English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
SecurityGateway 11.0.0 has been released
-
SecurityGateway 11.0.0 is now available! It can be downloaded from https://mdaemon.com/pages/downloads-security-gateway-free-trial.
SecurityGateway 11.0.0 - June 23, 2025
SPECIAL CONSIDERATIONS
- [26062] The database has been updated to Firebird 5.0. This update requires the database file to be converted to the Firebird 5.0 format.
The conversion process will be performed automatically during installation and may take several minutes to complete, depending on the size of the database and the performance of the disk where it is stored. During this time, SecurityGateway will be unavailable.
Before the update, a backup of the database file will be created. The backup file, named SecurityGateway.fb3, will be stored in the SecurityGateway\App directory.
Please note that once the database file has been updated, it will no longer be compatible with earlier versions of SecurityGateway.
MAJOR NEW FEATURES
- [28700] Added AI Classification feature that leverages artificial intelligence to analyze email content and classify messages based on configurable criteria.
Administrators are able to configure AI models from various providers including OpenAI/ChatGPT, Google Gemini, and custom API endpoints. The system allows the creation of custom AI prompts using message data variables that ask the AI to classify messages into administrator defined categories. Classification rules can be used to trigger specific actions based on the AI's classification results.
Any model that supports the OpenAI API format can be used, including local models running on your own infrastructure. Users are responsible for obtaining any necessary API keys and for any costs incurred when using third-party AI services.
AI Classification provides an advanced method to identify sophisticated phishing attempts, detect sensitive content such as personally identifiable information (PII), and filter unwanted messages that traditional rules might miss.
- [28174] The OAUTH Authorization Code Flow is now supported for Microsoft 365 User Verification Sources when logging into the administration interface.
This approach is more secure and allows the use of Microsoft 365 two-factor authentication. When a user's domain is configured to use a Microsoft 365 User Verification Source, the user is redirected to the Microsoft 365 authorization URL to complete the login process. Upon a successful Microsoft 365 login, the user's browser is redirected back to SecurityGateway.
Note: SMTP authentication still supports only the “Resource Owner Password Credentials Grant” OAUTH flow, which does not support two-factor authentication.
CHANGES AND NEW FEATURES
- [28166] The IP Address column in the message log now sorts IPv4 addresses numerically by octet rather than as strings.
- [27718] Custom Dashboard Reports now allow you to drill down into associated message log entries by clicking on a chart data point
- [28420] Updated ClamAV to version 1.4.2
- [27831] Updated all references from "Office 365 " to "Microsoft 365 " to align with Microsoft's current branding
- [28474] Implemented HTTP/1.1 keep-alive for the management interface HTTP server
- [28475] Implemented HTTP/1.1 gzip content encoding for the management interface HTTP server
- [28459] Updated links in the SG-API.html file to point to updated XML-RPC resources
- [27718] Custom dashboard reports now support drill down. Double-click on a chart element to view the corresponding messages.
- [28634] Added a Sieve variable ${vnd.mdaemon.execute.exit_code} that exposes the exit code of a process executed via the execute Sieve command. This variable is available only after the execute command has completed.
Example usage:
require ["variables", "securitygateway"]; execute "some-script.bat"; if string "${vnd.mdaemon.execute.exit_code}" "1" { fileinto "spam"; } elsif string "${vnd.mdaemon.execute.exit_code}" "2" { reject "This message looks like spam"; } - [28602] Updated CSS to improve dashboard chart layout
- [28604] When editing a user, it is now indicated if a local password has been set. An option has been added to clear the local password if one exists. Users without a local password can only authenticate using a User Verification source for their domain that supports authentication. Newly created users are no longer assigned a random strong password.
- [28495] Updated SpamAssassin to version 4.0.1
FIXES
- [28106] fix to the percentages displayed for "top X number of Y property" custom dashboard report pie charts may not be accurate. If all messages are not included in the top results, an "other" result needs to be added.
