Halon MTA changelog

5.4 | 5.3 | 5.2

Halon is a fast, flexible and powerful MTA for demanding uses such as large-scale email services. New installations are deployed by downloading a disk image or virtual machine template. Existing systems can be easily updated, after having familiarised yourself with the release notes.

There is an RSS feed available.

Released on 2020-08-14

Imp UUID version selector (time/v1 or random/v4)

UUID version selector (time/v1 or random/v4) Imp Integrated package is updated to FreeBSD 12.1-RELEASE-p8

Integrated package is updated to FreeBSD 12.1-RELEASE-p8 Bug Fix default enhanced status code in bounces for certain errors

Fix default enhanced status code in bounces for certain errors Bug Added validation of certain CLI arguments to improve error reporting

Added validation of certain CLI arguments to improve error reporting Bug Fix web administration regression when adding servers and transports

Released on 2020-07-22, see the 5.4 release notes for notable changes

Released on 2020-06-10

Bug Fixed a stability issue with the connection pool

Released on 2020-05-26

Bug Fixed issue with server connection concurrency limit

Fixed issue with server connection concurrency limit Bug Fixed tags (comments) for some types of manual active queue suspends

Fixed tags (comments) for some types of manual active queue suspends Bug Fixed issue with the proxy script hook

Fixed issue with the proxy script hook Bug Fixed web administration bug when adding active queue policy without concurrency value

Fixed web administration bug when adding active queue policy without concurrency value Bug Fixed minor issue with integrated package's shell console interface

Fixed minor issue with integrated package's shell console interface Bug Fixed locking issue with integrated package IDE's built-in run script window

Fixed locking issue with integrated package IDE's built-in run script window Bug Increased the integrated package's max threads per process limit

Released on 2020-05-04

Imp Removed unsupported ClamAV safebrowsing

Removed unsupported ClamAV safebrowsing Bug Fixed SpamAssassin SPF issue

Fixed SpamAssassin SPF issue Bug Fixed web administration issue on Safari

Fixed web administration issue on Safari Bug Fixed IP address configuration regression in video console interface

Released on 2020-03-10

Imp Support more charsets by inclusion of latest GNU iconv

Support more charsets by inclusion of latest GNU iconv Imp Changed log level of ldap_auth() function failures

Changed log level of ldap_auth() function failures Bug Fixed issue with active queue policy with certain groupings

Fixed issue with active queue policy with certain groupings Bug Fixed issue with decoding of RFC2231 parameters values

Fixed issue with decoding of RFC2231 parameters values Bug Fixed regression with decoding of certain charsets

Fixed regression with decoding of certain charsets Bug Fixed regression with Mellanox (mlx5en) network adapters

Released on 2020-02-24

Imp Added SMTP state information to delivery error logs

Added SMTP state information to delivery error logs Imp Added port option to dns_query() function

Added option to dns_query() function Bug Fixed issue with duplicate messages API call

Fixed issue with duplicate messages API call Bug Fixed "neq" condition (not equal) with "size" and "retry_count" fields

Fixed "neq" condition (not equal) with "size" and "retry_count" fields Bug Fixed issue with message size variable and per-recipient end-of-DATA script

Fixed issue with message size variable and per-recipient end-of-DATA script Bug Web administration fixes Re-add quarantine view selector on queued messages page Re-add confirm dialog on all queue message actions Fixed display of file name of attachment in preview Fixed preview buttons of messages with invalid MIME formatting Fixed issue with FN/FP reporting links

Web administration fixes Bug Updated system packages ClamAV 0.102.2

Updated system packages

Released on 2020-02-11

Released on 2020-05-26

Bug Fixed issue with server connection concurrency limit

Fixed issue with server connection concurrency limit Bug Fixed tags (comments) for some types of manual active queue suspends

Fixed tags (comments) for some types of manual active queue suspends Bug Fixed issue with the proxy script hook

Fixed issue with the proxy script hook Bug Fixed minor issue with integrated package's shell console interface

Fixed minor issue with integrated package's shell console interface Bug Fixed locking issue with integrated package IDE's built-in run script window

Fixed locking issue with integrated package IDE's built-in run script window Bug Increased the integrated package's max threads per process limit

Released on 2020-05-04

Imp Changed log level of ldap_auth() function failures

Changed log level of ldap_auth() function failures Imp Removed unsupported ClamAV safebrowsing

Removed unsupported ClamAV safebrowsing Bug Fixed SpamAssassin SPF issue

Fixed SpamAssassin SPF issue Bug Fixed web administration issue on Safari

Fixed web administration issue on Safari Bug Fixed IP address configuration regression in video console interface

Released on 2020-02-03

Bug Fixed regression regarding interface order

Released on 2020-01-29

Imp Option to use operating system's network interface order instead of by MAC/hardware address

Option to use operating system's network interface order instead of by MAC/hardware address Imp Added software update version selector to web administration (patch/major)

Added software update version selector to web administration (patch/major) Imp Support DANE for non-MX destinations

Support DANE for non-MX destinations Bug Fixed protocol violation with LMTP and STARTTLS

Fixed protocol violation with LMTP and STARTTLS Bug Fixed issue with smtp_lookup_rcpt() function

Fixed issue with smtp_lookup_rcpt() function Bug Fixed memory leak in TLSA DNS resolving

Released on 2019-12-27

Bug Fixed issue with long-running script hooks which could cause internal congestions

Fixed issue with long-running script hooks which could cause internal congestions Bug Fixed stability issue with newly implemented TLS 1.3

Released on 2019-12-06

Imp Support overlapping active queue policy groupings by order of appreance

Support overlapping active queue policy groupings by order of appreance Imp Added environment.syslog.mask option to startup configurations

Added option to startup configurations Bug Fixed regression which could cause DSNs to be sent too early

Fixed regression which could cause DSNs to be sent too early Bug Prevent adding multiple queue policy counters on same field in web administration

Released on 2019-10-10

Imp Added timeout option to SMTP client delivery options

Added option to SMTP client delivery options Bug Fixed issue with listen address when IPv6 is disabled

Fixed issue with listen address when IPv6 is disabled Bug Fixed issue when adding policy to suspend entire active queue

Released on 2019-09-25

New Queue subsystem features Asynchronous SMTP and DNS connection processing Concurrency and rate control in active queue Custom counters with regex/wildcard matching for rollup Job ID field for scriptable/custom match parameters Dynamic control via script and API Queuing to multiple source IP/HELO pairs with round-robin and exclusion via suspend Transport group hierarchy with setting inheritance Simplified pre- and post-delivery scripts with new Try() , Queue() and $message symbols Added mx_include /exclude options to deliver functions to control MX resolution Enabled forward-confirmed reverse DNS lookups (used in Received header) by default

