5.13
Released 2023-08-15
ImpUpdated version of eleven eXpurgate anti-spam daemon (4.47.0)ImpAdded selector field to DMARC reportingImpIncreased SA custom rules limitImpImproved query builder for metadata fields in queue listingImpBased on FreeBSD 13.2, and latest quarterly packagesBugFix issue with SpamHaus DQSBugFix issue with memory_store HSL functionDepRemoved deprecated ClamAV (ScanCLAM() is now a no-op)
5.12-p1
Released 2023-05-03
BugIn HSL fix an issue with Map/Sets iterators and foreach
5.12
Released 2023-04-12
ImpMTA improvements- Faster policy evaluations and subdomain matching
- Added a new grouping field to the queue structure to be used for combined recipientdomain/remotemx groupings
- Added
LOGINparameter support to theXCLIENTcommand - Added support for network matching in
PROXY,XCLIENTand TLS client cert settings - Added connection pooling reuse setting based on remotemx
- Various improvements to DNS resolving
- Added a global DNS domain cache
- Restructured DNS cache to resolve all addresses, with deduplication
- Added global settings for
resolver.mx.exclude.ipandresolver.mx.exclude.mx
- Priority messages now also have priority in resolver and script execution queues
- Allow overriding serverhost (
servers[].hostname) in connect hooks'sAccept()function - Added ability to read plugin configurations from file paths
- Improvements to
halonctl- Added
--no-pipeliningoptions to queue trace command - More precise time (usec) resolution in queue trace command
- Queue update command now supports changing only localpart or domain of senders/recipients
- Added
halontopnow resizes layout to terminal size- Added a new C-API (
HalonMTA_deliver_trace) to do custom trace outputs in delivery plugins - Added a new C-API for queue pickup plugins
ImpScript language improvements- Added support for multiline CSV data in
csv_encode()andcsv_decode() - Added option to allow non-convertible objects to be converted to none in
json_encode()
- Added support for multiline CSV data in
ImpImprovements to integrated (VM) package- Based on FreeBSD 13.2, and latest quarterly packages
- Pre-packed with http-bulk plugin
DepImportant changes- Deprecated ClamAV in integrated (VM) package
- Deprecated
ScanDMARC()in componentized package (installhalon-extras-dmarc) - Deprecated builtin
LDAPclass in componentized package (installhalon-extras-ldap) - Removed
MailMessage.deliver(deprecated since 5.2, useMailMessage.queue()instead) - Removed
/dev/nullas special transport destination - Removed
GetMailQueueMetric()(deprecated since 5.3)
BugVarious bug fixes- Missing dynamic policy id in
$argumentsin post-delivery on rate only policy conditions - Fixed timeout issue with PIPELINING
queue_policy_delete()function was missing in AUTH hook- Fix issue with
unsetinforeachloops - Fix issue with
scripting.rootpathending with/ - In HSL do not allow index dereference of string with key types other than numbers
- In HSL do not allow slice operator dereference with key types other than numbers
jobidset in pre-deliveryTry()function was not updated in post-delivery hook- Fixed rare crash with queue trace command on busy systems
- Missing dynamic policy id in
5.11-p3
Released 2023-02-17
BugImproved error handling with HTTP submissions APIBugFix error message withhalonconfig --dist-checkand missing schemasBugFixes to integrated (VM) package- Upgraded ClamAV to 1.0.1 to address CVE-2023-20032 and CVE-2023-20052
- Fix web adminsitration bug when adding domains
- Relaxed DangerousExtensions classification in eXpurgate (caused false positives)
- Allow changing DangerousExtensions with
antispam_expurgate_dangerous_extensionssetting
BugFix rare issue connection retryDepPlease note that ClamAV is deprecated and will be removed in 5.12
5.11-p2
Released 2023-02-09
BugFixes to integrated (VM) package- Lower default timeout of ScanRPD() scanning
- Fixed error handling for ScanRPD() in case of network errors
5.11-p1
Released 2023-02-06
BugFix a rare issue with configuration reload on Ubuntu
5.11
Released 2023-02-03
ImpMTA improvements- Added a
halonctl queue tracecommand to trace outbound SMTP connections - Outbound PIPELINING support
- Ability to change TLSv1.3 cipher suites on server and clients
- Queue performance optimisations
- Added
setDateLater()function to set Date header on delivery - Added connection
idand numbers oftransactionsto post-delivery attempt connection array - Added support for networks in the
Try()argumentip_exclude - Allow changing jobid with
Queue()functions in pre- and post-delivery - Added remotemx information to outbound connection list
- Added support for
--size,--subject,--metadata-andfilter conditions tohalonctl - Added the ability to clear the internal DNS cache using domain wildcards in
halonctl
- Added a
ImpScript language improvementsMap/Setiterator are now thread safe with imports (modifications are not)- Added support for data types when
importing YAML files - Added support for private key
import(RSA and ED25519 keys) - Added
rsa_privatekey()anded25519_privatekey()function to load keys as PrivateKey resources - Added
array_combine()function - Added
exclude_headerstosignDKIM()functions - Added support for PrivateKey resources to
signDKIM()functions - Added support for tags when
parsinging YAML files - Added
MIMEPart.getByID()functions to retrive a MIMEPart by ID - Added support for Regex types to
MIMEPart.findByType()andMIMEPart.findByFileName()functions csv_encode()will not added quotes to string with spaces
ImpImprovements to integrated (VM) package- Improved DNS reliability when using the builtin DNS cache
- In the WebUI allow building queue search filters with multiple different metadata combinations
BugFix issue with slow graceful shutdown ofsmtpdBugFix issue with thehalonctl queue groupbycommand if jobid was set withTry()BugFix issue with including files using symlinks within the rootpath in HSLBugFix issue with global functions and module imports in HSLDepImportant changes- Migrating away from Cyren (ctasd and ctipd)
- The deprecated
DirectDeliver()function now acts as a queuing deliver - Removed deprecated
GetTLS(),Allow(),Block()andDeliverWithDKIM()functions - On Linux, trying to reload with Halon script compilation errors will continue using the previous configuration
5.10-p1
Released 2022-12-06
Bughalonctl resolver command didn't ignore SIGPIPEBughalontop didn't show patch version properlyBugOn some Linux distros environment.rlimit.nice could not be set to a negative valueBugImproved error handling on JSON payloads in smtpd HTTP APIBugOn configuration load filename was missing in error messageBugFixed a stability issueBugUpdated FreeBSD ping utility (CVE-2022-23093)
5.10
Released 2022-10-11
NewWeb administration additions- Delivery insights view
- Outbound connection list and ability to close connections
- Visual refresh
ImpPackage and repository improvements- Builds for Ubuntu 22.04 LTS
- Packages for extras projects written in Halon script
ImpMTA improvements- Ability to change IP address family (v4/v6) preference
- Support for implicit TLS for outbound connections
- New outbound TLS mode
dane_fallback_require_verifyfor DANE/MTA-STS coexistence - Added peer certificate error and TLSA to post-delivery's attempt information
- Store last attempt's
localip,remoteipandremotemxin the defer queue
ImpScript language improvements- Added
domain_publicsuffix()function - Added
url_parse()function - Added
insert_functionoption tocache [] - Added new
matchexpression Socket.recvmay now use multiple flags as an array- Added support for
body_lengthinsignDKIM() - Ability to set properties and the stop flag in for dynamic
queue_policy()
- Added
ImpProtobuf API improvementsQueueGroupBybylocalipas wellQueueGroupBysupport policy grouping (MX rollup, etc)- More
ServerConnectionsListinformation; transactions, local IP and ports
ImpCommand line tool improvementshalonctl groupbyoverhaul, adding lots of new functionalityhalonctl queue updatenow have a dry-run flag to test querieshalonctl process-statsmay now output Prometheus compatible formats
ImpImprovements to integrated (VM) package- Added support for Sophos Live Protection
- Added HTTP submission API support
- Updated Cyren packages to ctasd 5.5.1 and ctipd 4.5.1
- Updated to FreeBSD 12.3-RELEASE-p7 with quarterly packages
ScanDMARCfunction how have an option to disable SHA1 signatures (rfc8301)- Allow reverse lookups for private address space in unbound DNS resolver
BugFix issue with dynamic policies in the 35/8 subnetDepImportant changes- The Ubuntu packages no longer depends on
halon-extras-rateandhalon-extras-dlp(need to be explicitly installed) - The per-recipient end-of-DATA function
DirectDeliveris deprecated, useMailMessage.send()instead - The post-delivery function
GetTLS()is deprecated, use thetlsobject in$argumentsinstead
- The Ubuntu packages no longer depends on
5.9-p3
Released 2022-12-05
BugFixed a stability issue
5.9-p2
Released 2022-08-16
BugCould not override Spamhaus DQS scores in integrated (VM) packageBugGetTLS()in post-delivery could fail on non-delivered messagesBugIssue withQueue()in post-delivery with no retry delayBugFixed an error message inhalonconfig
5.9-p1
Released 2022-05-31
BugFix issue with IPC (Unix domain socket) permisson on Linux
5.9
Released 2022-05-30
NewAdded priority for queued messagesNewAdded max age of messages in queue (retry.during) as an alternative toretry.countImpMTA improvements- Added support for thread priority for various thread pools and event loops
- Made
ip_exclude_temporaryalso work withmx_excludein SMTP clients - Added
dane_fallback_requireas TLS mode in SMTP clients - Added support for more AUTH mechanisms in SMTP clients (eg. XOAUTH2)
- Randomize the order of equal-preference MX host addresses
- Added possibility to configure custom script thread pools per hook
- Delivery settings may now change max retries/during and retry intervals
- Added
queues.maxmessagesto limit number of messages to hold in memory - Added
data.fixheaders(false) anddata.mimepart.fixheaders(false) to inject\r\nbefore bad headers - Added
queue.loader.activecounter to hold total messages currently loaded - Postmaster address may be configured separately as localpart and domain (inherit from reporting-mta)
- Added possibility to disable MIME multipart parsing for performance
- Added
maxpartsto configure max MIME parts - Added ability to change
transportidinTry() - Added
$arguments["expired"]to post-delivery hook to indicate bounces due to age or max retry count - Added reason to
Delete()in the pre-delivery hook - Added support for DSN options to
Bounce()in the pre-delivery hook
ImpScript language improvements- Added array dereference with spread operator inside of arrays
- Allow upcast of TLSSocket to Socket with
TLSocket.toSocket() - Added
setFileName()andsetDisposition()functions toMIME() - Detect MIME parsing errors with
MailMessage.getErrors() - Added support to create
MailMessagesfromFileobjects usingMailMessage::File() - Added reason for policy result and detailed error/errno to
spf_query()output
ImpNative (C ABI) plugin improvements- Added support to get object properties with
HalonMTA_hsl_object_property_get() - Create MailMessage and File classes from strings with
HalonMTA_hsl_value_set() - Detect MailMessage type with
HalonMTA_hsl_value_type()
- Added support to get object properties with
ImpHTTP submission API improvements- Added
/healthendpoints to be used with load balancers - Added
$arguments["headers"]to end-of-DATA script - Added concurrency limit setting per server
- Certificates are soft reloadable in configuration
- Added
ImpProtobuf API improvements- Include HTTP connection in ServerConnectionsList replies
- Support for close reason of HTTP connections with ServerConnectionsClose
- Added option to reset
transactionid,tsandretrycountupon message import - Bounce action may set
statusanddiagnosticcodeon queue updates - Added regular expression support in StringMatch in API for message conditions
- Added unique count feature to groupby
- Added maximum values to process stats and present them nicely in
halontop
ImpImprovements to integrated (VM) package- Added support for EU-only Cyren datacenter for RPD and globalview
- Added support to configure reserved IPs for SMTP servers in web administration
- Include updated spamassassin-dqs with support for DBL with hostnames
- Allow access to Sophos AV unix socket using Socket() class in HSL
- Enable scanning of Msi files with Sophos AV
- PHP IMAP module now available in custom-www
- PHP DNS resolving is now available in custom-www
- Updated to FreeBSD 12.3-RELEASE-p5 with quarterly packages
ImpAll halonctl commands accepting time now allows for X[dhms] syntaxImpAdded dist-check command to halonconfig to check generated configurationImpAdded option to stop-on-match in smtpd-policy.yaml when matching rulesImpAdd configurable rate sync delay to improve UDP synchronization reliabilityBugFix validation bug in JSON schema with HTTP submission APIBugFix validation bug in post-delivery hook with$arguments["dsn"]["status", "diagnost...BugAllow long lines in message body when receiving messages with CHUNKINGBugFix rate issue with dynamic policies which could cause MTA restartsBugHTTP submission API header name “X-API-Key” was not case insensitiveBugStatistics queue.policy.rate.suspends not decreased on manual message deletesBugFix bug in C API when invoking function pointers in class member functionsBugDNS zone flush with unbound in VM package did not clear all record typesBugDo not rescan messages with ScanCLAM() and ScanRPD() if failedBugProperly detect temperror in ScanDMARC()BugFix escaping of email addresses by escaping additional charactersBugAdded detection newer versions of .docx and .xlsx files in ScanDLP()DepDeprecated use of MIME("0") in EOD, use $arguments["mail"] or GetMailMessage() insteadDepImportant changes- Removed "eodrcpt" from Linux builds
- Removed ability to control "rated" and "dlpd" from "halonctl" (use ratectl or dlpctl instead)
- Removed deprecated functions from per-message end-of-DATA script: Queue(), GetMailMessage(), GetTLS(), GetAddressList(), DKIMSign(), DKIMSDID(), DKIMVerify()
5.8-p4
Released 2022-03-16
SecUpdated OpenSSL to fix CVE-2022-0778
5.8-p3
Released 2022-02-10
BugIssue when using Cyren anti-spam (ctipd and ctasd) with a HTTP proxy fixedBugAuto-detection of DKIM keys inadditional_signaturesfixedBugReduce risk ofratedUDP packet loss for initial synchronisationBugIssue withScanDLP()and custom rules fixedBugUpdated libcurl to 7.81
5.8-p2
Released on 2022-01-25
BugDKIM validation issue under certain circumstances
5.8-p1
Released on 2022-01-10
BugPrivdrop after creating control socket inratedBugFixratedstartup rate hit syncBugFix minor issue parsing bad headers
5.8
Released 2021-12-13
NewTemplates for Docker and Kubernetes- The
dlpdcontent filtering connection now uses a HTTP based API - The
ratedrate control connection supports DNS with dynamic re-resolve
- The
NewAPT/deb and RPM repositories- Components are now in separate packages (MTA, rate control, content inspection, etc.)
