Key Server Support
WorldClient
WorldClient can now act as a basic public-key server. Enable the new MDPGP option to "Send public-keys over HTTP (WorldClient)" and WorldClient then will honor requests for your users' public-keys. The format of the URL to make the request looks like this: "http://<WorldClient-URL>/WorldClient.dll?View=MDPGP&k=<Key-ID>". Where <WorldClient-URL> is the path to your WorldClient server (for example, "http://wc.example.com") and <Key-ID> is the sixteen character key-id of the key you want (for example, "0A1B3C4D5E6F7G8H"). The key-id is constructed from the last 8 bytes of the key fingerprint - 16 characters in total.
DNS (PKA1)
Enable the new MDPGP option to "Collect public-keys from DNS (pka1) and cache for [xx] hours" if you want MDPGP to query for message recipient public-keys over DNS using PKA1. This is useful because it automates the process of obtaining some recipients' public keys, preventing you or your users from having to obtain and import them manually in order to send encrypted messages. When PKA1 queries are made, any key URI found is immediately collected, validated, and added to the key-ring. Keys successfully collected and imported to the key-ring using this method will automatically expire after the number of hours specified in this option or according to the TTL value of the PKA1 record that referred them, whichever value is greater.
Key Handling
Tracking Keys
MDPGP now always tracks keys by their primary key-ids rather than sometimes by the key-id and other times the sub-key-id. Consequently, the MDPGP dialog's list of keys was cleaned up to remove two unnecessary columns. Further, MDPGP now more strictly controls the contents of its "exports" folder. As a result you will always find exported copies of local user keys there. Even though the private keys are encrypted, for extra security you should use OS tools to protect this folder (and indeed the entire PEM folder structure) from unauthorized access.
Preferred Keys
Previously, when multiple different keys for the same email address were found in the key-ring, MDPGP would encrypt messages using the first one that it found. Now you can right-click on any key and set it as preferred, so that MDPGP will use that key when multiple keys are found. If no preferred key is declared, MDPGP will use the first one found. When decrypting a message MDaemon will try each one.
Disabled Keys
Disabled and deleted keys are now tracked in a new file called oldkeys.txt. Previously, disabled keys were tracked in the plugins.dat file.
MDPGP Signature Verification
MDPGP can now verify embedded signatures found within messages that are not encrypted. Previously it was not able verify signatures unless the message was both signed and encrypted. When viewing a message with a verified signature in WorldClient, a new icon is displayed to indicate it was verified. Signature verification is enabled by default for all non-local users, or you can specify exactly which email addresses can and cannot use the service (see: "Configure exactly who can and can not use MDPGP services" on the MDPGP dialog).
MDaemon is now equipped with an Extensible Messaging and Presence Protocol (XMPP) server, sometimes called a Jabber server. This allows your users to send and receive instant messages using third-party XMPP clients, such as Pidgin, Gajim, Swift and many others. Clients are available for most operating systems and mobile device platforms. MDaemon's XMPP instant messaging system is completely independent of MDaemon's WorldClient Instant Messenger chat system; the two systems cannot communicate with each other and do not share buddy lists.
The XMPP server is installed as a Windows service, and the default server ports are 5222 (SSL via STARTTLS) and 5223 (dedicated SSL). The XMPP server will use MDaemon's SSL configuration if it is enabled in MDaemon. Also, some XMPP clients use DNS SRV records for auto-discover of host names. Please refer to http://wiki.xmpp.org/web/SRV_Records for more information.
Users sign-in through their chosen XMPP client using their email address and password. Some clients, however, require the email address to be split into separate components for signing in. For example, instead of "frank@example.com," some clients require you to use "frank" as the Login/Username and "example.com" as the Domain.
For multi-user/group chat service, clients typically display this as "rooms" or "conferences." When you want to start a group chat session, create a room/conference (giving it a name) and then invite the other users to that room. Most clients don't require you to enter a server location for the conference; you only need to enter a name for it. When you are required to do so, however, use "conference.<your domain>" as the location (e.g. conference.example.com). A few clients require you to enter the name and location together in the form: "room@conference.<your domain>" (e.g. Room01@conference.example.com).
Some clients (such as Pidgin), support the user search service, allowing you to search the server for users by name or email address, which makes adding contacts much easier. Usually you will not have to provide a search location, but if asked to do so, use "search.<your domain>" (e.g. search.example.com). When searching, the % symbol can be used as a wildcard. Therefore you could use "%@example.com" in the email address field to display a list of all users with an email address ending in "@example.com."
Use the OC Client Settings dialog to centrally manage the client settings of your Outlook Connector users. Configure each screen with your desired client settings and MDaemon will push those settings to the corresponding client screens as necessary, each time an Outlook Connector user connects to the server. The OC Client Settings are only sent to clients when one of the settings has changed since the last time the client connected and received them. If you enable the provided option to "Allow OC users to override pushed settings," users can override any pushed settings on their individual clients. If that option is disabled, then all of the client screens are locked; Outlook Connector users can make no changes.