Queue subsystem features New Script language features Added FFI class for calling routines in external libraries Added shared memory functions and API for counting and caching Added csv_encode() function useful for CSV logging Added redirects option to http()

Script language features Imp Web administration improvements New queue distribution page which can group by age and next retry New process statistics page that shows internal counters

Web administration improvements Imp Updated system packages FreeBSD 12.0-RELEASE-p10 FreeBSD 12 quarterly packages

Updated system packages Dep Important changes Removed the options for MX delivery (zone= and query=) Removed the transport profile priority and pause setting in favour for virtual queues, hold and suspend

Important changes

Released on 2019-06-17

Bug Fallback to HELO if EHLO fail and we do not require TLS

Fallback to HELO if EHLO fail and we do not require TLS Bug Reintroduce accept reason in delivery log

Reintroduce accept reason in delivery log Bug Fixes Cyren issue with a cache purging command

Fixes Cyren issue with a cache purging command Bug Web administration regressions Fix clearing individual cache items Fix multi-select on queue items Fix issue with showing clustered graphs

Web administration regressions

Released on 2019-05-15

Bug New $connection variable were populated incorrectly in regards to local/remote information.

Released on 2019-05-08

Bug Resolve DANE-TA issue by switching from LDNS to OpenSSL's DANE implementation

Released on 2019-04-25

New SMTP server scripting features New “proxy” script executed on every SMTP command New $connection and $arguments arrays that contains all predefined input variables New mail message queue(), in-line deliver() and toFile() functions

SMTP server scripting features Imp SMTP server improvements Support for PROXY protocol v2 Added wildcard matching in domain relay table Added many options and flags to script functions Added reason and reply_codes to Accept() Added decode to mail message getBody() Added type to MIME appendPart/prependPart() Added various settings for DMARC and Cyren RPD Compatibility mode for previous predefined variables and setter functions

SMTP server improvements Imp Script language improvements Added pkcs7_sign() function for S/MIME Added xtext_decode() and encode functions useful for parsing SMTP parameters Added X.509 class returned by many functions Added header_addresslist_extract() and header_dkim_decode() functions Reworked spf_query() and dns_query() with improved return types Added encode option to MIME addHeader() Added to tls_client_cert to http() Added local timezone flag to strftime() and strptime() Added getpeerx509() to LDAP class Added readonly variables to classes Support for remainder …$rest in destructing assignments Allow access to private properties in anonymous functions returned from classes (with closure)

Script language improvements Imp Updated system packages FreeBSD 12.0-RELEASE-p3 FreeBSD 12 quarterly packages

Updated system packages Bug Fixed issue with TLS certificates being read multiple times

Fixed issue with TLS certificates being read multiple times Bug Fixed issue with paused transports creating unnecessary logs

Fixed issue with paused transports creating unnecessary logs Dep Important changes The SMTP server reject/defer functions doesn’t prepend pre-defined messages Underscores are now allowed in variable names Removed "null" as literal null transport destination Removed size limit from mail message getBody()

Important changes

Released on 2019-03-04

Bug Fix issues in web administration with new REST API

Fix issues in web administration with new REST API Bug Fix issue with license user count expiration

Fix issue with license user count expiration Bug Use true/false rather than 1/0 for all boolean types rate() return type smtp_lookup_rcpt() flag for TLS started

Use true/false rather than 1/0 for all boolean types Bug Fix issues with firewall script Include files in folders could not be used in firewall script The built-in FTP server’s passive mode didn't work with a firewall script

Fix issues with firewall script Bug Fix memory leak in new LDAP class

Fix memory leak in new LDAP class Bug Suppress harmless warning in quarantine retention cleanup

Released on 2019-02-20

Bug Properly detect the Amazon EC2 hypervisor

Properly detect the Amazon EC2 hypervisor Bug Inline delivery wasn't logging sender information on errors

Inline delivery wasn't logging sender information on errors Bug Numerically named include files could not be checked for errors

Numerically named include files could not be checked for errors Bug Fixed a rare crash that could occur during DKIM signing

Fixed a rare crash that could occur during DKIM signing Bug Fix regressions in web administration with new REST API

Released on 2019-01-24

New RESTful API with OpenAPI specification

RESTful API with OpenAPI specification New SMTP server scripting features Added per-message end-of-DATA script Added snapshot() and restore() to the end-of-DATA MIME() class New $transaction variable with sender and recipients that's gradually populated New senderlocalpart and recipientlocalpart variables in original format New options in connect script's Accept() function reason to set banner response senderptr to set sender hostname printed in "Received" header New options in RCPT TO Accept() function recipient for overriding the default $recipient context variable transportid for overriding the default $transportid context variable New option from_name in pre/post-delivery SetDSN()

SMTP server scripting features Imp SMTP server improvements TLS 1.3 support Wildcard matching in SNI Sender information can be overridden per queued recipient Added configuration options Implicit TLS per virtual server listener Verbose logging per virtual server Bare LF is converted to CRLF Disable client-initiated TLS renegotiation

SMTP server improvements Imp Script language improvements Added spread operator to array type Added wildcard function and variable import into a namespace Added compile-time text, JSON and CSV import into a variable Added csv_decode() function that parses a string according to a schema Added inet_reverse() function that creates a reverse DNS for PTR or DNSxL lookups Added array_find() function New LDAP() class Reworked standard library functions length() function that supports multiple data types array_join() , array_includes() and array_range() str_find() , str_rfind() , str_lower() , str_upper() , str_slice() and str_strip() random_number() , domain_includes() , inet_includes() Added getPath() and readline() methods to File() class New allow_comments option in json_decode() New type option in dns() New proxy option in http() to override the system default

Script language improvements Imp Web administration improvements Script editor improvement Custom input controllers for CSV files using schemas CSV import using custom delimiter Syntax highlighting for JSON files Scratchpad for quickly writing and running code History and queue search support >= and <= operators Moved catch-all domain settings to virtual server configuration Moved SSH, HTTPS and FTP TLS keys to host server configuration

Web administration improvements Imp System distribution improvements Ability to configure HTTP proxy, used by all HTTP clients throughout the system Ability to clear individual entries from built-in DNS cache DHCP support for DNS resolvers Configuration now accepts / in IDs, used for folders in the script editor

