MDaemon is een mailserver voor het Windows-platform met ingebouwde antivirus en antispam mogelijkheden, daarnaast is er ondersteuning aanwezig voor plug-ins waarmee beheer op afstand, web toegang en speciale monitoring functies mogelijk worden. Andere features die aanwezig zijn in deze mailserver zijn bijvoorbeeld delen van contactlists, tasklist en agenda's en het valideren van afzenders door middel van DomainKeys en DKIM. Versie 8.11 is sinds kort beschikbaar met de volgende veranderingen:
- You can now specify several DKIM signing and verifying options using the "DKIM Options" button on the Cryptographic Signing dialog.
- fix to missing instructions in dns_readme regarding DKIM policy location
- fix to DKIM policy lookup in wrong location - updated to libdkim 1.0.8
- fix to RAW forwarded mail using incorrect Content-Transfer-Encoding hdr
- fix to unable to create new contact group
- fix to unable to create new contact in specific themes
- fix to greylisting controls enabled in standard version (didn't work tho)
Major new features:
- The following entries will be automatically added to your Tarpit whitelist file (NoTarpit.dat):
- The defaults for new installations will score -0.5 for SPF and DomainKeys "pass" results. Previously, this score was -2.5 which was thought to be a bit too generous. It is recommended that existing installations check and change their scores also.
- The format of the DomainKeys signing file (DKSign.dat) was changed. If you are specifying optional selectors in this file you must now do so in a slightly different way. Open DKSign.dat with notepad and read the text at the top of the file to see how to use the "s=" to specify your optional selector values and how to use the new "d=" to specify a signing domain.
Changes and additional new features:
- INTRODUCING DKIM (DomainKeys Identified Mail)
DomainKeys Identified Mail (DKIM) is the future for cryptographic signing and verification of electronic mail messages. It clearly identifies the signer and protects the content of the mail message. Alt-N has been working directly on the DKIM specification with representatives of Yahoo, Cisco, IBM, Sendmail, and others. It was recently submitted to the IETF for public review and a draft can be obtained at http://www.ietf.org. More information on DKIM can be found with a Google search or here:
DKIM allows you to cryptographically sign your email messages using your own unique "key". DKIM capable software which receives your signed mail can verify your signatures and apply local policy appropriately.
The DomainKeys verification and signing tabs within the GUI were changed in order to generalize some of the text and to insert options to create and verify DKIM signatures.
- GREYLISTING (MDaemon PRO only)
Support for Greylisting was added. A new GUI for configuring it is available at Alt+F1. Greylisting is a spam fighting technique which exploits the fact that SMTP servers must retry delivery of any message that receives a temporary error code. The concept is that a message arrives, is refused by greylisting with a temporary error for a period of time (say, 30 minutes), and will be retried later by the sending mail server. It's believed that only genuine servers bother to retry delivery while spam tools just try once and move on. It's important to realize that this technique deliberately delays "good" mail as well as bad. But, "good" mail should be delivered by a genuine MTA (not a spam tool) and as such it will eventually arrive, although it's delivery will be delayed. You can use options on the new Greylisting configuration screen to limit the length of time that your server will refuse a connection but you can not control the length of time the sending mail server waits between retries.
There are several traditional problems with greylisting and so we've had to add several switches to mitigate its negative side-effects. For example, a problem occurs when a sending domain uses a pool of mail servers to send outbound mail. Since a different mail server is used with every delivery, each attempt appears to be a new connection to the grey-listing engine. This can multiply the length of time a message is grey-listed. We've coupled SPF with greylisting to solve this problem. If the sending domain publishes SPF records, they will presumably list all the IP's of the entire pool of servers and we can take that into account inside the greylisting engine. Secondly, we've added an option to ignore the IP of the sending mail server completely which, while lowering the security of greylisting, completely solves the server pool problem. Second, greylisting traditionally entails a large database since each incoming connection must be tracked. In MDaemon, we've minimized the need to track connections by placing the greylisting feature nearly last in the processing sequence. This allows all MDaemon's other options to refuse a message prior to reaching the greylisting stage. As a result, the size of the greylisting data file is relatively small and since it is memory resident there is little practical performance impact. Thirdly, elaborate whitelisting options are available to minimize the impact of greylisting on "good" mail. Greylisting has its own whitelist file but also an option to use your users private address book files as whitelist databases. So, mail to a user from someone in that users address book can be excluded from greylisting. Messages sent to mailing lists can be excluded as well. Lastly, the greylisting database polices itself by removing entries that remain unused for a period of time.
For more information on Greylisting visit Evan Harris' web site at http://projects.puremagic.com/greylisting/.
- Local mail is now eligible for cryptographic signatures. This was needed to cover use cases such as sub-domains, gateways, mail sent from one local domain user to another local domain user, etc.
- A caching system for LDAP gateway lookups was added. The system is enabled by default and caches results for 15 minutes. You can disable the system or change the default TTL by editing MDaemon.ini with notepad here:
CacheLookups=No (default Yes)
Cached results are stored in LDAPCache.dat and can be reloaded after any manual edits by creating LDAPCACHE.SEM in the APP folder. This will greatly speed up LDAP processing for incoming gateway mail.
