5.13
Released 2023-08-15
Imp
Updated version of eleven eXpurgate anti-spam daemon (4.47.0)Imp
Added selector field to DMARC reportingImp
Increased SA custom rules limitImp
Improved query builder for metadata fields in queue listingImp
Based on FreeBSD 13.2, and latest quarterly packagesBug
Fix issue with SpamHaus DQSBug
Fix issue with memory_store HSL functionDep
Removed deprecated ClamAV (ScanCLAM() is now a no-op)
5.12-p1
Released 2023-05-03
Bug
In HSL fix an issue with Map/Sets iterators and foreach
5.12
Released 2023-04-12
Imp
MTA improvements- Faster policy evaluations and subdomain matching
- Added a new grouping field to the queue structure to be used for combined recipientdomain/remotemx groupings
- Added
LOGIN
parameter support to theXCLIENT
command - Added support for network matching in
PROXY
,XCLIENT
and TLS client cert settings - Added connection pooling reuse setting based on remotemx
- Various improvements to DNS resolving
- Added a global DNS domain cache
- Restructured DNS cache to resolve all addresses, with deduplication
- Added global settings for
resolver.mx.exclude.ip
andresolver.mx.exclude.mx
- Priority messages now also have priority in resolver and script execution queues
- Allow overriding serverhost (
servers[].hostname
) in connect hooks'sAccept()
function - Added ability to read plugin configurations from file paths
- Improvements to
halonctl
- Added
--no-pipelining
options to queue trace command - More precise time (usec) resolution in queue trace command
- Queue update command now supports changing only localpart or domain of senders/recipients
- Added
halontop
now resizes layout to terminal size- Added a new C-API (
HalonMTA_deliver_trace
) to do custom trace outputs in delivery plugins - Added a new C-API for queue pickup plugins
Imp
Script language improvements- Added support for multiline CSV data in
csv_encode()
andcsv_decode()
- Added option to allow non-convertible objects to be converted to none in
json_encode()
- Added support for multiline CSV data in
Imp
Improvements to integrated (VM) package- Based on FreeBSD 13.2, and latest quarterly packages
- Pre-packed with http-bulk plugin
Dep
Important changes- Deprecated ClamAV in integrated (VM) package
- Deprecated
ScanDMARC()
in componentized package (installhalon-extras-dmarc
) - Deprecated builtin
LDAP
class in componentized package (installhalon-extras-ldap
) - Removed
MailMessage.deliver
(deprecated since 5.2, useMailMessage.queue()
instead) - Removed
/dev/null
as special transport destination - Removed
GetMailQueueMetric()
(deprecated since 5.3)
Bug
Various bug fixes- Missing dynamic policy id in
$arguments
in post-delivery on rate only policy conditions - Fixed timeout issue with PIPELINING
queue_policy_delete()
function was missing in AUTH hook- Fix issue with
unset
inforeach
loops - Fix issue with
scripting.rootpath
ending with/
- In HSL do not allow index dereference of string with key types other than numbers
- In HSL do not allow slice operator dereference with key types other than numbers
jobid
set in pre-deliveryTry()
function was not updated in post-delivery hook- Fixed rare crash with queue trace command on busy systems
- Missing dynamic policy id in
5.11-p3
Released 2023-02-17
Bug
Improved error handling with HTTP submissions APIBug
Fix error message withhalonconfig --dist-check
and missing schemasBug
Fixes to integrated (VM) package- Upgraded ClamAV to 1.0.1 to address CVE-2023-20032 and CVE-2023-20052
- Fix web adminsitration bug when adding domains
- Relaxed DangerousExtensions classification in eXpurgate (caused false positives)
- Allow changing DangerousExtensions with
antispam_expurgate_dangerous_extensions
setting
Bug
Fix rare issue connection retryDep
Please note that ClamAV is deprecated and will be removed in 5.12
5.11-p2
Released 2023-02-09
Bug
Fixes to integrated (VM) package- Lower default timeout of ScanRPD() scanning
- Fixed error handling for ScanRPD() in case of network errors
5.11-p1
Released 2023-02-06
Bug
Fix a rare issue with configuration reload on Ubuntu
5.11
Released 2023-02-03
Imp
MTA improvements- Added a
halonctl queue trace
command to trace outbound SMTP connections - Outbound PIPELINING support
- Ability to change TLSv1.3 cipher suites on server and clients
- Queue performance optimisations
- Added
setDateLater()
function to set Date header on delivery - Added connection
id
and numbers oftransactions
to post-delivery attempt connection array - Added support for networks in the
Try()
argumentip_exclude
- Allow changing jobid with
Queue()
functions in pre- and post-delivery - Added remotemx information to outbound connection list
- Added support for
--size
,--subject
,--metadata-and
filter conditions tohalonctl
- Added the ability to clear the internal DNS cache using domain wildcards in
halonctl
- Added a
Imp
Script language improvementsMap
/Set
iterator are now thread safe with imports (modifications are not)- Added support for data types when
import
ing YAML files - Added support for private key
import
(RSA and ED25519 keys) - Added
rsa_privatekey()
anded25519_privatekey()
function to load keys as PrivateKey resources - Added
array_combine()
function - Added
exclude_headers
tosignDKIM()
functions - Added support for PrivateKey resources to
signDKIM()
functions - Added support for tags when
parsing
ing YAML files - Added
MIMEPart.getByID()
functions to retrive a MIMEPart by ID - Added support for Regex types to
MIMEPart.findByType()
andMIMEPart.findByFileName()
functions csv_encode()
will not added quotes to string with spaces
Imp
Improvements to integrated (VM) package- Improved DNS reliability when using the builtin DNS cache
- In the WebUI allow building queue search filters with multiple different metadata combinations
Bug
Fix issue with slow graceful shutdown ofsmtpd
Bug
Fix issue with thehalonctl queue groupby
command if jobid was set withTry()
Bug
Fix issue with including files using symlinks within the rootpath in HSLBug
Fix issue with global functions and module imports in HSLDep
Important changes- Migrating away from Cyren (ctasd and ctipd)
- The deprecated
DirectDeliver()
function now acts as a queuing deliver - Removed deprecated
GetTLS()
,Allow()
,Block()
andDeliverWithDKIM()
functions - On Linux, trying to reload with Halon script compilation errors will continue using the previous configuration
5.10-p1
Released 2022-12-06
Bug
halonctl resolver command didn't ignore SIGPIPEBug
halontop didn't show patch version properlyBug
On some Linux distros environment.rlimit.nice could not be set to a negative valueBug
Improved error handling on JSON payloads in smtpd HTTP APIBug
On configuration load filename was missing in error messageBug
Fixed a stability issueBug
Updated FreeBSD ping utility (CVE-2022-23093)
5.10
Released 2022-10-11
New
Web administration additions- Delivery insights view
- Outbound connection list and ability to close connections
- Visual refresh
Imp
Package and repository improvements- Builds for Ubuntu 22.04 LTS
- Packages for extras projects written in Halon script
Imp
MTA improvements- Ability to change IP address family (v4/v6) preference
- Support for implicit TLS for outbound connections
- New outbound TLS mode
dane_fallback_require_verify
for DANE/MTA-STS coexistence - Added peer certificate error and TLSA to post-delivery's attempt information
- Store last attempt's
localip
,remoteip
andremotemx
in the defer queue
Imp
Script language improvements- Added
domain_publicsuffix()
function - Added
url_parse()
function - Added
insert_function
option tocache []
- Added new
match
expression Socket.recv
may now use multiple flags as an array- Added support for
body_length
insignDKIM()
- Ability to set properties and the stop flag in for dynamic
queue_policy()
- Added
Imp
Protobuf API improvementsQueueGroupBy
bylocalip
as wellQueueGroupBy
support policy grouping (MX rollup, etc)- More
ServerConnectionsList
information; transactions, local IP and ports
Imp
Command line tool improvementshalonctl groupby
overhaul, adding lots of new functionalityhalonctl queue update
now have a dry-run flag to test querieshalonctl process-stats
may now output Prometheus compatible formats
Imp
Improvements to integrated (VM) package- Added support for Sophos Live Protection
- Added HTTP submission API support
- Updated Cyren packages to ctasd 5.5.1 and ctipd 4.5.1
- Updated to FreeBSD 12.3-RELEASE-p7 with quarterly packages
ScanDMARC
function how have an option to disable SHA1 signatures (rfc8301)- Allow reverse lookups for private address space in unbound DNS resolver
Bug
Fix issue with dynamic policies in the 35/8 subnetDep
Important changes- The Ubuntu packages no longer depends on
halon-extras-rate
andhalon-extras-dlp
(need to be explicitly installed) - The per-recipient end-of-DATA function
DirectDeliver
is deprecated, useMailMessage.send()
instead - The post-delivery function
GetTLS()
is deprecated, use thetls
object in$arguments
instead
- The Ubuntu packages no longer depends on
5.9-p3
Released 2022-12-05
Bug
Fixed a stability issue
5.9-p2
Released 2022-08-16
Bug
Could not override Spamhaus DQS scores in integrated (VM) packageBug
GetTLS()
in post-delivery could fail on non-delivered messagesBug
Issue withQueue()
in post-delivery with no retry delayBug
Fixed an error message inhalonconfig
5.9-p1
Released 2022-05-31
Bug
Fix issue with IPC (Unix domain socket) permisson on Linux
5.9
Released 2022-05-30
New
Added priority for queued messagesNew
Added max age of messages in queue (retry.during
) as an alternative toretry.count
Imp
MTA improvements- Added support for thread priority for various thread pools and event loops
- Made
ip_exclude_temporary
also work withmx_exclude
in SMTP clients - Added
dane_fallback_require
as TLS mode in SMTP clients - Added support for more AUTH mechanisms in SMTP clients (eg. XOAUTH2)
- Randomize the order of equal-preference MX host addresses
- Added possibility to configure custom script thread pools per hook
- Delivery settings may now change max retries/during and retry intervals
- Added
queues.maxmessages
to limit number of messages to hold in memory - Added
data.fixheaders
(false) anddata.mimepart.fixheaders
(false) to inject\r\n
before bad headers - Added
queue.loader.active
counter to hold total messages currently loaded - Postmaster address may be configured separately as localpart and domain (inherit from reporting-mta)
- Added possibility to disable MIME multipart parsing for performance
- Added
maxparts
to configure max MIME parts - Added ability to change
transportid
inTry()
- Added
$arguments["expired"]
to post-delivery hook to indicate bounces due to age or max retry count - Added reason to
Delete()
in the pre-delivery hook - Added support for DSN options to
Bounce()
in the pre-delivery hook
Imp
Script language improvements- Added array dereference with spread operator inside of arrays
- Allow upcast of TLSSocket to Socket with
TLSocket.toSocket()
- Added
setFileName()
andsetDisposition()
functions toMIME()
- Detect MIME parsing errors with
MailMessage.getErrors()
- Added support to create
MailMessages
fromFile
objects usingMailMessage::File()
- Added reason for policy result and detailed error/errno to
spf_query()
output
Imp
Native (C ABI) plugin improvements- Added support to get object properties with
HalonMTA_hsl_object_property_get()
- Create MailMessage and File classes from strings with
HalonMTA_hsl_value_set()
- Detect MailMessage type with
HalonMTA_hsl_value_type()
- Added support to get object properties with
Imp
HTTP submission API improvements- Added
/health
endpoints to be used with load balancers - Added
$arguments["headers"]
to end-of-DATA script - Added concurrency limit setting per server
- Certificates are soft reloadable in configuration
- Added
Imp
Protobuf API improvements- Include HTTP connection in ServerConnectionsList replies
- Support for close reason of HTTP connections with ServerConnectionsClose
- Added option to reset
transactionid
,ts
andretrycount
upon message import - Bounce action may set
status
anddiagnosticcode
on queue updates - Added regular expression support in StringMatch in API for message conditions
- Added unique count feature to groupby
- Added maximum values to process stats and present them nicely in
halontop
Imp
Improvements to integrated (VM) package- Added support for EU-only Cyren datacenter for RPD and globalview
- Added support to configure reserved IPs for SMTP servers in web administration
- Include updated spamassassin-dqs with support for DBL with hostnames
- Allow access to Sophos AV unix socket using Socket() class in HSL
- Enable scanning of Msi files with Sophos AV
- PHP IMAP module now available in custom-www
- PHP DNS resolving is now available in custom-www
- Updated to FreeBSD 12.3-RELEASE-p5 with quarterly packages
Imp
All halonctl commands accepting time now allows for X[dhms] syntaxImp
Added dist-check command to halonconfig to check generated configurationImp
Added option to stop-on-match in smtpd-policy.yaml when matching rulesImp
Add configurable rate sync delay to improve UDP synchronization reliabilityBug
Fix validation bug in JSON schema with HTTP submission APIBug
Fix validation bug in post-delivery hook with$arguments["dsn"]["status", "diagnost
...Bug
Allow long lines in message body when receiving messages with CHUNKINGBug
Fix rate issue with dynamic policies which could cause MTA restartsBug
HTTP submission API header name “X-API-Key” was not case insensitiveBug
Statistics queue.policy.rate.suspends not decreased on manual message deletesBug
Fix bug in C API when invoking function pointers in class member functionsBug
DNS zone flush with unbound in VM package did not clear all record typesBug
Do not rescan messages with ScanCLAM() and ScanRPD() if failedBug
Properly detect temperror in ScanDMARC()Bug
Fix escaping of email addresses by escaping additional charactersBug
Added detection newer versions of .docx and .xlsx files in ScanDLP()Dep
Deprecated use of MIME("0") in EOD, use $arguments["mail"] or GetMailMessage() insteadDep
Important changes- Removed "eodrcpt" from Linux builds
- Removed ability to control "rated" and "dlpd" from "halonctl" (use ratectl or dlpctl instead)
- Removed deprecated functions from per-message end-of-DATA script: Queue(), GetMailMessage(), GetTLS(), GetAddressList(), DKIMSign(), DKIMSDID(), DKIMVerify()
5.8-p4
Released 2022-03-16
Sec
Updated OpenSSL to fix CVE-2022-0778
5.8-p3
Released 2022-02-10
Bug
Issue when using Cyren anti-spam (ctipd and ctasd) with a HTTP proxy fixedBug
Auto-detection of DKIM keys inadditional_signatures
fixedBug
Reduce risk ofrated
UDP packet loss for initial synchronisationBug
Issue withScanDLP()
and custom rules fixedBug
Updated libcurl to 7.81
5.8-p2
Released on 2022-01-25
Bug
DKIM validation issue under certain circumstances
5.8-p1
Released on 2022-01-10
Bug
Privdrop after creating control socket inrated
Bug
Fixrated
startup rate hit syncBug
Fix minor issue parsing bad headers
5.8
Released 2021-12-13
New
Templates for Docker and Kubernetes- The
dlpd
content filtering connection now uses a HTTP based API - The
rated
rate control connection supports DNS with dynamic re-resolve
- The
New
APT/deb and RPM repositories- Components are now in separate packages (MTA, rate control, content inspection, etc.)