To allow for certain settings that must be different for each user or domain, OC Client Settings supports macros such as $USERNAME$, $EMAIL$, and $DOMAIN$. These macros will be converted to data specific to the user or domain when pushing settings to a client. Take care not to place any static values in any fields that should use a macro, such as putting something like "Frank Thomas" in the Your Name field. To do so would cause every Outlook Connector user who connects to MDaemon, to have his or her name set to "Frank Thomas." For your convenience there is a Macro Reference button on the General screen, which displays a simple list of the supported macros.
For those using MDaemon Private Cloud (MDPC), there is another OC Client Settings dialog on the Domain Manager, for controlling the Outlook Connector client settings on a per domain basis.
This feature is disabled by default, and works only for those using Outlook Connector client version 4.0.0 or higher.
This new security feature modifies the "From:" header of incoming messages to cause the name-only portion of the header to contain both the name and email address. This is done to combat a common tactic used in spam and attacks where the message is made to appear to be coming from someone else. When displaying a list of messages, email clients commonly display only the sender's name rather than the name and email address. To see the email address, the recipient must first open the message or take some other action, such as right-click the entry, hover over the name, or the like. For this reason attackers commonly construct an email so that a legitimate person or company name appears in the visible portion of the "From:" header while an illegitimate email address is hidden. For example, a message's actual "From:" header might be, "Honest Bank and Trust" <lightfingers.klepto@example.com>, but your client might display only "Honest Bank and Trust" as the sender. This feature changes the visible portion of the header to display both parts, with the email address given first. In the above example the sender would now appear as "lightfingers.klepto@example.com -- Honest Bank and Trust," giving you a clear indication that the message is fraudulent. This option only applies to messages to local users, and it is disabled by default.
The IP Screen now contains an Import button that you can use to import IP address data from an APF or .htaccess file. MDaemon's support for these files is currently limited to the following:
| • | "deny from" and "allow from" are supported |
| • | only IP values are imported (not domain names) |
| • | CIDR notation is allowed but partial IP addresses are not. |
| • | Each line can contain any number of space-separated or comma-separated IP addresses. For example, "deny from 1.1.1.1 2.2.2.2/16", ""3.3.3.3, 4.4.4.4, 5.5.5.5", and the like. |
| • | Lines starting with # are ignored. |
Using the Automatic Updates features you can configure MDaemon to inform the postmaster whenever an update is available for one of your installed products, or you can download and install updates automatically. This includes MDaemon, SecurityPlus, and Outlook Connector. Automatically installing updates can be controlled separately for each product, and a server reboot is required each time an update is installed. Installer files are downloaded when the update is detected, but the installation and reboot occur later at whichever hour you have designated. All installation activity is logged in the MDaemon system log, and the postmaster is informed after an update has occurred. See the Updates dialog for more information.
WorldClient Changes
Categories
WorldClient supports categories for email in the LookOut and WorldClient themes. Users can add the Categories column to the message list by going to "Options » Columns" and checking "Categories" in the Message List section. To select categories for one or multiple messages, select the messages and right-click one of them. Use the context menu to set the category.
| • | Administrators can create custom categories. There are two files for this purpose: DomainCategories.json and PersonalCategories.json. |
| • | Domain Categories are enabled globally by default. To disable them open MDaemon\WorldClient\Domains.ini, and in the [Default:Settings] section change the value of "DomainCategoriesEnabled=" from "Yes" to "No". |
| • | Users are able to add and edit their own categories by default. If you wish to disable this option, you can do so per user or globally by changing the value of "CanEditPersonalCategories=" from "Yes" to "No". The user option is located in the [User] section of the User.ini file and the global option is in the Domains.ini file under the [Default:UserDefaults] section. |
| • | If Domain Categories are enabled, and a user is not allowed to edit personal categories, the user will only see the categories listed in DomainCategories.json. |
| • | If Domain Categories are disabled, and a user is not allowed to edit personal categories, the user will see the categories listed in PersonalCategories.json. |
| • | The file CustomCategoriesTranslations.json is used to support your custom category names in multiple languages. Add any necessary custom category translatations to that file to make it possible for WorldClient to recognize a category saved to an event, note, or task in one language as the equivalent category in another language. |
For more detailed information relating to the files mentioned here, see: MDaemon\WorldClient\CustomCategories.txt.
White and Black Lists
You can now hide the White List and Black List folders for WorldClient users by default. To do so, open MDaemon\WorldClient\Domains.ini, and under [Default:UserDefaults] change the value of "HideWhiteListFolder=" or "HideBlackListFolder=" from "No" to "Yes". You can hide or show these folders for specific users by editing those same keys in the User.ini file under the [User] section.
Check for Attachments
In the LookOut and WorldClient themes there is now an option to check a composed message for attachments before sending, when attachments are mentioned in the subject or body of the message. This can help you avoid accidentally sending a message without an attachments when it is supposed to include one.