- Added separate
dlpctlanratectltools for the respective new packages
NewMTA features- HTTP submission API for pre-formatted RFC822 messages
halontopprogram showing realtime process metrics- Faster DKIM dual-signing with
additional_signaturestosignDKIM() - Ability to use multiple spool paths
- Added support
reservedconnection slots - Export message using with
QueueExportRequestAPI
NewNative (C ABI) plugin features- Added
Halon_command_execute()function, supportingargvstyle of arguments - Added
Halon_early_init()function, supporting early initialization - Added
HalonMTA_hsl_value_to_json()andHalonMTA_hsl_value_from_json()functions - Added
HalonMTA_hsl_value_array_lengthfunction - Autoloading plugins without configuration
- Support for objects
- Support for exceptions
- Support for static functions
- Support for running Halon script functions in C
- Support for working with lists function in C
- Support for more types in C API such as
X509,Fileobjects
- Added
ImpScript language improvements- Added
zlib_compress()and uncompress functions - Added
MIME.toFile()function - Added
MIME.setDate()function - Added
X509.extensions()function - Added
X509.verify()function - Added
X509::String()function - Added
queue_policy_deletefunction - Added
importsupport for multiple X509 certificates (.crt) - Added
importsupport for rfc822 message files (.eml) - Added
glob importsupport - Added support for
srvrecords indns_query()function
- Added
ImpMTA improvements- Improved DSN generation by supporting to include full original messages and DSN field customization
- Include DSN arguments in post-delivery
$arguments["dsn"]array - Include queue policy insights in post-delivery
$arguments["policy"]array - Added support for customization of the Received header (
tlsandfor) - Order queue list by retrycount
- Support message retry with a jitter (distribution) in queue actions
- Added support for queue message grouping of remoteip and remotemx
- Added lists, grouping of conditions, and custom properties to active queue policy and delivery settings
- Allow configuration of multiple
pickupthreads - Added delivery counters to process stats
- Added support for
.halonignorefiles when packaging configuration usinghalonconfig
ImpImprovements to integrated (VM) package- Added support Cyren anti-malware in
ScanRPD()(requires an extra license) - Added option to include HSL plugins in script editor "run" on VM package
- Updated FreeBSD packages (including Sophos och Cyren)
- Added support to configure ciphers for the HTTPS web administration
- Added support Cyren anti-malware in
BugFix bug with localip in smtpd-delivery.yamlDepImportant changes- Removed the deprecated
GetMailFile()function - It's no longer valid to send message to plain IP addresses
user@ip - Disabled PhishingScanURLs in ClamAV
- Removed
signature_excludesupport from ScanCLAM() - Standard ciphers names are now used in logs (instead of OpenSSL convention)
- Graceful shutdown for inbound connections
- Renamed process threads (visible in
top)
- Removed the deprecated
5.7-p4
Released on 2021-11-09
BugMIME formatting issue with append/prependPart() on non-MIME messagesBugIssue with DKIM signature in bouncesBugMIME()not storing decoded headers when queuing
5.7-p3
Released on 2021-09-19
BugDirect deliver in EOD rcpt hook
5.7-p2
Released on 2021-08-24
BugFile type detection in DLP engine
5.7-p1
Released on 2021-08-06
BugMake linter recognise$connection["tls"]["sni"]BugStartup bulk synchronisation inratedBugPROXY protocol heartbeat connections
5.7
Released 2021-07-21
NewIntroducing exception handling with accompanyingtry,catchandthrowcontrol structuresNewVisual Studio Code plugin support for debugging script in thesmtpdMTA processNewInbound connection list in web administration andServerConnectionsListRequestAPINewAbility to close inbound connections withServerConnectionsCloseRequestAPINewAddedarray_unique()andarray_shuffle()functionsNewAddedpcre_compile()function to pre-compile regular expressions from user inputNewAdded#/myregexpattern/syntax for creating pre-compiled regular expressionsNewAddedX509::String()method for creating an X.509 resource from PEM or DERNewAddedMIME.send()method for inline delivery directly from MIME objectImpNew HQF2 queue file format which combines .eml and .hqfImpAdded--unpackoption tohalonconfigto reverse packingImpThehalonconfigcommand now validates plugin configuration schemasImpAddedadditional_headersoption to pre-deliveryTry()function for passing dataImpAddedmodified_originalDSN option to post-deliveryBounce()for altering original headersImpAdded connectionidandremoteuidto SMTP server$connectionarrayImpAddedremove_if_zeroargument tomemory_dec()for automatic cleanupImpAddedjsonandregexformatters toimportandcsv_decode()ImpAbility toimporttext file lines asSetobject items for fast lookupsImpAllowforeachon$thisin classes to iterate all instance propertiesImpAddeddepthoption todomain_includes()functionImpAbility to useresponse_headerswithextended_resultinhttp()ImpSupport for loadingFilefrom standard input when running inhshDepThe=~and!~operators now throws on invalid regular expressionsDepMessages with emptyremotemxorjobidare not matched against queue policies with thoseDepModules loaded withimportcan no longer access global user-defined functionsDepRemovedmail()optionrawbodyand URI fallback forldap_bind()(deprecated since 4.8)
5.6-p4
Released on 2021-07-19
BugNo longer passes function pointers from in$context(only data is supported)BugFixed long loading times ofhsl-lintandhalonconfigwith large YAML filesBugResolved issue withqueue_suspend()andqueue_policy()argument orderBugConnection pooling didn't work with outbound PROXY protocolBugIn post-delivery attempt array, localip was not set correctly with outbound PROXY protocolBugIssue withcache []size if is set to2**32BugThe transport retry intervals didn't override the transport group's intervals
5.6-p3
Released on 2021-06-29
BugIssue with thecache []when exception was thrown from cached functionBugContext switching with plugins wasn't supported in the PROXY scriptBugThe$contextvariable wasn't updated after the EOD script hookBugOnly one DKIM signature was supported on theMIME()objectBugUnable to rename a used disconnect script in the web administrationBugImported function could not resolve nested function in some special casesBugImported object between multiple hooks could not resolve imported functions in some special cases
5.6-p2
Released on 2021-05-28
ImpUpdated to FreeBSD 12.2-RELEASE-p7 (VM)BugUpdated to ClamAV 0.103.2 (VM)BugAdd library path for plugin libraries (VM)BugFixed issue with updated variables and logging in per-recipient end-of-DATA scriptBugFixed auto generation of transaction ID on APIQueueImportBugFixed encoding issue inxtext_encode()
5.6-p1
Released on 2021-04-08
ImpUpdated to FreeBSD 12.2-RELEASE-p5 (VM) with OpenSSL fixesImpUpdated to SpamAssassin 3.4.5BugFixes a race condition in the queue scriptBugRestricts NTP timesync access
5.6
Released on 2021-03-22, see the release notes for notable changes
NewAdded native plugin support by loading C ABI compatible librariesNewAdded CSV schema validation support inimportso that imported files gets validatedImpAbility to start the server without any listeners in order to drain queueImpAllow server control socket to listen on IP in addition to socket fileImpAbility to group queue distribution view by sending domainImpAdded variables for disconnect reason to disconnect script hookImphttp()function now supports explicithttp_versionandpost_sizeImpAbility to modify (rather than just add and delete) queue suspend and policy itemsImpAdded total count in API response for queuelistandgroupbyCLI/API commandsImpPossibility to disable the Received header (instead of having to delete it from script)ImpAdded In-Reply-To to DSN messages (to support threaded bounces)ImpAdded decode option to MIMEPart.getHeader functionsImpAdded binary option to all hashing functions (eg. sha2 function)ImpImproved concurrent cache miss behaviour in the HSLcacheImpAdded possibility to disable hook logsImpDefault()function now allows configuration of bounce settingsImpTry()function IP include and excludes (similar tomx_includeandmx_exclude)ImpImprovements to integrated (VM) packageBugResolved an issue with the queue updatesBugResolved an issue with the import statements and reloadsBugFix bug with paging of Halon script ratesBugFix a memory leak in the backend authentication script (with modules)BugMissing error counters on connect and disconnectBugHalon script Socket classes' close() method could cause unexpected disconnect behavioursBugFix support for BDAT and the proxy script hookBugFix an issue with SNMP and the firewall scriptBugFix an issue when sorting email history by "Received" date in the REST API for the integrated (VM) packageDepqueue_suspend()andqueue_policy()has changed its return valueDepText log formats has been slightly changedDepFile.toFFIValue()function now returns C-compatible FILE pointer.DepRemove functions a per the deprecation noteDepQueue suspend and policy API calls return UUIDs instead ofuint64DepMinimum supported API version is (5.6)
5.5
Released on 2020-11-16, see the release notes for notable changes
NewDSN extension supportNewOutbound PROXY protocol supportNewFunction generators andyieldNewMap()andSet()data container classesNewAbility to disablesourceip_random, useful during for example IP warmupNewAddedhalonctl hsl memory listand correspondingHSLMemoryListRequestAPINewAddedbase32_encodeand decode functionsNewAddedurl_encodeand decode functionsNewTest command for the asynchronous DNS resolverhalonctl resolver queryNewQueue suspend filters withhalonctl queue suspend listandSuspendRequestAPINewSettings for max messages, recipients and hopsNewAddedunix_socket_pathoption tohttp()functionNewAddedsenderoption andscantimeresult toScanSA()functionNewAddedspool.corruptsetting for controlling handling of bad queue filesNewHigh-resolution process runtime counterprocess.elapsedNewActive queue performance countersqueue.pickup.XNewScript error countersservers.X.scripts.Y.errorsImpFraction of second insleep()ImpImproved performance for large active queue policy rate buckets and exclude listsImpAbility to specify an ID for dynamic active queue suspensions and policy conditionsImpAbility to filterhalonctl hsl rate listbased on conditionsImpMore relaxed rules for naming of ID and file path in YAML schemasImpImprovedsmtpdprocess shutdownImpImproved SMTP command diagnostics ("in reply to") in bouncesImpAdded Original-Envelope-ID and Original-Recipient headers to bouncesImpConsider all 2xx-codes successful in SMTP clientImpFile descriptor exhaustion error logging and handling improvedImpImprovements to integrated (VM) package- Custom HTTP API endpoint hosting on the web admin page
- Ability to stop and start
smtpdfrom the services section - Firewall rules (
ipfw) may now be added to/cfg/rc.halonstartup script - Ability to add custom local DNS records (A/AAAA/MX/TXT and PTR) to built-in DNS resolver
- Ability to sort and search by finished (rather than received) time in message history
- Updated to FreeBSD 12.2-RELEASE with quarterly packages
5.4-p3
Released on 2020-11-09
BugSupport binary POST data in backgroundhttp()callsBugFixed MIME'sverifyDKIM()after doing message modificationBugFixed error flag issue with consecutive calls toScanKAV()(on same message)BugPrevent announcing extensions from HELO/EHLO script hook onHELOBugFixedhalonctlmissing fieldssenderhelo,saslusernameanddurationBugFixed issue with queue list duration sort order
5.4-p2
Released on 2020-10-01
ImpDetect certain hardware to support iDRAC keyboard delay (VM)ImpUpdated to FreeBSD 12.1-RELEASE-p10 (VM)BugFixed issue with PROXY protocol and implicit TLSBugFixed proxy script and lint issue withhalonconfigBugFixed counting issue with thescripts.proxy.running/finishedprocess statsBugFixed issue where chunking wasn't disabled as per default configuration (VM)BugRestored theidandtsfields inScanDMARC()outputBugEnable queuing of messages fromhshBugFixed sorting and paging on web administration rate and suspend pages
5.4-p1
Released on 2020-08-14
ImpUUID version selector (time/v1 or random/v4)ImpIntegrated package is updated to FreeBSD 12.1-RELEASE-p8BugFix default enhanced status code in bounces for certain errorsBugAdded validation of certain CLI arguments to improve error reportingBugFix web administration regression when adding servers and transports
5.4
Released on 2020-07-22, see the release notes for notable changes
NewCHUNKING/BDAT and the SIZE service extensionNewDisconnect script hookNewyaml_decode()function and import loader (similar to JSON)NewAbility to export an File classes as a C++ std::istreamNewAbility to export an X.509 resources as a OpenSSL pointerNewFFI callback functionNewDSN options toBounce()andQueue()that allows overriding content, headers, delay, etcNewPre-defined variable of the DSN that is to be generatedNewDefault()function in post-delivery to terminate script based on delivery result and settingsNewSettings for minimum amount of free inodes and bytes for receiving emailNewSetting for fsync before 250 on DATANewSettings for number of max hops (loop protection)NewTimeout settings for Sophos and ClamAV, with new defaults of 30 secondsNewPre-defined variable for username when accepting email on local Unix socketNewhttp()callback function for POST dataNewMailMessagequeue()functionNewMailMessageget/setPreamble()andget/setEpilogue()functionsNewMailMessagemodifyContent()function advanced, direct modification of email dataNewStaticFile::read()function that returns all data from a file pathNewLDAP classgetoption()functionNewNumeric separatorNewZero-fill right shift bitwise operatorImpAbility to changeimportloader typeImpIncludes SIZE= in MAIL FROM if server announces SIZE service extensionImpSMTP client always send EHLO first (and then try HELO)ImpDo not include detail in local-part in license count (user+detail@domain)ImpMIMEqueue()options for delay and holdImpAbility to override recipient domain for MX lookup in pre-delivery and all other placesImpAccess to the queued email data in pre/post-delivery as aFileresourceImpdns_query()option for extended results including TTL and type-specific fieldsImpAdded reply code option to allAccept()functionsImpAuto-Submittedheader to bounces (rfc3834)ImpActive queue policy, suspend and delivery configurations in web admin code editorImpSaving custom views on queue pagesImpCustom metadata groupings and columns on queue pagesImpNumber compare for metadata filters on queue pagesImpPartial and case sensitive matching of local parts on queue pagesImpReal-time rates for counters on process statistics pageImpAdded process stat counter for finished script hooksImpAdded multiple recipientdomain and remotemx option to if statements in delivery configurationImpNetwork matching in queue conditions for sender-, local- and *remoteip&ImpThe API output is always normalised as UTF-8ImpThe API supports comparing queue metadata as numbersImpTheMIMEPart.setBody()andMailMessage.toString()limitation of 1 MiB is now removedImpExtended error reporting from Sophos AVImpAdded -R tohshto override scripting.rootpathImpAdded --ffi tohshto override scripting.ffiImpAdded --binary flag tohshImpAdded support for FFI inhsl-lintImpIntegrated package is based on FreeBSD 12.1-RELEASE-p7 with quarterly packagesImpUpdate to Sophos 3.2.07.379.0ImpProtobuf schemas are now part of the Linux packageImpRemovedhttprdfrom the Linux packageImpAdded queue load command tohalonctlto import messagesBugResolved issue with SMTPUTF8 and connection poolingBugWait for support processes likeratedanddlpdBugLog thread creation errors in updateQueueBugMake thedomain_includes()function non-case-sensitiveBugFixed an issue with multiple network interfaces using DHCPBugFixed an issue with storage disk resizingBugFixed an issue with history search filter matching and less- and greater-thanBugDepend onuuiddruntime on LinuxDepTheQueue()function (overrides the built-in logic) may now exceed the transport's max retry countDepTheSetDSN()function has been deprecated in favour of the "dsn" option to Bounce() and Queue()DepTheinet_includes()function now return none on errorsDepTheLDAPResult.next()andFile.readline()now return false on end-of-data instead of noneDepTheMIMEPart.setBody()limitation of 1 MiB is now removedDepThe dns_query() function's ttl result property has been removed in favour of the extended_result optionDepAll messages in the active queue now have at least one localip (instead of showing an empty address)