System distribution improvements Imp Updated system packages FreeBSD 12.0-RELEASE-p2 FreeBSD 12 quarterly packages PostgreSQL 11.1

Updated system packages Bug Fix issue with lagg network interfaces on boot

Fix issue with network interfaces on boot Dep Important changes The is_number() function to no longer return true on boolean variables Removed $tlsprotocol , $tlscipher and $tlskeysize variables from RCPT script Removed calling a function as a string from cache Removed Deliver() from post-delivery script The Quarantine() function's option parameter must be an array Removed system_default_transport Renamed processes dlpd and queued

Important changes

Released on 2018-11-01

Imp Added a crypt() function

Added a function Imp Updated to Sophos 3.2.07.374.0

Released on 2018-10-03

Bug Fix issue where ldap_bind() return error (-1) rather than failure (0) on a failed bind

Fix issue where return error (-1) rather than failure (0) on a failed bind Bug Patch libspf2 to completely deprecate the SPF record type in favor of TXT

Patch libspf2 to completely deprecate the SPF record type in favor of TXT Dep Show deprecation warning for transports without explicit bounce destination, and domain cluster overrides

Released on 2018-09-20

New SMTP server scripting features Added SetHELO() , $saslauthed and $saslusername to HELO script Added "changes" option to GetMailFile() to include message modifications Support for meta-data queries in GetMailQueueMetric() Preserve 7bit ASCII when the modifying messages with MIME.setBody if possible

SMTP server scripting features Imp Script language improvements Added native boolean type Added string repeat and array repeat repeat operator * Added string format operator % Added strict comparison operator === Added steps argument :: to slice operator Added idna_encode() and idna_decode() Added aes_encrypt() and aes_decrypt() Added random_bytes()

Script language improvements Imp API improvements Added API call mailQueueDownload to download a message (original or with modifications) hslCacheClear , hslRateClear and statClear returns affected rows mailQueueRetryBulk supports "retryts" (timestamp) and "retrydelay" (offset) configImport support "revision" option for atomic imports

API improvements Imp Updated system packages FreeBSD 11.2-RELEASE-p3 FreeBSD 11 quarterly packages

Updated system packages Bug Debug points were removed when clearing debug results

Debug points were removed when clearing debug results Bug The video console interface could not run programs (like ping)

The video console interface could not run programs (like ping) Dep Important changes Replaced radius_authen() , new implementation using Socket() Removed tacplus_authen() and tacplus_author() (TACACS+) Removed system_disk_cache configuration key (ATA disk cache)

Important changes

Released on 2018-08-07

Bug Updated kernel to FreeBSD 11.2-RELEASE-p1 (SA-18:08)

Released on 2018-07-09

New SMTP server scripting features Live debugging with breakpoints via live staging HELO phase script Support arc (Authenticated Received Chain) in DKIMSign() Added ed25519-sha256 (EdDSA) to DKIMSign() ed25519_sign() and ed25519_verify() functions rsa_sign() and rsa_verify() functions Added timeout and dns_function options to DKIMSDID() Added oversign_headers option to DKIMSign() getHeaders() function in the MIME class Added field option to MIME.getHeader() returning entire line Added encode option to MIME.addHeader() and setHeader()

SMTP server scripting features New SMTP server features Support for multiple IPs and netmasks in live staging Require HELO option Support for PKCS#8 private keys

SMTP server features Imp Script language improvements Reworked DKIMVerify() function Added array slice assignments and unset slices Only return one result per domain in DKIMSDID()

Script language improvements Imp SMTP server improvements Change default TLS ciphers to HIGH:MEDIUM Updated Cyren outbound configuration

SMTP server improvements Imp Web administration improvements Option to automatically restart live staging on changes Color picker for area and pie charts Stacked percentage mode for area charts HTTP redirect option, useful for HTTP-to-HTTPS Enabled HSTS and denies frame embedding (X-Frame-Options) Many other small improvements

Web administration improvements Imp Updated system packages FreeBSD 11.2-RELEASE-p0 FreeBSD 11 quarterly packages Unbound 1.7.0 which fixes one DNSSEC-related issue Sophos 3.2.07.372.0

Updated system packages Bug Fix rated behaviour with IPv6, reloading and display on non-synchronised items

Fix behaviour with IPv6, reloading and display on non-synchronised items Bug Fix issue with DATA script scan functions caching and extended results

Fix issue with DATA script scan functions caching and extended results Bug Fix bug with negative indexes and append

Fix bug with negative indexes and append Bug Deleting statistic values on graph page for all hosts didn't work

Deleting statistic values on graph page for all hosts didn't work Dep Important changes Switched to regular peer name checks in SetTLS DNS functions no longer support hostnames as resolver server option Renamed rate() option local to sync Removed DKIMADSP() Removed historic variables from connect script

Important changes

Released on 2018-05-03

Bug Fixed regression in SMTP server affecting implicit TLS on port 465

Fixed regression in SMTP server affecting implicit TLS on port 465 Bug Fixed issue with FreeBSD 11.1-RELEASE-p8 (SA-18:03) affecting some CPUs

Fixed issue with FreeBSD 11.1-RELEASE-p8 (SA-18:03) affecting some CPUs Bug Fixed TLSSocket.getpeercert() MD5 fingerprint option

Released on 2018-04-28

New Support for Cyren outbound anti-spam

Support for Cyren outbound anti-spam New Support for SNI in smtp_lookup_*() , SetTLS() and SMTP server

Support for SNI in , and SMTP server New Script language features for loops static self-referencing support using the scope resolution operator (::) Increase/decrease operator

Script language features Imp SMTP server scripting improvement Added extended_result to ScanRPD() , ScanKAV, ScanCLAM, ScanDLP and ScanSA Default DKIM canonicalization changed to relaxed Added GetMetaData() to DATA context

SMTP server scripting improvement Imp Script language improvement Support for non-synchronized (local) counters in rate() Support for Unicode surrogate pairs in json_*() to support plane 1 SMP Scripting language optimizations (memory, comparisons, branching and loops) Changed to libdouble-conversion from David M. Gay's dtoa

Script language improvement Imp SMTP server improvements Asynchronous connection processing Added millisecond precision to log files and remote syslog Allow hyphen characters in metadata fields

SMTP server improvements Imp Script editor improvements Completion items for built-in variables Parameters, return type and description for completion items Hover provider for built-in functions and variables Added link provider for files Code folding, tabs and minimap