Two-Factor Authentication
You can now control whether or not accounts are allowed to use or required to use Two-Factor Authentication (2FA). There are two new options on the New Accounts template for controlling the default settings for new accounts, and there are corresponding options on the Web Services screen for controlling 2FA for individual accounts.
Additional Features and Changes
MDaemon 16.5 has many more new features and changes. See RelNotes.html located in MDaemon's \Docs\ subfolder for a complete list of all new features, changes, and fixes to MDaemon from the previous version.
New in MDaemon 16.0
MDaemon Remote Administration (MDRA) UI Update
The user interface for MDRA no longer uses frames and has been updated to use a mobile first responsive design. Browser support is limited to IE10+, the latest Chrome, the latest Firefox, and the latest Safari on Mac and iOS. Android stock browsers have been known to have issues with scrolling, but Chrome on Android devices works well.
This design is based entirely on the size of the window being used. Whether the user is on a phone, tablet, or PC, the appearance is the same for the same window size. The most important change here is the menu. From 1024 pixels width and below, the menu is hidden on the left side of the browser. There are two methods that can be used to display the menu. If a touch device is in use, swiping to the right will show the secondary menu. Whether or not the device is in use, there is also a "menu" button in the top left corner that will display the secondary menu. Tapping or clicking the menu title with the left arrow next to it at the top of the menu will display the primary menu. The help, about, and sign out menu in the top right corner changes based on the width of the screen as well. From 768 pixels and above, the words Help, About, and Sign Out are displayed. From 481 pixels to 767 pixels, only the icons are displayed. 480 pixels and below displays only a "gear" icon which when clicked or tapped will display a drop down menu with the Help, About, Sign Out options. List views with more than one column have column on/off buttons that are accessed by clicking or tapping the gray right arrow button on the far right of the toolbar container. The settings pages are no longer designed to be exact copies of the MDaemon GUI, but are instead designed to reposition and resize based on the width/height of the browser.
A new feature called Spambot Detection tracks the IP addresses that every SMTP MAIL (return-path) value uses over a given period of time. If the same return-path is used by in an unusual number of IP addresses in a short period of time, this may indicate a spambot network. Although it could still be a legitimate use of the mail system, experimentation has shown that this can be effective in limited cases at detecting a distributed spambot network as long as the same return-path is utilized throughout. If a spambot is detected, the current connection to it is immediately dropped and the return-path value is optionally blacklisted for a length of time you specify. You can also optionally blacklist all the spambot IPs then known for a user-defined period.
CardDAV (MDaemon PRO only)
MDaemon now supports synchronizing contacts via the CardDAV protocol. MDaemon's CardDAV server allows an authenticated CardDAV client to access the contact information that is stored in MDaemon. Notable CardDAV clients are Apple Contacts (included with Mac OS X), Apple iOS (iPhone), and Mozilla Thunderbird via the SOGO plugin. For more information on CardDAV and configuring CardDAV clients, see: CalDAV & CardDAV.
Two Factor Authentication for WorldClient and Remote Administration
MDaemon now supports Two Factor Authentication (i.e. 2-Step Verification) for users signing into WorldClient or MDaemon's Remote Administration web-interface. Any user who signs into WorldClient via HTTPS can activate Two Factor Authentication for the account on the Options » Security screen. From then on the user must enter a verification code when signing into WorldClient or Remote Administration. The code is obtained at sign-in from an authenticator app installed on the user's mobile device or tablet. This feature is designed for any client that supports Google Authenticator.
ActiveSync Protocol Migration Client
MDaemon now includes an ActiveSync protocol based Migration Client (ASMC.exe). It supports migrating mail, calendars, tasks, notes, and contacts from ActiveSync servers that support protocol version 14.1. Documentation for it can be found in the \MDaemon\Docs folder.
XML API for Management Tasks
MDaemon now ships with an XML over http(s) based API. The result of this is that MDaemon Management clients can be written using any language on any platform that can make http(s):// post requests to the server. In MDaemon Pro, this is only available to authenticated Global Admins, but in MDaemon Private Cloud a subset of the available operations is accessible to authenticated domain admins as well. The API also produces a website with documentation on the API specification. The installation default is to have it installed at http://servername:RemoteAdminPort/MdMgmtWS/, however, this can be set to any url for the sake of additional security.
The available operations include:
At this time, command line management clients have been written/tested in Javascript, Powershell, VBScript, C, C++ and Visual Basic. A simple HTML and Javascript test site has been used as a proof of concept for a web based management console that operates within several popular browsers. While not tested yet, it is fully expected that this API should work fine from web servers using PHP, Perl, and other development platforms.
New in MDaemon 15.5
MDaemon in now equipped with a CalDAV server. CalDAV is an Internet standard for managing and sharing calendars and scheduling information. MDaemon's CalDAV support makes it possible for your accounts to use any client that supports CalDAV to access and manage their personal calendars and tasks. They can also access any public or shared calendars or tasks according to their access rights.