- Added separate
dlpctl
anratectl
tools for the respective new packages
New
MTA features- HTTP submission API for pre-formatted RFC822 messages
halontop
program showing realtime process metrics- Faster DKIM dual-signing with
additional_signatures
tosignDKIM()
- Ability to use multiple spool paths
- Added support
reserved
connection slots - Export message using with
QueueExportRequest
API
New
Native (C ABI) plugin features- Added
Halon_command_execute()
function, supportingargv
style of arguments - Added
Halon_early_init()
function, supporting early initialization - Added
HalonMTA_hsl_value_to_json()
andHalonMTA_hsl_value_from_json()
functions - Added
HalonMTA_hsl_value_array_length
function - Autoloading plugins without configuration
- Support for objects
- Support for exceptions
- Support for static functions
- Support for running Halon script functions in C
- Support for working with lists function in C
- Support for more types in C API such as
X509
,File
objects
- Added
Imp
Script language improvements- Added
zlib_compress()
and uncompress functions - Added
MIME.toFile()
function - Added
MIME.setDate()
function - Added
X509.extensions()
function - Added
X509.verify()
function - Added
X509::String()
function - Added
queue_policy_delete
function - Added
import
support for multiple X509 certificates (.crt) - Added
import
support for rfc822 message files (.eml) - Added
glob import
support - Added support for
srv
records indns_query()
function
- Added
Imp
MTA improvements- Improved DSN generation by supporting to include full original messages and DSN field customization
- Include DSN arguments in post-delivery
$arguments["dsn"]
array - Include queue policy insights in post-delivery
$arguments["policy"]
array - Added support for customization of the Received header (
tls
andfor
) - Order queue list by retrycount
- Support message retry with a jitter (distribution) in queue actions
- Added support for queue message grouping of remoteip and remotemx
- Added lists, grouping of conditions, and custom properties to active queue policy and delivery settings
- Allow configuration of multiple
pickup
threads - Added delivery counters to process stats
- Added support for
.halonignore
files when packaging configuration usinghalonconfig
Imp
Improvements to integrated (VM) package- Added support Cyren anti-malware in
ScanRPD()
(requires an extra license) - Added option to include HSL plugins in script editor "run" on VM package
- Updated FreeBSD packages (including Sophos och Cyren)
- Added support to configure ciphers for the HTTPS web administration
- Added support Cyren anti-malware in
Bug
Fix bug with localip in smtpd-delivery.yamlDep
Important changes- Removed the deprecated
GetMailFile()
function - It's no longer valid to send message to plain IP addresses
user@ip
- Disabled PhishingScanURLs in ClamAV
- Removed
signature_exclude
support from ScanCLAM() - Standard ciphers names are now used in logs (instead of OpenSSL convention)
- Graceful shutdown for inbound connections
- Renamed process threads (visible in
top
)
- Removed the deprecated
5.7-p4
Released on 2021-11-09
Bug
MIME formatting issue with append/prependPart() on non-MIME messagesBug
Issue with DKIM signature in bouncesBug
MIME()
not storing decoded headers when queuing
5.7-p3
Released on 2021-09-19
Bug
Direct deliver in EOD rcpt hook
5.7-p2
Released on 2021-08-24
Bug
File type detection in DLP engine
5.7-p1
Released on 2021-08-06
Bug
Make linter recognise$connection["tls"]["sni"]
Bug
Startup bulk synchronisation inrated
Bug
PROXY protocol heartbeat connections
5.7
Released 2021-07-21
New
Introducing exception handling with accompanyingtry
,catch
andthrow
control structuresNew
Visual Studio Code plugin support for debugging script in thesmtpd
MTA processNew
Inbound connection list in web administration andServerConnectionsListRequest
APINew
Ability to close inbound connections withServerConnectionsCloseRequest
APINew
Addedarray_unique()
andarray_shuffle()
functionsNew
Addedpcre_compile()
function to pre-compile regular expressions from user inputNew
Added#/myregexpattern/
syntax for creating pre-compiled regular expressionsNew
AddedX509::String()
method for creating an X.509 resource from PEM or DERNew
AddedMIME.send()
method for inline delivery directly from MIME objectImp
New HQF2 queue file format which combines .eml and .hqfImp
Added--unpack
option tohalonconfig
to reverse packingImp
Thehalonconfig
command now validates plugin configuration schemasImp
Addedadditional_headers
option to pre-deliveryTry()
function for passing dataImp
Addedmodified_original
DSN option to post-deliveryBounce()
for altering original headersImp
Added connectionid
andremoteuid
to SMTP server$connection
arrayImp
Addedremove_if_zero
argument tomemory_dec()
for automatic cleanupImp
Addedjson
andregex
formatters toimport
andcsv_decode()
Imp
Ability toimport
text file lines asSet
object items for fast lookupsImp
Allowforeach
on$this
in classes to iterate all instance propertiesImp
Addeddepth
option todomain_includes()
functionImp
Ability to useresponse_headers
withextended_result
inhttp()
Imp
Support for loadingFile
from standard input when running inhsh
Dep
The=~
and!~
operators now throws on invalid regular expressionsDep
Messages with emptyremotemx
orjobid
are not matched against queue policies with thoseDep
Modules loaded withimport
can no longer access global user-defined functionsDep
Removedmail()
optionrawbody
and URI fallback forldap_bind()
(deprecated since 4.8)
5.6-p4
Released on 2021-07-19
Bug
No longer passes function pointers from in$context
(only data is supported)Bug
Fixed long loading times ofhsl-lint
andhalonconfig
with large YAML filesBug
Resolved issue withqueue_suspend()
andqueue_policy()
argument orderBug
Connection pooling didn't work with outbound PROXY protocolBug
In post-delivery attempt array, localip was not set correctly with outbound PROXY protocolBug
Issue withcache []
size if is set to2**32
Bug
The transport retry intervals didn't override the transport group's intervals
5.6-p3
Released on 2021-06-29
Bug
Issue with thecache []
when exception was thrown from cached functionBug
Context switching with plugins wasn't supported in the PROXY scriptBug
The$context
variable wasn't updated after the EOD script hookBug
Only one DKIM signature was supported on theMIME()
objectBug
Unable to rename a used disconnect script in the web administrationBug
Imported function could not resolve nested function in some special casesBug
Imported object between multiple hooks could not resolve imported functions in some special cases
5.6-p2
Released on 2021-05-28
Imp
Updated to FreeBSD 12.2-RELEASE-p7 (VM)Bug
Updated to ClamAV 0.103.2 (VM)Bug
Add library path for plugin libraries (VM)Bug
Fixed issue with updated variables and logging in per-recipient end-of-DATA scriptBug
Fixed auto generation of transaction ID on APIQueueImport
Bug
Fixed encoding issue inxtext_encode()
5.6-p1
Released on 2021-04-08
Imp
Updated to FreeBSD 12.2-RELEASE-p5 (VM) with OpenSSL fixesImp
Updated to SpamAssassin 3.4.5Bug
Fixes a race condition in the queue scriptBug
Restricts NTP timesync access
5.6
Released on 2021-03-22, see the release notes for notable changes
New
Added native plugin support by loading C ABI compatible librariesNew
Added CSV schema validation support inimport
so that imported files gets validatedImp
Ability to start the server without any listeners in order to drain queueImp
Allow server control socket to listen on IP in addition to socket fileImp
Ability to group queue distribution view by sending domainImp
Added variables for disconnect reason to disconnect script hookImp
http()
function now supports explicithttp_version
andpost_size
Imp
Ability to modify (rather than just add and delete) queue suspend and policy itemsImp
Added total count in API response for queuelist
andgroupby
CLI/API commandsImp
Possibility to disable the Received header (instead of having to delete it from script)Imp
Added In-Reply-To to DSN messages (to support threaded bounces)Imp
Added decode option to MIMEPart.getHeader functionsImp
Added binary option to all hashing functions (eg. sha2 function)Imp
Improved concurrent cache miss behaviour in the HSLcache
Imp
Added possibility to disable hook logsImp
Default()
function now allows configuration of bounce settingsImp
Try()
function IP include and excludes (similar tomx_include
andmx_exclude
)Imp
Improvements to integrated (VM) packageBug
Resolved an issue with the queue updatesBug
Resolved an issue with the import statements and reloadsBug
Fix bug with paging of Halon script ratesBug
Fix a memory leak in the backend authentication script (with modules)Bug
Missing error counters on connect and disconnectBug
Halon script Socket classes' close() method could cause unexpected disconnect behavioursBug
Fix support for BDAT and the proxy script hookBug
Fix an issue with SNMP and the firewall scriptBug
Fix an issue when sorting email history by "Received" date in the REST API for the integrated (VM) packageDep
queue_suspend()
andqueue_policy()
has changed its return valueDep
Text log formats has been slightly changedDep
File.toFFIValue()
function now returns C-compatible FILE pointer.Dep
Remove functions a per the deprecation noteDep
Queue suspend and policy API calls return UUIDs instead ofuint64
Dep
Minimum supported API version is (5.6)
5.5
Released on 2020-11-16, see the release notes for notable changes
New
DSN extension supportNew
Outbound PROXY protocol supportNew
Function generators andyield
New
Map()
andSet()
data container classesNew
Ability to disablesourceip_random
, useful during for example IP warmupNew
Addedhalonctl hsl memory list
and correspondingHSLMemoryListRequest
APINew
Addedbase32_encode
and decode functionsNew
Addedurl_encode
and decode functionsNew
Test command for the asynchronous DNS resolverhalonctl resolver query
New
Queue suspend filters withhalonctl queue suspend list
andSuspendRequest
APINew
Settings for max messages, recipients and hopsNew
Addedunix_socket_path
option tohttp()
functionNew
Addedsender
option andscantime
result toScanSA()
functionNew
Addedspool.corrupt
setting for controlling handling of bad queue filesNew
High-resolution process runtime counterprocess.elapsed
New
Active queue performance countersqueue.pickup.X
New
Script error countersservers.X.scripts.Y.errors
Imp
Fraction of second insleep()
Imp
Improved performance for large active queue policy rate buckets and exclude listsImp
Ability to specify an ID for dynamic active queue suspensions and policy conditionsImp
Ability to filterhalonctl hsl rate list
based on conditionsImp
More relaxed rules for naming of ID and file path in YAML schemasImp
Improvedsmtpd
process shutdownImp
Improved SMTP command diagnostics ("in reply to") in bouncesImp
Added Original-Envelope-ID and Original-Recipient headers to bouncesImp
Consider all 2xx-codes successful in SMTP clientImp
File descriptor exhaustion error logging and handling improvedImp
Improvements to integrated (VM) package- Custom HTTP API endpoint hosting on the web admin page
- Ability to stop and start
smtpd
from the services section - Firewall rules (
ipfw
) may now be added to/cfg/rc.halon
startup script - Ability to add custom local DNS records (A/AAAA/MX/TXT and PTR) to built-in DNS resolver
- Ability to sort and search by finished (rather than received) time in message history
- Updated to FreeBSD 12.2-RELEASE with quarterly packages
5.4-p3
Released on 2020-11-09
Bug
Support binary POST data in backgroundhttp()
callsBug
Fixed MIME'sverifyDKIM()
after doing message modificationBug
Fixed error flag issue with consecutive calls toScanKAV()
(on same message)Bug
Prevent announcing extensions from HELO/EHLO script hook onHELO
Bug
Fixedhalonctl
missing fieldssenderhelo
,saslusername
andduration
Bug
Fixed issue with queue list duration sort order
5.4-p2
Released on 2020-10-01
Imp
Detect certain hardware to support iDRAC keyboard delay (VM)Imp
Updated to FreeBSD 12.1-RELEASE-p10 (VM)Bug
Fixed issue with PROXY protocol and implicit TLSBug
Fixed proxy script and lint issue withhalonconfig
Bug
Fixed counting issue with thescripts.proxy.running
/finished
process statsBug
Fixed issue where chunking wasn't disabled as per default configuration (VM)Bug
Restored theid
andts
fields inScanDMARC()
outputBug
Enable queuing of messages fromhsh
Bug
Fixed sorting and paging on web administration rate and suspend pages
5.4-p1
Released on 2020-08-14
Imp
UUID version selector (time/v1 or random/v4)Imp
Integrated package is updated to FreeBSD 12.1-RELEASE-p8Bug
Fix default enhanced status code in bounces for certain errorsBug
Added validation of certain CLI arguments to improve error reportingBug
Fix web administration regression when adding servers and transports
5.4
Released on 2020-07-22, see the release notes for notable changes
New
CHUNKING/BDAT and the SIZE service extensionNew
Disconnect script hookNew
yaml_decode()
function and import loader (similar to JSON)New
Ability to export an File classes as a C++ std::istreamNew
Ability to export an X.509 resources as a OpenSSL pointerNew
FFI callback functionNew
DSN options toBounce()
andQueue()
that allows overriding content, headers, delay, etcNew
Pre-defined variable of the DSN that is to be generatedNew
Default()
function in post-delivery to terminate script based on delivery result and settingsNew
Settings for minimum amount of free inodes and bytes for receiving emailNew
Setting for fsync before 250 on DATANew
Settings for number of max hops (loop protection)New
Timeout settings for Sophos and ClamAV, with new defaults of 30 secondsNew
Pre-defined variable for username when accepting email on local Unix socketNew
http()
callback function for POST dataNew
MailMessagequeue()
functionNew
MailMessageget/setPreamble()
andget/setEpilogue()
functionsNew
MailMessagemodifyContent()
function advanced, direct modification of email dataNew
StaticFile::read()
function that returns all data from a file pathNew
LDAP classgetoption()
functionNew
Numeric separatorNew
Zero-fill right shift bitwise operatorImp
Ability to changeimport
loader typeImp
Includes SIZE= in MAIL FROM if server announces SIZE service extensionImp
SMTP client always send EHLO first (and then try HELO)Imp
Do not include detail in local-part in license count (user+detail@domain)Imp
MIMEqueue()
options for delay and holdImp
Ability to override recipient domain for MX lookup in pre-delivery and all other placesImp
Access to the queued email data in pre/post-delivery as aFile
resourceImp
dns_query()
option for extended results including TTL and type-specific fieldsImp
Added reply code option to allAccept()
functionsImp
Auto-Submitted
header to bounces (rfc3834)Imp
Active queue policy, suspend and delivery configurations in web admin code editorImp
Saving custom views on queue pagesImp
Custom metadata groupings and columns on queue pagesImp
Number compare for metadata filters on queue pagesImp
Partial and case sensitive matching of local parts on queue pagesImp
Real-time rates for counters on process statistics pageImp
Added process stat counter for finished script hooksImp
Added multiple recipientdomain and remotemx option to if statements in delivery configurationImp
Network matching in queue conditions for sender-, local- and *remoteip&Imp
The API output is always normalised as UTF-8Imp
The API supports comparing queue metadata as numbersImp
TheMIMEPart.setBody()
andMailMessage.toString()
limitation of 1 MiB is now removedImp
Extended error reporting from Sophos AVImp
Added -R tohsh
to override scripting.rootpathImp
Added --ffi tohsh
to override scripting.ffiImp
Added --binary flag tohsh
Imp
Added support for FFI inhsl-lint
Imp
Integrated package is based on FreeBSD 12.1-RELEASE-p7 with quarterly packagesImp
Update to Sophos 3.2.07.379.0Imp
Protobuf schemas are now part of the Linux packageImp
Removedhttprd