Script editor improvements Imp Web administration improvements Halon script syntax highlight in plain-text configuration format Added checkbox to disable a SMTP listener on the SMTP listeners page

Web administration improvements Imp Support for ena network driver

Support for network driver Imp Changed to DHCP in default configuration

Changed to DHCP in default configuration Imp Updated system packages FreeBSD 11.1-RELEASE-p4 FreeBSD 11 quarterly packages Cyren ctasd 5.1.6.4 and ctipd 4.1.3.4

Updated system packages Bug Fixed issue with http() background requests connection errors

Fixed issue with background requests connection errors Bug The connect script was executed despite connections per IP limit

The connect script was executed despite connections per IP limit Bug The connect script replies didn't work with implicit TLS

The connect script replies didn't work with implicit TLS Bug SMTP banner was sent despite connections per IP limit

SMTP banner was sent despite connections per IP limit Bug Fixed issue with client certificates

Fixed issue with client certificates Bug Clearing chart data could cause it to be removed on another node

Clearing chart data could cause it to be removed on another node Bug Fixed issue with firewall script and passive FTP

Fixed issue with firewall script and passive FTP Dep Important changes Deprecated the ScanRPDAV() function

Important changes

Released on 2018-01-29

Bug Updated ClamAV to 0.99.3 (due to various CVE's)

Updated ClamAV to 0.99.3 (due to various CVE's) Bug Regression in code editor where file comments could not be added

Released on 2018-01-22

Reg Regression with AUTH LOGIN could cause $saslpassword to be incorrectly populated

Released on 2018-01-22

New Script language features Added MIME.signDKIM() function Added TLSSocket.getpeercert() function Added dnsns() function Added inet_pton() and inet_ntop() functions Added tls_client_cert to TLSSocket() Added functionality to smtp_lookup_rcpt() Added tls_client_cert and tls_capture_peer_cert arguments for client certificates Added an xclient argument Added on_rcptto and TLS information to the extended_result array Added tls_verify_peer to ldap_search() and ldap_bind() Added extended_result to spf() Support multiple escapes in ldap_search()

Script language features New Added GetTLS to AUTH, MAIL FROM, RCPT TO and DATA with STARTTLS info, tlsrpt and peer_cert

Added to AUTH, MAIL FROM, RCPT TO and DATA with STARTTLS info, and New AUTH script features Support custom SASL mechanims Added $saslmechanism , $saslstate and $saslresponse variables Added Reply() function Added ability to set username to Accept()

AUTH script features New Pre-delivery script features Added SetXCLIENT() function Added dkim and from to SetDSN() Added tls_client_cert to SetTLS() Added tls_capture_peer_cert to SetTLS()

Pre-delivery script features New Post-delivery script features Added GetTLS() function Added dkim and from arguments to SetDSN()

Post-delivery script features Imp SMTP server improvements Added support for client certificate requests in server HELO (per IP) Added support for custom SASL methods Set server preference for TLS ciphers Explicitly handle NULL MX (rfc7505) Removed line length limiting (8K SMTP, 256K (headerline), 512K header total)

SMTP server improvements Imp Web administration improvements Redesigned script mappings page Improved script errors in editor (with line decorations) Search in code editor directly from top search Faster loading in code editor Redesigned forms with more client side input validation Improved keyboard navigation And a lot of overall improvements

Web administration improvements Imp API changes Added support for more fields in SOAP mailQueueUpdateBulk and also duplicate Added support for program argument in SOAP hslCacheClear

API changes Imp Improved Sophos antivirus detection by using CXmail

Improved Sophos antivirus detection by using CXmail Imp DLP engine now supports regular expression modifiers

DLP engine now supports regular expression modifiers Imp Improved performance of libdkim++

Improved performance of libdkim++ Imp Allow "." delimiter in all ID fields

Allow "." delimiter in all ID fields Bug Received header "with ...SMTP..." always adds E on AUTH and STARTTLS

Received header "with ...SMTP..." always adds E on AUTH and STARTTLS Bug Improved DSN parsing in GetDSN() with multiline headers

Improved DSN parsing in with multiline headers Bug Bug with behaviour on Quarantine() reject => false followed by Quarantine reject => true

Bug with behaviour on reject => false followed by Quarantine reject => true Bug Fix bug with DKIM delivery block in Web UI

Fix bug with DKIM delivery block in Web UI Dep Important changes Aliased error_code to extended_result in smtp_lookup_rcpt() Aliased all ssl_ options to tls_ in http() Removed object [] syntax (in favour of class syntax) Default action is now to block on script errors in firewall script Made $connection and $transaction read-only in smtpd 's context $tlsprotocol, $tlscipher, $tlskeysize in RCPT TO context in favor of GetTLS() If using the RULE syntax to ScanDLP() with regular expresssions, you may need to add modifiers to keep compatibility (eg. //i for filenames).

Important changes

Released on 2017-12-04

Bug Fixed regression with $errormsg in Post-delivery

Fixed regression with $errormsg in Post-delivery Bug Fixed regression with Deliver() in Post-delivery

Fixed regression with Deliver() in Post-delivery Bug Fixed bug when importing some specific named keys

Fixed bug when importing some specific named keys Bug Fixed bug when typing in script blocks using the simple flow editor

Released on 2017-10-30

Bug Fixes regression in file() function

Released on 2017-10-26

Imp Script language features Added nonlocal to Socket.bind() and nonlocal_source to smtp_lookup_rcpt() Added tls_default_ca to ldap_search() Added new formats eEvV to pack() Added new formats eEvVax to unpack() Added offset argument to unpack() Added flags to Socket.recv() Added support for private static class variables and functions Fixed smtp_lookup_rcpt() to properly return return -1 on 400 errors Fixed file() to support lines longer than 65k characters. MIME class and mail() uses quoted-printable by default MIME.send() and mail() now fail on empty recipients Warnings when compiling code with unsupported operators on literals Lot's of memory optimisations in script engine

Script language features Imp Connect flow changes SetSenderIP() was added, which can be used to change $senderip

Connect flow changes Imp DATA flow changes MIME.setBody() to keep quoted-printable and base64

DATA flow changes Imp Pre-delivery script script Added SetSenderParams() and SetRecipientParams() to carry extra MAIL/RCPT parameters Added Bounce() to bounce messages Added SetDSN() to change DSN settings SetSouceIP() now accepts an address in each address family Added reset_retry and transportid option to Reschedule() Added $context variable which is passed on the post-delivery script