- [28129] fix to Let's Encrypt - the certificate request fails if the Host Name field in Setup | System | HTTP Server is a URI
- [28311] fix to HTML in a disclaimer template was not properly converted to plain text before being inserted into a plain text message part
- [28372] fix to DKIM signature added for 3rd party domain
- [28351] fix to external user aliases may result in the wrong selector being used for DKIM/ARC signing
- [28349] fix to DKIM/ARC selector domain name logged to the routing log may be incorrect
- [28480] fix to DKIM signing Canonicalize headers and body options are reversed when specified to libdkim
- [28481] fix to DKIM/ARC verification of a signature using simple body canonicalization may fail if processed after a signature using relaxed body canonicalization
- [28496] fix to when the "... add header" quarantine option is enabled an extra space added before the header value
- [28502] fix to HTTP: wildcard SSL certificate returned instead of certificate that exactly matches the domain of the request
- [28517] fix to Active HTTP sessions are not expired when a user is merged with another user
- [28458] fix to Two Factor Authentication Setup Page [Email Code] states "An email was sent to undefined."
- [28344] fix to Templates directory may point to wrong location after upgrade
- [28494] fix to Quarantine option to "... tag subject with" does not alter the subject
- [24316] fix to "copy" is not allowed in the required clause of a sieve script even though it is supported
- [27515] fix to the server may restart unexpectedly when performing a version update via the web administration interface
- [28538] fix to DMARC Verification | Enable Authenticated Received Chain (ARC) Verification option does not update sieve script. This results in the option having no effect.
- [28539] fix to DMARC Verification | Enable Authenticated Received Chain (ARC) Verification option is not enabled by default for upgrades. It is enabled by default for new installations.
- [28485] fix to manual archive store backup displays empty popup dialog upon completion
- [28484] fix to SSL certificate list does not refresh after manually running Let's Encrypt script
- [28635] fix to applying a disclaimer (header/footer) may modify the messages headers
- [26062] The database has been updated to Firebird 5.0. This update requires the database file to be converted to the Firebird 5.0 format.
-
Hello,
I'm unable to complete the update to the new version of Security Gateway.
The update process was initiated, but the window has been frozen for the past 3 hours.
I attempted the update on a second server, but encountered the same problem.
-
I have not been able to reproduce the issue yet, what version of SecurityGateway are you currently running?
If you restart SecurityGateway, is it still the old version?
If it is still the old version and you want to upgrade to version 11.0.0, download the install from https://mdaemon.com/pages/downloads-security-gateway-free-trial and run it on the SG server.
-
@Arron,
Previously, there were no issues with updates, and a full server reboot was not required.
OK, I will try
-
@Arron,
this way the update was successful, thank you!
(download the install from https://mdaemon.com/pages/downloads-security-gateway-free-trial and run it on the SG server)
-
Thank you for reporting the issue and for letting us know that running the install manually worked for you. We have been able to reproduce an issue that occurs intermittently when updating from within the software. We will fix it for the next version.
-
We had the same problem (update bar frozen) on 3 servers. Installing using the installer (SG1100_en_x6.exe) completed correctly the installation, despite we are seeing a lot of errors on the database upgrade process. But they work now.
On the 4th server installation, the installer broke everything. The SG service no longer starts, and I can find the following text in the system log:
START Event Log / SecurityGateway v11.0.0 ------------------------------------------------------------------------------- Event Time/Date Event Description ------------------------------------------------------------------------------- Tue 2025-07-01 11:32:55: *** IBPP::SQLException *** Context: Statement::ExecuteImmediate( create or alter function convertipv4toint (input varchar(39)) returns bigint as declare variable result bigint; declare variable oldpos integer; declare variable newpos integer; declare variable ip bigint; begin result = 0; oldpos = 1; ip = 0; -- check if the input contains colons, indicating an ipv6 address if (position(':' in input) > 0) then return null; -- indicates this is an ipv6, not an ipv4. -- handle ipv4 conversion newpos = position('.', input, oldpos); if (newpos > 0) then begin ip = cast(substring(input from oldpos for newpos - oldpos) as bigint) * 16777216; oldpos = newpos + 1; end newpos = position('.', input, oldpos); if (newpos > 0) then begin ip = ip + cast(substring(input from oldpos for newpos - oldpos) as bigint) * 65536; oldpos = newpos + 1; end newpos = position('.', input, oldpos); if (newpos > 0) then begin ip = ip + cast(substring(input from oldpos for newpos - oldpos) as bigint) * 256; oldpos = newpos + 1; end if (oldpos - 1 < char_length(input)) then begin ip = ip + cast(substring(input from oldpos) as bigint); end return ip; end ) Message: isc_dsql_execute_immediate failed SQL Message : -104 can't format message 13:896 -- message file C:\Program Files (x86)\Alt-N Technologies\SecurityGateway\App\firebird.msg not found Engine Code : 335544569 Engine Message : Dynamic SQL Error SQL error code = -104 Token unknown - line 1, column 17 function Tue 2025-07-01 11:32:55: Unable to upgrade database to current schema Tue 2025-07-01 11:32:55: Terminating - Unable to connect to database Tue 2025-07-01 11:32:55: Shutting down SecurityGateway Tue 2025-07-01 11:32:55: HTTP service shutting down Tue 2025-07-01 11:32:55: HTTP service has shut down ------------------------------------------------------------------------------- SecurityGateway v11.0.0 Shutdown: Tue, 01 Jul 2025 11:32:55 +0200 -------------------------------------------------------------------------------Any ideas ?