from the Linux packageImp
Added queue load command tohalonctl
to import messagesBug
Resolved issue with SMTPUTF8 and connection poolingBug
Wait for support processes likerated
anddlpd
Bug
Log thread creation errors in updateQueueBug
Make thedomain_includes()
function non-case-sensitiveBug
Fixed an issue with multiple network interfaces using DHCPBug
Fixed an issue with storage disk resizingBug
Fixed an issue with history search filter matching and less- and greater-thanBug
Depend onuuidd
runtime on LinuxDep
TheQueue()
function (overrides the built-in logic) may now exceed the transport's max retry countDep
TheSetDSN()
function has been deprecated in favour of the "dsn" option to Bounce() and Queue()Dep
Theinet_includes()
function now return none on errorsDep
TheLDAPResult.next()
andFile.readline()
now return false on end-of-data instead of noneDep
TheMIMEPart.setBody()
limitation of 1 MiB is now removedDep
The dns_query() function's ttl result property has been removed in favour of the extended_result optionDep
All messages in the active queue now have at least one localip (instead of showing an empty address)
5.3-p5
Released on 2020-06-10
Bug
Fixed a stability issue with the connection pool
5.3-p4
Released on 2020-05-26
Bug
Fixed issue with server connection concurrency limitBug
Fixed tags (comments) for some types of manual active queue suspendsBug
Fixed issue with the proxy script hookBug
Fixed web administration bug when adding active queue policy without concurrency valueBug
Fixed minor issue with integrated package's shell console interfaceBug
Fixed locking issue with integrated package IDE's built-in run script windowBug
Increased the integrated package's max threads per process limit
5.3-p3
Released on 2020-05-04
Imp
Removed unsupported ClamAV safebrowsingBug
Fixed SpamAssassin SPF issueBug
Fixed web administration issue on SafariBug
Fixed IP address configuration regression in video console interface
5.3-p2
Released on 2020-03-10
Imp
Support more charsets by inclusion of latest GNU iconvImp
Changed log level of ldap_auth() function failuresBug
Fixed issue with active queue policy with certain groupingsBug
Fixed issue with decoding of RFC2231 parameters valuesBug
Fixed regression with decoding of certain charsetsBug
Fixed regression with Mellanox (mlx5en) network adapters
5.3-p1
Released on 2020-02-24
Imp
Added SMTP state information to delivery error logsImp
Addedport
option to dns_query() functionBug
Fixed issue with duplicate messages API callBug
Fixed "neq" condition (not equal) with "size" and "retry_count" fieldsBug
Fixed issue with message size variable and per-recipient end-of-DATA scriptBug
Web administration fixes- Re-add quarantine view selector on queued messages page
- Re-add confirm dialog on all queue message actions
- Fixed display of file name of attachment in preview
- Fixed preview buttons of messages with invalid MIME formatting
- Fixed issue with FN/FP reporting links
Bug
Updated system packages- ClamAV 0.102.2
5.3
Released on 2020-02-11
New
Queue features and API- Connection pooling (reuse)
- Fine-grained queue query API (for list, update and distribution)
- Improved queue quota functionality
- Added delivery settings for active queue fields
- Added active queue suspend and policy functions to more script hooks
- Added message size including modifications to pre- and post-delivery script
- New on-disk queue format
New
Command-line inteface tool halonctlNew
SMTP server scripting featuresImp
Script language improvements- New Iconv() class for internationalization conversion
- Added array_every function to test all element against callback
- Re-implemented barrier using shared memory functions
- Added Base64 encoding option to the MIME set/addHeader functions
Imp
Web administration queue improvements- Merged open connections with message queue for better overview
- Powerful filter dialogue using the new queue conditions
- Column selector and inline messages preview in message viewer
Imp
Certificate can be in reloadable configuration even if private key is in startupImp
Added graceful draining to the background http() process httprdImp
Added idle timeout to virtual serversImp
Updated system packagesBug
Patched Net-SNMP to fix memory leakDep
Important changes- Removed SOAP API
- Removed several REST API queue commands in favour for new queue API
- Removed GetMailQueueMetrics() in favour for new queue_quota() function
- Merged smtpd and queued processes which affects logging
5.2-p7
Released on 2020-05-26
Bug
Fixed issue with server connection concurrency limitBug
Fixed tags (comments) for some types of manual active queue suspendsBug
Fixed issue with the proxy script hookBug
Fixed minor issue with integrated package's shell console interfaceBug
Fixed locking issue with integrated package IDE's built-in run script windowBug
Increased the integrated package's max threads per process limit
5.2-p6
Released on 2020-05-04
Imp
Changed log level of ldap_auth() function failuresImp
Removed unsupported ClamAV safebrowsingBug
Fixed SpamAssassin SPF issueBug
Fixed web administration issue on SafariBug
Fixed IP address configuration regression in video console interface
5.2-p5
Released on 2020-02-03
Bug
Fixed regression regarding interface order
5.2-p4
Released on 2020-01-29
Imp
Option to use operating system's network interface order instead of by MAC/hardware addressImp
Added software update version selector to web administration (patch/major)Imp
Support DANE for non-MX destinationsBug
Fixed protocol violation with LMTP and STARTTLSBug
Fixed issue with smtp_lookup_rcpt() functionBug
Fixed memory leak in TLSA DNS resolving
5.2-p3
Released on 2019-12-27
Bug
Fixed issue with long-running script hooks which could cause internal congestionsBug
Fixed stability issue with newly implemented TLS 1.3
5.2-p2
Released on 2019-12-06
Imp
Support overlapping active queue policy groupings by order of appreanceImp
Addedenvironment.syslog.mask
option to startup configurationsBug
Fixed regression which could cause DSNs to be sent too earlyBug
Prevent adding multiple queue policy counters on same field in web administration
5.2-p1
Released on 2019-10-10
Imp
Addedtimeout
option to SMTP client delivery optionsBug
Fixed issue with listen address when IPv6 is disabledBug
Fixed issue when adding policy to suspend entire active queue
5.2
Released on 2019-09-25
New
Queue subsystem features- Asynchronous SMTP and DNS connection processing
- Concurrency and rate control in active queue
- Custom counters with regex/wildcard matching for rollup
- Job ID field for scriptable/custom match parameters
- Dynamic control via script and API
- Queuing to multiple source IP/HELO pairs with round-robin and exclusion via suspend
- Transport group hierarchy with setting inheritance
- Simplified pre- and post-delivery scripts with new
Try()
,Queue()
and$message
symbols - Added
mx_include
/exclude options to deliver functions to control MX resolution - Enabled forward-confirmed reverse DNS lookups (used in Received header) by default
New
Script language features- Added FFI class for calling routines in external libraries
- Added shared memory functions and API for counting and caching
- Added csv_encode() function useful for CSV logging
- Added
redirects
option to http()
Imp
Web administration improvements- New queue distribution page which can group by age and next retry
- New process statistics page that shows internal counters
Imp
Updated system packages- FreeBSD 12.0-RELEASE-p10
- FreeBSD 12 quarterly packages
Dep
Important changes- Removed the options for MX delivery (zone= and query=)
- Removed the transport profile priority and pause setting in favour for virtual queues, hold and suspend
5.1-p3
Released on 2019-06-17
Bug
Fallback to HELO if EHLO fail and we do not require TLSBug
Reintroduce accept reason in delivery logBug
Fixes Cyren issue with a cache purging commandBug
Web administration regressions- Fix clearing individual cache items
- Fix multi-select on queue items
- Fix issue with showing clustered graphs
5.1-p2
Released on 2019-05-15
Bug
New $connection variable were populated incorrectly in regards to local/remote information.
5.1-p1
Released on 2019-05-08
Bug
Resolve DANE-TA issue by switching from LDNS to OpenSSL's DANE implementation
5.1
Released on 2019-04-25
New
SMTP server scripting featuresImp
SMTP server improvements- Support for PROXY protocol v2
- Added wildcard matching in domain relay table
- Added many options and flags to script functions
- Added
reason
andreply_codes
to Accept() - Added
decode
to mail message getBody() - Added
type
to MIME appendPart/prependPart() - Added various settings for DMARC and Cyren RPD
- Added
- Compatibility mode for previous predefined variables and setter functions
Imp
Script language improvements- Added pkcs7_sign() function for S/MIME
- Added xtext_decode() and encode functions useful for parsing SMTP parameters
- Added X.509 class returned by many functions
- Added header_addresslist_extract() and header_dkim_decode() functions
- Reworked spf_query() and dns_query() with improved return types
- Added
encode
option to MIME addHeader() - Added to
tls_client_cert
to http() - Added
local
timezone flag to strftime() and strptime() - Added
getpeerx509()
to LDAP class - Added
readonly
variables to classes - Support for remainder
…$rest
in destructing assignments - Allow access to private properties in anonymous functions returned from classes (with closure)
Imp
Updated system packages- FreeBSD 12.0-RELEASE-p3
- FreeBSD 12 quarterly packages
Bug
Fixed issue with TLS certificates being read multiple timesBug
Fixed issue with paused transports creating unnecessary logsDep
Important changes- The SMTP server reject/defer functions doesn’t prepend pre-defined messages
- Underscores are now allowed in variable names
- Removed "null" as literal null transport destination
- Removed size limit from mail message getBody()
5.0-p2
Released on 2019-03-04
Bug
Fix issues in web administration with new REST APIBug
Fix issue with license user count expirationBug
Use true/false rather than 1/0 for all boolean types- rate() return type
- smtp_lookup_rcpt() flag for TLS started
Bug
Fix issues with firewall script- Include files in folders could not be used in firewall script
- The built-in FTP server’s passive mode didn't work with a firewall script
Bug
Fix memory leak in new LDAP classBug
Suppress harmless warning in quarantine retention cleanup
5.0-p1
Released on 2019-02-20
Bug
Properly detect the Amazon EC2 hypervisorBug
Inline delivery wasn't logging sender information on errorsBug
Numerically named include files could not be checked for errorsBug
Fixed a rare crash that could occur during DKIM signingBug
Fix regressions in web administration with new REST API
5.0
Released on 2019-01-24
New
RESTful API with OpenAPI specificationNew
SMTP server scripting features- Added per-message end-of-DATA script
- Added
snapshot()
andrestore()
to the end-of-DATAMIME()
class - New
$transaction
variable with sender and recipients that's gradually populated - New
senderlocalpart
andrecipientlocalpart
variables in original format - New options in connect script's
Accept()
functionreason
to set banner responsesenderptr
to set sender hostname printed in "Received" header
- New options in RCPT TO
Accept()
functionrecipient
for overriding the default$recipient
context variabletransportid
for overriding the default$transportid
context variable
- New option
from_name
in pre/post-deliverySetDSN()
Imp
SMTP server improvements- TLS 1.3 support
- Wildcard matching in SNI
- Sender information can be overridden per queued recipient
- Added configuration options
- Implicit TLS per virtual server listener
- Verbose logging per virtual server
- Bare LF is converted to CRLF
- Disable client-initiated TLS renegotiation
Imp
Script language improvements- Added spread operator to array type
- Added wildcard function and variable
import
into a namespace - Added compile-time text, JSON and CSV
import
into a variable - Added
csv_decode()
function that parses a string according to a schema - Added
inet_reverse()
function that creates a reverse DNS for PTR or DNSxL lookups - Added
array_find()
function - New
LDAP()
class - Reworked standard library functions
length()
function that supports multiple data typesarray_join()
,array_includes()
andarray_range()
str_find()
,str_rfind()
,str_lower()
,str_upper()
,str_slice()
andstr_strip()
random_number()
,domain_includes()
,inet_includes()
- Added
getPath()
andreadline()
methods toFile()
class - New
allow_comments
option injson_decode()
- New
type
option indns()
- New
proxy
option inhttp()
to override the system default
Imp
Web administration improvements- Script editor improvement
- Custom input controllers for CSV files using schemas
- CSV import using custom delimiter
- Syntax highlighting for JSON files
- Scratchpad for quickly writing and running code
- History and queue search support
>=
and<=
operators - Moved catch-all domain settings to virtual server configuration
- Moved SSH, HTTPS and FTP TLS keys to host server configuration
- Script editor improvement
Imp
System distribution improvements- Ability to configure HTTP proxy, used by all HTTP clients throughout the system
- Ability to clear individual entries from built-in DNS cache
- DHCP support for DNS resolvers
- Configuration now accepts
/
in IDs, used for folders in the script editor
Imp
Updated system packagesBug
Fix issue withlagg
network interfaces on bootDep
Important changes- The
is_number()
function to no longer return true on boolean variables - Removed
$tlsprotocol
,$tlscipher
and$tlskeysize
variables from RCPT script - Removed calling a function as a string from
cache
- Removed
Deliver()
from post-delivery script - The
Quarantine()
function's option parameter must be an array - Removed
system_default_transport
- Renamed processes
dlpd
andqueued
- The
4.8-r1
Released on 2018-11-01
Imp
Added acrypt()
functionImp
Updated to Sophos 3.2.07.374.0
4.8-p1
Released on 2018-10-03
Bug
Fix issue whereldap_bind()
return error (-1) rather than failure (0) on a failed bindBug
Patch libspf2 to completely deprecate the SPF record type in favor of TXTDep
Show deprecation warning for transports without explicit bounce destination, and domain cluster overrides
4.8
Released on 2018-09-20
New
SMTP server scripting features- Added
SetHELO()
,$saslauthed
and$saslusername
to HELO script - Added "changes" option to
GetMailFile()
to include message modifications - Support for meta-data queries in
GetMailQueueMetric()
- Preserve 7bit ASCII when the modifying messages with
MIME.setBody
if possible
- Added
Imp
Script language improvements- Added native boolean type
- Added string repeat and array repeat repeat operator
*
- Added string format operator
%
- Added strict comparison operator
===
- Added steps argument
::
to slice operator - Added
idna_encode()
andidna_decode()
- Added
aes_encrypt()
andaes_decrypt()
- Added
random_bytes()
Imp
API improvements- Added API call
mailQueueDownload
to download a message (original or with modifications) hslCacheClear
,hslRateClear
andstatClear
returns affected rowsmailQueueRetryBulk
supports "retryts" (timestamp) and "retrydelay" (offset)configImport
support "revision" option for atomic imports
- Added API call
Imp
Updated system packages- FreeBSD 11.2-RELEASE-p3
- FreeBSD 11 quarterly packages
Bug
Debug points were removed when clearing debug resultsBug
The video console interface could not run programs (like ping)Dep
Important changes- Replaced
radius_authen()
, new implementation usingSocket()
- Removed
tacplus_authen()
andtacplus_author()
(TACACS+) - Removed
system_disk_cache
configuration key (ATA disk cache)
- Replaced
4.7-p1
Released on 2018-08-07
Bug
Updated kernel to FreeBSD 11.2-RELEASE-p1 (SA-18:08)
4.7
Released on 2018-07-09
New
SMTP server scripting features- Live debugging with breakpoints via live staging