5.3-p5
Released on 2020-06-10
BugFixed a stability issue with the connection pool
5.3-p4
Released on 2020-05-26
BugFixed issue with server connection concurrency limitBugFixed tags (comments) for some types of manual active queue suspendsBugFixed issue with the proxy script hookBugFixed web administration bug when adding active queue policy without concurrency valueBugFixed minor issue with integrated package's shell console interfaceBugFixed locking issue with integrated package IDE's built-in run script windowBugIncreased the integrated package's max threads per process limit
5.3-p3
Released on 2020-05-04
ImpRemoved unsupported ClamAV safebrowsingBugFixed SpamAssassin SPF issueBugFixed web administration issue on SafariBugFixed IP address configuration regression in video console interface
5.3-p2
Released on 2020-03-10
ImpSupport more charsets by inclusion of latest GNU iconvImpChanged log level of ldap_auth() function failuresBugFixed issue with active queue policy with certain groupingsBugFixed issue with decoding of RFC2231 parameters valuesBugFixed regression with decoding of certain charsetsBugFixed regression with Mellanox (mlx5en) network adapters
5.3-p1
Released on 2020-02-24
ImpAdded SMTP state information to delivery error logsImpAddedportoption to dns_query() functionBugFixed issue with duplicate messages API callBugFixed "neq" condition (not equal) with "size" and "retry_count" fieldsBugFixed issue with message size variable and per-recipient end-of-DATA scriptBugWeb administration fixes- Re-add quarantine view selector on queued messages page
- Re-add confirm dialog on all queue message actions
- Fixed display of file name of attachment in preview
- Fixed preview buttons of messages with invalid MIME formatting
- Fixed issue with FN/FP reporting links
BugUpdated system packages- ClamAV 0.102.2
5.3
Released on 2020-02-11
NewQueue features and API- Connection pooling (reuse)
- Fine-grained queue query API (for list, update and distribution)
- Improved queue quota functionality
- Added delivery settings for active queue fields
- Added active queue suspend and policy functions to more script hooks
- Added message size including modifications to pre- and post-delivery script
- New on-disk queue format
NewCommand-line inteface tool halonctlNewSMTP server scripting featuresImpScript language improvements- New Iconv() class for internationalization conversion
- Added array_every function to test all element against callback
- Re-implemented barrier using shared memory functions
- Added Base64 encoding option to the MIME set/addHeader functions
ImpWeb administration queue improvements- Merged open connections with message queue for better overview
- Powerful filter dialogue using the new queue conditions
- Column selector and inline messages preview in message viewer
ImpCertificate can be in reloadable configuration even if private key is in startupImpAdded graceful draining to the background http() process httprdImpAdded idle timeout to virtual serversImpUpdated system packagesBugPatched Net-SNMP to fix memory leakDepImportant changes- Removed SOAP API
- Removed several REST API queue commands in favour for new queue API
- Removed GetMailQueueMetrics() in favour for new queue_quota() function
- Merged smtpd and queued processes which affects logging
5.2-p7
Released on 2020-05-26
BugFixed issue with server connection concurrency limitBugFixed tags (comments) for some types of manual active queue suspendsBugFixed issue with the proxy script hookBugFixed minor issue with integrated package's shell console interfaceBugFixed locking issue with integrated package IDE's built-in run script windowBugIncreased the integrated package's max threads per process limit
5.2-p6
Released on 2020-05-04
ImpChanged log level of ldap_auth() function failuresImpRemoved unsupported ClamAV safebrowsingBugFixed SpamAssassin SPF issueBugFixed web administration issue on SafariBugFixed IP address configuration regression in video console interface
5.2-p5
Released on 2020-02-03
BugFixed regression regarding interface order
5.2-p4
Released on 2020-01-29
ImpOption to use operating system's network interface order instead of by MAC/hardware addressImpAdded software update version selector to web administration (patch/major)ImpSupport DANE for non-MX destinationsBugFixed protocol violation with LMTP and STARTTLSBugFixed issue with smtp_lookup_rcpt() functionBugFixed memory leak in TLSA DNS resolving
5.2-p3
Released on 2019-12-27
BugFixed issue with long-running script hooks which could cause internal congestionsBugFixed stability issue with newly implemented TLS 1.3
5.2-p2
Released on 2019-12-06
ImpSupport overlapping active queue policy groupings by order of appreanceImpAddedenvironment.syslog.maskoption to startup configurationsBugFixed regression which could cause DSNs to be sent too earlyBugPrevent adding multiple queue policy counters on same field in web administration
5.2-p1
Released on 2019-10-10
ImpAddedtimeoutoption to SMTP client delivery optionsBugFixed issue with listen address when IPv6 is disabledBugFixed issue when adding policy to suspend entire active queue
5.2
Released on 2019-09-25
NewQueue subsystem features- Asynchronous SMTP and DNS connection processing
- Concurrency and rate control in active queue
- Custom counters with regex/wildcard matching for rollup
- Job ID field for scriptable/custom match parameters
- Dynamic control via script and API
- Queuing to multiple source IP/HELO pairs with round-robin and exclusion via suspend
- Transport group hierarchy with setting inheritance
- Simplified pre- and post-delivery scripts with new
Try(),Queue()and$messagesymbols - Added
mx_include/exclude options to deliver functions to control MX resolution - Enabled forward-confirmed reverse DNS lookups (used in Received header) by default
NewScript language features- Added FFI class for calling routines in external libraries
- Added shared memory functions and API for counting and caching
- Added csv_encode() function useful for CSV logging
- Added
redirectsoption to http()
ImpWeb administration improvements- New queue distribution page which can group by age and next retry
- New process statistics page that shows internal counters
ImpUpdated system packages- FreeBSD 12.0-RELEASE-p10
- FreeBSD 12 quarterly packages
DepImportant changes- Removed the options for MX delivery (zone= and query=)
- Removed the transport profile priority and pause setting in favour for virtual queues, hold and suspend
5.1-p3
Released on 2019-06-17
BugFallback to HELO if EHLO fail and we do not require TLSBugReintroduce accept reason in delivery logBugFixes Cyren issue with a cache purging commandBugWeb administration regressions- Fix clearing individual cache items
- Fix multi-select on queue items
- Fix issue with showing clustered graphs
5.1-p2
Released on 2019-05-15
BugNew $connection variable were populated incorrectly in regards to local/remote information.
5.1-p1
Released on 2019-05-08
BugResolve DANE-TA issue by switching from LDNS to OpenSSL's DANE implementation
5.1
Released on 2019-04-25
NewSMTP server scripting featuresImpSMTP server improvements- Support for PROXY protocol v2
- Added wildcard matching in domain relay table
- Added many options and flags to script functions
- Added
reasonandreply_codesto Accept() - Added
decodeto mail message getBody() - Added
typeto MIME appendPart/prependPart() - Added various settings for DMARC and Cyren RPD
- Added
- Compatibility mode for previous predefined variables and setter functions
ImpScript language improvements- Added pkcs7_sign() function for S/MIME
- Added xtext_decode() and encode functions useful for parsing SMTP parameters
- Added X.509 class returned by many functions
- Added header_addresslist_extract() and header_dkim_decode() functions
- Reworked spf_query() and dns_query() with improved return types
- Added
encodeoption to MIME addHeader() - Added to
tls_client_certto http() - Added
localtimezone flag to strftime() and strptime() - Added
getpeerx509()to LDAP class - Added
readonlyvariables to classes - Support for remainder
…$restin destructing assignments - Allow access to private properties in anonymous functions returned from classes (with closure)
ImpUpdated system packages- FreeBSD 12.0-RELEASE-p3
- FreeBSD 12 quarterly packages
BugFixed issue with TLS certificates being read multiple timesBugFixed issue with paused transports creating unnecessary logsDepImportant changes- The SMTP server reject/defer functions doesn’t prepend pre-defined messages
- Underscores are now allowed in variable names
- Removed "null" as literal null transport destination
- Removed size limit from mail message getBody()
5.0-p2
Released on 2019-03-04
BugFix issues in web administration with new REST APIBugFix issue with license user count expirationBugUse true/false rather than 1/0 for all boolean types- rate() return type
- smtp_lookup_rcpt() flag for TLS started
BugFix issues with firewall script- Include files in folders could not be used in firewall script
- The built-in FTP server’s passive mode didn't work with a firewall script
BugFix memory leak in new LDAP classBugSuppress harmless warning in quarantine retention cleanup
5.0-p1
Released on 2019-02-20
BugProperly detect the Amazon EC2 hypervisorBugInline delivery wasn't logging sender information on errorsBugNumerically named include files could not be checked for errorsBugFixed a rare crash that could occur during DKIM signingBugFix regressions in web administration with new REST API
5.0
Released on 2019-01-24
NewRESTful API with OpenAPI specificationNewSMTP server scripting features- Added per-message end-of-DATA script
- Added
snapshot()andrestore()to the end-of-DATAMIME()class - New
$transactionvariable with sender and recipients that's gradually populated - New
senderlocalpartandrecipientlocalpartvariables in original format - New options in connect script's
Accept()functionreasonto set banner responsesenderptrto set sender hostname printed in "Received" header
- New options in RCPT TO
Accept()functionrecipientfor overriding the default$recipientcontext variabletransportidfor overriding the default$transportidcontext variable
- New option
from_namein pre/post-deliverySetDSN()
ImpSMTP server improvements- TLS 1.3 support
- Wildcard matching in SNI
- Sender information can be overridden per queued recipient
- Added configuration options
- Implicit TLS per virtual server listener
- Verbose logging per virtual server
- Bare LF is converted to CRLF
- Disable client-initiated TLS renegotiation
ImpScript language improvements- Added spread operator to array type
- Added wildcard function and variable
importinto a namespace - Added compile-time text, JSON and CSV
importinto a variable - Added
csv_decode()function that parses a string according to a schema - Added
inet_reverse()function that creates a reverse DNS for PTR or DNSxL lookups - Added
array_find()function - New
LDAP()class - Reworked standard library functions
length()function that supports multiple data typesarray_join(),array_includes()andarray_range()str_find(),str_rfind(),str_lower(),str_upper(),str_slice()andstr_strip()random_number(),domain_includes(),inet_includes()
- Added
getPath()andreadline()methods toFile()class - New
allow_commentsoption injson_decode() - New
typeoption indns() - New
proxyoption inhttp()to override the system default
ImpWeb administration improvements- Script editor improvement
- Custom input controllers for CSV files using schemas
- CSV import using custom delimiter
- Syntax highlighting for JSON files
- Scratchpad for quickly writing and running code
- History and queue search support
>=and<=operators - Moved catch-all domain settings to virtual server configuration
- Moved SSH, HTTPS and FTP TLS keys to host server configuration
- Script editor improvement
ImpSystem distribution improvements- Ability to configure HTTP proxy, used by all HTTP clients throughout the system
- Ability to clear individual entries from built-in DNS cache
- DHCP support for DNS resolvers
- Configuration now accepts
/in IDs, used for folders in the script editor
ImpUpdated system packagesBugFix issue withlaggnetwork interfaces on bootDepImportant changes- The
is_number()function to no longer return true on boolean variables - Removed
$tlsprotocol,$tlscipherand$tlskeysizevariables from RCPT script - Removed calling a function as a string from
cache - Removed
Deliver()from post-delivery script - The
Quarantine()function's option parameter must be an array - Removed
system_default_transport - Renamed processes
dlpdandqueued
- The
4.8-r1
Released on 2018-11-01
ImpAdded acrypt()functionImpUpdated to Sophos 3.2.07.374.0
4.8-p1
Released on 2018-10-03
BugFix issue whereldap_bind()return error (-1) rather than failure (0) on a failed bindBugPatch libspf2 to completely deprecate the SPF record type in favor of TXTDepShow deprecation warning for transports without explicit bounce destination, and domain cluster overrides
4.8
Released on 2018-09-20
NewSMTP server scripting features- Added
SetHELO(),$saslauthedand$saslusernameto HELO script - Added "changes" option to
GetMailFile()to include message modifications - Support for meta-data queries in
GetMailQueueMetric() - Preserve 7bit ASCII when the modifying messages with
MIME.setBodyif possible
- Added
ImpScript language improvements- Added native boolean type
- Added string repeat and array repeat repeat operator
* - Added string format operator
% - Added strict comparison operator
=== - Added steps argument
::to slice operator - Added
idna_encode()andidna_decode() - Added
aes_encrypt()andaes_decrypt() - Added
random_bytes()
ImpAPI improvements- Added API call
mailQueueDownloadto download a message (original or with modifications) hslCacheClear,hslRateClearandstatClearreturns affected rowsmailQueueRetryBulksupports "retryts" (timestamp) and "retrydelay" (offset)configImportsupport "revision" option for atomic imports
- Added API call
ImpUpdated system packages- FreeBSD 11.2-RELEASE-p3
- FreeBSD 11 quarterly packages
BugDebug points were removed when clearing debug resultsBugThe video console interface could not run programs (like ping)DepImportant changes- Replaced
radius_authen(), new implementation usingSocket() - Removed
tacplus_authen()andtacplus_author()(TACACS+) - Removed
system_disk_cacheconfiguration key (ATA disk cache)
- Replaced
4.7-p1
Released on 2018-08-07
BugUpdated kernel to FreeBSD 11.2-RELEASE-p1 (SA-18:08)
4.7
Released on 2018-07-09
NewSMTP server scripting features- Live debugging with breakpoints via live staging