OpenPGP is an industry standard protocol for exchanging encrypted data, and there are a variety of OpenPGP plugins for email clients that make it possible for users to send and receive encrypted messages. MDPGP is MDaemon's integrated OpenPGP component that can provide encryption, decryption, and basic key management services for your users without requiring them to use an email client plugin.
MDPGP encrypts and decrypts emails using a public-key/private-key system. To do this, when you wish to use MDPGP to send a private and secure message to someone, MDPGP will encrypt that message using a "key" that you previously obtained from that person (i.e. his "public key") and imported into MDPGP. Conversely, if he wishes to send a private message to you, then he must encrypt the message using your public key, which he obtained from you. Giving the sender your public key is absolutely necessary, because without it he can't send you an OpenPGP encrypted message. Your unique public key must be used to encrypt the message because your unique private key is what MDPGP will use to decrypt the message when it arrives.
In order for MDPGP to manage signing, encrypting, and decrypting messages, it maintains two stores of keys (i.e. keyrings)—one for public keys and one for private keys. MDPGP can generate your users' keys automatically as needed, or you can create them manually for specific users. You can also import keys that were created elsewhere. Further, MDaemon can look for public keys attached to authenticated messages from local users, and then import those keys automatically. That way a user can request a public key from someone and then email that key to himself so that MDPGP will detect it and then import it into the public keyring. Finally, whenever a message arrives for an address that has a key in a keyring, MDPGP will sign, encrypt, or decrypt the message as needed, according to your settings.
You can configure MDPGP's signing and encryption services to operate either automatically or manually. When set to operate automatically, MDPGP will automatically sign and encrypt messages whenever possible. When set to operate manually, MDPGP will only sign or encrypt a message when the sending user inserts a special command into the message's Subject. In any case messages will only be signed or encrypted (or decrypted) when the account has been given permission to use those services.
Do Not Disturb is a new Group Properties feature that makes it possible for you to schedule a time frame during which an account may not send mail or be accessed by its users. Access during a Do Not Disturb period is not allowed and returns an appropriate error response to IMAP, POP, SMTP, ActiveSync, and WorldClient access requests. MDaemon will still accept incoming mail for accounts in this state, but those accounts may not send mail or be accessed by mail clients.
The ActiveSync for MDaemon interface was completely redesigned, and there are a variety of new features and policy options available. You can manage ActiveSync under Mobile Device Management, the Domain Manager, and on the Account Editor.
UI Improvements
| • | There is now an Accounts screen on the Domain Manager, to more easily access accounts while managing a domain. |
| • | The DNS screen was redesigned. |
| • | Added options to Preferences » UI to center dialogs when opening, to split the Sessions tab in the main MDaemon UI into its own pane, and to display system generated lists (e.g. Everyone@ and MasterEveryone@) in the Mailing List Manager. |
WorldClient Improvements
| • | Modernized the LookOut theme's icons and colors, and made some adjustments to its layout. There is also a new gray color style, although the default style is blue. The "New" button was moved to where the user's email address was previously located, and the email address is now in the top navigation bar. The Help and Sign Out options were moved to a drop-down list beneath user's address, like in the WorldClient theme. Finally, the Options icon was moved to the far right in the navigation bar. |
| • | WorldClient now supports adding inline images to a user's signature. |
| • | Merged Categories and Labels into just Categories. Users can now add, edit, and delete categories from a predefined list based on the old labels and categories. Each category has a color associated with it. More than one category can be associated with a given color, but only one category with a specific name may exist. There are 26 colors to choose from (including white) which match Outlook category color options. If an event, task, note, or contact already has categories associated with it, but they don't match the predefined categories, their colors will be white until the user adds them to the predefined list of categories. If there is already a label associated with an event, the user can choose to remove the label and add a category, or leave the label. Old labels are not lost on upgrade. |
| • | WorldClient and LookOut themes - Desktop notifications are now available. When LookOut or WorldClient loads, the browser will prompt the user on whether or not to allow desktop notifications. If the user chooses to allow them, then the user will receive notifications of new email messages, new instant messages (in the case that the corresponding chat is not in focus), and any change in status of a chat buddy. Desktop notifications are not supported by Internet Explorer. |
| • | WorldClient and LookOut themes - Added ability to view pdf files in the browser (not supported in IE8). This is available in any document folder and any message that has a pdf file. |
| • | There is now a Password Recovery feature in WorldClient. When this feature is enabled, users who have permission to edit their password will be able to enter an alternate email address in WorldClient, which can be sent a link to reset their password if they forget it. To set up this feature, users must enter both the password recovery email address and their current password in WorldClient on the Options » Personalize page. Once set, if the user attempts to log in to WorldClient with an incorrect password a "forgot password?" link will appear. This link takes them to a page that asks them to confirm their password recovery email address. If entered correctly, an email will be sent with a link to a change password page. |