HELO
phase script- Support
arc
(Authenticated Received Chain) inDKIMSign()
- Added
ed25519-sha256
(EdDSA) toDKIMSign()
ed25519_sign()
anded25519_verify()
functionsrsa_sign()
andrsa_verify()
functions- Added
timeout
anddns_function
options toDKIMSDID()
- Added
oversign_headers
option toDKIMSign()
getHeaders()
function in theMIME
class- Added
field
option toMIME.getHeader()
returning entire line - Added
encode
option toMIME.addHeader()
andsetHeader()
New
SMTP server features- Support for multiple IPs and netmasks in live staging
- Require HELO option
- Support for PKCS#8 private keys
Imp
Script language improvements- Reworked
DKIMVerify()
function - Added array slice assignments and
unset
slices - Only return one result per domain in
DKIMSDID()
- Reworked
Imp
SMTP server improvements- Change default TLS ciphers to
HIGH:MEDIUM
- Updated Cyren outbound configuration
- Change default TLS ciphers to
Imp
Web administration improvements- Option to automatically restart live staging on changes
- Color picker for area and pie charts
- Stacked percentage mode for area charts
- HTTP redirect option, useful for HTTP-to-HTTPS
- Enabled HSTS and denies frame embedding (X-Frame-Options)
- Many other small improvements
Imp
Updated system packages- FreeBSD 11.2-RELEASE-p0
- FreeBSD 11 quarterly packages
- Unbound 1.7.0 which fixes one DNSSEC-related issue
- Sophos 3.2.07.372.0
Bug
Fixrated
behaviour with IPv6, reloading and display on non-synchronised itemsBug
Fix issue with DATA script scan functions caching and extended resultsBug
Fix bug with negative indexes and appendBug
Deleting statistic values on graph page for all hosts didn't workDep
Important changes- Switched to regular peer name checks in
SetTLS
- DNS functions no longer support hostnames as resolver server option
- Renamed
rate()
optionlocal
tosync
- Removed
DKIMADSP()
- Removed historic variables from connect script
- Switched to regular peer name checks in
4.6-p1
Released on 2018-05-03
Bug
Fixed regression in SMTP server affecting implicit TLS on port 465Bug
Fixed issue with FreeBSD 11.1-RELEASE-p8 (SA-18:03) affecting some CPUsBug
FixedTLSSocket.getpeercert()
MD5 fingerprint option
4.6
Released on 2018-04-28
New
Support for Cyren outbound anti-spamNew
Support for SNI insmtp_lookup_*()
,SetTLS()
and SMTP serverNew
Script language featuresImp
SMTP server scripting improvement- Added
extended_result
toScanRPD()
, ScanKAV, ScanCLAM, ScanDLP and ScanSA - Default DKIM canonicalization changed to relaxed
- Added
GetMetaData()
to DATA context
- Added
Imp
Script language improvementImp
SMTP server improvements- Asynchronous connection processing
- Added millisecond precision to log files and remote syslog
- Allow hyphen characters in metadata fields
Imp
Script editor improvements- Completion items for built-in variables
- Parameters, return type and description for completion items
- Hover provider for built-in functions and variables
- Added link provider for files
- Code folding, tabs and minimap
Imp
Web administration improvements- Halon script syntax highlight in plain-text configuration format
- Added checkbox to disable a SMTP listener on the SMTP listeners page
Imp
Support forena
network driverImp
Changed to DHCP in default configurationImp
Updated system packagesBug
Fixed issue withhttp()
background requests connection errorsBug
The connect script was executed despite connections per IP limitBug
The connect script replies didn't work with implicit TLSBug
SMTP banner was sent despite connections per IP limitBug
Fixed issue with client certificatesBug
Clearing chart data could cause it to be removed on another nodeBug
Fixed issue with firewall script and passive FTPDep
Important changes- Deprecated the
ScanRPDAV()
function
- Deprecated the
4.5-p2
Released on 2018-01-29
Bug
Updated ClamAV to 0.99.3 (due to various CVE's)Bug
Regression in code editor where file comments could not be added
4.5-p1
Released on 2018-01-22
Reg
Regression with AUTH LOGIN could cause$saslpassword
to be incorrectly populated
4.5
Released on 2018-01-22
New
Script language features- Added
MIME.signDKIM()
function - Added
TLSSocket.getpeercert()
function - Added
dnsns()
function - Added
inet_pton()
andinet_ntop()
functions - Added
tls_client_cert
toTLSSocket()
- Added functionality to
smtp_lookup_rcpt()
- Added
tls_client_cert
andtls_capture_peer_cert
arguments for client certificates - Added an
xclient
argument - Added
on_rcptto
and TLS information to theextended_result
array
- Added
- Added
tls_verify_peer
toldap_search()
andldap_bind()
- Added
extended_result
tospf()
- Support multiple escapes in
ldap_search()
- Added
New
AddedGetTLS
to AUTH, MAIL FROM, RCPT TO and DATA with STARTTLS info,tlsrpt
andpeer_cert
New
AUTH script featuresNew
Pre-delivery script features- Added
SetXCLIENT()
function - Added
dkim
andfrom
toSetDSN()
- Added
tls_client_cert
toSetTLS()
- Added
tls_capture_peer_cert
toSetTLS()
- Added
New
Post-delivery script featuresImp
SMTP server improvements- Added support for client certificate requests in server HELO (per IP)
- Added support for custom SASL methods
- Set server preference for TLS ciphers
- Explicitly handle NULL MX (rfc7505)
- Removed line length limiting (8K SMTP, 256K (headerline), 512K header total)
Imp
Web administration improvements- Redesigned script mappings page
- Improved script errors in editor (with line decorations)
- Search in code editor directly from top search
- Faster loading in code editor
- Redesigned forms with more client side input validation
- Improved keyboard navigation
- And a lot of overall improvements
Imp
API changes- Added support for more fields in SOAP
mailQueueUpdateBulk
and also duplicate - Added support for
program
argument in SOAPhslCacheClear
- Added support for more fields in SOAP
Imp
Improved Sophos antivirus detection by using CXmailImp
DLP engine now supports regular expression modifiersImp
Improved performance of libdkim++Imp
Allow "." delimiter in all ID fieldsBug
Received header "with ...SMTP..." always adds E on AUTH and STARTTLSBug
Improved DSN parsing inGetDSN()
with multiline headersBug
Bug with behaviour onQuarantine()
reject => false followed by Quarantine reject => trueBug
Fix bug with DKIM delivery block in Web UIDep
Important changes- Aliased
error_code
toextended_result
insmtp_lookup_rcpt()
- Aliased all
ssl_
options totls_
inhttp()
- Removed
object []
syntax (in favour of class syntax) - Default action is now to block on script errors in firewall script
- Made
$connection
and$transaction
read-only insmtpd
's context - $tlsprotocol, $tlscipher, $tlskeysize in RCPT TO context in favor of
GetTLS()
- If using the
RULE
syntax to ScanDLP() with regular expresssions, you may need to add modifiers to keep compatibility (eg.//i
for filenames).
- Aliased
4.4-p2
Released on 2017-12-04
Bug
Fixed regression with $errormsg in Post-deliveryBug
Fixed regression with Deliver() in Post-deliveryBug
Fixed bug when importing some specific named keysBug
Fixed bug when typing in script blocks using the simple flow editor
4.4-p1
Released on 2017-10-30
Bug
Fixes regression in file() function
4.4
Released on 2017-10-26
Imp
Script language features- Added
nonlocal
toSocket.bind()
andnonlocal_source
tosmtp_lookup_rcpt()
- Added
tls_default_ca
toldap_search()
- Added new formats
eEvV
topack()
- Added new formats
eEvVax
tounpack()
- Added offset argument to
unpack()
- Added flags to
Socket.recv()
- Added support for
private static
class variables and functions - Fixed
smtp_lookup_rcpt()
to properly return return-1
on 400 errors - Fixed
file()
to support lines longer than 65k characters. MIME
class andmail()
uses quoted-printable by defaultMIME.send()
andmail()
now fail on empty recipients- Warnings when compiling code with unsupported operators on literals
- Lot's of memory optimisations in script engine
- Added
Imp
Connect flow changesSetSenderIP()
was added, which can be used to change$senderip
Imp
DATA flow changesMIME.setBody()
to keep quoted-printable and base64
Imp
Pre-delivery script script- Added
SetSenderParams()
andSetRecipientParams()
to carry extra MAIL/RCPT parameters - Added
Bounce()
to bounce messages - Added
SetDSN()
to change DSN settings SetSouceIP()
now accepts an address in each address family- Added
reset_retry
andtransportid
option toReschedule()
- Added
$context
variable which is passed on the post-delivery script
- Added
Imp
Post-delivery script changesImp
Script editor improvements- Added support for save using Ctrl/Cmd+s in CSV editor
- Warning if there are unsaved changes when starting live staging
Imp
Web administration improvements- Refreshed interface, for example search field and login session expiration in menu bar
- Fixed support for renamed HTTP certificates when starting clustering
- Show diff between hosts’ configuration when clustering
- Ability to cancel pending disk grow/format
- SHA-256 is used in new certificate generation
- Message preview retains header letter case
Imp
Updated system packages- FreeBSD 11.1-RELEASE-p2
- New quarterly packages
Imp
Ability to choose multiple addresses per SMTP listenerImp
Added a per-transport default bounce transport settingImp
Added source metadata (_original_[message|queue|action]_id) to bouncesImp
Reworked SMTP errorsImp
LDAP profiles are migrated to use standard URIs, which allows for failoverImp
Firewall script now uses per-application filtering instead ofipfw
divert socketsBug
The "Line too long” error is now sent after END-OF-MESSAGEBug
Fixed a missing SSL timeout in the SMTP clientBug
Fixed a syslog issue by properly using a blocking socketBug
Fixed regression withsystem-storage-
graphs andiostats
command for some storage disksBug
DSNs Arrival-Date wasn't properly set to the original message arrival dateDep
Important changes- Deprecated
Deliver
function in post-delivery script - Renamed
GenerateDSN()
toBounce()
in post-delivery script - Replaced
DeliverWithDKIM()
withDKIMSign()
in simple flow compilations
- Deprecated
4.3-p1
Released on 2017-09-06
Bug
TLS certificate regression caused by change in OpenLDAP 2.4.45 (ITS#8529)
4.3
Released on 2017-08-08
New
Script language features- Added
private
keyword to classes - Added
TLSSocket()
class - Added
sha2()
andhmac_sha2()
functions - Added
pack()
andunpack()
functions - Added
$sourceip
variable to post-delivery script
- Added
Imp
Added status and NDR code options toReject()
,Defer()
,Deliver()
, etc.Imp
Web administration improvements- Redesigned toolbar on many pages
- Spinning icon when running a script in code editor
Imp
Updated system packagesImp
Detect Amazon Web Services' EC2Imp
Overall improvements and code modernizationBug
Failed to properly differentiate SASL failures insmtp_lookup_auth()
Dep
Theobject
cast operator
4.2
Released on 2017-06-22
New
Script language features- Classes added with
class
keyword - Added
is_object()
function - Added static function
Socket::AF()
to Socket class - Added
tls_verify_name
option toSetTLS()
andsmtp_lookup_*
- Added
max_file_size
option tohttp()
ScanDLP()
function accepts rules as argument
- Classes added with
New
DLP engine now support file hashes of SHA2-256 and SHA2-512Imp
Script editor improvements- Sorting folders before files
- Fixed header alignment of empty CSV files
Imp
Web administration improvements- Show popover on ellipsis in email tracking
- Fixed return to scroll position in on all pages
- Simple flow editor styles are now flat
- Simple flow editor comment is no longer a required field
- Bulk update queued and quarantined messages
Imp
Updated system packages- CYREN ctasd 5.1.1.1 and ctipd 4.1.1.1
- Sophos 3.2.7.368.1
- HTML Purifier 4.9.3
Imp
Aquire serial number and license without Internet vialicenseImport
API callImp
smtpd now has a less aggressive default timeoutBug
$x["x"]
did not throw error (non-existing variable)Bug
Corrected default HELO message insmtp_lookup_*
functionBug
DLP engine reported a recursion error (instead of generic errors) on bad archivesBug
CYREN ctasd did not restart after license expiration
4.1
Released on 2017-05-10
New
Live staging in pre/post-delivery (queue)New
Purge cached items from API (and web admin)New
Script language features- Modules with
import
keyword - Added
get
/setBody()
to DATA script's MIME class - Added
tls_default_ca
andtls_verify_host
options toSetTLS()
andsmtp_lookup_*
- Added the
none
keyword - Added
strptime()
andord()
functions - Reworked code validation to support more advanced coding patterns
- Loosen up syntax with
()
and->
- Nested named functions are now function scoped
- Supports referencing files without
file:
prefix - Added explicit warning about Unicode whitespace
- More dead-code eliminations
- Modules with
Imp
Script editor improvements- Return to cursor position on commit
- Supports folders via a dot
.
ID hierarchy convention and renaming IDs - Auto-complete context-specific function names
- Many improvements to CSV editor (shows position, fixed headers, etc)
- Search options for regular expressions and case sensitiveness
- Running code in sandbox uses local checkout, and has a host selector
- New save indicator, "save all" button and keyboard shortcut
Imp
Web administration improvements- Generate X.509, DKIM and DANE on PKI page
- Support changing ID of listner, flows and scripts, etc
- Cluster delete on statistic legends
- Re-added quick access to RPD and SA results in tracking
- Quick access to revision page diffs by URL hash
- Delete domain and domain aliases on SMTP server delete
- Defer color now shown as purple
- Fixed regressions with IE/Edge, DLP page, revision page timezone, stats, duplicate domains, etc
Imp
Updated system packagesImp
Make searchlog use time hint for RSET message idBug
Closure over function scope caused memory leakDep
Removeddovecot_auth()
andident_lookup()
, new implementations usingSocket()
Dep
Doesn't explicitly set$error
in RCPT TO script any more
4.0-p1
Released on 2017-03-16
Bug
Web administration fixes- Updated htmlpurifier to 4.9.2
- NTP field on Date and time page didn't work with multiple servers
- Some disks weren't selectable on the Disks page
- Script errors in Simple flow editor page caused template engine error
- Clearing critical log always cleared the local log
- Added poll delay on Dashboard page's CPU to show usage more accurately
- History and queue page
- Don't show queue information for quarantine
- Re-added info field in listing
- Re-added active queue/quarantine selector
- Comment field on SMTP servers appeared in two places
- Minor redesign of the Configuration revisions page to mark special revisions
- Hide cluster synchronisation on Users page if there's only one host
- Added redirects for old web admin URLs for bookmarks
Bug
HSL functionstrftime
was incorrectly returning in local timeBug
consoleui couldn't add new IP's if all were removed
4.0
Released on 2017-03-06
New
Live staging; running a parallell SMTP config version for some connections, based on conditionsNew
Redesigned web admin with checkout/commit and diff with expressive configuration syntaxNew
SMTPUTF8 supportNew
SMTP server scripting features- Pre-defined connection
$context
variable, shared between all SMTP scripts - MAIL FROM script
SetSender/Recipient()
in MAIL FROM and RCPT TO scripts- Added
SetSenderIP/SetSenderHELO()
to DATA scripts Accept()
,Reject()
andDefer()
in connect script- Disconnect flag to all
Reject
/Defer
andDeliver
functions - The SMTP scripts exposes all available variables (as they become available)
GetMailFile()
in DATA, pre- and postdelivery scripts.
- Pre-defined connection
New
Scripting featuresImp
Configuration format- Allow config keys to contain a-z, eg.
include "file:api"
- New file key types to differentiate plain text from scripts
- New SMTP listener settings for TLS, HAproxy and concurrency
- Allow mounting of storage disk/partition by UFS label
- Allow config keys to contain a-z, eg.