HELOphase script- Support
arc(Authenticated Received Chain) inDKIMSign() - Added
ed25519-sha256(EdDSA) toDKIMSign() ed25519_sign()anded25519_verify()functionsrsa_sign()andrsa_verify()functions- Added
timeoutanddns_functionoptions toDKIMSDID() - Added
oversign_headersoption toDKIMSign() getHeaders()function in theMIMEclass- Added
fieldoption toMIME.getHeader()returning entire line - Added
encodeoption toMIME.addHeader()andsetHeader()
NewSMTP server features- Support for multiple IPs and netmasks in live staging
- Require HELO option
- Support for PKCS#8 private keys
ImpScript language improvements- Reworked
DKIMVerify()function - Added array slice assignments and
unsetslices - Only return one result per domain in
DKIMSDID()
- Reworked
ImpSMTP server improvements- Change default TLS ciphers to
HIGH:MEDIUM - Updated Cyren outbound configuration
- Change default TLS ciphers to
ImpWeb administration improvements- Option to automatically restart live staging on changes
- Color picker for area and pie charts
- Stacked percentage mode for area charts
- HTTP redirect option, useful for HTTP-to-HTTPS
- Enabled HSTS and denies frame embedding (X-Frame-Options)
- Many other small improvements
ImpUpdated system packages- FreeBSD 11.2-RELEASE-p0
- FreeBSD 11 quarterly packages
- Unbound 1.7.0 which fixes one DNSSEC-related issue
- Sophos 3.2.07.372.0
BugFixratedbehaviour with IPv6, reloading and display on non-synchronised itemsBugFix issue with DATA script scan functions caching and extended resultsBugFix bug with negative indexes and appendBugDeleting statistic values on graph page for all hosts didn't workDepImportant changes- Switched to regular peer name checks in
SetTLS - DNS functions no longer support hostnames as resolver server option
- Renamed
rate()optionlocaltosync - Removed
DKIMADSP() - Removed historic variables from connect script
- Switched to regular peer name checks in
4.6-p1
Released on 2018-05-03
BugFixed regression in SMTP server affecting implicit TLS on port 465BugFixed issue with FreeBSD 11.1-RELEASE-p8 (SA-18:03) affecting some CPUsBugFixedTLSSocket.getpeercert()MD5 fingerprint option
4.6
Released on 2018-04-28
NewSupport for Cyren outbound anti-spamNewSupport for SNI insmtp_lookup_*(),SetTLS()and SMTP serverNewScript language featuresImpSMTP server scripting improvement- Added
extended_resulttoScanRPD(), ScanKAV, ScanCLAM, ScanDLP and ScanSA - Default DKIM canonicalization changed to relaxed
- Added
GetMetaData()to DATA context
- Added
ImpScript language improvementImpSMTP server improvements- Asynchronous connection processing
- Added millisecond precision to log files and remote syslog
- Allow hyphen characters in metadata fields
ImpScript editor improvements- Completion items for built-in variables
- Parameters, return type and description for completion items
- Hover provider for built-in functions and variables
- Added link provider for files
- Code folding, tabs and minimap
ImpWeb administration improvements- Halon script syntax highlight in plain-text configuration format
- Added checkbox to disable a SMTP listener on the SMTP listeners page
ImpSupport forenanetwork driverImpChanged to DHCP in default configurationImpUpdated system packagesBugFixed issue withhttp()background requests connection errorsBugThe connect script was executed despite connections per IP limitBugThe connect script replies didn't work with implicit TLSBugSMTP banner was sent despite connections per IP limitBugFixed issue with client certificatesBugClearing chart data could cause it to be removed on another nodeBugFixed issue with firewall script and passive FTPDepImportant changes- Deprecated the
ScanRPDAV()function
- Deprecated the
4.5-p2
Released on 2018-01-29
BugUpdated ClamAV to 0.99.3 (due to various CVE's)BugRegression in code editor where file comments could not be added
4.5-p1
Released on 2018-01-22
RegRegression with AUTH LOGIN could cause$saslpasswordto be incorrectly populated
4.5
Released on 2018-01-22
NewScript language features- Added
MIME.signDKIM()function - Added
TLSSocket.getpeercert()function - Added
dnsns()function - Added
inet_pton()andinet_ntop()functions - Added
tls_client_certtoTLSSocket() - Added functionality to
smtp_lookup_rcpt()- Added
tls_client_certandtls_capture_peer_certarguments for client certificates - Added an
xclientargument - Added
on_rcpttoand TLS information to theextended_resultarray
- Added
- Added
tls_verify_peertoldap_search()andldap_bind() - Added
extended_resulttospf() - Support multiple escapes in
ldap_search()
- Added
NewAddedGetTLSto AUTH, MAIL FROM, RCPT TO and DATA with STARTTLS info,tlsrptandpeer_certNewAUTH script featuresNewPre-delivery script features- Added
SetXCLIENT()function - Added
dkimandfromtoSetDSN() - Added
tls_client_certtoSetTLS() - Added
tls_capture_peer_certtoSetTLS()
- Added
NewPost-delivery script featuresImpSMTP server improvements- Added support for client certificate requests in server HELO (per IP)
- Added support for custom SASL methods
- Set server preference for TLS ciphers
- Explicitly handle NULL MX (rfc7505)
- Removed line length limiting (8K SMTP, 256K (headerline), 512K header total)
ImpWeb administration improvements- Redesigned script mappings page
- Improved script errors in editor (with line decorations)
- Search in code editor directly from top search
- Faster loading in code editor
- Redesigned forms with more client side input validation
- Improved keyboard navigation
- And a lot of overall improvements
ImpAPI changes- Added support for more fields in SOAP
mailQueueUpdateBulkand also duplicate - Added support for
programargument in SOAPhslCacheClear
- Added support for more fields in SOAP
ImpImproved Sophos antivirus detection by using CXmailImpDLP engine now supports regular expression modifiersImpImproved performance of libdkim++ImpAllow "." delimiter in all ID fieldsBugReceived header "with ...SMTP..." always adds E on AUTH and STARTTLSBugImproved DSN parsing inGetDSN()with multiline headersBugBug with behaviour onQuarantine()reject => false followed by Quarantine reject => trueBugFix bug with DKIM delivery block in Web UIDepImportant changes- Aliased
error_codetoextended_resultinsmtp_lookup_rcpt() - Aliased all
ssl_options totls_inhttp() - Removed
object []syntax (in favour of class syntax) - Default action is now to block on script errors in firewall script
- Made
$connectionand$transactionread-only insmtpd's context - $tlsprotocol, $tlscipher, $tlskeysize in RCPT TO context in favor of
GetTLS() - If using the
RULEsyntax to ScanDLP() with regular expresssions, you may need to add modifiers to keep compatibility (eg.//ifor filenames).
- Aliased
4.4-p2
Released on 2017-12-04
BugFixed regression with $errormsg in Post-deliveryBugFixed regression with Deliver() in Post-deliveryBugFixed bug when importing some specific named keysBugFixed bug when typing in script blocks using the simple flow editor
4.4-p1
Released on 2017-10-30
BugFixes regression in file() function
4.4
Released on 2017-10-26
ImpScript language features- Added
nonlocaltoSocket.bind()andnonlocal_sourcetosmtp_lookup_rcpt() - Added
tls_default_catoldap_search() - Added new formats
eEvVtopack() - Added new formats
eEvVaxtounpack() - Added offset argument to
unpack() - Added flags to
Socket.recv() - Added support for
private staticclass variables and functions - Fixed
smtp_lookup_rcpt()to properly return return-1on 400 errors - Fixed
file()to support lines longer than 65k characters. MIMEclass andmail()uses quoted-printable by defaultMIME.send()andmail()now fail on empty recipients- Warnings when compiling code with unsupported operators on literals
- Lot's of memory optimisations in script engine
- Added
ImpConnect flow changesSetSenderIP()was added, which can be used to change$senderip
ImpDATA flow changesMIME.setBody()to keep quoted-printable and base64
ImpPre-delivery script script- Added
SetSenderParams()andSetRecipientParams()to carry extra MAIL/RCPT parameters - Added
Bounce()to bounce messages - Added
SetDSN()to change DSN settings SetSouceIP()now accepts an address in each address family- Added
reset_retryandtransportidoption toReschedule() - Added
$contextvariable which is passed on the post-delivery script
- Added
ImpPost-delivery script changesImpScript editor improvements- Added support for save using Ctrl/Cmd+s in CSV editor
- Warning if there are unsaved changes when starting live staging
ImpWeb administration improvements- Refreshed interface, for example search field and login session expiration in menu bar
- Fixed support for renamed HTTP certificates when starting clustering
- Show diff between hosts’ configuration when clustering
- Ability to cancel pending disk grow/format
- SHA-256 is used in new certificate generation
- Message preview retains header letter case
ImpUpdated system packages- FreeBSD 11.1-RELEASE-p2
- New quarterly packages
ImpAbility to choose multiple addresses per SMTP listenerImpAdded a per-transport default bounce transport settingImpAdded source metadata (_original_[message|queue|action]_id) to bouncesImpReworked SMTP errorsImpLDAP profiles are migrated to use standard URIs, which allows for failoverImpFirewall script now uses per-application filtering instead ofipfwdivert socketsBugThe "Line too long” error is now sent after END-OF-MESSAGEBugFixed a missing SSL timeout in the SMTP clientBugFixed a syslog issue by properly using a blocking socketBugFixed regression withsystem-storage-graphs andiostatscommand for some storage disksBugDSNs Arrival-Date wasn't properly set to the original message arrival dateDepImportant changes- Deprecated
Deliverfunction in post-delivery script - Renamed
GenerateDSN()toBounce()in post-delivery script - Replaced
DeliverWithDKIM()withDKIMSign()in simple flow compilations
- Deprecated
4.3-p1
Released on 2017-09-06
BugTLS certificate regression caused by change in OpenLDAP 2.4.45 (ITS#8529)
4.3
Released on 2017-08-08
NewScript language features- Added
privatekeyword to classes - Added
TLSSocket()class - Added
sha2()andhmac_sha2()functions - Added
pack()andunpack()functions - Added
$sourceipvariable to post-delivery script
- Added
ImpAdded status and NDR code options toReject(),Defer(),Deliver(), etc.ImpWeb administration improvements- Redesigned toolbar on many pages
- Spinning icon when running a script in code editor
ImpUpdated system packagesImpDetect Amazon Web Services' EC2ImpOverall improvements and code modernizationBugFailed to properly differentiate SASL failures insmtp_lookup_auth()DepTheobjectcast operator
4.2
Released on 2017-06-22
NewScript language features- Classes added with
classkeyword - Added
is_object()function - Added static function
Socket::AF()to Socket class - Added
tls_verify_nameoption toSetTLS()andsmtp_lookup_* - Added
max_file_sizeoption tohttp() ScanDLP()function accepts rules as argument
- Classes added with
NewDLP engine now support file hashes of SHA2-256 and SHA2-512ImpScript editor improvements- Sorting folders before files
- Fixed header alignment of empty CSV files
ImpWeb administration improvements- Show popover on ellipsis in email tracking
- Fixed return to scroll position in on all pages
- Simple flow editor styles are now flat
- Simple flow editor comment is no longer a required field
- Bulk update queued and quarantined messages
ImpUpdated system packages- CYREN ctasd 5.1.1.1 and ctipd 4.1.1.1
- Sophos 3.2.7.368.1
- HTML Purifier 4.9.3
ImpAquire serial number and license without Internet vialicenseImportAPI callImpsmtpd now has a less aggressive default timeoutBug$x["x"]did not throw error (non-existing variable)BugCorrected default HELO message insmtp_lookup_*functionBugDLP engine reported a recursion error (instead of generic errors) on bad archivesBugCYREN ctasd did not restart after license expiration
4.1
Released on 2017-05-10
NewLive staging in pre/post-delivery (queue)NewPurge cached items from API (and web admin)NewScript language features- Modules with
importkeyword - Added
get/setBody()to DATA script's MIME class - Added
tls_default_caandtls_verify_hostoptions toSetTLS()andsmtp_lookup_* - Added the
nonekeyword - Added
strptime()andord()functions - Reworked code validation to support more advanced coding patterns
- Loosen up syntax with
()and-> - Nested named functions are now function scoped
- Supports referencing files without
file:prefix - Added explicit warning about Unicode whitespace
- More dead-code eliminations
- Modules with
ImpScript editor improvements- Return to cursor position on commit
- Supports folders via a dot
.ID hierarchy convention and renaming IDs - Auto-complete context-specific function names
- Many improvements to CSV editor (shows position, fixed headers, etc)
- Search options for regular expressions and case sensitiveness
- Running code in sandbox uses local checkout, and has a host selector
- New save indicator, "save all" button and keyboard shortcut
ImpWeb administration improvements- Generate X.509, DKIM and DANE on PKI page
- Support changing ID of listner, flows and scripts, etc
- Cluster delete on statistic legends
- Re-added quick access to RPD and SA results in tracking
- Quick access to revision page diffs by URL hash
- Delete domain and domain aliases on SMTP server delete
- Defer color now shown as purple
- Fixed regressions with IE/Edge, DLP page, revision page timezone, stats, duplicate domains, etc
ImpUpdated system packagesImpMake searchlog use time hint for RSET message idBugClosure over function scope caused memory leakDepRemoveddovecot_auth()andident_lookup(), new implementations usingSocket()DepDoesn't explicitly set$errorin RCPT TO script any more
4.0-p1
Released on 2017-03-16
BugWeb administration fixes- Updated htmlpurifier to 4.9.2
- NTP field on Date and time page didn't work with multiple servers
- Some disks weren't selectable on the Disks page
- Script errors in Simple flow editor page caused template engine error
- Clearing critical log always cleared the local log
- Added poll delay on Dashboard page's CPU to show usage more accurately
- History and queue page
- Don't show queue information for quarantine
- Re-added info field in listing
- Re-added active queue/quarantine selector
- Comment field on SMTP servers appeared in two places
- Minor redesign of the Configuration revisions page to mark special revisions
- Hide cluster synchronisation on Users page if there's only one host
- Added redirects for old web admin URLs for bookmarks
BugHSL functionstrftimewas incorrectly returning in local timeBugconsoleui couldn't add new IP's if all were removed
4.0
Released on 2017-03-06
NewLive staging; running a parallell SMTP config version for some connections, based on conditionsNewRedesigned web admin with checkout/commit and diff with expressive configuration syntaxNewSMTPUTF8 supportNewSMTP server scripting features- Pre-defined connection
$contextvariable, shared between all SMTP scripts - MAIL FROM script
SetSender/Recipient()in MAIL FROM and RCPT TO scripts- Added
SetSenderIP/SetSenderHELO()to DATA scripts Accept(),Reject()andDefer()in connect script- Disconnect flag to all
Reject/DeferandDeliverfunctions - The SMTP scripts exposes all available variables (as they become available)
GetMailFile()in DATA, pre- and postdelivery scripts.
- Pre-defined connection
NewScripting featuresImpConfiguration format- Allow config keys to contain a-z, eg.
include "file:api" - New file key types to differentiate plain text from scripts
- New SMTP listener settings for TLS, HAproxy and concurrency
- Allow mounting of storage disk/partition by UFS label
- Allow config keys to contain a-z, eg.