| • | LookOut and WorldClient themes - added buttons and context menu items for users to create a new event, task, or note from the contents of a message. |
| • | Lite, LookOut, and WorldClient themes now attempt to detect and use the language currently being used by the browser. |
| • | LookOut and WorldClient themes - users can now use the browser's back and forward buttons to navigate in the main window |
| • | LookOut and WorldClient themes - Virtru can now be disabled by the admin on a per user basis by adding VirtruDisabled=Yes to the [User] section of the user's WC\User.ini file. |
| • | WorldClient theme - added a "Today" button to the calendar view buttons. |
| • | LookOut and WorldClient themes - users can now sort by the Description, Location, Start, and End columns in the Calendar List view |
| • | Lite, LookOut, and WorldClient themes - Added <ROOT> as top most option when creating or editing a folder. |
| • | LookOut and WorldClient themes - added button to send a message to all attendees of a meeting in the event editor. |
| • | Lite theme - a Mark Unread/Read option is now available in the Message view. Clicking it will mark the message unread and take the user back to the List view. |
| • | Lite, LookOut, and WorldClient themes - users can now print the details of a single event. |
| • | LookOut and WorldClient themes - there is now a "custom intro" feature in the compose window for Virtru encrypted messages |
New in MDaemon 15.0
IPv6 Support (MDaemon PRO only)
MDaemon now supports IPv6. MDaemon will detect the level of IPv6 capability that your OS supports and dual-stack where possible; otherwise, MDaemon will monitor both networks independently. Outbound SMTP, POP, and IMAP connections will prefer IPv6 over IPv4 whenever possible.
When MDaemon connects to an IPv6 host it must use an IPv6 local address of its own. Therefore the Domain Manager's Host Name & IP screen now contains a separate edit control where you can specify an IPv6 address for the domain to use. If this IPv6 address is missing MDaemon will try to automatically detect a suitable address for use. Buttons to manually detect and designate IP addresses were also added to the same screen.
Finally, $PRIMARYIP6$ and $DOMAINIP6$ macros can be used to retrieve IPv6 addresses. These macros can be used anywhere that the $PRIMARYIP$ and $DOMAINIP$ macros can be used.
Improved UI
MDaemon 15.0 includes a number of improvements to the user interface:
New Access Control List (ACL) Editor
The ACL editor was completely redesigned. It now includes more information about the item you are editing and has search features for added new users or groups to the ACL.
Mailing List Manager
Mailing lists are now administered from the new Mailing List Manager, accessed under the Setup menu. Consequently, the Lists menu was removed from the menu bar and several list editor screens were reorganized and redesigned. Further, several list-related global options that were located on the Preferences dialog and the Mailing List Editor were moved to a new Mailing List Settings screen on the Mailing List Manager.
Gateway Manager
Domain gateways are now administered from the new Gateway Manager, accessed under the Setup menu. Consequently, the Gateways menu was removed from the menu bar and several Gateway Editor screens were reorganized and redesigned. Further, the Gateway Editor's Account screen was deprecated and removed.
Other UI Changes
Below is a list of additional changes to the MDaemon 15.0 interface. For an exhaustive list of UI changes, see the 15.0 Release Notes.
| • | The IP Shield was moved from Security Settings to Sender Authentication. |
| • | All screens named "Options" throughout the interface were renamed to "Settings". |
| • | There is a new Binding screen located under Server Settings. Several options related to inbound and outbound socket binding were moved there from the Preferences dialog. It also contains separate edit controls for IPv4 and IPv6 addresses. |
| • | The WorldClient-related dynamic screening options were moved to a new Dynamic Screen page under WorldClient (web mail). |
| • | The Account Manager contains new options for displaying only accounts that are forwarding mail, are over-quota, or have autoresponders configured. |
Improved Hijack Detection (MDaemon PRO only)
Hijack Detection was expanded, allowing you to define different message and timing thresholds based on whether the connecting IP address is a reserved IP, a local IP, or some other IP.
WorldClient Changes
End-to-end Email and Attachment Encryption
The WorldClient theme is now equipped with support for end-to-end email and attachment encryption through Virtru. To enable this feature, the WorldClient user must switch to the WorldClient theme, go the the Options » Compose page, and click Enable Virtru. This causes a button to appear on the Compose page that the user can click to encrypt his or her email before sending. This is an easy-to-use feature that doesn't require the user to remember or save any special passwords or keys. Recipients who use a Virtru-enabled client, such as the WorldClient theme or one of Virtru's other client plugins, can open and read the encrypted messages normally, without any additional steps. Recipients without a Virtru-enabled client will see a link to view the message in a special browser-based reader.
If you wish to prevent your users from being able to use Virtru encryption within WorldClient, open the Domains.ini file in the MDaemon/WorldClient folder and add VirtruDisabled=Yes to the [Default:Settings] section, or add it to a [<Domain>:Settings] section if you only wish to disable it for a specific domain.