Imp
SOAP APIconfigKeysImport
atomic commit with "expected head"id
fieldconfigKeysCheck
to verify non-running configurationmailQueueInTransit
information about mailqueued's delivery attempts
Imp
Updated system packagesImp
Anti-spam/virus database information commandImp
Being a major release, it features a large numbers of fixes and improvementsDep
Changed LSI RAID driver frommfi
tomrsas
, will affect users mountingmfiX
by device nameDep
Script include from /cfg partitionDep
Firewall script's Block() ignore responseDep
DATA script's WrapMessage()Dep
Removed rate limits from acl_flow (moved to SMTP listener)Dep
Some config keys, such as system_user, service_ssh_*, ntp and syslog are no longer synched between hostsDep
Renamed some config keys, such as acl_flow and mail_flowDep
When upgrading an existing host, a swap disk needs to be added (2-8 GiB) or RAM increased to at least 3 GiB (preferable before the update) since swap files no longer works in FreeBSD 11.0
3.5-r5p6
Released on 2017-01-10
Imp
Added support for interfaces as gateway (route)Bug
Fix issue with smtpd and certain load balancers
3.5-r5p5
Released on 2016-12-07
Bug
Fix issue with dnsCacheFlushBug
SASL always failed in smtpd after an unsupported method was issuedBug
Shutdown SSL connections more gracefully in smtpdBug
Bug with HSL code check and barriersBug
snmpd could produce error message on the console
3.5-r5p4
Released on 2016-11-09
Imp
Updated system packagesBug
HELO/EHLO hostname was not set for invalid domain namesBug
Recipient limit was decreased compared to previous releasesBug
License users export could fail
3.5-r5p3
Released on 2016-09-27
Bug
Updated to FreeBSD 10.3-RELEASE-p9 that fixes an OpenSSL regression
3.5-r5p2
Released on 2016-09-23
Sec
Updated to FreeBSD 10.3-RELEASE-p8 that fixes OpenSSL CVE-2016-6304 and othersImp
Setting for and changes insmtpd
's log verbosity
3.5-r5p1
Released on 2016-09-08
Imp
Enabled TCP_NODELAY on SMTP client socketImp
More user friendly errors in mailQueueRetry, mailQueueDelete and mailQueueBounce APIImp
Updated to htmlpurifier 4.8.0Bug
Properly reload scripts with deleted include files when re-addedBug
Fixed regressions with XCLIENT, implicit TLS and IP flow statistics
3.5-r5
Released on 2016-09-05
New
ident_lookup() function to lookup users over the ident protocolNew
$senderport
in IP, RCPT TO and DATA contextImp
Postfix is not longer the default MTA
3.5-r4
Released on 2016-08-29
Imp
Improvements in the script editor- Added support for matching closing brackets
- Variable highlighting in strings
Imp
Updated system packages- CYREN ctipd 4.0.35.5
- FreeBSD 10.3-RELEASE-p7
Imp
Improve detection of password protected ZIP filesBug
Fixes in REST API and SOAP proxy- hslRate() regression with affected rate pie charts
- mailQueue() regression with affected email tracking metadata display
Bug
Fix delivery to numeric MX with DANE
3.5-r3
Released on 2016-08-03
New
Added an interface for editing CSV files to the script editorNew
Added a revision-based diff utility to the script editorImp
Switched to Monaco (MS VC code) and enabled autocompletionImp
Added paging to the SOAP functionconfigRevisionLog
Imp
Added retry functionality to background http() requestsImp
Addedextended_result
option to the http() functionImp
HSL now supports keyed assignments when destructing arraysImp
Updated system packages to the latest quarterly; such as- FreeBSD 10.3-RELEASE-p6
- PHP 7.0.9
- ClamAV 0.99.2
- PostgreSQL 9.3.13
- nginx 1.10.1
Bug
Failed http() requests always returnsNone
on errorsBug
Always send an authentication header on "401" errors (fixes issue with some SOAP clients)Bug
Web admin interface fixes- Increase timeout to prevent "504" timeout errors
- File viewer couldn't show files larger than 2 GiB
- Fixed a rare crash which chould occur with certain setups
Dep
Config keymail_transport
's parameter sasluser/pass renamed to saslusername/passwordDep
Config keymail_server
's parameter sasl_tls renamed to sasltlsDep
Removed the GuessAttachmentType() function
3.5-r2
Released on 2016-05-26
Imp
Switch to nginx and php-fpm (from Apache 2.4 and mod_php)Bug
Fixed issue with reloading some configurationsBug
Fixed regression in the new SOAP proxy which was introduced in 3.5-r1- getTime() had the wrong default UTC mode
- It didn't handle 401 (Unauthorized) errors correctly
- Cluster sync (clusterd) didn't work with pipes in configuration values
- Cluster overrides couldn't be added
3.5-r1
Released on 2016-05-20
New
Added SOAP function mailQueueUpdateBulk to set various fields (quarantine
,transport
, etc.)New
Added MIME.getHeaderNames() to the DATA MIME objectImp
Added an option array to MIME.get/set/delHeader() to address a specific header by indexImp
Replaced gSOAP with a REST/JSON API and a PHP SOAP proxy for compatibilityBug
Fix problem when clearing empty rate entries
3.5
Released on 2016-04-18
New
New HSL scripting editorNew
Added MIME.send() to builtin MIME objectNew
Added MIME.getBody() to builtin MIME objectNew
Added MIME.toString() to builtin MIME objectNew
Added??
(null coalescing operator) to HSLNew
Addedinclude_once
to HSLNew
Addedobject
andthis
to HSLNew
Added destructuring assignment to HSLNew
Added support for HAProxy's proxy protocolImp
Based on FreeBSD 10.3Imp
Disabled SSLv3 for inbound SMTP connectionsImp
Added support forsourceip
as anetaddr:X
insmtp_lookup_rcpt()
andsmtp_lookup_auth()
Imp
Updated componentsImp
Deliver()
andQuarantine()
now supports an option arrayBug
Fix problem with partial updated Sophos databasesBug
Fix problem with where the flow wasn't reloaded if a include file was changedBug
Fix problem withmail()
wheretransportid
wasn't usedBug
Fix problem with IE11 and placeholders in flowsDep
UndocumentedCopyMail()
andDirectDeliver()
in favour ofDeliver()
argumentsDep
Deprecated GuessAttachmentType()Dep
Removed template support from themail()
functionDep
Removed the trigger URL configuration key from the quarantineDep
Removed the Blacklist() functionDep
Removed the ScanBWList() functionDep
Removed the ScanSPF() functionDep
Removed the deliver_type and deliver_args arguments from DeliverWithDKIM()Dep
Removed support for switch with variable assignmentDep
Removed support for function without argument listDep
HSL returns None (instead of an empty string) when dereferencing a non-existing elements in arrays
3.4-r4p2
Released on 2016-03-02
Sec
Addresses the DROWN vulnerability (CVE-2016-0800)
3.4-r4p1
Released on 2016-02-20
Bug
Fix regression in CYREN's ctipd 4.0.32 (included in 3.4-r4) by rolling back to 4.0.31
3.4-r4
Released on 2016-02-16
New
DATA context MIME class for working with an email's bodyNew
Standard library MIME class for creating MIME partsNew
closures in addition to lambda functionsNew
dnscname() function to resolve CNAME records (RR)New
is_function() function to check if data is a functionNew
array_sort() function to sort arraysNew
HSL cache statistics in SOAP and web adminImp
The ScanDLP() function can return where matches were found withpartid
optionImp
Added RCPT TO context$tlsprotocol
,$tlscipher
and$tlskeysize
variablesImp
Clear HSL rate()s based on a query (namespace and/or entry) over SOAP or web adminImp
Updated components- CYREN IP reputation (ctipd) and RPD (ctasd) engines
- FreeBSD 10 quarterly packages
- FreeBSD 10.2-RELEASE-p9 fixing CVE-2015-3197 (SSLv2 disabled by default)
Dep
Removed thesystem_default_quarantine
configuration keyDep
Removed theGetMailTransport()
functionDep
Removed the DeliverAsSpam() functionDep
Deprecated the WrapMessage() functionDep
Renamed the domain typeany
(catch-all) to the literal*
in the configuration (converted)Dep
Many default settings were moved to the user configuration (making them removable)
3.4-r3
Released on 2015-12-07
New
Added anonymous functions and named function pointersNew
Added array_filter(), array_map() and array_reduce() functionsImp
The in_file(), in_array() and pcre_replace() may take a function callback as argumentNew
Added csv_explode() functionNew
$serverip
in AUTH, RCPT TO and DATA contextImp
Optionstls_protocols
andtls_ciphers
added to SetTLS() and smtp_lookup_*Imp
Reconnect without TLS if STARTTLS fails for optional TLS connectionsImp
SSLv3 disabled by default on outbound SMTP connectionsImp
Renamed DKIM function to DKIMSign(), which may return signature as a stringNew
Added csv_explode() functionImp
Deny() in SOAP API may give a reason as faultstringImp
Improve logging in mailqueued (with queueid)Imp
Settingsyslog_use_fqdn
which sends the FQDN in syslog messagesImp
Overall elegance, design and usability improvedSec
Updated FreeBSD to 10.2-RELEASE-p8 which fixes CVE-2015-3194 to 3196Bug
Improved DNS reloading in HSL; affected the spf() and ldap_*, tacplus_* and radius_* functions
3.4-r2
Released on 2015-11-04
New
DANE supportImp
Added settings page for CYRENImp
Addedextended_result
option to thedns*()
functionsImp
Addedpretty_print
option tojson_encode()
Imp
Added$receivedtime
to pre- and post-delivery contextsImp
SOAPmailQueue*Bulk()
functions returns number of affected messagesImp
The default configuration now contains only one HTTPS web admin interfaceImp
Many small changes improving performance, stability, elegance, design and usabilityBug
Regression inScanRPD()
withctasd
for "valid-bulk"
3.4-r1
Released on 2015-10-19
New
Sophos anti-virus (savdid
) engineNew
Spam classification report buttons on email tracking pageImp
Addedexplode()
limit argumentImp
Key size option when creating private keys on PKI pageImp
Many small changes improving performance, stability, elegance, design and usabilityBug
Updated CYRENctasd
settings to better cope with connection errorsBug
Updated Net-SNMP to fix memory leak insnmpd
3.4
Released on 2015-09-23
New
Based on FreeBSD 10.2New
SetTLS function to the pre-delivery contextNew
pie chart functionq()
to graph queue/quarantine searchesNew
Ability to disable services (such as. SNMP, FTP and SSH)New
RCPT flow block for DNSBL and IP reputationImp
Zoomable graphsImp
Save graph layouts per userImp
Pie chart supports custom refresh intervalsImp
Updated componentsImp
Scripting page may easily run scripts from the (virtual text) file storeImp
Optionally turn ontotalhits
in SOAP APIImp
Switch between HTML and plain view in message previewImp
The AUTH rate limit flow block defer rather than reject when exceededImp
Replacedrpcmplexd
with an async web admin implementationImp
Overall performance, stability, elegance, design and usability improvedDep
Updated OpenSSL requires DH key size of more than 512Dep
Graphs now include "dots" in their names (previously replaced with a dash)Dep
SOAP API changes- mailQueue's totalHits renamed to totalhits (lowercase)
- Replaced loginFullname() and loginRemoteHost() with login() return object
- Removed loginCheckPermission()
Dep
End user interface considerations- If you're using
display-stats
(graphs) you need to update the end user - Toggle preview on HTML/text message part is now supported
- If you're using
3.3-r6
Released on 2015-06-04
New
Added an "update" function to the cache that can pick expired (but valid) itemsNew
Added abackground
flag to the http function for async, non-response callsNew
Added a hash function, useful together withhttp()
's background modeImp
Added a syslog port settingsImp
Support implicit SSL (wrapper mode) by specifying "465" as the first listener portImp
Raised the free disk requirement to 1 GiB in order to receive new messagesBug
Fix regression when enabling the DLP processmaildlpd
and viewing license usersBug
Fixed augmented assignment (+=) behavior with function calls when dereferencing arraysBug
First run didn't add the second domain to the relay tableEnduser
If you use end-user logging, you may want to employ the new http background feature
3.3-r5
Released on 2015-05-11
New
Validate HSL scripts when saving a text file (in file store)New
Added aDefer()
function to the AUTH flowImp
Automatically detect and support all network interfaces supported by FreeBSDBug
The backend could crash when using LDAP in the API (auth) scriptBug
Regression in web admin causing some requests to fail due conservative settingsBug
Adding new cluster nodes could fail if remote systems were unsorted (by id)Dep
SOAP functionconfigValidateArgument
replaced withhslCheckScript
3.3-r4
Released on 2015-04-27
Imp
return
statement in HSL without a valueBug
ESC
key in console may not work as expected if pressed twice rapidlyBug
Temp disk may become full
3.3-r3
Released on 2015-04-22
Imp
Updated a lot of FreeBSD packages to quarterlyImp
Support for Intel(R) 10Gb (ix) network adaptersBug
SOAP request could be delayed with up to 1 second on idle systemsBug
Adding too large text files in the File store now returns an errorDep
switch statement in HSL with explicit variable storage
3.3-r2
Released on 2015-04-16
New
dovecot_lookup_auth() to authenticate using Dovecot's authentication protocolNew
Done() makes it easier to do advanced routingNew
pcre_quote() makes it possible to use regex on user inputNew
Preview on PKI pageNew
Review & save in plain-text editorImp
http() function may skip SSL/TLS verification with ssl_verify_peer = falseImp
Performance improvements in HSL's file handlingImp
Updated third-party librariesImp
Easier to use CSV editor in web adminImp
Add support for keep-alive and gzip/deflate encoding in SOAP APIImp
Support for QLogic NetXtreme II (bcm) network adaptersImp
Fixed bug in "release duplicate" regarding delta filesImp
Fixed bug with creating a cluster over HTTPSDep
ScanSPF() in favor of spf()Dep
ScanSARules() in favor of ScanSA(["rules"=>true])Dep
Quarantine profile's trigger URL
3.3-r1
Released on 2015-03-02
New
VHD image runs on Microsoft AzureNew
DHCP addressing, default on Azure and GCEImp
Support hardware-assisted software RAID for many vendors such as IntelImp
Support for VirtIO (vtbd) and Xen (xbd) disksImp
Support for Intel 10Gb (igb) network adaptersImp
Ctrl+A/E in web terminalBug
Fixed regressions in web admin
3.3
Released on 2015-02-16
New
Updated to FreeBSD 10.1New
Added transparent proxy features- The
system_nonlocal_source
setting enablesSetSourceIP()
to spoof source IPs - XCLIENT support for external proxies
- The
New
Added new features to the scripting language (HSL)SetMetaData()
andGetMetaData()
to pass data between DATA and queue scriptssyslog()
functionunset()
statementSetRecipient()
in pre-delivery script$senderhelo
in pre-delivery script$transfertime
in post-delivery script$saslusername
in queue (pre- and post-delivery) script- Raw strings, like ''raw string''
- Allow
globalview()
anddnsbl()
to be executed fromhsh
New
Extended search filters (HQL) syntaxmetadata.field=
corresponding toSetMetaData()
size=
(message body)helo=
(HELO/EHLO hostname)
Imp
Web admin interface- Refreshed with many improvements (in layout and functionality)
- The icons and images are vectorized (to support retina/HiDPI displays)
- Button to reset (RRD) graphs
- Custom score popup for Internet Explorer (which allows spam scores and refid to be copied)
Imp
Added "msgsize" and "msghelo" to SOAP APIImp
SMTP balancing uses uniform distribution of trafficImp
Support for QLogic 10Gb (bxe) network adaptersImp
Searching text logs is a lot fasterImp
mail_queue_threads
may now be raisedImp
Updated 3rd-party components such as CYREN (8.0.110) and Kaspersky (3.8.0.4)Dep
Built-inbatv_*()
is removed, use the HSL implementationDep