ImpSOAP APIconfigKeysImportatomic commit with "expected head"idfieldconfigKeysCheckto verify non-running configurationmailQueueInTransitinformation about mailqueued's delivery attempts
ImpUpdated system packagesImpAnti-spam/virus database information commandImpBeing a major release, it features a large numbers of fixes and improvementsDepChanged LSI RAID driver frommfitomrsas, will affect users mountingmfiXby device nameDepScript include from /cfg partitionDepFirewall script's Block() ignore responseDepDATA script's WrapMessage()DepRemoved rate limits from acl_flow (moved to SMTP listener)DepSome config keys, such as system_user, service_ssh_*, ntp and syslog are no longer synched between hostsDepRenamed some config keys, such as acl_flow and mail_flowDepWhen upgrading an existing host, a swap disk needs to be added (2-8 GiB) or RAM increased to at least 3 GiB (preferable before the update) since swap files no longer works in FreeBSD 11.0
3.5-r5p6
Released on 2017-01-10
ImpAdded support for interfaces as gateway (route)BugFix issue with smtpd and certain load balancers
3.5-r5p5
Released on 2016-12-07
BugFix issue with dnsCacheFlushBugSASL always failed in smtpd after an unsupported method was issuedBugShutdown SSL connections more gracefully in smtpdBugBug with HSL code check and barriersBugsnmpd could produce error message on the console
3.5-r5p4
Released on 2016-11-09
ImpUpdated system packagesBugHELO/EHLO hostname was not set for invalid domain namesBugRecipient limit was decreased compared to previous releasesBugLicense users export could fail
3.5-r5p3
Released on 2016-09-27
BugUpdated to FreeBSD 10.3-RELEASE-p9 that fixes an OpenSSL regression
3.5-r5p2
Released on 2016-09-23
SecUpdated to FreeBSD 10.3-RELEASE-p8 that fixes OpenSSL CVE-2016-6304 and othersImpSetting for and changes insmtpd's log verbosity
3.5-r5p1
Released on 2016-09-08
ImpEnabled TCP_NODELAY on SMTP client socketImpMore user friendly errors in mailQueueRetry, mailQueueDelete and mailQueueBounce APIImpUpdated to htmlpurifier 4.8.0BugProperly reload scripts with deleted include files when re-addedBugFixed regressions with XCLIENT, implicit TLS and IP flow statistics
3.5-r5
Released on 2016-09-05
Newident_lookup() function to lookup users over the ident protocolNew$senderportin IP, RCPT TO and DATA contextImpPostfix is not longer the default MTA
3.5-r4
Released on 2016-08-29
ImpImprovements in the script editor- Added support for matching closing brackets
- Variable highlighting in strings
ImpUpdated system packages- CYREN ctipd 4.0.35.5
- FreeBSD 10.3-RELEASE-p7
ImpImprove detection of password protected ZIP filesBugFixes in REST API and SOAP proxy- hslRate() regression with affected rate pie charts
- mailQueue() regression with affected email tracking metadata display
BugFix delivery to numeric MX with DANE
3.5-r3
Released on 2016-08-03
NewAdded an interface for editing CSV files to the script editorNewAdded a revision-based diff utility to the script editorImpSwitched to Monaco (MS VC code) and enabled autocompletionImpAdded paging to the SOAP functionconfigRevisionLogImpAdded retry functionality to background http() requestsImpAddedextended_resultoption to the http() functionImpHSL now supports keyed assignments when destructing arraysImpUpdated system packages to the latest quarterly; such as- FreeBSD 10.3-RELEASE-p6
- PHP 7.0.9
- ClamAV 0.99.2
- PostgreSQL 9.3.13
- nginx 1.10.1
BugFailed http() requests always returnsNoneon errorsBugAlways send an authentication header on "401" errors (fixes issue with some SOAP clients)BugWeb admin interface fixes- Increase timeout to prevent "504" timeout errors
- File viewer couldn't show files larger than 2 GiB
- Fixed a rare crash which chould occur with certain setups
DepConfig keymail_transport's parameter sasluser/pass renamed to saslusername/passwordDepConfig keymail_server's parameter sasl_tls renamed to sasltlsDepRemoved the GuessAttachmentType() function
3.5-r2
Released on 2016-05-26
ImpSwitch to nginx and php-fpm (from Apache 2.4 and mod_php)BugFixed issue with reloading some configurationsBugFixed regression in the new SOAP proxy which was introduced in 3.5-r1- getTime() had the wrong default UTC mode
- It didn't handle 401 (Unauthorized) errors correctly
- Cluster sync (clusterd) didn't work with pipes in configuration values
- Cluster overrides couldn't be added
3.5-r1
Released on 2016-05-20
NewAdded SOAP function mailQueueUpdateBulk to set various fields (quarantine,transport, etc.)NewAdded MIME.getHeaderNames() to the DATA MIME objectImpAdded an option array to MIME.get/set/delHeader() to address a specific header by indexImpReplaced gSOAP with a REST/JSON API and a PHP SOAP proxy for compatibilityBugFix problem when clearing empty rate entries
3.5
Released on 2016-04-18
NewNew HSL scripting editorNewAdded MIME.send() to builtin MIME objectNewAdded MIME.getBody() to builtin MIME objectNewAdded MIME.toString() to builtin MIME objectNewAdded??(null coalescing operator) to HSLNewAddedinclude_onceto HSLNewAddedobjectandthisto HSLNewAdded destructuring assignment to HSLNewAdded support for HAProxy's proxy protocolImpBased on FreeBSD 10.3ImpDisabled SSLv3 for inbound SMTP connectionsImpAdded support forsourceipas anetaddr:Xinsmtp_lookup_rcpt()andsmtp_lookup_auth()ImpUpdated componentsImpDeliver()andQuarantine()now supports an option arrayBugFix problem with partial updated Sophos databasesBugFix problem with where the flow wasn't reloaded if a include file was changedBugFix problem withmail()wheretransportidwasn't usedBugFix problem with IE11 and placeholders in flowsDepUndocumentedCopyMail()andDirectDeliver()in favour ofDeliver()argumentsDepDeprecated GuessAttachmentType()DepRemoved template support from themail()functionDepRemoved the trigger URL configuration key from the quarantineDepRemoved the Blacklist() functionDepRemoved the ScanBWList() functionDepRemoved the ScanSPF() functionDepRemoved the deliver_type and deliver_args arguments from DeliverWithDKIM()DepRemoved support for switch with variable assignmentDepRemoved support for function without argument listDepHSL returns None (instead of an empty string) when dereferencing a non-existing elements in arrays
3.4-r4p2
Released on 2016-03-02
SecAddresses the DROWN vulnerability (CVE-2016-0800)
3.4-r4p1
Released on 2016-02-20
BugFix regression in CYREN's ctipd 4.0.32 (included in 3.4-r4) by rolling back to 4.0.31
3.4-r4
Released on 2016-02-16
NewDATA context MIME class for working with an email's bodyNewStandard library MIME class for creating MIME partsNewclosures in addition to lambda functionsNewdnscname() function to resolve CNAME records (RR)Newis_function() function to check if data is a functionNewarray_sort() function to sort arraysNewHSL cache statistics in SOAP and web adminImpThe ScanDLP() function can return where matches were found withpartidoptionImpAdded RCPT TO context$tlsprotocol,$tlscipherand$tlskeysizevariablesImpClear HSL rate()s based on a query (namespace and/or entry) over SOAP or web adminImpUpdated components- CYREN IP reputation (ctipd) and RPD (ctasd) engines
- FreeBSD 10 quarterly packages
- FreeBSD 10.2-RELEASE-p9 fixing CVE-2015-3197 (SSLv2 disabled by default)
DepRemoved thesystem_default_quarantineconfiguration keyDepRemoved theGetMailTransport()functionDepRemoved the DeliverAsSpam() functionDepDeprecated the WrapMessage() functionDepRenamed the domain typeany(catch-all) to the literal*in the configuration (converted)DepMany default settings were moved to the user configuration (making them removable)
3.4-r3
Released on 2015-12-07
NewAdded anonymous functions and named function pointersNewAdded array_filter(), array_map() and array_reduce() functionsImpThe in_file(), in_array() and pcre_replace() may take a function callback as argumentNewAdded csv_explode() functionNew$serveripin AUTH, RCPT TO and DATA contextImpOptionstls_protocolsandtls_ciphersadded to SetTLS() and smtp_lookup_*ImpReconnect without TLS if STARTTLS fails for optional TLS connectionsImpSSLv3 disabled by default on outbound SMTP connectionsImpRenamed DKIM function to DKIMSign(), which may return signature as a stringNewAdded csv_explode() functionImpDeny() in SOAP API may give a reason as faultstringImpImprove logging in mailqueued (with queueid)ImpSettingsyslog_use_fqdnwhich sends the FQDN in syslog messagesImpOverall elegance, design and usability improvedSecUpdated FreeBSD to 10.2-RELEASE-p8 which fixes CVE-2015-3194 to 3196BugImproved DNS reloading in HSL; affected the spf() and ldap_*, tacplus_* and radius_* functions
3.4-r2
Released on 2015-11-04
NewDANE supportImpAdded settings page for CYRENImpAddedextended_resultoption to thedns*()functionsImpAddedpretty_printoption tojson_encode()ImpAdded$receivedtimeto pre- and post-delivery contextsImpSOAPmailQueue*Bulk()functions returns number of affected messagesImpThe default configuration now contains only one HTTPS web admin interfaceImpMany small changes improving performance, stability, elegance, design and usabilityBugRegression inScanRPD()withctasdfor "valid-bulk"
3.4-r1
Released on 2015-10-19
NewSophos anti-virus (savdid) engineNewSpam classification report buttons on email tracking pageImpAddedexplode()limit argumentImpKey size option when creating private keys on PKI pageImpMany small changes improving performance, stability, elegance, design and usabilityBugUpdated CYRENctasdsettings to better cope with connection errorsBugUpdated Net-SNMP to fix memory leak insnmpd
3.4
Released on 2015-09-23
NewBased on FreeBSD 10.2NewSetTLS function to the pre-delivery contextNewpie chart functionq()to graph queue/quarantine searchesNewAbility to disable services (such as. SNMP, FTP and SSH)NewRCPT flow block for DNSBL and IP reputationImpZoomable graphsImpSave graph layouts per userImpPie chart supports custom refresh intervalsImpUpdated componentsImpScripting page may easily run scripts from the (virtual text) file storeImpOptionally turn ontotalhitsin SOAP APIImpSwitch between HTML and plain view in message previewImpThe AUTH rate limit flow block defer rather than reject when exceededImpReplacedrpcmplexdwith an async web admin implementationImpOverall performance, stability, elegance, design and usability improvedDepUpdated OpenSSL requires DH key size of more than 512DepGraphs now include "dots" in their names (previously replaced with a dash)DepSOAP API changes- mailQueue's totalHits renamed to totalhits (lowercase)
- Replaced loginFullname() and loginRemoteHost() with login() return object
- Removed loginCheckPermission()
DepEnd user interface considerations- If you're using
display-stats(graphs) you need to update the end user - Toggle preview on HTML/text message part is now supported
- If you're using
3.3-r6
Released on 2015-06-04
NewAdded an "update" function to the cache that can pick expired (but valid) itemsNewAdded abackgroundflag to the http function for async, non-response callsNewAdded a hash function, useful together withhttp()'s background modeImpAdded a syslog port settingsImpSupport implicit SSL (wrapper mode) by specifying "465" as the first listener portImpRaised the free disk requirement to 1 GiB in order to receive new messagesBugFix regression when enabling the DLP processmaildlpdand viewing license usersBugFixed augmented assignment (+=) behavior with function calls when dereferencing arraysBugFirst run didn't add the second domain to the relay tableEnduserIf you use end-user logging, you may want to employ the new http background feature
3.3-r5
Released on 2015-05-11
NewValidate HSL scripts when saving a text file (in file store)NewAdded aDefer()function to the AUTH flowImpAutomatically detect and support all network interfaces supported by FreeBSDBugThe backend could crash when using LDAP in the API (auth) scriptBugRegression in web admin causing some requests to fail due conservative settingsBugAdding new cluster nodes could fail if remote systems were unsorted (by id)DepSOAP functionconfigValidateArgumentreplaced withhslCheckScript
3.3-r4
Released on 2015-04-27
Impreturnstatement in HSL without a valueBugESCkey in console may not work as expected if pressed twice rapidlyBugTemp disk may become full
3.3-r3
Released on 2015-04-22
ImpUpdated a lot of FreeBSD packages to quarterlyImpSupport for Intel(R) 10Gb (ix) network adaptersBugSOAP request could be delayed with up to 1 second on idle systemsBugAdding too large text files in the File store now returns an errorDepswitch statement in HSL with explicit variable storage
3.3-r2
Released on 2015-04-16
Newdovecot_lookup_auth() to authenticate using Dovecot's authentication protocolNewDone() makes it easier to do advanced routingNewpcre_quote() makes it possible to use regex on user inputNewPreview on PKI pageNewReview & save in plain-text editorImphttp() function may skip SSL/TLS verification with ssl_verify_peer = falseImpPerformance improvements in HSL's file handlingImpUpdated third-party librariesImpEasier to use CSV editor in web adminImpAdd support for keep-alive and gzip/deflate encoding in SOAP APIImpSupport for QLogic NetXtreme II (bcm) network adaptersImpFixed bug in "release duplicate" regarding delta filesImpFixed bug with creating a cluster over HTTPSDepScanSPF() in favor of spf()DepScanSARules() in favor of ScanSA(["rules"=>true])DepQuarantine profile's trigger URL
3.3-r1
Released on 2015-03-02
NewVHD image runs on Microsoft AzureNewDHCP addressing, default on Azure and GCEImpSupport hardware-assisted software RAID for many vendors such as IntelImpSupport for VirtIO (vtbd) and Xen (xbd) disksImpSupport for Intel 10Gb (igb) network adaptersImpCtrl+A/E in web terminalBugFixed regressions in web admin
3.3
Released on 2015-02-16
NewUpdated to FreeBSD 10.1NewAdded transparent proxy features- The
system_nonlocal_sourcesetting enablesSetSourceIP()to spoof source IPs - XCLIENT support for external proxies
- The
NewAdded new features to the scripting language (HSL)SetMetaData()andGetMetaData()to pass data between DATA and queue scriptssyslog()functionunset()statementSetRecipient()in pre-delivery script$senderheloin pre-delivery script$transfertimein post-delivery script$saslusernamein queue (pre- and post-delivery) script- Raw strings, like ''raw string''
- Allow
globalview()anddnsbl()to be executed fromhsh
NewExtended search filters (HQL) syntaxmetadata.field=corresponding toSetMetaData()size=(message body)helo=(HELO/EHLO hostname)
ImpWeb admin interface- Refreshed with many improvements (in layout and functionality)
- The icons and images are vectorized (to support retina/HiDPI displays)
- Button to reset (RRD) graphs
- Custom score popup for Internet Explorer (which allows spam scores and refid to be copied)
