SecurityGateway for Email Servers v9.5 Release Notes

Developed with 20 years of proven email security expertise, SecurityGateway provides affordable email security. It protects against spam, viruses, phishing, spoofing, and other forms of malware that present an ongoing threat to the legitimate email communications of your business.

Click here to learn more about SecurityGateway for Email Servers

SecurityGateway 9.5.1 - November 7, 2023

CHANGES AND NEW FEATURES

• [27306] renamed Quarantine Configuration option "Include "View Messages" link in quarantine email" to " Allow recipient to view quarantined messages directly from the quarantine email".  New descriptive text has been added for the option "If this option is enabled, users will not need to log into SecurityGateway to view the message. The message's subject in the quarantine email will be a hyperlink that loads the quarantined message.".

FIXES

• [27303] fix to the on the login screen, the Japanese and Chinese language selections are not visible
• [27308] fix to certain messages containing non-ASCII characters are not displayed when viewed from the message log
• [27309] fix to web based UI does not load when Russian language selection is chosen
• [27305] fix to Security | Anti-Virus | Virus Scanning - the "Add" buttons under "Quarantine Messages That Cannot Be Scanned" are unavailable when their fields are correctly populated
• [27293] fix to embedded messages are not listed as attachments when viewing a message
• [27300] fix to cluster members (servers) that are offline may be displayed as online
• [27307] fix to viewing a message from the quarantine report email displays the message body in a small frame
• [27314] fix to Security | Anti-Virus | Virus scanning strings not translated
• [15444] fix to message log CSV export does not honor search filter
• [27315] fix to unable to save "My Settings" if the user is not an admin and does not have the "Allow users to modify their own quarantine settings" permission
• [27316] fix to unable to search for messages based on subject if database contains data that is not valid UTF-8
• [27323] fix to Security | Filtering | Attachments - the first character of configured file extensions to block or quarantine is not displayed in the list
• [27374] fix to unable to setup new Secure Recipient account

SecurityGateway 9.5.0 - October 17, 2023

SPECIAL CONSIDERATIONS

• Please review DNSBL and URIBL lists and scores after upgrading; extensive changes have been made to both to support additional functionality.
• [24286] Renamed whitelist and blacklist to allowlist and blocklist.
• [26987] Message Certification via Vouch by Reference (VBR) has been removed.  There are no known active certification providers.  The standard never reached widespread use and unfortunately is effectively dead.