Renamed "gmt0" to "utc" in SOAP APIDep
$recipientdomains
and$recipients
in DATA context are now read-onlyDep
http()
return empty results on non 2** responsesDep
GetAddressList()
returns empty list on parse errors instead of throwing an exceptionDep
Web admin's flow block "Add header" appends a new header instead of usingSetHeader()
Dep
GetID()
is now removed, was deprecated in 3.0Dep
$directprocessing
is now removed, was deprecated in 3.2
3.2-r10p1
Released on 2014-12-23
Bug
Stability fixes inmailscand
Bug
Fixes regression that caused some admin andclusterd
requests to fail
3.2-r10
Released on 2014-11-17
Imp
SetSender() in pre-delivery (queue) scriptImp
LSI MegaRAID tool (mfiutil) availableImp
hslCacheClear() SOAP API may clear a specific namespace/functionImp
Added SOAP API mailQueueRetryBulk() functionImp
Added 'duplicate' option to SOAP's queue function for cloning messages(s) from an archiveImp
Setting mail_log_size to zero will disable logging (even realtime)Imp
Disable SSLv2 and SSLv3 on administration UI (and SOAP)Imp
Add custom headers to HSL mail() created messagesImp
pcre_replace() HSL functionImp
Variable substitution with ${name}Bug
'Next retry' could be presented with the wrong timezone (didn't affect delivery)Bug
Memory usage could show erroneous on 64 bit platformsDep
SOAP API mailQueueRetryAll() removed (reimplemented with mailQueueRetryBulk)Dep
SOAP API devList() removed
3.2-r9
Released on 2014-10-01
New
Added LMTP support, useful for more efficient Dovecot deliveryImp
retry=x in search filter, useful to show delayed messagesImp
Added "\r\n\t" syntax in HSL stringsImp
Added HSL http() max-time timeout, also renamed connect_timeoutImp
Added the SMTP ping commandImp
Decouple antivird and clamd for more efficient RAM utilisationImp
New installations are 64-bit, with VMware "guest OS" set to "freebsd-64"Imp
Review before save on virtual text files and DLP pagesImp
New certificates are generated with SHA256Imp
Faster clearing of rate limits (may interrupt garbage collection)Imp
Faster connect() timeout in smtp_lookup_rcpt()Imp
Lower connect() timeout to 30s (like Postfix)Bug
Problem when searching rates in web user interfaceDep
Undefined values in HSL was branched as true (not false)
3.2-r8
Released on 2014-09-11
Sec
Updated to FreeBSD 10.0-RELEASE-p8 which addresses new OpenSSL bugsNew
Multiple "shadow" port support for mail listener, for better pool utilisationNew
AddedSetHELO()
function and$sourceip
to pre-delivery scriptImp
Global HSL variables are committed when calling a second functionImp
New chart for swap operations, as complement to swap usage chartImp
Updated Kaspersky anti-virus engine to 8.3Imp
Some search queries are maintained when browsing cluster nodesImp
Many 64-bit fixes in preparation for upcoming 64-bit releaseImp
Display Kaspersky virus base version in log on startupBug
Rate limit page support any valid UTF8 as namespace and entryImp
Overall improvements throughout the systemBug
Fixes NTP client regressionBug
Fixes VMware guest info regressionBug
Link aggregation fixes; omitted from cluster, and brings up all portsBug
Fixed cluster system update page's node linkBug
Fixed cluster configuration override page with multiple fields per keyDep
Forbids ambiguous HSL concatenation of numbers
3.2-r7
Released on 2014-08-20
New
Implemented a pre-delivery (queue) script for dynamic transport behaviourNew
Added the log() function which can be used for things such as GeoIP lookupNew
Added the timelocal() function to get time in local timeNew
Link aggregation supportImp
Support using system disk as storage on bare-metal installs, or if the virtual disk is grownImp
The post-delivery (transport) script is unified for all transport, on the flow pageImp
The GetHeaders() function can be used to fetch all headers as a multidimensional arrayImp
Allow multiple include of same file in HSLImp
The post-delivery (transport) script executed for successful deliveries, useful for external loggingImp
Added$actionid
variable to DATA, queue and transport flows, for tracking of recipients, etc between flowsImp
Loopback addresses configuration, useful for DSR load balancingImp
Change VLAN and link aggr. settings from consoleImp
Updated FreeBSD packages to latest quarterlyImp
Auto-configuration on Google Compute EngineImp
Many minor improvementsBug
Changed SpamAssassin queue algorithm to decrease wait timeBug
Issue when searching logs larger than 2 GiB fixedBug
Issue where Kaspersky wrote files to /tmp fixedDep
Disabled Bayesian by default
3.2-r6p1
Released on 2014-06-18
Bug
Resolved uncommon stability issue
3.2-r6
Released on 2014-06-10
Sec
Fix OpenSSL CVE-2014-0195, 2014-0221, 2014-0224 and 2014-3470New
DiscardMailDataChanges() function, allowing different data changes for different CopyMail()sNew
Support for variadic function syntax in HSLNew
Added spread operator (argument unpacking) to HSLImp
Added executable file (by file name, even in ZIP and other archives) blocking to antivirus blockImp
Performance improvements in ScanDLP for efficient file extension scanningImp
Encode headers as quoted-printable instead of Base64 for readabilityImp
View ScanRPDAV (VOD) results in web admin's message trackingImp
Improved virtual text file editor, with HSL code support (great for includes)Imp
Removed deprecated browser-specific CSS3 options (Mozilla, Opera)Imp
Enable auto-scroll on keypress in web terminalImp
Many minor improvements
3.2-r5
Released on 2014-05-23
New
Added SetDelayedDeliver() function to HSL for extra queueing time before deliveryNew
Added builtin and global control structures to HSL functionsNew
Added json_encode() function to HSLImp
Added max depth option HSL's ScanDLP(), useful for file extension matching in archives, eg.Imp
Added named match groups to HSL's PCRE functionsImp
Adding filtering on retry and sender field to HSL's GetMailQueueMetric functionImp
Updated SpamAssassin to 3.4.0Imp
Web terminal (command page) support pasting with Ctrl+VImp
Always prefer IPv6 when clustering with hostnamesImp
Support RFC 2231 header parsingImp
Various web admin enhancements, such as links from quarantine page to trackingImp
Overall performance and reliability improvedBug
Resolved issue where adding and removing headers with zero offset conflicted
3.2-r4
Released on 2014-04-28
Dep
Deprecated updateNetwork SOAP API functionDep
Deprecated HSL's null coalescing operatorNew
Added default function arguments in HSLImp
HSL's header functions decode and refold by defaultImp
Addedmsgqueueid
to mailHistory API andhistoryid
search filterImp
Overall performance and stability improvedBug
HSL'sper_message
cache now works in functionsBug
Pressing back button in Firefox no longer reset forms
3.2-r3
Released on 2014-04-08
Sec
Patched OpenSSL "heartbleed" vulnerability (CVE-2014-0160)Dep
Deprecated BATV functions in favor of HSL implementationNew
Introduced array slicing to HSLImp
HSL's DeliverWithDKIM() function can load private key from variable, such as http() requestImp
New HSL variable $tlsstarted in AUTH and RCPT flowImp
New HSL variables $messageid and $queueid in transport flowImp
Message queue IDs (exposed as $queueid or via SOAP API) upgraded to 64-bit integerImp
Improved http()'s POST data serialisation and added "response_headers" optionImp
Added a gethostname() function to HSLImp
Many performance optimisations in HSLBug
Fixed Firefox quirk with forms resetting when going back on pageBug
HSL's dnstxt() concatenate multiple strings with spaceBug
Clustered line charts now merge new legends from secondary resultsBug
Display error message if unable to clear cluster's HSL cache
3.2-r2
Released on 2014-03-10
New
Extended the HSL scripting language- GetMailQueueMetric() to implement usage quotas in queues
- json_decode(), is_string() and is_number() for making API calls, etc
- http() function now supports custom request method and headers
- %= and **= operators
- Switch statements validates that a switch is directly followed by a case or default label
Imp
Updated SOAP API- configKeys() now takes "key" (filter) argument which is also exported in $soapargs[]
- configKeySet() allows partial updates (not all parameters needs to be specified)
- hslRate() and hslRateClear() exports "ns" and "entry" to $soapargs[]
- hslRate() and statList() now implements pagination and backend-side search/filtering
- mailQueue() and mailHistory() includes msgsasl for username and msgts0 for GMT timestamp
- mailQueue() and mailHistory() supports filtering on sasl=
Imp
SASL username can be viewed on tracking pageImp
DSN messages now include original header "Undeliverable: This was the original header"Imp
Support for Broadcom's bge NICsBug
Web admin interface fixes- Netcat (nc) command with custom port was not correctly documented
- Active HTTPS sessions may not be degraded to HTTP
- The authentication script test sandbox could produce the wrong output
- Some quarantine retention policies were kept for too long, affected users need to reselect their intended policy
3.2-p1
Released on 2014-02-12
Bug
Xen PVHVM network driver "xn" was not detected properlyBug
The command API could return empty results under extremely rare circumstancesBug
The web admin's hardware page didn't list "ada" devices
3.2
Released on 2014-02-10
New
Hyper-V para-virtualization; gigabit network, VLANs, SCSI disks, etcNew
Virtio (KVM) para-virtualization; improved network and disk performanceNew
VMware VMXNET3 supportNew
Xen PVHVM supportNew
Line graphs showing disk IOPS and latencyNew
Show message modifications when browsing queued or quarantined messagesNew
The DATA flow registers$recipients
and$recipentdomains
New
New HSL functionabs()
New
Addedtcpdump
to API and web administrationImp
Based on FreeBSD 10 and compiled with clangImp
LDNS and Unbound as replacement for BIND (as resolver and DNS cache)Imp
Automatically grow storage disk when resized in hypervisorImp
Overall throughput increased by careful profilingImp
Large number of HSL scripting language optimisations, such as- R-value optimisations
- Made
str_replace()
significantly faster - Optimised augmented assignments
- Pre-compiled regular expressions
Imp
More concise and helpful logging throughout the systemImp
Increased swap partition size to 2 GBImp
Updated all 3rd-party componentsImp
Show warnings if no storage disk is found or configuredImp
Rebrand Commtouch as CYRENImp
Enable some SpamAssassin DNSBLs by defaultImp
Cache DKIM signature for all recipientsImp
Overall improvementsBug
DKIM DNS generator lacked_domainkey
partBug
Under certain circumstances, the command API could failBug
Reload flows when file store objects are changedBug
Fixed issue with pre-boot command line shutdownDep
Deprecated the second argument to HSL'sround()
functionDep
Deprecated the DATA flow's$result
and$directprocessing
predefined variablesDep
New (S)ATA storage disks are identified as "ada" instead of "ad"Dep
At least one DNS server is necessary; unbound is not configured to traverse from the DNS root
3.1-r4p1
Released on 2014-01-16
Bug
Prevent NTP reflection attacks
3.1-r4
Released on 2013-12-20
Imp
Refactoring for performance improvementsImp
Warn about 32-bit hosts as preparation for 64-bit releasesImp
Estimates the number of mail tracking search resultsImp
Changed various settings from byte to megabyteImp
Overall web administration improvementsBug
Unable to add cluster nodes with literal IPv6Bug
Regression on graph page's rate counter
3.1-p3
Released on 2013-11-21
New
Clusteredrated
process for improved rate limitingNew
GetAddressList() function in DATA flowNew
is_subdomain() HSL functionImp
Support sub-domains i black/whitelists (.example.com)Imp
Search for transports on tracking pageImp
Web admin terminals now work in background tabsImp
IPv6 cluster supportImp
Always give a authentication failure reason inmailpolicyd
Bug
Catch exception in video console for systems without serial numberBug
Do not create sessions for unauthorized web admin clients
3.1-p2
Released on 2013-10-29
Imp
Improved mail queue/quarantine delivery performanceImp
Significantly improved mail tracking performanceImp
Support for more than two NTP serversImp
Returns to current page, when fixing TLS fingerprintsImp
Warns about Cisco SMTP fixup which is known to cause issuesImp
Shows inode usage on storage/hardware pageImp
Other minor improvementsBug
Detect scrolling more accurately when viewing logsBug
Windows users couldn't type @ in the terminal
3.1-p1
Released on 2013-10-10
Imp
Improved Bayesian performance using SDBM databaseImp
Cluster overview page shows new software versionsBug
Regression causing issues for users with ATA write cache enabled
3.1
Released on 2013-10-09
New
Based on FreeBSD 9.2New
Support for KVM VirtIO networkingNew
Create pie graph from rate() information with r()New
Buy licenses directly from within productImp
Improved rate control page (with thresholds)Imp
DLP engine inspects more archive formatsImp
Download messages as ZIP instead of tarImp
Restructured menu layoutImp
Script editor behaviour in Firefox and Internet ExplorerImp
Overall performance improvements
3.0-p9
Released on 2013-09-23
Imp
Better user experience for Hyper-V deploymentsImp
Pages loads faster thanks to GZIP compressionImp
Overall performance improvementsBug
Rebooting was required to effectuate some license changes
3.0-p8
Released on 2013-09-09
New
DMARC flow block and ScanDMARC functionImp
Convert white/blacklist input to lower caseImp
Optimized history/mail API (database API)Imp
Optimized message logs extractions (from 4 minutes to ~0 seconds)Imp
Improved charset detection (ICU)Imp
Improved escape sequence in VMware terminal (detach keyboard)Imp
Search for scores and RPD ID in trackingImp
Improved SPF cachingImp
Updated Ace editor and Kaspersky anti-virus engineBug
IE9 had problems with search on tracking pageBug
Searchlog didn't always find message logs (if incomplete log)Bug
7-zip couldn't open downloaded tar (message) archivesBug
Paging with a quarantine folder selected
3.0-p7
Released on 2013-08-12
Imp
SMTP client prefers "strongest" SASL method announced by serverBug
Memory leak in the console UI
3.0-p6
Released on 2013-08-09
Bug
Initial vApp configuration imported multiple timesBug
XML warning on non-VMware system's interface page
3.0-p5
Released on 2013-08-07
New
Network setup guide in OVF (VMware vCenter)Imp
Create cluster with optional TLSImp
Test end-user API with from scripting pageImp
Added an extra certificate (pki:2) for SMTPImp
http() support HTTPSBug
Clustering with SSL certificate chains
3.0-p4
Released on 2013-07-24
New
Black/whitelist module for end-user interfaceImp
Full-text search in subject linesImp
Clear search query on tracking pageImp
Return to referring page when editing profiles, etcImp
Export users per domain on license pageImp
Prefer outbound CRAM-MD5 authentication method if supportedBug
BATV interoperability improvements
3.0-p3
Released on 2013-07-05
Imp
Search filters are now case-insensitive for from/to/ipImp
Blacklist module in RCPT TO flowImp
Dragging/selecting an interval in a graph opens trackingImp
Various improvements to the DLP engineImp
Filter commandRun and fileRead arguments in authentication scriptImp
Compare IP addresses with in_network() in white/blacklists blocksImp
Discard mailqueue's pre-fetched work queue when deleting messages
3.0-p2
Released on 2013-06-25
New