ImpAdded "msgsize" and "msghelo" to SOAP APIImpSMTP balancing uses uniform distribution of trafficImpSupport for QLogic 10Gb (bxe) network adaptersImpSearching text logs is a lot fasterImpmail_queue_threadsmay now be raisedImpUpdated 3rd-party components such as CYREN (8.0.110) and Kaspersky (3.8.0.4)DepBuilt-inbatv_*()is removed, use the HSL implementationDepRenamed "gmt0" to "utc" in SOAP APIDep$recipientdomainsand$recipientsin DATA context are now read-onlyDephttp()return empty results on non 2** responsesDepGetAddressList()returns empty list on parse errors instead of throwing an exceptionDepWeb admin's flow block "Add header" appends a new header instead of usingSetHeader()DepGetID()is now removed, was deprecated in 3.0Dep$directprocessingis now removed, was deprecated in 3.2
3.2-r10p1
Released on 2014-12-23
BugStability fixes inmailscandBugFixes regression that caused some admin andclusterdrequests to fail
3.2-r10
Released on 2014-11-17
ImpSetSender() in pre-delivery (queue) scriptImpLSI MegaRAID tool (mfiutil) availableImphslCacheClear() SOAP API may clear a specific namespace/functionImpAdded SOAP API mailQueueRetryBulk() functionImpAdded 'duplicate' option to SOAP's queue function for cloning messages(s) from an archiveImpSetting mail_log_size to zero will disable logging (even realtime)ImpDisable SSLv2 and SSLv3 on administration UI (and SOAP)ImpAdd custom headers to HSL mail() created messagesImppcre_replace() HSL functionImpVariable substitution with ${name}Bug'Next retry' could be presented with the wrong timezone (didn't affect delivery)BugMemory usage could show erroneous on 64 bit platformsDepSOAP API mailQueueRetryAll() removed (reimplemented with mailQueueRetryBulk)DepSOAP API devList() removed
3.2-r9
Released on 2014-10-01
NewAdded LMTP support, useful for more efficient Dovecot deliveryImpretry=x in search filter, useful to show delayed messagesImpAdded "\r\n\t" syntax in HSL stringsImpAdded HSL http() max-time timeout, also renamed connect_timeoutImpAdded the SMTP ping commandImpDecouple antivird and clamd for more efficient RAM utilisationImpNew installations are 64-bit, with VMware "guest OS" set to "freebsd-64"ImpReview before save on virtual text files and DLP pagesImpNew certificates are generated with SHA256ImpFaster clearing of rate limits (may interrupt garbage collection)ImpFaster connect() timeout in smtp_lookup_rcpt()ImpLower connect() timeout to 30s (like Postfix)BugProblem when searching rates in web user interfaceDepUndefined values in HSL was branched as true (not false)
3.2-r8
Released on 2014-09-11
SecUpdated to FreeBSD 10.0-RELEASE-p8 which addresses new OpenSSL bugsNewMultiple "shadow" port support for mail listener, for better pool utilisationNewAddedSetHELO()function and$sourceipto pre-delivery scriptImpGlobal HSL variables are committed when calling a second functionImpNew chart for swap operations, as complement to swap usage chartImpUpdated Kaspersky anti-virus engine to 8.3ImpSome search queries are maintained when browsing cluster nodesImpMany 64-bit fixes in preparation for upcoming 64-bit releaseImpDisplay Kaspersky virus base version in log on startupBugRate limit page support any valid UTF8 as namespace and entryImpOverall improvements throughout the systemBugFixes NTP client regressionBugFixes VMware guest info regressionBugLink aggregation fixes; omitted from cluster, and brings up all portsBugFixed cluster system update page's node linkBugFixed cluster configuration override page with multiple fields per keyDepForbids ambiguous HSL concatenation of numbers
3.2-r7
Released on 2014-08-20
NewImplemented a pre-delivery (queue) script for dynamic transport behaviourNewAdded the log() function which can be used for things such as GeoIP lookupNewAdded the timelocal() function to get time in local timeNewLink aggregation supportImpSupport using system disk as storage on bare-metal installs, or if the virtual disk is grownImpThe post-delivery (transport) script is unified for all transport, on the flow pageImpThe GetHeaders() function can be used to fetch all headers as a multidimensional arrayImpAllow multiple include of same file in HSLImpThe post-delivery (transport) script executed for successful deliveries, useful for external loggingImpAdded$actionidvariable to DATA, queue and transport flows, for tracking of recipients, etc between flowsImpLoopback addresses configuration, useful for DSR load balancingImpChange VLAN and link aggr. settings from consoleImpUpdated FreeBSD packages to latest quarterlyImpAuto-configuration on Google Compute EngineImpMany minor improvementsBugChanged SpamAssassin queue algorithm to decrease wait timeBugIssue when searching logs larger than 2 GiB fixedBugIssue where Kaspersky wrote files to /tmp fixedDepDisabled Bayesian by default
3.2-r6p1
Released on 2014-06-18
BugResolved uncommon stability issue
3.2-r6
Released on 2014-06-10
SecFix OpenSSL CVE-2014-0195, 2014-0221, 2014-0224 and 2014-3470NewDiscardMailDataChanges() function, allowing different data changes for different CopyMail()sNewSupport for variadic function syntax in HSLNewAdded spread operator (argument unpacking) to HSLImpAdded executable file (by file name, even in ZIP and other archives) blocking to antivirus blockImpPerformance improvements in ScanDLP for efficient file extension scanningImpEncode headers as quoted-printable instead of Base64 for readabilityImpView ScanRPDAV (VOD) results in web admin's message trackingImpImproved virtual text file editor, with HSL code support (great for includes)ImpRemoved deprecated browser-specific CSS3 options (Mozilla, Opera)ImpEnable auto-scroll on keypress in web terminalImpMany minor improvements
3.2-r5
Released on 2014-05-23
NewAdded SetDelayedDeliver() function to HSL for extra queueing time before deliveryNewAdded builtin and global control structures to HSL functionsNewAdded json_encode() function to HSLImpAdded max depth option HSL's ScanDLP(), useful for file extension matching in archives, eg.ImpAdded named match groups to HSL's PCRE functionsImpAdding filtering on retry and sender field to HSL's GetMailQueueMetric functionImpUpdated SpamAssassin to 3.4.0ImpWeb terminal (command page) support pasting with Ctrl+VImpAlways prefer IPv6 when clustering with hostnamesImpSupport RFC 2231 header parsingImpVarious web admin enhancements, such as links from quarantine page to trackingImpOverall performance and reliability improvedBugResolved issue where adding and removing headers with zero offset conflicted
3.2-r4
Released on 2014-04-28
DepDeprecated updateNetwork SOAP API functionDepDeprecated HSL's null coalescing operatorNewAdded default function arguments in HSLImpHSL's header functions decode and refold by defaultImpAddedmsgqueueidto mailHistory API andhistoryidsearch filterImpOverall performance and stability improvedBugHSL'sper_messagecache now works in functionsBugPressing back button in Firefox no longer reset forms
3.2-r3
Released on 2014-04-08
SecPatched OpenSSL "heartbleed" vulnerability (CVE-2014-0160)DepDeprecated BATV functions in favor of HSL implementationNewIntroduced array slicing to HSLImpHSL's DeliverWithDKIM() function can load private key from variable, such as http() requestImpNew HSL variable $tlsstarted in AUTH and RCPT flowImpNew HSL variables $messageid and $queueid in transport flowImpMessage queue IDs (exposed as $queueid or via SOAP API) upgraded to 64-bit integerImpImproved http()'s POST data serialisation and added "response_headers" optionImpAdded a gethostname() function to HSLImpMany performance optimisations in HSLBugFixed Firefox quirk with forms resetting when going back on pageBugHSL's dnstxt() concatenate multiple strings with spaceBugClustered line charts now merge new legends from secondary resultsBugDisplay error message if unable to clear cluster's HSL cache
3.2-r2
Released on 2014-03-10
NewExtended the HSL scripting language- GetMailQueueMetric() to implement usage quotas in queues
- json_decode(), is_string() and is_number() for making API calls, etc
- http() function now supports custom request method and headers
- %= and **= operators
- Switch statements validates that a switch is directly followed by a case or default label
ImpUpdated SOAP API- configKeys() now takes "key" (filter) argument which is also exported in $soapargs[]
- configKeySet() allows partial updates (not all parameters needs to be specified)
- hslRate() and hslRateClear() exports "ns" and "entry" to $soapargs[]
- hslRate() and statList() now implements pagination and backend-side search/filtering
- mailQueue() and mailHistory() includes msgsasl for username and msgts0 for GMT timestamp
- mailQueue() and mailHistory() supports filtering on sasl=
ImpSASL username can be viewed on tracking pageImpDSN messages now include original header "Undeliverable: This was the original header"ImpSupport for Broadcom's bge NICsBugWeb admin interface fixes- Netcat (nc) command with custom port was not correctly documented
- Active HTTPS sessions may not be degraded to HTTP
- The authentication script test sandbox could produce the wrong output
- Some quarantine retention policies were kept for too long, affected users need to reselect their intended policy
3.2-p1
Released on 2014-02-12
BugXen PVHVM network driver "xn" was not detected properlyBugThe command API could return empty results under extremely rare circumstancesBugThe web admin's hardware page didn't list "ada" devices
3.2
Released on 2014-02-10
NewHyper-V para-virtualization; gigabit network, VLANs, SCSI disks, etcNewVirtio (KVM) para-virtualization; improved network and disk performanceNewVMware VMXNET3 supportNewXen PVHVM supportNewLine graphs showing disk IOPS and latencyNewShow message modifications when browsing queued or quarantined messagesNewThe DATA flow registers$recipientsand$recipentdomainsNewNew HSL functionabs()NewAddedtcpdumpto API and web administrationImpBased on FreeBSD 10 and compiled with clangImpLDNS and Unbound as replacement for BIND (as resolver and DNS cache)ImpAutomatically grow storage disk when resized in hypervisorImpOverall throughput increased by careful profilingImpLarge number of HSL scripting language optimisations, such as- R-value optimisations
- Made
str_replace()significantly faster - Optimised augmented assignments
- Pre-compiled regular expressions
ImpMore concise and helpful logging throughout the systemImpIncreased swap partition size to 2 GBImpUpdated all 3rd-party componentsImpShow warnings if no storage disk is found or configuredImpRebrand Commtouch as CYRENImpEnable some SpamAssassin DNSBLs by defaultImpCache DKIM signature for all recipientsImpOverall improvementsBugDKIM DNS generator lacked_domainkeypartBugUnder certain circumstances, the command API could failBugReload flows when file store objects are changedBugFixed issue with pre-boot command line shutdownDepDeprecated the second argument to HSL'sround()functionDepDeprecated the DATA flow's$resultand$directprocessingpredefined variablesDepNew (S)ATA storage disks are identified as "ada" instead of "ad"DepAt least one DNS server is necessary; unbound is not configured to traverse from the DNS root
3.1-r4p1
Released on 2014-01-16
BugPrevent NTP reflection attacks
3.1-r4
Released on 2013-12-20
ImpRefactoring for performance improvementsImpWarn about 32-bit hosts as preparation for 64-bit releasesImpEstimates the number of mail tracking search resultsImpChanged various settings from byte to megabyteImpOverall web administration improvementsBugUnable to add cluster nodes with literal IPv6BugRegression on graph page's rate counter
3.1-p3
Released on 2013-11-21
NewClusteredratedprocess for improved rate limitingNewGetAddressList() function in DATA flowNewis_subdomain() HSL functionImpSupport sub-domains i black/whitelists (.example.com)ImpSearch for transports on tracking pageImpWeb admin terminals now work in background tabsImpIPv6 cluster supportImpAlways give a authentication failure reason inmailpolicydBugCatch exception in video console for systems without serial numberBugDo not create sessions for unauthorized web admin clients
3.1-p2
Released on 2013-10-29
ImpImproved mail queue/quarantine delivery performanceImpSignificantly improved mail tracking performanceImpSupport for more than two NTP serversImpReturns to current page, when fixing TLS fingerprintsImpWarns about Cisco SMTP fixup which is known to cause issuesImpShows inode usage on storage/hardware pageImpOther minor improvementsBugDetect scrolling more accurately when viewing logsBugWindows users couldn't type @ in the terminal
3.1-p1
Released on 2013-10-10
ImpImproved Bayesian performance using SDBM databaseImpCluster overview page shows new software versionsBugRegression causing issues for users with ATA write cache enabled
3.1
Released on 2013-10-09
NewBased on FreeBSD 9.2NewSupport for KVM VirtIO networkingNewCreate pie graph from rate() information with r()NewBuy licenses directly from within productImpImproved rate control page (with thresholds)ImpDLP engine inspects more archive formatsImpDownload messages as ZIP instead of tarImpRestructured menu layoutImpScript editor behaviour in Firefox and Internet ExplorerImpOverall performance improvements
3.0-p9
Released on 2013-09-23
ImpBetter user experience for Hyper-V deploymentsImpPages loads faster thanks to GZIP compressionImpOverall performance improvementsBugRebooting was required to effectuate some license changes
3.0-p8
Released on 2013-09-09
NewDMARC flow block and ScanDMARC functionImpConvert white/blacklist input to lower caseImpOptimized history/mail API (database API)ImpOptimized message logs extractions (from 4 minutes to ~0 seconds)ImpImproved charset detection (ICU)ImpImproved escape sequence in VMware terminal (detach keyboard)ImpSearch for scores and RPD ID in trackingImpImproved SPF cachingImpUpdated Ace editor and Kaspersky anti-virus engineBugIE9 had problems with search on tracking pageBugSearchlog didn't always find message logs (if incomplete log)Bug7-zip couldn't open downloaded tar (message) archivesBugPaging with a quarantine folder selected
3.0-p7
Released on 2013-08-12
ImpSMTP client prefers "strongest" SASL method announced by serverBugMemory leak in the console UI
3.0-p6
Released on 2013-08-09
BugInitial vApp configuration imported multiple timesBugXML warning on non-VMware system's interface page
3.0-p5
Released on 2013-08-07
NewNetwork setup guide in OVF (VMware vCenter)ImpCreate cluster with optional TLSImpTest end-user API with from scripting pageImpAdded an extra certificate (pki:2) for SMTPImphttp() support HTTPSBugClustering with SSL certificate chains
3.0-p4
Released on 2013-07-24
NewBlack/whitelist module for end-user interfaceImpFull-text search in subject linesImpClear search query on tracking pageImpReturn to referring page when editing profiles, etcImpExport users per domain on license pageImpPrefer outbound CRAM-MD5 authentication method if supportedBugBATV interoperability improvements
3.0-p3
Released on 2013-07-05
ImpSearch filters are now case-insensitive for from/to/ipImpBlacklist module in RCPT TO flowImpDragging/selecting an interval in a graph opens trackingImpVarious improvements to the DLP engineImpFilter commandRun and fileRead arguments in authentication scriptImpCompare IP addresses with in_network() in white/blacklists blocksImpDiscard mailqueue's pre-fetched work queue when deleting messages
3.0-p2
Released on 2013-06-25
