SecurityGateway 9.5.0 has been released
-
Matthew Staff
SecurityGateway 9.5.0 has been released and is live on the website and update checker now.
SecurityGateway 9.5.0 - October 17, 2023
SPECIAL CONSIDERATIONS
- Please review DNSBL and URIBL lists and scores after upgrading; extensive changes have been made to both to support additional functionality.
- [24286] Renamed whitelist and blacklist to allowlist and blocklist.
- [26987] Message Certification via Vouch by Reference (VBR) has been removed. There are no known active certification providers. The standard never reached widespread use and unfortunately is effectively dead.
CHANGES AND NEW FEATURES
- [25129] Updated the UI to use a stacked menu for widths of 1024px and greater. Added additional user settings that include a "Dark Mode" and font size options.
- [15444] Added an option to export the message log, user quarantine, admin quarantine, and message queue lists to a CSV file.
- [26674] Added "MDaemon (XML API)" as a User Verification Source type
- This option requires MDaemon version 23.0.2 or later. MDaemon's XML API provides a better alternative to Minger as it can authenticate accounts for which MDaemon has not stored a copy of the password using reversible encryption. It can also return all aliases for an account in a single call.
- MDaemon's installation default XML-API URL is http://servername:RemoteAdminPort/MdMgmtWS/. However, it is highly recommended to configure HTTPS options in MDaemon and use secure HTTP (https://servername:RemoteAdminPort/MdMgmtWS/). When configuring the User Verification Source within SecurityGateway, the process will create an "MDaemon XML API Service Account."
- The MDaemon XML API supports service accounts with limited permissions. When configuring a User Verification Source to use the MDaemon XML API, SecurityGateway will call the MDaemon XML API to create a service account with permission granted only to execute the "XMINGER" operation used for verifying and authenticating user accounts. Creating the service account requires the credentials of an MDaemon global administrator. SecurityGateway does not retain the MDaemon global administrator credentials after creating the service account. The returned service account credentials are used for the User Verification Source.
- [26980] Added support for WebAuthn (formerly FIDO U2F) as a passwordless authentication method or as a Two Factor Authentication method.
- [26414] Added support for Spamhaus Data Query Service (DQS) at Security | Spam Filter. For more information on Spamhaus DQS visit https://www.mdaemon.com/mdaemon-dqs-trial-sign-up.
- [27206] Updated SpamAssassin to version 4.0.0.
- [26869] Updated web interface icons to Font Awesome version 6.
- [13424] Updated Authentication-Results to RFC 7001.
- [26702] The system now logs DNS servers in use to the system log. This occurs at startup or when the DNS Server settings are changed.
- [27001] Added an email verification option to the Two Factor Auth features.
- [27026] Added options to Setup / Users | Mail Configuration | Mail Delivery to "... include full message transcript informing the sender" when sending an NDR for a transient or permanent delivery failure. This option is disabled by default; only the final error message from the remote SMTP server will be included.
- [1760] DNSBL logging within SMTP session transcripts will now include the IP result returned from the DNSBL source.
- [26691] Limit access to Outbreak Protection library to five concurrent threads to conserve system resources when scanning large messages.
- [10362] Added the ability to change the order of DNSBLs. The DNSBL at the top of the list is the first one queried.
- [27104] Added the ability to change the order of URIBLs. The URIBL at the top of the list of the list is the first one queried.
- [18263] DNSBL responses must match 127.0.0.0/8 to be considered a match.
- [27061] The Spamhaus DQS or Abusix API key is no longer logged to the SMTP session transcript when used as part of a DNSBL or URIBL hostname.
- [27065] Added options to choose which type of authenticator platform the user would like to use.
- [27088] Updated the WebAuthn features language to be more user friendly.
- [26709] URIBL engine now utilizes the SpamAssassin URIBL URI allowlist to avoid performing lookups on known valid URIs.
- [27172] Updated ClamAV to version 1.0.3.
- [14029] Added configuration options to Setup | Mail Configuration | Mail Delivery to manage the SMTP connection failure and SMTP host failure caches. The caches can be enabled/disabled, and the amount of time that entries remain in the cache can be specified.
- [27184] When attempting to deliver mail, if the TCP connection is successful but the server either fails to send a greeting or returns a temporary error instead of the standard greeting, SecurityGateway will now immediately attempt delivery via the remaining SMTP hosts defined for the destination.
- [27068] Updated Firebird database engine to version 3.0.11.
- [26600] Added HTTPS support for Outbreak Protection.
- [21083] Added a link to the Administrative Quarantine Report email template to delete individual messages from the administrative quarantine.
- [27161] Added option to not include the "Always Allow" link in the user quarantine report email.
FIXES
- [27053] fix to LetsEncrypt not properly handling no alternate host names being passed
- [26814] fix to no results are returned when searching the Message Log by Subject if the search string contains upper case non-ANSI characters
- [26962] fix to LetsEncrypt - not logging errors returned by New-AcmeOrder
- [26945] fix to when clicking "Save And Test" in a User Verification Source, the domain assigned to it is removed, even if the test is successful
- [26821] fix to the count tag does not behave as expected when used with the sieve "address" test
- [27042] fix to "ListScripts" XMLRPC API method returns the scope as an number while the CreateScript and EditScript methods expect a string
- [15987] fix to Non Delivery Reports (NDR) for undeliverable messages sent by a local user of a secondary domain are sent from the default domain
- [26610] fix to in the installer the customer information dialog tab order installer is incorrect
- [27070] fix to URIBL engine does not properly resolve certain URIs to the appropriate organizational domain. This results in the URI not being found when in fact it is listed by the URIBL.
- [27110] fix to forgot password emails for external administrators and secure message users are being delivered to default domain
- [26336] LetsEncrypt: fix to support for TLS 1.3
- [27066] fix to Ikarus AV sometimes fails to scan the first message when scanserver service starts
- (beta only) [27116] fix to font size defaults to small
- [27179] fix to the browser back button only works the first time it is used
- [27190] fix to potential SQL error in the system log when saving changes to a Domain Mail Server
- [27260] fix to Source tab of the Message Information window does not use all vertical space
- [27279] fix to trial key is not sent via email when requested by the Japanese language installer
Please login to reply this topic!