Complete overhaul of the productImp
The SOAP API is completely changedImp
SNMP MIB is completely changedDep
Quarantine is deprecated; moved from the system to a GitHub project
2.4.0.3
Released on 2013-02-21
Imp
Microsoft Hyper-V legacy network driver supportBug
Some freshclam still couldn't download daily updates
2.4.0.2
Released on 2013-02-18
Bug
ScanSA() could miscalculate the estimated queue wait timeBug
Workaround for freshclam failing to update since ClamAV didn't create a daily diff
2.4.0.1
Released on 2012-10-15
Imp
Overall improvementsBug
Resolved bug in recipient flow's blacklist module's script generationBug
Resolved statistics bug that could create spikes during database failuresBug
Resolved database issues generating warnings under rare circumstancesBug
Cluster overview's reporting could fail to load
2.4
Released on 2012-10-09
New
Based on FreeBSD 9New
ScanSA() got fair queueing, time estimation, size limit, etcNew
Boot-time management via bootsysmgrNew
TTL argument to IP Policy's Allow() and Block()Imp
Improved performanceImp
Improved watchdog with better loggingImp
Save RAM by only starting maildlpd if ScanDLP() is usedImp
In case of storage disk problems, boot without storageImp
Allow messages to be viewed instead of downloaded in quarantineImp
GetDSN() and GetDSNHeader() to support text/rfc822-headersImp
DNS shuffling based on MessageID (always the same per message)Imp
Reboot/shutdown is significantly fasterBug
Missing {FOOTER} replacement in WrapMessageDep
The following SOAP API's has been removed:- System_Reboot_Hard
- System_Shutdown_Hard
- System_Online_Status
- Management_SetStorageRecover
- Management_StorageRecoverStatus
- Management_SetStorageMigrate
- Mail_Domain_Report
- Config_Diff
- System_GetKey("system_config_revision")
- System_Command_Run_XXX (replaced with by System_Command_Run)
- Management_GetArguments' filter parameter
2.3.6.3
Released on 2012-09-07
Bug
Regression inbackend
's SOAP server
2.3.6.2
Released on 2012-09-04
New
Deliver to an MX of a hostname using lookup-mx:hostnameImp
Configuration diff is coloured in red and greenImp
SPF module is moved to content flow in default configurationImp
SOAP API's WSDL file moved to /remote/?wsdlImp
SOAP API deprecated key system_config_revision, use GetHistoryEntriesImp
SOAP API deprecated Config_DiffImp
SOAP API's gSOAP updatedImp
Disallow saving a configuration with no changesImp
Web administration checkbox labels made clickableImp
backend's watchdog report error codesBug
SPF couldn't verify IPv6 sendersBug
The configuration partition wasn't checked properlyBug
Monotonic time was not used for all timersBug
Visual bugs in web administration resolved
2.3.6.1
Released on 2012-07-18
Bug
Fixes various spam assassin errorsBug
Fixes clustering page when clustering is not configured
2.3.6
Released on 2012-07-04
New
Introduces pattern analysis rules from HalonNew
Introduces valid bulk (RPD score 40) for non-spamImp
Rate limits now summarized in clusterImp
Display of rate limits and licensed users loads fasterImp
Table elements' full content shown on mouse overImp
Improved cluster navigation behaviorImp
Updated 3rd-party librariesImp
Faster spam-assassin updatesImp
Faster rendering of log filesBug
IP policy charts was not available on overview pageBug
Spam assassin error (introduces in previous release)Bug
Fixed MIME-decoding in quarantine
2.3.5
Released on 2012-06-08
New
French translationsImp
Pattern analysis' (SA's) score values are reported in Tracking/HistoryImp
HSL'sScanSARules()
can return score valuesImp
HSL'sQuarantine()
has new reject and final action optionsBug
Issue with HSL'sQuarantine()
$recipient resolved
2.3.4.1
Released on 2012-05-08
New
Addedtcpdump
to CLI's Network > Diagnostic Tools (console/SSH)Imp
Commtouch reference IDs in web administrationImp
HSL'sScanRPD()
can return reference IDImp
Added server= and transport= to the Tracking's search filtersImp
HSLpcre_match
improved, empty capture groups, etc.Bug
Web administration spelling
2.3.4
Released on 2012-03-22
New
Mail tracking supports boolean search filtersNew
Mail tracking integrates history and queueNew
HSL pcre_match functionsNew
HSL Mail Content GetHeaders functionImp
Cluster mail tracking displays scores, and moreImp
Jump between message tracking and logging seamlesslyImp
Jump between pages/tabs before loading completesBug
Issue with DSNs/NDRs displaying in Microsoft OWA resolvedBug
Issue with UDP when ARP tables changes resolvedBug
Web administration diagnostics issue resolved
2.3.3
Released on 2012-02-23
Imp
Multi-line reject/defer messagesImp
Updated 3d-party modules (ctipd, ctengine, postfix, clamav, openldap)Imp
Added user defined callback to cache[], using "ttl_function" argumentImp
Include SMTP transaction state in SMTP errorsImp
Support for CA in LDAPsBug
Web admin could visually overflow if too many remote systemsBug
Resolved rare bug with anti-virus engineBug
Fix TLS warning on startupBug
Verify last fingerprint in SSL chain (consistently)Bug
Scripting console could not connect to SMTP servers over TLSBug
Resolved issue with HSL construct barrier {}Bug
SMTP lookup recipient could cache entires for too long
2.3.2
Released on 2011-12-21
Imp
Quarantining informs sender; rejects (550) instead of accepts (220)Imp
The SMTP recipient lookup forwards errors from the mail serverImp
Removed the incoming mail queueImp
Show Script looks much better with colors and formattingImp
The getting started has an option to trust server (use as smart host)Imp
Clustering operations are faster thanks to newrpcmplexd
Imp
Option to export list of users per domainImp
The reporting's pie charts reflects selected period (day/month)Imp
The console supports page up/downImp
The log viewer (searchlog) is fasterImp
Korean language updatedImp
Support for Internet Explorer 10Bug
Issue with quarantine's history and domain administrators resolvedBug
Anonymous LDAP authentication issue resolvedBug
Issue with HSL's in_network() resolved
2.3.1
Released on 2011-10-04
New
View and reset rate control (Diagnostics > Rate Control)Imp
Improved support for KVM virtualization platformsImp
Disabled auto-scroll in logs on mouse scrollImp
Improved graphs (bandwidth graphs and layout)Imp
HSL's GuessAttachmentType() is fasterBug
Resolved issues when upgrading 2.3-series on first boot
2.3.0.4
Released on 2011-09-22
Imp
Quarantine automatically sanitizes inputImp
Pattern analysis' update is run every 6th hourBug
Pattern analysis' update error reporting issue resolved
2.3.0.3
Released on 2011-09-14
Bug
Serial console issue on SPG-150 resolved
2.3.0.2
Released on 2011-09-02
Bug
LDAP synchronization issue resolvedBug
Pattern analysis' bayesian filter issue resolved
2.3.0.1
Released on 2011-08-17
Bug
Updated list of time zones (some didn't exist)Bug
Guessing of character set issue resolvedBug
Pattern analysis (ScanSA) custom rules issue resolved
2.3
Released on 2011-08-02
New
Based on FreeBSD 8.2New
Content Inspection (DLP), ScanDLP() functionNew
File store with CSV editor, deprecates FTP, in_file() function updatedNew
Support for VMware vmxnet adaptersNew
View history in Quarantine interfaceNew
Show header modifications in Quarantine interfaceImp
Quarantine interface is now fully clustered (user creation)Imp
Updated Commtouch RPD and GlobalView enginesImp
Updated Kaspersky anti-virus engineImp
Option to reset SpamAssassin bayesian databaseImp
The mail() function has a plain-text optionImp
Fullscreen editors has "import from file" functionalityImp
VMware/serial console auto-logout after 10 minutesImp
Mail Gateway > Domain section tables show more informationImp
Many small improvements in functionality and stabilityBug
Storage fallback to memory issue resolvedBug
Issues with static routes resolved
2.2.6.3
Released on 2011-05-11
Imp
Web Administration improvements (translations, statistics)Imp
HSL functions floor() and ceil() addedBug
Fixed incorrect return type from round()Bug
Kaspersky anti-virus regression issue solved
2.2.6.2
Released on 2011-05-05
Imp
Updated 3rd-party components (Commtouch, Kaspersky, etc.)Imp
Overall reliability and performance improved
2.2.6.1
Released on 2011-04-06
Bug
Mitigating HSL data type issue
2.2.6
Released on 2011-03-31
New
IPv6 support in IP Policy Flows (added $family variable)New
Automatic configuration truncation option (System > Configuration)Imp
dnsbl() function now queries for IPv6 according to RFC5782Imp
Improved the Web Administration with some new functionalityImp
Internet Explorer 9 support in Web AdministrationImp
Improved phishing protectionImp
Improved SMTP IPv6 handling (prioritized)Imp
DSN messages now includes only message/rfc822-headersImp
DKIMWithDeliver() now returns 500-error on un-signable messagesImp
Updated 3rd-party components (libc, postfix, htmlpurifier etc.)Imp
Overall performance improvedBug
Folders created on FTP did not appear until after a rebootBug
IP Policy Flow's $serverport variable was not a number (string)Bug
dnsptr() now supports compressed IPv6 addressesBug
Kaspersky's logfile not available on first runBug
Web Administration over IPv6 was partly brokenBug
smtp_lookup_*() should not use transport fallbacksBug
Quarantine() function did not honour SetMailTransport()
2.2.5.2
Released on 2011-02-10
New
Prioritized queues (per mail transports)New
IO statistics tool in Web Admin (iostat)Imp
Updated 3rd-party components (clamav)Imp
Overall reliability and performance improvedBug
BATV format bugBug
Deliver to A/AAAA records did not load balance properly
2.2.5.1
Released on 2011-01-24
New
VMware Zimbra integration in quarantineNew
Custom authentication with System Authentication ScriptNew
RADIUS (rad_authen) function for System AuthenticationNew
TACACS+ (tacplus_authen and tacplus_author) functionsNew
Context-aware help (links to the doc. wiki) in Web Admin.Imp
Updated 3rd-party components (ctipd, syslog, clamav, php)Imp
Include kernel debugging in logsImp
Quarantine > Users, double-click users to 'sign as' as themImp
Activity > Logging has time interval option for faster searchingImp
Some HSL functions are cached per default (per-message)Imp
Admins can change quarantine users' passwordsImp
Force web browsers to update cache on H/OS upgradesImp
HSL arrays may be initiated with [ ] instead of array()Imp
LDAP debugging command hides passwordsImp
Sort user's joined accounts in quarantineImp
Support for [IPv6 address]:port in network toolsImp
New strnatcmp JavaScript library for better natural orderingBug
GlobalView, etc. stability improved with glibc patchBug
Fixed host name length (was limited to 32)Bug
Fixed SMTP DNS lookup implementation misbehaviourBug
Heartbeat probe for Spam Assassin to resolve locksBug
Fixed missing SSL chain for certificatesBug
Fixed multiple pages bug in Activity section of Web Admin.Dep
Configuration key config_user renamed to to system_userDep
Signed in account used to browse cluster in web adminDep
Admin accounts must use @local for quarantine sign-in
2.2.4
Released on 2010-11-25
Imp
Performance optimizations on message deliveryImp
Double-click on messages to display text logImp
Version history information button on update sectionImp
Option to enable ATA write-cacheImp
Non-blocking Kaspersky anti-virus database updateImp
Getting Started allows example.org and another domainImp
Display newly added quarantine brandingImp
GlobalView is logged as ctipd instead of [ctipd]Imp
Unified authentication schemeImp
Updated 3rd-party componentsImp
Database errors are loggedBug
Memory usage was erroneously calculatedBug
Value rounding in reporting chartsBug
Forbid domains ending with a dotBug
Flow selection race condition for first message resolvedBug
Memory leak in mailscand resolvedBug
Spelling corrected in web administrationBug
Overall reliability and performance improved
2.2.3
Released on 2010-10-25
New
Storage disk migration sectionNew
Unique self-signed certificate during installNew
New DirectDeliver() function to deliver inlineNew
RPC log for SOAP API callsNew
Puny-codes for domains and in calculatorImp
Much improved logging with session trackingImp
Graphical fixes for iPhone/iPadImp
Cluster administration performance improvedImp
Updated 3rd-party componentsImp
User count for license in mailscandImp
Option to skip Getting StartedImp
Russian language in quarantineImp
Overall graphical improvementsImp
Improvements in flow presentationImp
Forbid non-ascii e-mail addressesImp
HSL function get_defined_functions()Imp
TLS settings in smtp_lookup_rcpt/authImp
Updated statistics to BIGINTBug
ClamAV could be started twiceBug
LDAP search cached non-existent users for 24 hoursBug
SNMP could fail to get ippolicyd statisticsBug
Inventory keys denied for read-only usersBug
ippolicyd could report statistics inaccuratelyBug
DNS failures (NXDOMAIN and NODATA) results in immediate bounceBug
Overall performance and stability improvedDep
It's recommended to empty your browser cache before signing on to your updated systemDep
The log format is heavily changed; be aware if you rely on machine parsed logging
2.2.2.2
Released on 2010-09-02
Imp
DNSSEC trusts newly signed rootImp
CPU indicator in clustering overviewImp
Simplified configuration management viewImp
Remote systems alphanumerically sortedImp
Final actions terminate user defined functionsImp
3rd-party modules updatedImp
Russian translations updatedBug
HSL isset() function now works on arraysBug
IPv6 support in SyslogBug
Detect primary domain from Active DirectoryBug
Reporting tab timed out in large clustersBug
Overall performance and stability improved
2.2.2.1
Released on 2010-07-29
New
Novell GroupWise support in quarantineImp
3rd-party components updatedBug
Do not synchronize "fallback" configurations in cluster
2.2.2
Released on 2010-07-07
New
Backscatter protection with BATVNew
Comments (C++ style, //) in address lists in web administrationNew
Minger protocol recipient lookup function minger_lookup() in HSLNew
SetRecipient() function in HSL's Content FlowNew
HSL control structure "barrier" to do advanced synchronous scriptingNew
HSL isset() function, to check if a variable is defined or notNew
Set listen addresses for SSH, FTP and SNMP servicesNew
Prompted configuration download in web administrationNew
Show configuration changes between revisionsImp
Changed default IP to 169.254.1.1 (not to conflict with customer networks)Bug
Do not allow recipient with trailing "." in the domain name
2.2.1.1
Released on 2010-06-17
Bug
A script validation error in Web Administration fixedBug
Syslog could fail at boot on rare occasions
2.2.1
Released on 2010-06-14
Imp
Show PKI information (X.509, private and public key)Imp
Require passwords to be typed twiceImp
Better TLS information in SMTP logsImp
DNSSEC and DNS cache made private in clusterImp
RPDAV icon changed to be distinguished from RPDImp
Show full AV, AS, LDAP and boot logsImp
Sort cluster nodes by name on Cluster > OverviewImp
Support TLS/SSL for LDAP servers (Quarantine and HSL)Imp
SMTP listener/transport support "internal-hostname" as hostnameImp
More restrictive read-only users (no ping, etc)Imp
Commands (ping, etc) in console are continuously updatedImp
More private keys (Send to Server, etc)Imp
3rd-party components updated (ClamAV, etc)Bug
RPDAV could not set "delete" actionBug
View message button in outgoing queue fixedBug
No script errors for action on empty message queuesBug