NewComplete overhaul of the productImpThe SOAP API is completely changedImpSNMP MIB is completely changedDepQuarantine is deprecated; moved from the system to a GitHub project
2.4.0.3
Released on 2013-02-21
ImpMicrosoft Hyper-V legacy network driver supportBugSome freshclam still couldn't download daily updates
2.4.0.2
Released on 2013-02-18
BugScanSA() could miscalculate the estimated queue wait timeBugWorkaround for freshclam failing to update since ClamAV didn't create a daily diff
2.4.0.1
Released on 2012-10-15
ImpOverall improvementsBugResolved bug in recipient flow's blacklist module's script generationBugResolved statistics bug that could create spikes during database failuresBugResolved database issues generating warnings under rare circumstancesBugCluster overview's reporting could fail to load
2.4
Released on 2012-10-09
NewBased on FreeBSD 9NewScanSA() got fair queueing, time estimation, size limit, etcNewBoot-time management via bootsysmgrNewTTL argument to IP Policy's Allow() and Block()ImpImproved performanceImpImproved watchdog with better loggingImpSave RAM by only starting maildlpd if ScanDLP() is usedImpIn case of storage disk problems, boot without storageImpAllow messages to be viewed instead of downloaded in quarantineImpGetDSN() and GetDSNHeader() to support text/rfc822-headersImpDNS shuffling based on MessageID (always the same per message)ImpReboot/shutdown is significantly fasterBugMissing {FOOTER} replacement in WrapMessageDepThe following SOAP API's has been removed:- System_Reboot_Hard
- System_Shutdown_Hard
- System_Online_Status
- Management_SetStorageRecover
- Management_StorageRecoverStatus
- Management_SetStorageMigrate
- Mail_Domain_Report
- Config_Diff
- System_GetKey("system_config_revision")
- System_Command_Run_XXX (replaced with by System_Command_Run)
- Management_GetArguments' filter parameter
2.3.6.3
Released on 2012-09-07
BugRegression inbackend's SOAP server
2.3.6.2
Released on 2012-09-04
NewDeliver to an MX of a hostname using lookup-mx:hostnameImpConfiguration diff is coloured in red and greenImpSPF module is moved to content flow in default configurationImpSOAP API's WSDL file moved to /remote/?wsdlImpSOAP API deprecated key system_config_revision, use GetHistoryEntriesImpSOAP API deprecated Config_DiffImpSOAP API's gSOAP updatedImpDisallow saving a configuration with no changesImpWeb administration checkbox labels made clickableImpbackend's watchdog report error codesBugSPF couldn't verify IPv6 sendersBugThe configuration partition wasn't checked properlyBugMonotonic time was not used for all timersBugVisual bugs in web administration resolved
2.3.6.1
Released on 2012-07-18
BugFixes various spam assassin errorsBugFixes clustering page when clustering is not configured
2.3.6
Released on 2012-07-04
NewIntroduces pattern analysis rules from HalonNewIntroduces valid bulk (RPD score 40) for non-spamImpRate limits now summarized in clusterImpDisplay of rate limits and licensed users loads fasterImpTable elements' full content shown on mouse overImpImproved cluster navigation behaviorImpUpdated 3rd-party librariesImpFaster spam-assassin updatesImpFaster rendering of log filesBugIP policy charts was not available on overview pageBugSpam assassin error (introduces in previous release)BugFixed MIME-decoding in quarantine
2.3.5
Released on 2012-06-08
NewFrench translationsImpPattern analysis' (SA's) score values are reported in Tracking/HistoryImpHSL'sScanSARules()can return score valuesImpHSL'sQuarantine()has new reject and final action optionsBugIssue with HSL'sQuarantine()$recipient resolved
2.3.4.1
Released on 2012-05-08
NewAddedtcpdumpto CLI's Network > Diagnostic Tools (console/SSH)ImpCommtouch reference IDs in web administrationImpHSL'sScanRPD()can return reference IDImpAdded server= and transport= to the Tracking's search filtersImpHSLpcre_matchimproved, empty capture groups, etc.BugWeb administration spelling
2.3.4
Released on 2012-03-22
NewMail tracking supports boolean search filtersNewMail tracking integrates history and queueNewHSL pcre_match functionsNewHSL Mail Content GetHeaders functionImpCluster mail tracking displays scores, and moreImpJump between message tracking and logging seamlesslyImpJump between pages/tabs before loading completesBugIssue with DSNs/NDRs displaying in Microsoft OWA resolvedBugIssue with UDP when ARP tables changes resolvedBugWeb administration diagnostics issue resolved
2.3.3
Released on 2012-02-23
ImpMulti-line reject/defer messagesImpUpdated 3d-party modules (ctipd, ctengine, postfix, clamav, openldap)ImpAdded user defined callback to cache[], using "ttl_function" argumentImpInclude SMTP transaction state in SMTP errorsImpSupport for CA in LDAPsBugWeb admin could visually overflow if too many remote systemsBugResolved rare bug with anti-virus engineBugFix TLS warning on startupBugVerify last fingerprint in SSL chain (consistently)BugScripting console could not connect to SMTP servers over TLSBugResolved issue with HSL construct barrier {}BugSMTP lookup recipient could cache entires for too long
2.3.2
Released on 2011-12-21
ImpQuarantining informs sender; rejects (550) instead of accepts (220)ImpThe SMTP recipient lookup forwards errors from the mail serverImpRemoved the incoming mail queueImpShow Script looks much better with colors and formattingImpThe getting started has an option to trust server (use as smart host)ImpClustering operations are faster thanks to newrpcmplexdImpOption to export list of users per domainImpThe reporting's pie charts reflects selected period (day/month)ImpThe console supports page up/downImpThe log viewer (searchlog) is fasterImpKorean language updatedImpSupport for Internet Explorer 10BugIssue with quarantine's history and domain administrators resolvedBugAnonymous LDAP authentication issue resolvedBugIssue with HSL's in_network() resolved
2.3.1
Released on 2011-10-04
NewView and reset rate control (Diagnostics > Rate Control)ImpImproved support for KVM virtualization platformsImpDisabled auto-scroll in logs on mouse scrollImpImproved graphs (bandwidth graphs and layout)ImpHSL's GuessAttachmentType() is fasterBugResolved issues when upgrading 2.3-series on first boot
2.3.0.4
Released on 2011-09-22
ImpQuarantine automatically sanitizes inputImpPattern analysis' update is run every 6th hourBugPattern analysis' update error reporting issue resolved
2.3.0.3
Released on 2011-09-14
BugSerial console issue on SPG-150 resolved
2.3.0.2
Released on 2011-09-02
BugLDAP synchronization issue resolvedBugPattern analysis' bayesian filter issue resolved
2.3.0.1
Released on 2011-08-17
BugUpdated list of time zones (some didn't exist)BugGuessing of character set issue resolvedBugPattern analysis (ScanSA) custom rules issue resolved
2.3
Released on 2011-08-02
NewBased on FreeBSD 8.2NewContent Inspection (DLP), ScanDLP() functionNewFile store with CSV editor, deprecates FTP, in_file() function updatedNewSupport for VMware vmxnet adaptersNewView history in Quarantine interfaceNewShow header modifications in Quarantine interfaceImpQuarantine interface is now fully clustered (user creation)ImpUpdated Commtouch RPD and GlobalView enginesImpUpdated Kaspersky anti-virus engineImpOption to reset SpamAssassin bayesian databaseImpThe mail() function has a plain-text optionImpFullscreen editors has "import from file" functionalityImpVMware/serial console auto-logout after 10 minutesImpMail Gateway > Domain section tables show more informationImpMany small improvements in functionality and stabilityBugStorage fallback to memory issue resolvedBugIssues with static routes resolved
2.2.6.3
Released on 2011-05-11
ImpWeb Administration improvements (translations, statistics)ImpHSL functions floor() and ceil() addedBugFixed incorrect return type from round()BugKaspersky anti-virus regression issue solved
2.2.6.2
Released on 2011-05-05
ImpUpdated 3rd-party components (Commtouch, Kaspersky, etc.)ImpOverall reliability and performance improved
2.2.6.1
Released on 2011-04-06
BugMitigating HSL data type issue
2.2.6
Released on 2011-03-31
NewIPv6 support in IP Policy Flows (added $family variable)NewAutomatic configuration truncation option (System > Configuration)Impdnsbl() function now queries for IPv6 according to RFC5782ImpImproved the Web Administration with some new functionalityImpInternet Explorer 9 support in Web AdministrationImpImproved phishing protectionImpImproved SMTP IPv6 handling (prioritized)ImpDSN messages now includes only message/rfc822-headersImpDKIMWithDeliver() now returns 500-error on un-signable messagesImpUpdated 3rd-party components (libc, postfix, htmlpurifier etc.)ImpOverall performance improvedBugFolders created on FTP did not appear until after a rebootBugIP Policy Flow's $serverport variable was not a number (string)Bugdnsptr() now supports compressed IPv6 addressesBugKaspersky's logfile not available on first runBugWeb Administration over IPv6 was partly brokenBugsmtp_lookup_*() should not use transport fallbacksBugQuarantine() function did not honour SetMailTransport()
2.2.5.2
Released on 2011-02-10
NewPrioritized queues (per mail transports)NewIO statistics tool in Web Admin (iostat)ImpUpdated 3rd-party components (clamav)ImpOverall reliability and performance improvedBugBATV format bugBugDeliver to A/AAAA records did not load balance properly
2.2.5.1
Released on 2011-01-24
NewVMware Zimbra integration in quarantineNewCustom authentication with System Authentication ScriptNewRADIUS (rad_authen) function for System AuthenticationNewTACACS+ (tacplus_authen and tacplus_author) functionsNewContext-aware help (links to the doc. wiki) in Web Admin.ImpUpdated 3rd-party components (ctipd, syslog, clamav, php)ImpInclude kernel debugging in logsImpQuarantine > Users, double-click users to 'sign as' as themImpActivity > Logging has time interval option for faster searchingImpSome HSL functions are cached per default (per-message)ImpAdmins can change quarantine users' passwordsImpForce web browsers to update cache on H/OS upgradesImpHSL arrays may be initiated with [ ] instead of array()ImpLDAP debugging command hides passwordsImpSort user's joined accounts in quarantineImpSupport for [IPv6 address]:port in network toolsImpNew strnatcmp JavaScript library for better natural orderingBugGlobalView, etc. stability improved with glibc patchBugFixed host name length (was limited to 32)BugFixed SMTP DNS lookup implementation misbehaviourBugHeartbeat probe for Spam Assassin to resolve locksBugFixed missing SSL chain for certificatesBugFixed multiple pages bug in Activity section of Web Admin.DepConfiguration key config_user renamed to to system_userDepSigned in account used to browse cluster in web adminDepAdmin accounts must use @local for quarantine sign-in
2.2.4
Released on 2010-11-25
ImpPerformance optimizations on message deliveryImpDouble-click on messages to display text logImpVersion history information button on update sectionImpOption to enable ATA write-cacheImpNon-blocking Kaspersky anti-virus database updateImpGetting Started allows example.org and another domainImpDisplay newly added quarantine brandingImpGlobalView is logged as ctipd instead of [ctipd]ImpUnified authentication schemeImpUpdated 3rd-party componentsImpDatabase errors are loggedBugMemory usage was erroneously calculatedBugValue rounding in reporting chartsBugForbid domains ending with a dotBugFlow selection race condition for first message resolvedBugMemory leak in mailscand resolvedBugSpelling corrected in web administrationBugOverall reliability and performance improved
2.2.3
Released on 2010-10-25
NewStorage disk migration sectionNewUnique self-signed certificate during installNewNew DirectDeliver() function to deliver inlineNewRPC log for SOAP API callsNewPuny-codes for domains and in calculatorImpMuch improved logging with session trackingImpGraphical fixes for iPhone/iPadImpCluster administration performance improvedImpUpdated 3rd-party componentsImpUser count for license in mailscandImpOption to skip Getting StartedImpRussian language in quarantineImpOverall graphical improvementsImpImprovements in flow presentationImpForbid non-ascii e-mail addressesImpHSL function get_defined_functions()ImpTLS settings in smtp_lookup_rcpt/authImpUpdated statistics to BIGINTBugClamAV could be started twiceBugLDAP search cached non-existent users for 24 hoursBugSNMP could fail to get ippolicyd statisticsBugInventory keys denied for read-only usersBugippolicyd could report statistics inaccuratelyBugDNS failures (NXDOMAIN and NODATA) results in immediate bounceBugOverall performance and stability improvedDepIt's recommended to empty your browser cache before signing on to your updated systemDepThe log format is heavily changed; be aware if you rely on machine parsed logging
2.2.2.2
Released on 2010-09-02
ImpDNSSEC trusts newly signed rootImpCPU indicator in clustering overviewImpSimplified configuration management viewImpRemote systems alphanumerically sortedImpFinal actions terminate user defined functionsImp3rd-party modules updatedImpRussian translations updatedBugHSL isset() function now works on arraysBugIPv6 support in SyslogBugDetect primary domain from Active DirectoryBugReporting tab timed out in large clustersBugOverall performance and stability improved
2.2.2.1
Released on 2010-07-29
NewNovell GroupWise support in quarantineImp3rd-party components updatedBugDo not synchronize "fallback" configurations in cluster
2.2.2
Released on 2010-07-07
NewBackscatter protection with BATVNewComments (C++ style, //) in address lists in web administrationNewMinger protocol recipient lookup function minger_lookup() in HSLNewSetRecipient() function in HSL's Content FlowNewHSL control structure "barrier" to do advanced synchronous scriptingNewHSL isset() function, to check if a variable is defined or notNewSet listen addresses for SSH, FTP and SNMP servicesNewPrompted configuration download in web administrationNewShow configuration changes between revisionsImpChanged default IP to 169.254.1.1 (not to conflict with customer networks)BugDo not allow recipient with trailing "." in the domain name
2.2.1.1
Released on 2010-06-17
BugA script validation error in Web Administration fixedBugSyslog could fail at boot on rare occasions
2.2.1
Released on 2010-06-14
ImpShow PKI information (X.509, private and public key)ImpRequire passwords to be typed twiceImpBetter TLS information in SMTP logsImpDNSSEC and DNS cache made private in clusterImpRPDAV icon changed to be distinguished from RPDImpShow full AV, AS, LDAP and boot logsImpSort cluster nodes by name on Cluster > OverviewImpSupport TLS/SSL for LDAP servers (Quarantine and HSL)ImpSMTP listener/transport support "internal-hostname" as hostnameImpMore restrictive read-only users (no ping, etc)ImpCommands (ping, etc) in console are continuously updatedImpMore private keys (Send to Server, etc)Imp3rd-party components updated (ClamAV, etc)BugRPDAV could not set "delete" actionBugView message button in outgoing queue fixedBugNo script errors for action on empty message queuesBugGraph X-axis could be a few seconds off in clusterBugFailed to save flows when custom functions were usedBugSession timeout when saving services (SMTP, HTTP, etc)