Pre-delivery script script Imp Post-delivery script changes Always runs the delivery script (even for DELETE and BOUNCE) Added an $action variabel DELETE, BOUNCE, RETRY Added a SetDSN() to change DSN settings Added options to Retry() function

Post-delivery script changes Imp Script editor improvements Added support for save using Ctrl/Cmd+s in CSV editor Warning if there are unsaved changes when starting live staging

Script editor improvements Imp Web administration improvements Refreshed interface, for example search field and login session expiration in menu bar Fixed support for renamed HTTP certificates when starting clustering Show diff between hosts’ configuration when clustering Ability to cancel pending disk grow/format SHA-256 is used in new certificate generation Message preview retains header letter case

Web administration improvements Imp Updated system packages FreeBSD 11.1-RELEASE-p2 New quarterly packages

Updated system packages Imp Ability to choose multiple addresses per SMTP listener

Ability to choose multiple addresses per SMTP listener Imp Added a per-transport default bounce transport setting

Added a per-transport default bounce transport setting Imp Added source metadata (_original_[message|queue|action]_id) to bounces

Added source metadata (_original_[message|queue|action]_id) to bounces Imp Reworked SMTP errors

Reworked SMTP errors Imp LDAP profiles are migrated to use standard URIs, which allows for failover

LDAP profiles are migrated to use standard URIs, which allows for failover Imp Firewall script now uses per-application filtering instead of ipfw divert sockets

Firewall script now uses per-application filtering instead of divert sockets Bug The "Line too long” error is now sent after END-OF-MESSAGE

The "Line too long” error is now sent after END-OF-MESSAGE Bug Fixed a missing SSL timeout in the SMTP client

Fixed a missing SSL timeout in the SMTP client Bug Fixed a syslog issue by properly using a blocking socket

Fixed a syslog issue by properly using a blocking socket Bug Fixed regression with system-storage- graphs and iostats command for some storage disks

Fixed regression with graphs and command for some storage disks Bug DSNs Arrival-Date wasn't properly set to the original message arrival date

DSNs Arrival-Date wasn't properly set to the original message arrival date Dep Important changes Deprecated Deliver function in post-delivery script Renamed GenerateDSN() to Bounce() in post-delivery script Replaced DeliverWithDKIM() with DKIMSign() in simple flow compilations

Important changes

Released on 2017-09-06

Bug TLS certificate regression caused by change in OpenLDAP 2.4.45 (ITS#8529)

Released on 2017-08-08

New Script language features Added private keyword to classes Added TLSSocket() class Added sha2() and hmac_sha2() functions Added pack() and unpack() functions Added $sourceip variable to post-delivery script

Script language features Imp Added status and NDR code options to Reject() , Defer() , Deliver() , etc.

Added status and NDR code options to , , , etc. Imp Web administration improvements Redesigned toolbar on many pages Spinning icon when running a script in code editor

Web administration improvements Imp Updated system packages FreeBSD 11.1-RELEASE-p0 with clang/LLVM 4.0.0 FreeBSD 11 quarterly packages Sophos 3.2.7.369.2

Updated system packages Imp Detect Amazon Web Services' EC2

Detect Amazon Web Services' EC2 Imp Overall improvements and code modernization

Overall improvements and code modernization Bug Failed to properly differentiate SASL failures in smtp_lookup_auth()

Failed to properly differentiate SASL failures in Dep The object cast operator

Released on 2017-06-22

New Script language features Classes added with class keyword Added is_object() function Added static function Socket::AF() to Socket class Added tls_verify_name option to SetTLS() and smtp_lookup_* Added max_file_size option to http() ScanDLP() function accepts rules as argument

Script language features New DLP engine now support file hashes of SHA2-256 and SHA2-512

DLP engine now support file hashes of SHA2-256 and SHA2-512 Imp Script editor improvements Sorting folders before files Fixed header alignment of empty CSV files

Script editor improvements Imp Web administration improvements Show popover on ellipsis in email tracking Fixed return to scroll position in on all pages Simple flow editor styles are now flat Simple flow editor comment is no longer a required field Bulk update queued and quarantined messages

Web administration improvements Imp Updated system packages CYREN ctasd 5.1.1.1 and ctipd 4.1.1.1 Sophos 3.2.7.368.1 HTML Purifier 4.9.3

Updated system packages Imp Aquire serial number and license without Internet via licenseImport API call

Aquire serial number and license without Internet via API call Imp smtpd now has a less aggressive default timeout

smtpd now has a less aggressive default timeout Bug $x["x"] did not throw error (non-existing variable)

did not throw error (non-existing variable) Bug Corrected default HELO message in smtp_lookup_* function

Corrected default HELO message in function Bug DLP engine reported a recursion error (instead of generic errors) on bad archives

DLP engine reported a recursion error (instead of generic errors) on bad archives Bug CYREN ctasd did not restart after license expiration

Released on 2017-05-10

New Live staging in pre/post-delivery (queue)

Live staging in pre/post-delivery (queue) New Purge cached items from API (and web admin)

Purge cached items from API (and web admin) New Script language features Modules with import keyword Added get / setBody() to DATA script's MIME class Added tls_default_ca and tls_verify_host options to SetTLS() and smtp_lookup_* Added the none keyword Added strptime() and ord() functions Reworked code validation to support more advanced coding patterns Loosen up syntax with () and -> Nested named functions are now function scoped Supports referencing files without file: prefix Added explicit warning about Unicode whitespace More dead-code eliminations

Script language features Imp Script editor improvements Return to cursor position on commit Supports folders via a dot . ID hierarchy convention and renaming IDs Auto-complete context-specific function names Many improvements to CSV editor (shows position, fixed headers, etc) Search options for regular expressions and case sensitiveness Running code in sandbox uses local checkout, and has a host selector New save indicator, "save all" button and keyboard shortcut

Script editor improvements Imp Web administration improvements Generate X.509, DKIM and DANE on PKI page Support changing ID of listner, flows and scripts, etc Cluster delete on statistic legends Re-added quick access to RPD and SA results in tracking Quick access to revision page diffs by URL hash Delete domain and domain aliases on SMTP server delete Defer color now shown as purple Fixed regressions with IE/Edge, DLP page, revision page timezone, stats, duplicate domains, etc

Web administration improvements Imp Updated system packages FreeBSD 11.0-RELEASE-p10 FreeBSD 11 quarterly packages CYREN ctipd 4.1.0.1 Sophos 3.2.7.368

Updated system packages Imp Make searchlog use time hint for RSET message id

Make searchlog use time hint for RSET message id Bug Closure over function scope caused memory leak