-
There should be a SecurityGateway.fb3 file in the SecurityGateway\App folder. Can you upload a copy of it to us?
https://mdaemon.sharefile.com/r-rc3922c1eed334d4dbf5e34f0bd04ccd6
If there is not a fb3 file, please upload the SecurityGateway.FBD file.
-
Matthew Staff@Giovanni Can yo also upload the UpgradeDBToFb5.log in the SecurityGateway\App folder?
Thank you.
-
Hi, thank your for answering. In the meanwhile I installed an older version (SG1053_en_x64.exe) on top of v11, and SG started to work again.
I will re-try the update outside office hours in CET, and if it fails again, I will uplad the required files.
-
Before you try the upgrade to version 11.0.0 again, try doing a backup and restore of the SG 10.5.3 database.
https://knowledge.mdaemon.com/how-to-backup-securitygateway
Once the restore is complete, then try upgrading to version 11.0.0
-
I cannot find a way to attach files (and big files) here, so below I'm pasting the links to google drive
UpgradeDBToFb5.log
Compressed db and log
1) As you can see in UpgradeDBToFb5.log, many errors cannot be displayed, because firebird.msg file si not found. There are many firebird.msg files in other subdirs (ie: Firebird3_x64, Firebird5_x64...) but none in the App subdir as shown in the log.message file C:\Program Files (x86)\Alt-N Technologies\SecurityGateway\App\firebird.msg not found
2) UpgradeDBToFb5.log ends with an error
3) I tried to backup the full database form the GUI with "Click here to backup entire database now", but the backup fails with
*** IBPP::SQLException *** Context: ServiceImpl::Wait Message: isc_service_query failed SQL Message : -902 can't format message 13:98 -- message file C:\Program Files (x86)\Alt-N Technologies\SecurityGateway\App\firebird.msg not found Engine Code : 335544333 Engine Message : internal gds software consistency check (Internal error code (179), file: sqz.cpp line: 235) gds_$receive failed internal gds software consistency check (can't continue after bugcheck) Database backup failed.And then I needed to restart the SG service.
-
The upgrade log shows that your database is version 2.5.
Tue 2025-07-01 11:31:38: Creating copy of Firebird 2.5 database file [C:\Program Files (x86)\Alt-N Technologies\SecurityGateway\App\SecurityGateway.fbd
Our testing shows the database needs to be mended. Instructions will be posted shortly.
-
Matthew Staff
Giovanni,
The SG 11.0.0 installer can update the database directly to Firebird 5 format. However, there is an issue with your DB that needs to be corrected first.
https://knowledge.mdaemon.com/securitygateway-gfix-database-corruption
The command that I used was:
PS C:\Program Files\MDaemon Technologies\SecurityGateway\firebird_x64> .\gfix -user SYSDBA -password masterkey -mend -full -ignore "C:\Program Files\MDaemon Technologies\SecurityGateway\App\securitygateway.fbd"You will also need to copy the firebird.msg file from the "Firebird_x64" to the "App" directory.
After performing these steps, you should be able to run the installer again.