For more information, see: Email Encryption.
Contacts Improvements
LookOut Theme
| • | Improved distribution list editor. |
| • | Added the Categories column to the Contact List |
| • | Added more column-display options under Options » Columns » Contacts. |
| • | Under Options » Personalize » Contacts, you can now adjust the length of time you must hover the pointer over a contact in the Contact List before the Contact Info Preview will appear. You can also disable the Contact Info Preview. |
Other Themes
| • | Added the ability to print individual contacts in Lite, LookOut, and WorldClient themes. |
Other WorldClient Changes
| • | RPost is now disabled and the option is not visible to users by default. If you wish to make the RPost option available to all of your WorldClient users, open the Domains.ini file in the MDaemon/WorldClient folder, locate the [Default:Settings] section, and add RPostEnabled=Yes to that section. If instead you wish to make it available to a specific domain's users, add the key to that relevant [<domain>:Settings] section (e.g. [example.com:Settings]). |
| • | When editing a Note or Task in the WorldClient theme, you can now click a button on the editor's toolbar to open the item in a new window. |
New in MDaemon 14.5
New Look For MDaemon Remote Administration
MDaemon's Remote Administration interface received a major update, giving it a more modern look and feel. Additionally, new menus were utilized and several others were relocated to align Remote Administration more closely with MDaemon's layout, and "Mobile Device Management" is now a top-level menu item for easier access. Finally, there is now full context-sensitive help available via the Help link in the top right corner of each page.
DMARC
MDaemon Pro now supports Domain-based Message Authentication, Reporting & Conformance (DMARC), which is a specification designed to help reduce email message abuse, such as incoming spam and phishing messages that misrepresent their origins by forging the message's From: header. DMARC makes it possible for domain owners to use the Domain Name System (DNS) to inform receiving servers of their DMARC policy, which is how they want those servers to handle messages that purport to be sent from their domain but cannot be authenticated as having actually come from it. This policy, which is retrieved by the receiving server via a DNS query while processing the incoming message, can state that the server should quarantine or reject messages that do not align with the policy, or take no action at all (i.e. let the message proceed normally). In addition to the policy, the domain's DMARC DNS record can also contain requests for the server to send DMARC reports to someone, outlining the number of incoming messages purporting to be from that domain and whether or not they passed or failed authentication, and with details about any failures. DMARC's reporting features can be useful for determining the effectiveness of your email authentication procedures and how frequently your domain name is being used in forged messages.
Under the Sender Authentication section of the Security Settings dialog, there are three screens for configuring MDaemon's DMARC verification and reporting features: DMARC Verification, DMARC Reporting, and DMARC Settings.
For more information on this configuring and using this new feature, see: DMARC.
ActiveSync Supports Server-side Mail Search
MDaemon's ActiveSync server now supports searching messages on the server. Please refer to your ActiveSync client's documentation to find out if it supports this feature and how to use it. The search indexes are stored on the server in the folders being searched, in files named SrchData.mrk and SrchIndex.mrk. Server-side search support requires MDaemon Pro and active ActiveSync Software License Renewal Coverage.
Improved Mailing List Engine
The mailing list engine has several improvements:
| • | All of the header manipulation options have been moved from the Settings screen to their own new Headers screen, and the options were reworked and reorganized. |
| • | Support for DMARC was added, which allows lists to handle incoming messages from domains with restrictive DMARC policies. |
| • | Mailing Lists now support List-ID (RFC 2919), allows you to enter a short description for your mailing list which is included in the List-ID message header. This description is optional and if not provided the List-ID header will contain just the list identifier by itself. An example header with a description looks like this: List-ID: "Discussion of the current MDaemon Beta" <md-beta.altn.com>. An example without a description looks like this: List-ID: <md-beta.altn.com>. The email address of the mailing list itself is used as the list's unique identifier (note that the "@" is changed to a "." character to safely comply with the specification). The List-ID header is stripped from incoming messages sent to local mailing lists but not from incoming messages sent to local users from outside mailing lists. |
| • | The List-ID specification is now supported via a new option on the Settings screen. Enter a short description of your mailing list and it will be added to the List-ID: header included in messages that are sent to the list. The description and the list's identifier will be included in the header (e.g. List-ID: "Frank's personal mailing list" <MyList.example.com>). |
| • | Using the new Reminders screen, you can set MDaemon to send monthly subscription reminders to the list. There is a text area provided for you to enter the contents of the message, and you can use the provided macros to add variable data to the message, such as the name of the list and the member's email address. Additionally, messages are sent as text/html so that you can use HTML code in the message if you prefer. |