- Updated Authentication-Results header to draft-02 form. The current draft reads that multiple AR headers are required when "auth'ing" different mail characteristics. So, you could see up to three AR headers now rather than one.
- dnsBL lookups will always be done after the first RCPT command now. This allows other checks to possibly refuse the message beforehand thereby reducing the need for DNS overhead.
- Whitelist files which list IP addresses will match on sub-strings now. For example, it is no longer required to configure "10.0.*.*" in order to match "10.0.0.1" or "10.0.0.10", etc. A simple "10.0" will do the job (but the old method is still supported). This is to make MD compatible with publicly obtainable whitelist files. Also, comments to the right of actual data are acceptable as long as they are delimited by the # char. For example:
10.0.0 # local LAN subnet
- "SMTP session successful" will only be logged if (a) an incoming session successfully delivers a message and MDaemon accepts it and (b) an outgoing session successfully delivers a message and the remote server accepts it. Anything else will get an "SMTP session terminated".
- Updated error message text when entering an invalid name for a secondary domain.
- MDaemon no longer exempts RAW messages from content filter processing using the "cf" as first two chars of the file name trick. Use "pd" to achieve this (makes consistent with other queue processing code).
- MDaemon will now create three X-Lookup-Warning headers (one each for failed MAIL, HELO, and PTR lookups). This allows finer grain filtering.
- Changed X-MDSPF-Result header to be consistent with X-MDDK-Result (i.e., X-MDSPF-Result:
- Added switch to Misc. Options to disable the insertion of a Sender header in list mail. However, if you are cryptographically signing list messages with DomainKeys the Sender header MUST be inserted anyway and this switch will have no effect.
- Moved new list welcome message subject edit box from the Headers tab to the System tab in Misc. Options GUI.
- DomainKeys signature headers will be stripped from list messages unless you have configured MDaemon to resign your list messages.
- It is sometimes useful to pass the full email address rather than just the mailbox alone to Windows when authenticating users who are using the "dynamic NT authentication" feature. To achieve this, set the following switch in MDaemon.ini:
uPNLogon=Yes (default No)
Also, using "\\NT_ANY" in the account's password field may be required.
- Mailing list default welcome files were updated. You can now include the following macros (these macros only work in list welcome files):
$LISTNAME$ - expands to the name of the list (i.e.: md-beta)
$LISTEMAIL$ - expands to the email address of the list
$LISTDOMAIN$ - expands to the domain hosting the list
To see a new default list, create a new list welcome file using the CREATE button in the list editor GUI.
- Cleaned up code related to list subscribing in several places.
- The IMAP commands that return a user's folder list and the WorldClient code to generate a folder list have been optimized.
- Added icons to WorldClient folder options page to show folder type.
- Calendar events imported from iCal invitation are marked as private.
- The subject field of iCal invitations created by WorldClient will be set to the calendar event's "notes" field.
- The default "check for update" interval was changed from 7 to 14 days.
- Improved the look of WorldClient's new account creation template.
- WorldClient will give an indication of DomainKeys and DKIM validation on the message view window.
- fix to startup problem under WS2003 sp1 and XPsp2 for some machines
- fix to Authentication-Results not written to incoming list mail
- fix to unknown user message sometime specifying wrong unknown user
- fix to crashing associated with creating lists with long list names
- fix to multiple iCal invitations may be sent for a single meeting
- fix to WorldClient may not recognize that shared folders are enabled
- fix to meeting planner not imported from ical meeting request
- fix to meeting attendees not populated if the attendee record in the ical meeting request spans multiple lines
- fix to unable to create new contact while viewing "All Contacts"
- fix to MDaemon sending DATA when no RCPT had been previously accepted
- fix to not retrying delivery on temp errors when using route slips
- fix to initial account not in addr book on new installs
- fix to postmaster AUTH protection not working when using external alias
- fix to list sending welcome packet twice to new members
- fix to DK sub-domain matching rules not applied correctly
- fix to WorldClient created events not displaying properly in Outlook
- fix to DK using envelope sender rather than From header to determine eligibility for signing
- fix to routed mailing lists local copies sometimes missing Return-Path
- fix to routed mailing lists taking longer than necessary to deliver to local list members
- fix to CF generated notification emails not going through CF rules
- fix to Content-Transfer-Encoding not preserved when forwarding to lists
- fix to content filter quarantine directory traversal vulnerability
- fix to possible access violation in MDaemon.exe
- fix to IMAP server AUTHENTICATE and CREATE vulnerabilities
- fix to WorldClient jscript error when dragging icon over folder list
- fix to WorldClient reloading inbox when deleting last message on page
- fix to multiple RBL cache lines added to X-RBL-Warning header
- fix to the account editor's Shared Folders dialog not updating AclShLookup.dat for subfolders when renaming/deleting parent folders
- fix to non-local spamlearn/hamlearn addressing not working properly
- fix to 4xx bouncing mail when using the "route to ISP" delivery option
- fix to WorldClient not sorting subject field properly in all cases
- fix to MDUserComAPI not reading all elements in array variables
- fix to MDUserComAPI requiring parenthesis around some variables (VBScript)