CHANGES AND NEW FEATURES

• [25129] Updated the UI to use a stacked menu for widths of 1024px and greater. Added additional user settings that include a "Dark Mode" and font size options.
• [15444] Added an option to export the message log, user quarantine, admin quarantine, and message queue lists to a CSV file.
• [26674] Added "MDaemon (XML API)" as a User Verification Source type
  • This option requires MDaemon version 23.0.2 or later. MDaemon's XML API provides a better alternative to Minger as it can authenticate accounts for which MDaemon has not stored a copy of the password using reversible encryption. It can also return all aliases for an account in a single call.
  • MDaemon's installation default XML-API URL is http://servername:RemoteAdminPort/MdMgmtWS/. However, it is highly recommended to configure HTTPS options in MDaemon and use secure HTTP (https://servername:RemoteAdminPort/MdMgmtWS/). When configuring the User Verification Source within SecurityGateway, the process will create an "MDaemon XML API Service Account."
  • The MDaemon XML API supports service accounts with limited permissions. When configuring a User Verification Source to use the MDaemon XML API, SecurityGateway will call the MDaemon XML API to create a service account with permission granted only to execute the "XMINGER" operation used for verifying and authenticating user accounts. Creating the service account requires the credentials of an MDaemon global administrator. SecurityGateway does not retain the MDaemon global administrator credentials after creating the service account. The returned service account credentials are used for the User Verification Source.
• [26980] Added support for WebAuthn (formerly FIDO U2F) as a passwordless authentication method or as a Two Factor Authentication method.
• [26414] Added support for Spamhaus Data Query Service (DQS) at Security | Spam Filter.  For more information on Spamhaus DQS visit https://www.mdaemon.com/mdaemon-dqs-trial-sign-up.
• [27206] Updated SpamAssassin to version 4.0.0.
• [26869] Updated web interface icons to Font Awesome version 6.
• [13424] Updated Authentication-Results to RFC 7001.
• [26702] The system now logs DNS servers in use to the system log. This occurs at startup or when the DNS Server settings are changed.
• [27001] Added an email verification option to the Two Factor Auth features.
• [27026] Added options to Setup / Users | Mail Configuration | Mail Delivery to "... include full message transcript informing the sender" when sending an NDR for a transient or permanent delivery failure. This option is disabled by default; only the final error message from the remote SMTP server will be included.
• [1760] DNSBL logging within SMTP session transcripts will now include the IP result returned from the DNSBL source.
• [26691] Limit access to Outbreak Protection library to five concurrent threads to conserve system resources when scanning large messages.
• [10362] Added the ability to change the order of DNSBLs. The DNSBL at the top of the list is the first one queried.
• [27104] Added the ability to change the order of URIBLs.  The URIBL at the top of the list of the list is the first one queried.
• [18263] DNSBL responses must match 127.0.0.0/8 to be considered a match.
• [27061] The Spamhaus DQS or Abusix API key is no longer logged to the SMTP session transcript when used as part of a DNSBL or URIBL hostname.
• [27065] Added options to choose which type of authenticator platform the user would like to use.
• [27088] Updated the WebAuthn features language to be more user friendly.
• [26709] URIBL engine now utilizes the SpamAssassin URIBL URI allowlist to avoid performing lookups on known valid URIs.
• [27172] Updated ClamAV to version 1.0.3.
• [14029] Added configuration options to Setup | Mail Configuration | Mail Delivery to manage the SMTP connection failure and SMTP host failure caches. The caches can be enabled/disabled, and the amount of time that entries remain in the cache can be specified.
• [27184] When attempting to deliver mail, if the TCP connection is successful but the server either fails to send a greeting or returns a temporary error instead of the standard greeting, SecurityGateway will now immediately attempt delivery via the remaining SMTP hosts defined for the destination.
• [27068] Updated Firebird database engine to version 3.0.11.
• [26600] Added HTTPS support for Outbreak Protection.
• [21083] Added a link to the Administrative Quarantine Report email template to delete individual messages from the administrative quarantine.
• [27161] Added option to not include the "Always Allow" link in the user quarantine report email.

FIXES

• [27053] fix to LetsEncrypt not properly handling no alternate host names being passed
• [26814] fix to no results are returned when searching the Message Log by Subject if the search string contains upper case non-ANSI characters
• [26962] fix to LetsEncrypt - not logging errors returned by New-AcmeOrder
• [26945] fix to when clicking "Save And Test" in a User Verification Source, the domain assigned to it is removed, even if the test is successful
• [26821] fix to the count tag does not behave as expected when used with the sieve "address" test
• [27042] fix to "ListScripts" XMLRPC API method returns the scope as an number while the CreateScript and EditScript methods expect a string
• [15987] fix to Non Delivery Reports (NDR) for undeliverable messages sent by a local user of a secondary domain are sent from the default domain
• [26610] fix to in the installer the customer information dialog tab order installer is incorrect
• [27070] fix to URIBL engine does not properly resolve certain URIs to the appropriate organizational domain. This results in the URI not being found when in fact it is listed by the URIBL.
• [27110] fix to forgot password emails for external administrators and secure message users are being delivered to default domain
• [26336] LetsEncrypt: fix to support for TLS 1.3
• [27066] fix to Ikarus AV sometimes fails to scan the first message when scanserver service starts
• [27179] fix to the browser back button only works the first time it is used
• [27190] fix to potential SQL error in the system log when saving changes to a Domain Mail Server
• [27260] fix to Source tab of the Message Information window does not use all vertical space
• [27279] fix to trial key is not sent via email when requested by the Japanese language installer