Graph X-axis could be a few seconds off in clusterBug
Failed to save flows when custom functions were usedBug
Session timeout when saving services (SMTP, HTTP, etc)
2.2.0.1
Released on 2010-05-19
Bug
syslog needs to be restarted in order for hostname to be appliedBug
If STARTTLS was announced but failed, optional TLS abortedBug
LDAP queries failed in HSL
2.2
Released on 2010-05-17
New
DNSSEC support and an internal DNS cacheNew
DKIM signing and validation in Content flowNew
Reworked statistics with JavaScript graphs and a new layoutNew
Show Script button on flows, displaying generated HSL codeNew
Ability to write reject/defer messages in flow blocksNew
HSL variables $service (IP) and $messageid (Content) addedNew
HSL functions file() and file_get_contents() addedNew
Defer(), SetMailTransport() and AddHeader() in Content flowNew
Trusted (whitelist) block in Recipient flowNew
Web Administration organization with flows in one sectionNew
Unit identification used as internal hostnameNew
Button for jumping to flows and profilesNew
Warning messages before discarding unsaved changesNew
Bookmarks to sections and tabs in Web AdministrationImp
Renamed processes to mailscand and mailqueuedImp
Major performance improvement in mailscandImp
Overall performance from chunked statistic updatesImp
Free-text search in Activity > LoggingImp
Quarantine mail listing show scores and loggingImp
Clustering menu and timeouts improvedImp
E-mail file maintenance (lostfiles) addedImp
Outbreak (RPDAV) anti-virus accuracy improvedImp
Web Administration performance and caching improvedImp
Updated 3rd-party componentsImp
Hop count in mailscand implementedImp
Overall performance and stability improvedBug
SpamAssassin update bug resolvedBug
SNMP label swapping bug resolvedBug
Disabling of certain domains bug resolvedBug
Zero-bitmask error in in_network() function resolvedBug
IPv6 scope in network functions is now discardedBug
GMT timezone confusion on System > Time clarifiedDel
Domain statistics reports removedDel
Deprecated recipient databases migrated into flowsDel
Incoming listener (smtpd) doesn't listen to localhostDel
Removed Deliver() as error fallback actionDel
Invalid PKI certificates no longer validates in configDel
Deprecated $spamscore and LDAPLookup() removedDel
Diagnostics > Troubleshooter tab removed
2.1.5
Released on 2010-03-01
New
Clustering of multiple SPG/VSP unitsNew
Graphical Console (replacing the CLI)New
mail() function in HSLNew
GuessAttachmentType() in HSLImp
3rd-party components updatedImp
Quarantine reset password, does not send a new password, instead allows it to be changedImp
Overall improvements in functionality and reliabilityImp
HSL cache [] is not LRU per default (least recently used)Bug
Domains were not disabled properly (nor alias domains)Bug
IP Policy response were not always receivedBug
GetAttachmentName() were not decoded properlyBug
Self-genrated messages had the wrong Content-DispositionBug
Unable to bind in queueprocessor (when custom source-ip was used)Bug
Domain reports could take very long time to completeBug
Statistics could be collected for recipient instead of senderBug
Disk, CPU and Memory usage where 24 hours off in bar-indicator
2.1.4.4
Released on 2010-01-14
Bug
Issue with domains without MX records resolvedBug
Internet Explorer 8 can now view message logsBug
Exporting users can now handle invalid UTF-8 chars
2.1.4.3
Released on 2010-01-07
Imp
Automatically format and use available disk (Xen and Hardware)Bug
Xen could not leave firmware OSBug
Wrap-around long log lines in Web AdministrationBug
Rate-control would cause random rebootsBug
GlobalView did not always start at bootBug
Newly downloaded SpamAssassin rules were not applied until reboot
2.1.4.2
Released on 2009-12-22
New
Console in Web Administration (Diagnostics > Local Console)New
Show licensed users in Web Administration and SOAPNew
Access Quarantine from Web AdministrationImp
3rd-party components updatedImp
in_network() now supports IPv4 and IPv6Imp
dns() is now IPv6 ready, use dns4() or dns6() to chooseImp
Improved compatibility with "tag subject" and non UTF-8Imp
Colors in log searchImp
Fixed MX-shuffle (rare round-robin delivery problem)Imp
Delivery will only try the first three A/AAAA recordsImp
Selecting text in Web Administration logsImp
Many other improvementsBug
Next retry wasn't presented in the local timezoneBug
Rare bug while reverting between configurationsBug
Could not save whitelist in Internet Explorer 8Bug
Reload services when SSL certificate is updatedBug
Retention policy in Web Administration was restricted to 32-letterBug
Adding one's own domains as domain alias confused quarantineBug
Spelling correctionsBug
Overall stability fixes
2.1.4.1
Released on 2009-11-06
Bug
Better handling of questionable SMTP responses.Imp
Russian and German in VSP's Getting Started.Imp
Spam Assassin size limited raised to 500KiB.Imp
Charset detection for Korean and other Asian languages.Bug
Scripting error for Anti-Virus block in Content Flow.Bug
Web Administration bug in Gettings Started for IE6/7.Imp
Flow blocks in IP Policy log their results.Bug
Japanese may now be default language in Quarantine.Imp
Statistic's performance is improvements.Imp
HSL does not resolve $var to the value of $var.Imp
HSL function eval() implemented.Imp
Overall improvements in functionality and reliability.
2.1.4
Released on 2009-10-21
Warning
Storage disk must be at least 2GB for all units and configurationsImp
Automatic initialization of new Storage disks for VSP/SPGImp
Firmware updates by self hosted Web UpdatesImp
Getting Started -guide in Console and Web AdministrationImp
IPv6 support in Web AdministrationImp
Keep current search in History/Queues while browsing and performing actionsImp
IP-address whitelist in Content-FlowImp
Quarantine action "Empty" only empties the selected folderImp
Japanese language support in QuarantineBug
If no MX is found, try to use the A/AAAA recordBug
SNMP and NTP problems with reconfigurationImp
3rd party components updatedImp
Overall improvements in functionality and reliability
2.1.3.1
Released on 2009-08-09
Imp
Overall improvements in functionality and reliability
2.1.3.2
Released on 2009-08-09
Imp
Overall improvements in functionality and reliability
2.1.3
Released on 2009-07-10
Imp
Throughput vastly improved, read the guidelinesImp
Option to disable internal statistics and historyNew
New HSL functionsImp
Overall improvements in functionality and reliability
2.1.2
Released on 2009-06-25
New
SNMP monitoring; custom MIB with statistics and informationBug
Fixed Kaspersky engine errorImp
Truncate configuration from CLI to save memoryBug
Cache timeout set at execution instead of completionImp
IP Policy may also block UDP packets ($protocol)Imp
Removed start-up related warningsBug
http() function can handle more than 10 parametersImp
Exceptions in Recipient Flow are reported as Defer()Imp
Global quarantine admin users may blacklist globallyImp
Blacklist handles domains and wildcard (%@domain)Imp
Notify senders that they are blacklistedImp
Re-arranged tabs into new system menu in Web Admin.Bug
Redirection bug when accessing a HTTPS interface using HTTPBug
Configuration upgrade for remote systems could cause timeoutsImp
Better transport-lookup for messages generated internallyImp
Mail function GetRoute() in HSL improvedImp
Array function array_reverse() in HSLImp
Rate control function rate() in HSLImp
Rate control module in Recipient and Authentication FlowsImp
Default message rate for authenticated users is 100 msg/hImp
HSL may cache results per message/sessionImp
Overall improvements in functionality and reliability
2.1.1
Released on 2009-06-03
New
Advanced options on Mail Content Flow with custom rulesImp
Larger history (100.000 msgs.) for small disks (4 GB)Imp
Anti-virus and Pattern Analysis (SA) results in historyImp
Quarantine allows users to download messagesImp
Quarantine web interface scales content to browser sizeImp
Quarantine accepts LDAP sign-in using alias as usernameImp
Quarantine has Korean translationImp
Quarantine displays outgoing queueImp
Quarantine displays folder's message count on mouse overImp
SPF module has trusted forwarders white-list fieldImp
Option to reject messages with virusImp
Recipient Flows reports the reason for rejection to senderImp
Overall performance and reliability improvedBug
Quarantine now shows attachments correctlyBug
Delivery forced default transport during certain circumstancesBug
Quarantine now honors the LDAP version settingBug
It is now possible to mix recipient flows with "disabled"
2.1
Released on 2009-05-18
Imp
New Quarantine with LDAP support and ClusteringImp
Administrator can access the Quarantine using their credentialsImp
Quarantine has administrator-only folders (invisible to users)Imp
Reporting > Real Time Log displays Anti-Virus, LDAP, etc.Imp
The console's startup screen displays IP addressImp
FTP access requires full permissions or the "f"-flagImp
Administrators cannot change their own permissionsNew
Added "null" transport (discards messages)Imp
VMware ESXi users need to resize the disk during installImp
Added "Per Domain" for the SMTP Recipient Flow lookup moduleBug
Trace configuration revisions changes by administrator userImp
Recipient Flows are per-domain instead of per-incoming.Imp
Improved queue/history management responsivenessImp
Performance optimizationsImp
3:rd Party Components UpdatedImp
CLI command "version" displays appliance informationImp
Overall performance and reliability improved
2.0.9
Released on 2009-03-24
New
Import Configuration from ClipboardBug
Installer on Windows 2000Bug
Installer field validationImp
Warning on VMware Configuration ImportImp
Repair License in Web Admin.Bug
History Page in Internet Explorer fixedImp
Changes in terminology (Process Flow = Content Flow, etc)Bug
Long lines message bug fixedNew
Implemented cache [] function();Bug
IP Policy cache is now cleared properlyImp
Web Admin. Script fields is monospace and support [tab]New
Added !~ (negated regular expression) matchingImp
Updates 3d-party librariesNew
Caches the Incoming's smtp_rcpt_lookupImp
Clear cache button (Mail Gateway -> Settings)Bug
Non-UTF-8 bug (Mail Gateway -> Activity)Imp
IP Policy performance improvedBug
HTTP re-configured during address changeImp
Removed reverse DNS lookupsBug
Memory storage capacity resolvedBug
Authentication and Recipient Flow re-configurationBug
NTP producing false error messagesImp
Autodetect language in Web Admin.Imp
Mail Content Flow didn't virus-check spam messagesImp
Overall improvements and stability
2.0.8
Released on 2009-02-27
Imp
Firmware Update with step-by-step guideImp
VSP Installation with quick-start guideImp
"Paging" in Mail Gateway Activity tabsNew
dnstxt(), dnsmx() and implode() functions in HSLBug
500-errors handled correctlyNew
Support for alternative DNS in lookup-mxBug
Handle UTF-8 in Tag Subject i Mail FlowNew
More languages addedImp
Graph directions changed (left to right)Imp
More SMTP debuggingNew
Direct Processing gives reject functionNew
Reject() function in Mail FlowImp
Set concurrent connections per Incoming (server)Imp
Function declaration and "include" support in HSLImp
Full UTF-8 supportImp
Overall improvements and stability
2.0.7.1
Released on 2009-01-16
Imp
SMTP/LDAP SMTP authentication supportBug
Disk Operation StabilityImp
Storage Management (backup and restore)Imp
Add multiple domains from Web AdminImp
Authentication and Recipient FlowsImp
Many new functions added to HSL (see Wiki)Imp
Secure Disk Wipe from Recovery ConsoleImp
Send test mail to administrator from Web AdminImp
Reset Statistics in Web AdminBug
DNS/MX resolvingImp
Authentication in Outgoing TransportsImp
Preview mail in QuarantineBug
Quarantine handles quoted-printableBug
Quarantine reports handles quoted-printableImp
Warn users when Quarantine getting fullImp
Script testing toolImp
Searching logs indicates when showing realtimeImp
Custom icons for script blocks in Web AdminImp
Improved anti-virus detectionImp
SOAP interface improvementsImp
Better Default FlowsBug
Resolved back-to-default-config bug
2.0.6.2
Released on 2008-11-25
Bug
Quarantine templates
2.0.6.1
Released on 2008-11-20
Bug
Quarantine templates
2.0.6
Released on 2008-11-12
Imp
Send Domain Reports from Web AdminBug
Domain Statistics reported correctly (lowercase)Bug
Overall Web Admin reliabilityImp
LDAP debuggingImp
Mail throughput performance vastly improvedImp
SPF Query Tool in Web AdminImp
in_network() now supports IP-ranges in HSLImp
Block() may send reason for blocking in HSLImp
dnsptr() to lookup PTR (ipv4 and ipv6) in HSLImp
5 s timeout for dns() request by default in HSLImp
in_file() function (eg. black/white-lists) in HSLImp
First comment in a Flow Script shown as titleImp
Customize generated e-mailImp
Multiple LDAP servers on incoming listernersImp
Default contact changed to "Postmaster"Imp
Multidimensional arrays in HSLBug
Overall reliability and functionalityImp
Quarantine translated to Swedish and customizableImp
Better default mail gateway Process Flow
2.0.5
Released on 2008-08-21
Imp
Improved quarantine with reportsImp
Statistics in Web AdministrationImp
Domain reports with additional statisticsImp
Logging is separated and improvedImp
Message tracking (Activity)Imp
Web Administration re-organizationBug
Storage recovery from power failuresImp
Certificate tunable "Optional but Verify"Imp
Error messages are displayed as dialoguesImp
Generate SSL certificates (Diagnostics section)Imp
Name (tag) configuration revisionsImp
SOAP configuration API (using WSDL file)Imp
NFS replaces SMB for network storageImp
Graceful shutdown and restartImp
Boot procedure with progress and logImp
Multidimensional arrays in HSLImp
Headers are UTF-8 decoded in HSLImp
GetDSN(), GetRoute(), DeliverAsSpam() in HSL
2.0.4.1
Released on 2008-06-09
Bug
Web Administration error on factory reset unitsImp
Added German and Japanese language supportImp
HSL Scripting in Outgoing QueueImp
Domain name variable in HSLImp
WrapMessageAddHeader function added in HSLImp
Revert to default config upon fatal errorsImp
Disable Incoming Listeners upon storage failureImp
Regular Expression modifiers in HSLImp
Initial Access Control Flow statisticsImp
Incoming Queue shows entire messageImp
http() and explode() functions added to HSLImp
Pattern Analysis (spam assassin) module addedImp
LDAP testing on Diagnostics sectionBug
Max Message Size can be increasedBug
Overall reliability and functionality
2.0.3
Released on 2008-05-15
Imp
Added Italian, Spanish and Korean language supportImp
Overall reliability improved
2.0.2
Released on 2008-05-12
Bug
SPF calculated $spamscore incorrectlyImp
Reboot to Update Firmware from Web Admin.Bug
Removed extra newline in messagesBug
Database conversions could failImp
Ability to disable ACL flow for servicesBug
NTP synchronization problem solvedImp
Model-specific performance optimizationsBug
Recovery from power failureBug
Windows (SMB) share no longer failsImp
Added date/time functionality to HSLImp
Overall reliability improved
2.0.1
Released on 2008-04-28
Bug
Problems in the parser of the mail scanner are fixedBug
Ajax problems in the mail processing flow are fixedImp
New functions in HSL (Halon Scripting Language)Imp
UTF-8 support in HSLBug
Internet Explorer and Opera supportImp
Overall reliability improved
Comments
0 comments
Article is closed for comments.