Closure over function scope caused memory leak Dep Removed dovecot_lookup_auth() and ident_lookup() , new implementations using Socket()

Removed and , new implementations using Dep Doesn't explicitly set $error in RCPT TO script any more

Released on 2017-03-16

Bug Web administration fixes Updated htmlpurifier to 4.9.2 NTP field on Date and time page didn't work with multiple servers Some disks weren't selectable on the Disks page Script errors in Simple flow editor page caused template engine error Clearing critical log always cleared the local log Added poll delay on Dashboard page's CPU to show usage more accurately History and queue page Don't show queue information for quarantine Re-added info field in listing Re-added active queue/quarantine selector Comment field on SMTP servers appeared in two places Minor redesign of the Configuration revisions page to mark special revisions Hide cluster synchronisation on Users page if there's only one host Added redirects for old web admin URLs for bookmarks

Web administration fixes Bug HSL function strftime was incorrectly returning in local time

HSL function was incorrectly returning in local time Bug consoleui couldn't add new IP's if all were removed

Released on 2017-03-06

New Live staging; running a parallell SMTP config version for some connections, based on conditions

Live staging; running a parallell SMTP config version for some connections, based on conditions New Redesigned web admin with checkout/commit and diff with expressive configuration syntax

Redesigned web admin with checkout/commit and diff with expressive configuration syntax New SMTPUTF8 support

SMTPUTF8 support New SMTP server scripting features Pre-defined connection $context variable, shared between all SMTP scripts MAIL FROM script SetSender/Recipient() in MAIL FROM and RCPT TO scripts Added SetSenderIP/SetSenderHELO() to DATA scripts Accept() , Reject() and Defer() in connect script Disconnect flag to all Reject / Defer and Deliver functions The SMTP scripts exposes all available variables (as they become available) GetMailFile() in DATA, pre- and postdelivery scripts.

SMTP server scripting features New Scripting features object [] statement and $this variable Socket() class File() class Resource value type while loops http() sourceip argument Bitwise operators

Scripting features Imp Configuration format Allow config keys to contain a-z, eg. include "file:api" New file key types to differentiate plain text from scripts New SMTP listener settings for TLS, HAproxy and concurrency Allow mounting of storage disk/partition by UFS label

Configuration format Imp SOAP API configKeysImport atomic commit with "expected head" id field configKeysCheck to verify non-running configuration mailQueueInTransit information about mailqueued's delivery attempts

SOAP API Imp Updated system packages FreeBSD 11.1-RELEASE-p0 FreeBSD 11 quarterly packages CYREN ctasd 5.1.0.1 and ctipd 4.0.37.1

Updated system packages Imp Anti-spam/virus database information command

Anti-spam/virus database information command Imp Being a major release, it features a large numbers of fixes and improvements

Being a major release, it features a large numbers of fixes and improvements Dep Changed LSI RAID driver from mfi to mrsas , will affect users mounting mfiX by device name

Changed LSI RAID driver from to , will affect users mounting by device name Dep Script include from /cfg partition

Script include from /cfg partition Dep Firewall script's Block() ignore response

Firewall script's Block() ignore response Dep DATA script's WrapMessage()

DATA script's WrapMessage() Dep Removed rate limits from acl_flow (moved to SMTP listener)

Removed rate limits from acl_flow (moved to SMTP listener) Dep Some config keys, such as system_user, service_ssh_*, ntp and syslog are no longer synched between hosts

Some config keys, such as system_user, service_ssh_*, ntp and syslog are no longer synched between hosts Dep Renamed some config keys, such as acl_flow and mail_flow

Renamed some config keys, such as acl_flow and mail_flow Dep When upgrading an existing host, a swap disk needs to be added (2-8 GiB) or RAM increased to at least 3 GiB (preferable before the update) since swap files no longer works in FreeBSD 11.0

Released on 2017-01-10

Imp Added support for interfaces as gateway (route)

Added support for interfaces as gateway (route) Bug Fix issue with smtpd and certain load balancers

Released on 2016-12-07

Bug Fix issue with dnsCacheFlush

Fix issue with dnsCacheFlush Bug SASL always failed in smtpd after an unsupported method was issued

SASL always failed in smtpd after an unsupported method was issued Bug Shutdown SSL connections more gracefully in smtpd

Shutdown SSL connections more gracefully in smtpd Bug Bug with HSL code check and barriers

Bug with HSL code check and barriers Bug snmpd could produce error message on the console

Released on 2016-11-09

Imp Updated system packages FreeBSD 10.3-RELEASE-p11 FreeBSD 10 quarterly packages CYREN ctipd 4.0.36.1 and ctasd 5.0.88.1

Updated system packages Bug HELO/EHLO hostname was not set for invalid domain names

HELO/EHLO hostname was not set for invalid domain names Bug Recipient limit was decreased compared to previous releases

Recipient limit was decreased compared to previous releases Bug License users export could fail

Released on 2016-09-27

Bug Updated to FreeBSD 10.3-RELEASE-p9 that fixes an OpenSSL regression

Released on 2016-09-23

Sec Updated to FreeBSD 10.3-RELEASE-p8 that fixes OpenSSL CVE-2016-6304 and others

Updated to FreeBSD 10.3-RELEASE-p8 that fixes OpenSSL CVE-2016-6304 and others Imp Setting for and changes in smtpd 's log verbosity

Released on 2016-09-08

Imp Enabled TCP_NODELAY on SMTP client socket

Enabled TCP_NODELAY on SMTP client socket Imp More user friendly errors in mailQueueRetry, mailQueueDelete and mailQueueBounce API

More user friendly errors in mailQueueRetry, mailQueueDelete and mailQueueBounce API Imp Updated to htmlpurifier 4.8.0

Updated to htmlpurifier 4.8.0 Bug Properly reload scripts with deleted include files when re-added

Properly reload scripts with deleted include files when re-added Bug Fixed regressions with XCLIENT, implicit TLS and IP flow statistics

Released on 2016-09-05

New ident_lookup() function to lookup users over the ident protocol

ident_lookup() function to lookup users over the ident protocol New $senderport in IP, RCPT TO and DATA context

in IP, RCPT TO and DATA context Imp Postfix is not longer the default MTA

Released on 2016-08-29

Imp Improvements in the script editor Added support for matching closing brackets Variable highlighting in strings

Improvements in the script editor Imp Updated system packages CYREN ctipd 4.0.35.5 FreeBSD 10.3-RELEASE-p7