Improved SMTP Server
There have been significant enhancements made to MDaemon's SMTP server:
| • | Support for RFC 3463: Enhanced Mail System Status Codes has been added. These codes allow for much finer grained reporting and automation. As a result of this nearly all of MDaemon's SMTP server protocol strings have been changed to include the enhanced codes. Further, the way codes are stored and retrieved was simplified and modernized. Additionally, Support for RFC 2034: SMTP Service Extension for Returning Enhanced Error Codes was also added. Consequently, a new ESMTP capability called ENHANCEDSTATUSCODES was added and will be declared to other servers during the SMTP transaction. |
| • | Support for RFC 3848: SMTP and LMTP Transmission Type Registration has been added. This governs the value of the "WITH" clause in Received headers. This means you'll see "ESMTP" for unauthenticated non-SSL sessions, "ESMTPA" for authenticated sessions, "ESMTPS" for SSL sessions, or "ESMTPSA" for authenticated & SSL sessions. Values of "MULTIPOP" and "DOMAINPOP" are MDaemon specific and will continue to be used even though they don't appear in the IANA registry. |
Improved Sender Authentication
There were a number of improvements made to MDaemon's sender authentication features:
| • | Updated MDaemon's Sender Policy Framework (SPF) implementation to the latest specification (RFC 7208). See the MDaemon 14.5 Release Note for complete details on these changes. |
| • | Updated MDaemon's implementation of RFC 7001: Message Header Field for Indicating Message Authentication Status. This is the latest specification governing the Authentication-Results header. This caused several changes to the format of the header, and it looks much different now. PTR, HELO, and MAIL reverse lookups now use the ABNF from RFC 7001 (i.e.. iprev and policy.iprev for PTR, HELO, and MAIL with comment text as the differentiator). |
| • | A new option was added to VBR Certification, which will force VBR checks even for incoming messages that lack the VBR-Info header. |
| • | There have been several changes and improvements to DKIM. MDaemon's DKIM implementation was updated to the latest specification (RFC 6376). Options for including header and body canonicalized data in DMARC failure reports were added to the DMARC Settings. Authentication-Results header now includes the results of ADSP processing where relevant as per RFC 5617. And several changes were made to the DKIM Settings screen. See the MDaemon 14.5 Release Notes for more details the DKIM changes. |
WorldClient Improvements
MDaemon 14.5 includes a variety of improvements and enhancements to WorldClient's themes. See WorldClient's online Help and the MDaemon 14.5 Release Notes for more information about what's new in WorldClient.
New in MDaemon 14.0
ActiveSync Improvements
| • | ActiveSync WhiteList and BlackList now support wildcards. (new in 14.0.1) |
| • | MDaemon's ActiveSync server now supports other users' shared folders in addition to personal and public folders. The behavior of any client accessing shared folders via the ActiveSync protocol can vary. While MDaemon's ActiveSync implementation supports Email, Events, Contacts, Tasks and Notes, not all device clients are capable of handling this data. This feature requires MDaemon Pro and active ActiveSync Software License Renewal. |
| • | ActiveSync User Agent protocol restrictions can now be set using the entire value, not just the portion preceding the forward slash. |
Inline Image Support in HTML Signatures
MDaemon's HTML Signature controls now support inline images by using the $ATTACH_INLINE:path_to_image_file$ macro.
For example:
<IMG border=0 hspace=0 alt="" align=baseline src="$ATTACH_INLINE:c:\images\mr_t_and_arnold.jpg$">
You can also insert inline images via Remote Administration's HTML editor. See, Inline Image Support in Signatures in the Remote Administration section below.
WorldClient Changes and Improvements
ComAgent in Now WorldClient Instant Messenger (New in 14.0.1)
ComAgent is now called WorldClient Instant Messenger, and within WorldClient the in-browser ComAgent Chat feature it is simply referred to as Instant Messenger or instant messaging.
New WorldClient Theme (requires MDaemon Pro)
In response to customer requests for a new browser-based email client, WorldClient has a new signature theme called WorldClient. It is designed to have a clear, modern interface, maintaining a good balance between simplicity-of-use and breadth of features, incorporating numerous design elements from popular consumer and business browser-based email clients. Although it doesn't have every feature that is available in the LookOut theme, it is equipped with an extensive and carefully selected set that should serve most users well. The WorldClient theme requires at least Internet Explorer 9 or the latest version of Mozilla Firefox, Safari, or Chrome.
The WorldClient theme is now the default theme for new installations. When updating, the installer will ask if you want to change your default to this new theme.
Side-by-Side Calendars
LookOut and the WorldClient theme have a new side-by-side calendar view. This makes it possible for you to view multiple calendars side by side.
New Compose Options
| • | The Compose page's HTML compose editor has been updated to a newer version that is compatible with Internet Explorer 11. |
| • | You can now insert inline images into messages by using the new HTML tools on the Compose page. |
| • | The English and English-UK spell check dictionaries have been updated. |
Simple Theme Renamed
The Simple theme has been renamed to Lite.
