl+S|Security Settings| Screening|IP Screen|Apply IP Screen to MSA connections has changed from disabled to enabled. Ctrl+S|Security Settings|Screening|Host Screen|Drop connection after EHLO has changed from disabled to enabled.

[19612] Catalog functionality has been deprecated and removed from the UI.

[20220] All Virtru related support has been removed from MDaemon Webmail. Old encrypted messages can still be viewed in the Virtru Secure Reader.

[20339] Previously when a message was sent to an alias, MDPGP would encrypt it using the key for the actual email address. Now that same message won't be encrypted. To encrypt it now requires a key for the alias.

MAJOR NEW FEATURES

[19571] DNSSEC

Ctrl+S|SSL&TLS|DNSSEC allows you to request DNSSEC service from your DNS server(s). When enabled, MDaemon sets the AD bit when making DNS queries and checks for it in the answers. This may not work with all DNS server(s) (not sure) so you'll have to try with yours. DNSSEC service is only applied to messages that meet your selection criteria. DNSSEC service can be "requested" or "required" on a per-message basis. If "required" and DNS results fail to include authenticated data then the message is bounced back to sender. If "requested" then DNSSEC service is attempted but nothing happens if it fails.

Mail session logs will include a line at the top if DNSSEC service was used and "DNSSEC" will appear next to secure data in the logs.

IMPORTANT: MDaemon is a non-validating stub-resolver. This means that it will request authenticated data from DNS server(s) but it has no way to independently verify that the data it gets from them is secure. However, if you know/trust your connection to your DNS server(s) (for example, it runs on localhost or within a secure LAN or workplace) then you should use this as it will boost security.

DNSSEC lookups take more time and resource and I think less then 7% of domains have currently deployed it. That is why this is not configured to apply to every message delivery by default. However, if you want that, you can force every email sent to use DNSSEC by adding one line like "To *" into the configuration file (see Ctrl+S|SSL&TLS|DNSSEC).

[15288] Email Snooze

MDaemon Webmail was updated to allow a user to snooze an email. When a message is snoozed it will be hidden from the user for a designated period of time. To snooze a message, right click on it and choose the "Snooze for..." option in the context menu. Then choose how long you wish to snooze the message for. The "Choose a date and time" option is only available for browsers that support the date and time inputs. Hidden messages can be viewed in LookOut theme by clicking the "View Snoozed Messages" icon in the toolbar and WorldClient theme by choosing "view snoozed" from the view drop down menu in the toolbar. This feature is on by default. To turn off the feature, go to Options | Personalize, and find the Inbox Settings. Uncheck the "Enable Message Snooze" box. There are no snooze controls in Lite and Mobile theme, but snoozed messages are still hidden.

[1520] Public Calendars

In MDaemon Webmail users can publish a calendar to a publicly accessible link. Users have the option to password protect the calendar. To disable this globally, change the value of [Default:Settings] EnablePublicCalendars to No. To disable it on a per user basis, add CanPublishCalendars=No to a user's User.ini file. To publish a calendar, in LookOut or WorldClient theme, go to Options | Folders and click the "Share Folder" button next to the calendar you wish to publish. In the dialog, open the Public Access tab and if desired, fill in the display name or require a password, then click the "Publish Calendar" button. A confirm dialog will show up to tell the user what is about to happen. After clicking OK, an alert will display the new URL where the calendar is available. There will also be a link displayed on the page once the calendar has been published. To unpublish the calendar, click the "Unpublish Calendar" button. To change the password or the display name, click the "Update" button.

[10886] Remember Me

A "Remember Me" option has been added to the logon page of MDaemon Webmail. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Webmail Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Then if they have a bookmark with any of three View URL variables set (View=Main, View=Logon, or View=List) (or no View URL variable set), the user will be automatically logged in. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19865] "Remember Me" was also added to the Remote Administration logon page. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Remote Admin Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19738] Exempt Known ActiveSync Devices from Location Screening

An option has been added to allow a previously known ActiveSync device to bypass location screening. Administrators can enable this option to allow users to continue to access their account via ActiveSync from a location that is configured to block authentication attempts. In order to exempt the device it must have connected and authenticated using ActiveSync within the time frame configured to remove inactive clients. To exempt a device go to Setup / Mobile Device Management / Clients, select the client and click Settings, then check the box for Exempt from Location Screening.

You can also choose to Whitelist the address the client is connecting from. This can be used to allow other clients that might be connecting from the same IP address to also bypass location screening.

CHANGES AND NEW FEATURES

FIXES

MDaemon is a registered trademark of MDaemon Technologies, Ltd.
Copyright ©1996-2018 MDaemon Technologies, Ltd.