Updated system packages Imp Improve detection of password protected ZIP files

Improve detection of password protected ZIP files Bug Fixes in REST API and SOAP proxy hslRate() regression with affected rate pie charts mailQueue() regression with affected email tracking metadata display

Fixes in REST API and SOAP proxy Bug Fix delivery to numeric MX with DANE

Released on 2016-08-03

New Added an interface for editing CSV files to the script editor

Added an interface for editing CSV files to the script editor New Added a revision-based diff utility to the script editor

Added a revision-based diff utility to the script editor Imp Switched to Monaco (MS VC code) and enabled autocompletion

Switched to Monaco (MS VC code) and enabled autocompletion Imp Added paging to the SOAP function configRevisionLog

Added paging to the SOAP function Imp Added retry functionality to background http() requests

Added retry functionality to background http() requests Imp Added extended_result option to the http() function

Added option to the http() function Imp HSL now supports keyed assignments when destructing arrays

HSL now supports keyed assignments when destructing arrays Imp Updated system packages to the latest quarterly; such as FreeBSD 10.3-RELEASE-p6 PHP 7.0.9 ClamAV 0.99.2 PostgreSQL 9.3.13 nginx 1.10.1

Updated system packages to the latest quarterly; such as Bug Failed http() requests always returns None on errors

Failed http() requests always returns on errors Bug Always send an authentication header on "401" errors (fixes issue with some SOAP clients)

Always send an authentication header on "401" errors (fixes issue with some SOAP clients) Bug Web admin interface fixes Increase timeout to prevent "504" timeout errors File viewer couldn't show files larger than 2 GiB Fixed a rare crash which chould occur with certain setups

Web admin interface fixes Dep Config key mail_transport 's parameter sasluser/pass renamed to saslusername/password

Config key 's parameter sasluser/pass renamed to saslusername/password Dep Config key mail_server 's parameter sasl_tls renamed to sasltls

Config key 's parameter sasl_tls renamed to sasltls Dep Removed the GuessAttachmentType() function

Released on 2016-05-26

Imp Switch to nginx and php-fpm (from Apache 2.4 and mod_php)

Switch to nginx and php-fpm (from Apache 2.4 and mod_php) Bug Fixed issue with reloading some configurations

Fixed issue with reloading some configurations Bug Fixed regression in the new SOAP proxy which was introduced in 3.5-r1 getTime() had the wrong default UTC mode It didn't handle 401 (Unauthorized) errors correctly Cluster sync (clusterd) didn't work with pipes in configuration values Cluster overrides couldn't be added

Fixed regression in the new SOAP proxy which was introduced in 3.5-r1

Released on 2016-05-20

New Added SOAP function mailQueueUpdateBulk to set various fields ( quarantine , transport , etc.)

Added SOAP function mailQueueUpdateBulk to set various fields ( , , etc.) New Added MIME.getHeaderNames() to the DATA MIME object

Added MIME.getHeaderNames() to the DATA MIME object Imp Added an option array to MIME.get/set/delHeader() to address a specific header by index

Added an option array to MIME.get/set/delHeader() to address a specific header by index Imp Replaced gSOAP with a REST/JSON API and a PHP SOAP proxy for compatibility

Replaced gSOAP with a REST/JSON API and a PHP SOAP proxy for compatibility Bug Fix problem when clearing empty rate entries

Released on 2016-04-18

New New HSL scripting editor

New HSL scripting editor New Added MIME.send() to builtin MIME object

Added MIME.send() to builtin MIME object New Added MIME.getBody() to builtin MIME object

Added MIME.getBody() to builtin MIME object New Added MIME.toString() to builtin MIME object

Added MIME.toString() to builtin MIME object New Added ?? (null coalescing operator) to HSL

Added (null coalescing operator) to HSL New Added include_once to HSL

Added to HSL New Added object and this to HSL

Added and to HSL New Added destructuring assignment to HSL

Added destructuring assignment to HSL New Added support for HAProxy's proxy protocol

Added support for HAProxy's proxy protocol Imp Based on FreeBSD 10.3

Based on FreeBSD 10.3 Imp Disabled SSLv3 for inbound SMTP connections

Disabled SSLv3 for inbound SMTP connections Imp Added support for sourceip as a netaddr:X in smtp_lookup_rcpt() and smtp_lookup_auth()

Added support for as a in and Imp Updated components CYREN RPD (ctasd) engine FreeBSD 10 quarterly packages

Updated components Imp Deliver() and Quarantine() now supports an option array

and now supports an option array Bug Fix problem with partial updated Sophos databases

Fix problem with partial updated Sophos databases Bug Fix problem with where the flow wasn't reloaded if a include file was changed

Fix problem with where the flow wasn't reloaded if a include file was changed Bug Fix problem with mail() where transportid wasn't used

Fix problem with where wasn't used Bug Fix problem with IE11 and placeholders in flows

Fix problem with IE11 and placeholders in flows Dep Undocumented CopyMail() and DirectDeliver() in favour of Deliver() arguments

Undocumented and in favour of arguments Dep Deprecated GuessAttachmentType()

Deprecated GuessAttachmentType() Dep Removed template support from the mail() function

Removed template support from the function Dep Removed the trigger URL configuration key from the quarantine

Removed the trigger URL configuration key from the quarantine Dep Removed the Blacklist() function

Removed the Blacklist() function Dep Removed the ScanBWList() function

Removed the ScanBWList() function Dep Removed the ScanSPF() function

Removed the ScanSPF() function Dep Removed the deliver_type and deliver_args arguments from DeliverWithDKIM()

Removed the and arguments from DeliverWithDKIM() Dep Removed support for switch with variable assignment

Removed support for with variable assignment Dep Removed support for function without argument list

Removed support for without argument list Dep HSL returns None (instead of an empty string) when dereferencing a non-existing elements in arrays

Released on 2016-03-02

Sec Addresses the DROWN vulnerability (CVE-2016-0800)

Released on 2016-02-20

Bug Fix regression in CYREN's ctipd 4.0.32 (included in 3.4-r4) by rolling back to 4.0.31

Released on 2016-02-16

New DATA context MIME class for working with an email's body

DATA context MIME class for working with an email's body New Standard library MIME class for creating MIME parts

Standard library MIME class for creating MIME parts New closures in addition to lambda functions

closures in addition to lambda functions New dnscname() function to resolve CNAME records (RR)

dnscname() function to resolve CNAME records (RR) New is_function() function to check if data is a function

is_function() function to check if data is a function New array_sort() function to sort arrays

array_sort() function to sort arrays New HSL cache statistics in SOAP and web admin