WebAdmin Changes and Improvements
WebAdmin is Now MDaemon Remote Administration (New in 14.0.1)
WebAdmin is now simply referred to as MDaemon's remote administration interface, or Remote Administration, in the MDaemon GUI and elsewhere. This is to help users better understand that the Remote Administration component is an integrated feature of MDaemon rather than a separate product.
Inline Image Support in Signatures
Added support for several ways to insert inline images into the Default and Domain signatures:
| • | On the Signature/Footer screen in Remote Administration, click the "Image" toolbar button in the HTML editor and select the upload tab |
| • | On the Signature/Footer screen in Remote Administration, click the "Add image" toolbar button in the HTML editor. |
| • | Drag and drop an image into the Signature/Footer screen's HTML editor with Chrome, FireFox, Safari, or MSIE 10+ |
| • | Copy and paste an image from the clipboard into the Signature/Footer screen's HTML editor with Chrome, FireFox, MSIE 11+ |
Improved Administration
Global Administrators can now:
| • | Configure Outbreak Protection settings |
| • | Configure server-wide Autoresponder settings |
| • | Freeze/Unfreeze mail queues |
| • | Administer WorldClient server settings |
Other Remote Administration Improvements
New in 14.0.1
| • | Added mailbox reports for quotas, for mailbox size and message count. |
| • | Added Manual Learn button to Spam Filter Bayesian Classification section. |
| • | Log files can now be viewed in a new window. |
| • | Logos and color scheme updated. |
New in 14.0.0
| • | Remote Administration's Account Manager now displays icons for Outlook Connector and ActiveSync users. |
| • | Added Return port settings to defaults option. |
New in MDaemon 13.6
Simple Message Recall (New in 13.6.1)
MDaemon Pro now has a simple message recall system that can be enabled and configured on the new Message Recall screen, located on the Server Settings dialog. Using this system you can choose to delay incoming messages sent by authenticated local users for 1 to 15 minutes. During that delay period the messages are simply left in the inbound mail queue. This provides a short period during which a user can attempt to stop a message from being delivered. Once the delay period expires the message is delivered normally. The message recall feature is disabled by default. When the feature is enabled, the default delay period is 1 minute.
To recall a message a user can simply log in to WorldClient and click the Recall button that will be displayed when viewing a recently sent message in the Sent Items folder. If clicked before the recall time limit expires, WorldClient will send a RECALL message to MDaemon. Alternatively, the user can go the the Sent Items folder in his mail client, locate the message he wishes to recall, and then "Forward as Attachment" the message to the mdaemon@example.com system account, using "RECALL" as the message's Subject. Another alternative is to view the message's headers, copy the Message-ID header value (the part to the right of the "Message-ID:" string), create a new message and place "RECALL" plus the message ID value in the subject. If both alternatives are used within the same recall message, only the message ID option will be used.
Regardless of the chosen recall method, MDaemon will send an email back to the user, saying whether or not the recall was successful. When a message is successfully recalled, MDaemon deletes the message from the inbound queue as if it had never been sent. All recall processing is logged to MDeamon's Routing log.
A Statistics Log screen was added to the Logging dialog, with options for controlling the statistics log file and a new SQLite database file used for logging statistical information about MDaemon's activity. This database is used by WebAdmin's new Reports feature and contains data on MDaemon's bandwidth usage, number of inbound and outbound messages, spam statistics, and the like. By default this database is stored in the "MDaemon\StatsDB" folder and 30 days worth of data is saved, but you can adjust how long to keep the data if you wish to retain more or less than the default 30 days. Data older than the designated limit will be removed during the nightly maintenance process. You can also specify how often MDaemon will compact the database to conserve space.
The Reports page in WebAdmin uses this database to generate a variety of reports available to Global administrators. For each report, data may be generated for several predefined date ranges, or the admin may specify a custom date range. Administrators can choose from the following reports:
| • | Enhanced bandwidth reporting |
| • | Inbound vs. Outbound messages |
| • | Good messages vs. Junk messages (percentage of email that is spam or a virus) |
| • | Inbound messages processed |
| • | Top recipients by number of messages |
| • | Top recipients by message size |
| • | Outbound messages processed |
| • | Top spam sources (domains) |
| • | Viruses blocked, by time |
| • | Viruses blocked, by name |
ActiveSync Server Now Supports Public Folders (requires MDaemon Pro)
ActiveSync Services for MDaemon now support MDaemon's public folders in addition to mailbox folders. The behavior of any client accessing public folders via the ActiveSync protocol can vary. While MDaemon's ActiveSync implementation supports Email, Events, Contacts, Tasks and Notes, not all device clients are capable of handling this data. Public folder access can be controlled at the user, domain, and server levels.
There is a new global option on the Public & Shared Folders screen (and mirrored on the ActiveSync » Settings screen) for controlling whether or not ActiveSync users will be able to access their public folders from their devices. There are corresponding options on the Domain Manager and Account Editor that can be used to override the global setting for specific domains and users, respectively.
See:
Introduction
Upgrading to MDaemon 16.5.0
MDaemon's Main Display