2.2.0.1
Released on 2010-05-19
Bugsyslog needs to be restarted in order for hostname to be appliedBugIf STARTTLS was announced but failed, optional TLS abortedBugLDAP queries failed in HSL
2.2
Released on 2010-05-17
NewDNSSEC support and an internal DNS cacheNewDKIM signing and validation in Content flowNewReworked statistics with JavaScript graphs and a new layoutNewShow Script button on flows, displaying generated HSL codeNewAbility to write reject/defer messages in flow blocksNewHSL variables $service (IP) and $messageid (Content) addedNewHSL functions file() and file_get_contents() addedNewDefer(), SetMailTransport() and AddHeader() in Content flowNewTrusted (whitelist) block in Recipient flowNewWeb Administration organization with flows in one sectionNewUnit identification used as internal hostnameNewButton for jumping to flows and profilesNewWarning messages before discarding unsaved changesNewBookmarks to sections and tabs in Web AdministrationImpRenamed processes to mailscand and mailqueuedImpMajor performance improvement in mailscandImpOverall performance from chunked statistic updatesImpFree-text search in Activity > LoggingImpQuarantine mail listing show scores and loggingImpClustering menu and timeouts improvedImpE-mail file maintenance (lostfiles) addedImpOutbreak (RPDAV) anti-virus accuracy improvedImpWeb Administration performance and caching improvedImpUpdated 3rd-party componentsImpHop count in mailscand implementedImpOverall performance and stability improvedBugSpamAssassin update bug resolvedBugSNMP label swapping bug resolvedBugDisabling of certain domains bug resolvedBugZero-bitmask error in in_network() function resolvedBugIPv6 scope in network functions is now discardedBugGMT timezone confusion on System > Time clarifiedDelDomain statistics reports removedDelDeprecated recipient databases migrated into flowsDelIncoming listener (smtpd) doesn't listen to localhostDelRemoved Deliver() as error fallback actionDelInvalid PKI certificates no longer validates in configDelDeprecated $spamscore and LDAPLookup() removedDelDiagnostics > Troubleshooter tab removed
2.1.5
Released on 2010-03-01
NewClustering of multiple SPG/VSP unitsNewGraphical Console (replacing the CLI)Newmail() function in HSLNewGuessAttachmentType() in HSLImp3rd-party components updatedImpQuarantine reset password, does not send a new password, instead allows it to be changedImpOverall improvements in functionality and reliabilityImpHSL cache [] is not LRU per default (least recently used)BugDomains were not disabled properly (nor alias domains)BugIP Policy response were not always receivedBugGetAttachmentName() were not decoded properlyBugSelf-genrated messages had the wrong Content-DispositionBugUnable to bind in queueprocessor (when custom source-ip was used)BugDomain reports could take very long time to completeBugStatistics could be collected for recipient instead of senderBugDisk, CPU and Memory usage where 24 hours off in bar-indicator
2.1.4.4
Released on 2010-01-14
BugIssue with domains without MX records resolvedBugInternet Explorer 8 can now view message logsBugExporting users can now handle invalid UTF-8 chars
2.1.4.3
Released on 2010-01-07
ImpAutomatically format and use available disk (Xen and Hardware)BugXen could not leave firmware OSBugWrap-around long log lines in Web AdministrationBugRate-control would cause random rebootsBugGlobalView did not always start at bootBugNewly downloaded SpamAssassin rules were not applied until reboot
2.1.4.2
Released on 2009-12-22
NewConsole in Web Administration (Diagnostics > Local Console)NewShow licensed users in Web Administration and SOAPNewAccess Quarantine from Web AdministrationImp3rd-party components updatedImpin_network() now supports IPv4 and IPv6Impdns() is now IPv6 ready, use dns4() or dns6() to chooseImpImproved compatibility with "tag subject" and non UTF-8ImpColors in log searchImpFixed MX-shuffle (rare round-robin delivery problem)ImpDelivery will only try the first three A/AAAA recordsImpSelecting text in Web Administration logsImpMany other improvementsBugNext retry wasn't presented in the local timezoneBugRare bug while reverting between configurationsBugCould not save whitelist in Internet Explorer 8BugReload services when SSL certificate is updatedBugRetention policy in Web Administration was restricted to 32-letterBugAdding one's own domains as domain alias confused quarantineBugSpelling correctionsBugOverall stability fixes
2.1.4.1
Released on 2009-11-06
BugBetter handling of questionable SMTP responses.ImpRussian and German in VSP's Getting Started.ImpSpam Assassin size limited raised to 500KiB.ImpCharset detection for Korean and other Asian languages.BugScripting error for Anti-Virus block in Content Flow.BugWeb Administration bug in Gettings Started for IE6/7.ImpFlow blocks in IP Policy log their results.BugJapanese may now be default language in Quarantine.ImpStatistic's performance is improvements.ImpHSL does not resolve $var to the value of $var.ImpHSL function eval() implemented.ImpOverall improvements in functionality and reliability.
2.1.4
Released on 2009-10-21
WarningStorage disk must be at least 2GB for all units and configurationsImpAutomatic initialization of new Storage disks for VSP/SPGImpFirmware updates by self hosted Web UpdatesImpGetting Started -guide in Console and Web AdministrationImpIPv6 support in Web AdministrationImpKeep current search in History/Queues while browsing and performing actionsImpIP-address whitelist in Content-FlowImpQuarantine action "Empty" only empties the selected folderImpJapanese language support in QuarantineBugIf no MX is found, try to use the A/AAAA recordBugSNMP and NTP problems with reconfigurationImp3rd party components updatedImpOverall improvements in functionality and reliability
2.1.3.1
Released on 2009-08-09
ImpOverall improvements in functionality and reliability
2.1.3.2
Released on 2009-08-09
ImpOverall improvements in functionality and reliability
2.1.3
Released on 2009-07-10
ImpThroughput vastly improved, read the guidelinesImpOption to disable internal statistics and historyNewNew HSL functionsImpOverall improvements in functionality and reliability
2.1.2
Released on 2009-06-25
NewSNMP monitoring; custom MIB with statistics and informationBugFixed Kaspersky engine errorImpTruncate configuration from CLI to save memoryBugCache timeout set at execution instead of completionImpIP Policy may also block UDP packets ($protocol)ImpRemoved start-up related warningsBughttp() function can handle more than 10 parametersImpExceptions in Recipient Flow are reported as Defer()ImpGlobal quarantine admin users may blacklist globallyImpBlacklist handles domains and wildcard (%@domain)ImpNotify senders that they are blacklistedImpRe-arranged tabs into new system menu in Web Admin.BugRedirection bug when accessing a HTTPS interface using HTTPBugConfiguration upgrade for remote systems could cause timeoutsImpBetter transport-lookup for messages generated internallyImpMail function GetRoute() in HSL improvedImpArray function array_reverse() in HSLImpRate control function rate() in HSLImpRate control module in Recipient and Authentication FlowsImpDefault message rate for authenticated users is 100 msg/hImpHSL may cache results per message/sessionImpOverall improvements in functionality and reliability
2.1.1
Released on 2009-06-03
NewAdvanced options on Mail Content Flow with custom rulesImpLarger history (100.000 msgs.) for small disks (4 GB)ImpAnti-virus and Pattern Analysis (SA) results in historyImpQuarantine allows users to download messagesImpQuarantine web interface scales content to browser sizeImpQuarantine accepts LDAP sign-in using alias as usernameImpQuarantine has Korean translationImpQuarantine displays outgoing queueImpQuarantine displays folder's message count on mouse overImpSPF module has trusted forwarders white-list fieldImpOption to reject messages with virusImpRecipient Flows reports the reason for rejection to senderImpOverall performance and reliability improvedBugQuarantine now shows attachments correctlyBugDelivery forced default transport during certain circumstancesBugQuarantine now honors the LDAP version settingBugIt is now possible to mix recipient flows with "disabled"
2.1
Released on 2009-05-18
ImpNew Quarantine with LDAP support and ClusteringImpAdministrator can access the Quarantine using their credentialsImpQuarantine has administrator-only folders (invisible to users)ImpReporting > Real Time Log displays Anti-Virus, LDAP, etc.ImpThe console's startup screen displays IP addressImpFTP access requires full permissions or the "f"-flagImpAdministrators cannot change their own permissionsNewAdded "null" transport (discards messages)ImpVMware ESXi users need to resize the disk during installImpAdded "Per Domain" for the SMTP Recipient Flow lookup moduleBugTrace configuration revisions changes by administrator userImpRecipient Flows are per-domain instead of per-incoming.ImpImproved queue/history management responsivenessImpPerformance optimizationsImp3:rd Party Components UpdatedImpCLI command "version" displays appliance informationImpOverall performance and reliability improved
2.0.9
Released on 2009-03-24
NewImport Configuration from ClipboardBugInstaller on Windows 2000BugInstaller field validationImpWarning on VMware Configuration ImportImpRepair License in Web Admin.BugHistory Page in Internet Explorer fixedImpChanges in terminology (Process Flow = Content Flow, etc)BugLong lines message bug fixedNewImplemented cache [] function();BugIP Policy cache is now cleared properlyImpWeb Admin. Script fields is monospace and support [tab]NewAdded !~ (negated regular expression) matchingImpUpdates 3d-party librariesNewCaches the Incoming's smtp_rcpt_lookupImpClear cache button (Mail Gateway -> Settings)BugNon-UTF-8 bug (Mail Gateway -> Activity)ImpIP Policy performance improvedBugHTTP re-configured during address changeImpRemoved reverse DNS lookupsBugMemory storage capacity resolvedBugAuthentication and Recipient Flow re-configurationBugNTP producing false error messagesImpAutodetect language in Web Admin.ImpMail Content Flow didn't virus-check spam messagesImpOverall improvements and stability
2.0.8
Released on 2009-02-27
ImpFirmware Update with step-by-step guideImpVSP Installation with quick-start guideImp"Paging" in Mail Gateway Activity tabsNewdnstxt(), dnsmx() and implode() functions in HSLBug500-errors handled correctlyNewSupport for alternative DNS in lookup-mxBugHandle UTF-8 in Tag Subject i Mail FlowNewMore languages addedImpGraph directions changed (left to right)ImpMore SMTP debuggingNewDirect Processing gives reject functionNewReject() function in Mail FlowImpSet concurrent connections per Incoming (server)ImpFunction declaration and "include" support in HSLImpFull UTF-8 supportImpOverall improvements and stability
2.0.7.1
Released on 2009-01-16
ImpSMTP/LDAP SMTP authentication supportBugDisk Operation StabilityImpStorage Management (backup and restore)ImpAdd multiple domains from Web AdminImpAuthentication and Recipient FlowsImpMany new functions added to HSL (see Wiki)ImpSecure Disk Wipe from Recovery ConsoleImpSend test mail to administrator from Web AdminImpReset Statistics in Web AdminBugDNS/MX resolvingImpAuthentication in Outgoing TransportsImpPreview mail in QuarantineBugQuarantine handles quoted-printableBugQuarantine reports handles quoted-printableImpWarn users when Quarantine getting fullImpScript testing toolImpSearching logs indicates when showing realtimeImpCustom icons for script blocks in Web AdminImpImproved anti-virus detectionImpSOAP interface improvementsImpBetter Default FlowsBugResolved back-to-default-config bug
2.0.6.2
Released on 2008-11-25
BugQuarantine templates
2.0.6.1
Released on 2008-11-20
BugQuarantine templates
2.0.6
Released on 2008-11-12
ImpSend Domain Reports from Web AdminBugDomain Statistics reported correctly (lowercase)BugOverall Web Admin reliabilityImpLDAP debuggingImpMail throughput performance vastly improvedImpSPF Query Tool in Web AdminImpin_network() now supports IP-ranges in HSLImpBlock() may send reason for blocking in HSLImpdnsptr() to lookup PTR (ipv4 and ipv6) in HSLImp5 s timeout for dns() request by default in HSLImpin_file() function (eg. black/white-lists) in HSLImpFirst comment in a Flow Script shown as titleImpCustomize generated e-mailImpMultiple LDAP servers on incoming listernersImpDefault contact changed to "Postmaster"ImpMultidimensional arrays in HSLBugOverall reliability and functionalityImpQuarantine translated to Swedish and customizableImpBetter default mail gateway Process Flow
2.0.5
Released on 2008-08-21
ImpImproved quarantine with reportsImpStatistics in Web AdministrationImpDomain reports with additional statisticsImpLogging is separated and improvedImpMessage tracking (Activity)ImpWeb Administration re-organizationBugStorage recovery from power failuresImpCertificate tunable "Optional but Verify"ImpError messages are displayed as dialoguesImpGenerate SSL certificates (Diagnostics section)ImpName (tag) configuration revisionsImpSOAP configuration API (using WSDL file)ImpNFS replaces SMB for network storageImpGraceful shutdown and restartImpBoot procedure with progress and logImpMultidimensional arrays in HSLImpHeaders are UTF-8 decoded in HSLImpGetDSN(), GetRoute(), DeliverAsSpam() in HSL
2.0.4.1
Released on 2008-06-09
BugWeb Administration error on factory reset unitsImpAdded German and Japanese language supportImpHSL Scripting in Outgoing QueueImpDomain name variable in HSLImpWrapMessageAddHeader function added in HSLImpRevert to default config upon fatal errorsImpDisable Incoming Listeners upon storage failureImpRegular Expression modifiers in HSLImpInitial Access Control Flow statisticsImpIncoming Queue shows entire messageImphttp() and explode() functions added to HSLImpPattern Analysis (spam assassin) module addedImpLDAP testing on Diagnostics sectionBugMax Message Size can be increasedBugOverall reliability and functionality
2.0.3
Released on 2008-05-15
ImpAdded Italian, Spanish and Korean language supportImpOverall reliability improved
2.0.2
Released on 2008-05-12
BugSPF calculated $spamscore incorrectlyImpReboot to Update Firmware from Web Admin.BugRemoved extra newline in messagesBugDatabase conversions could failImpAbility to disable ACL flow for servicesBugNTP synchronization problem solvedImpModel-specific performance optimizationsBugRecovery from power failureBugWindows (SMB) share no longer failsImpAdded date/time functionality to HSLImpOverall reliability improved
2.0.1
Released on 2008-04-28
BugProblems in the parser of the mail scanner are fixedBugAjax problems in the mail processing flow are fixedImpNew functions in HSL (Halon Scripting Language)ImpUTF-8 support in HSLBugInternet Explorer and Opera supportImpOverall reliability improved
Comments
0 comments
Article is closed for comments.