HSL cache statistics in SOAP and web admin Imp The ScanDLP() function can return where matches were found with partid option

The ScanDLP() function can return where matches were found with option Imp Added RCPT TO context $tlsprotocol , $tlscipher and $tlskeysize variables

Added RCPT TO context , and variables Imp Clear HSL rate()s based on a query (namespace and/or entry) over SOAP or web admin

Clear HSL rate()s based on a query (namespace and/or entry) over SOAP or web admin Imp Updated components CYREN IP reputation (ctipd) and RPD (ctasd) engines FreeBSD 10 quarterly packages FreeBSD 10.2-RELEASE-p9 fixing CVE-2015-3197 (SSLv2 disabled by default)

Updated components Dep Removed the system_default_quarantine configuration key

Removed the configuration key Dep Removed the GetMailTransport() function

Removed the function Dep Removed the DeliverAsSpam() function

Removed the DeliverAsSpam() function Dep Deprecated the WrapMessage() function

Deprecated the WrapMessage() function Dep Renamed the domain type any (catch-all) to the literal * in the configuration (converted)

Renamed the domain type (catch-all) to the literal in the configuration (converted) Dep Many default settings were moved to the user configuration (making them removable)

Released on 2015-12-07

New Added anonymous functions and named function pointers

Added anonymous functions and named function pointers New Added array_filter(), array_map() and array_reduce() functions

Added array_filter(), array_map() and array_reduce() functions Imp The in_file(), in_array() and pcre_replace() may take a function callback as argument

The in_file(), in_array() and pcre_replace() may take a function callback as argument New Added csv_explode() function

Added csv_explode() function New $serverip in AUTH, RCPT TO and DATA context

in AUTH, RCPT TO and DATA context Imp Options tls_protocols and tls_ciphers added to SetTLS() and smtp_lookup_*

Options and added to SetTLS() and smtp_lookup_* Imp Reconnect without TLS if STARTTLS fails for optional TLS connections

Reconnect without TLS if STARTTLS fails for optional TLS connections Imp SSLv3 disabled by default on outbound SMTP connections

SSLv3 disabled by default on outbound SMTP connections Imp Renamed DKIM function to DKIMSign(), which may return signature as a string

Renamed DKIM function to DKIMSign(), which may return signature as a string New Added csv_explode() function

Added csv_explode() function Imp Deny() in SOAP API may give a reason as faultstring

Deny() in SOAP API may give a reason as faultstring Imp Improve logging in mailqueued (with queueid)

Improve logging in mailqueued (with queueid) Imp Setting syslog_use_fqdn which sends the FQDN in syslog messages

Setting which sends the FQDN in syslog messages Imp Overall elegance, design and usability improved

Overall elegance, design and usability improved Sec Updated FreeBSD to 10.2-RELEASE-p8 which fixes CVE-2015-3194 to 3196

Updated FreeBSD to 10.2-RELEASE-p8 which fixes CVE-2015-3194 to 3196 Bug Improved DNS reloading in HSL; affected the spf() and ldap_*, tacplus_* and radius_* functions

Released on 2015-11-04

New DANE support

DANE support Imp Added settings page for CYREN

Added settings page for CYREN Imp Added extended_result option to the dns*() functions

Added option to the functions Imp Added pretty_print option to json_encode()

Added option to Imp Added $receivedtime to pre- and post-delivery contexts

Added to pre- and post-delivery contexts Imp SOAP mailQueue*Bulk() functions returns number of affected messages

SOAP functions returns number of affected messages Imp The default configuration now contains only one HTTPS web admin interface

The default configuration now contains only one HTTPS web admin interface Imp Many small changes improving performance, stability, elegance, design and usability

Many small changes improving performance, stability, elegance, design and usability Bug Regression in ScanRPD() with ctasd for "valid-bulk"

Released on 2015-10-19

New Sophos anti-virus ( savdid ) engine

Sophos anti-virus ( ) engine New Spam classification report buttons on email tracking page

Spam classification report buttons on email tracking page Imp Added explode() limit argument

Added limit argument Imp Key size option when creating private keys on PKI page

Key size option when creating private keys on PKI page Imp Many small changes improving performance, stability, elegance, design and usability

Many small changes improving performance, stability, elegance, design and usability Bug Updated CYREN ctasd settings to better cope with connection errors

Updated CYREN settings to better cope with connection errors Bug Updated Net-SNMP to fix memory leak in snmpd

Released on 2015-09-23

New Based on FreeBSD 10.2

Based on FreeBSD 10.2 New SetTLS function to the pre-delivery context

SetTLS function to the pre-delivery context New pie chart function q() to graph queue/quarantine searches

pie chart function to graph queue/quarantine searches New Ability to disable services (such as. SNMP, FTP and SSH)

Ability to disable services (such as. SNMP, FTP and SSH) New RCPT flow block for DNSBL and IP reputation

RCPT flow block for DNSBL and IP reputation Imp Zoomable graphs

Zoomable graphs Imp Save graph layouts per user

Save graph layouts per user Imp Pie chart supports custom refresh intervals

Pie chart supports custom refresh intervals Imp Updated components CYREN IP reputation (ctipd) and RPD (ctasd) engines Postfix 3, PostgreSQL 9.3.9 and ClamAV 0.98.7

Updated components Imp Scripting page may easily run scripts from the (virtual text) file store

Scripting page may easily run scripts from the (virtual text) file store Imp Optionally turn on totalhits in SOAP API

Optionally turn on in SOAP API Imp Switch between HTML and plain view in message preview

Switch between HTML and plain view in message preview Imp The AUTH rate limit flow block defer rather than reject when exceeded

The AUTH rate limit flow block defer rather than reject when exceeded Imp Replaced rpcmplexd with an async web admin implementation

Replaced with an async web admin implementation Imp Overall performance, stability, elegance, design and usability improved

Overall performance, stability, elegance, design and usability improved Dep Updated OpenSSL requires DH key size of more than 512

Updated OpenSSL requires DH key size of more than 512 Dep Graphs now include "dots" in their names (previously replaced with a dash)

Graphs now include "dots" in their names (previously replaced with a dash) Dep SOAP API changes mailQueue's totalHits renamed to totalhits (lowercase) Replaced loginFullname() and loginRemoteHost() with login() return object Removed loginCheckPermission()

SOAP API changes Dep End user interface considerations If you're using display-stats (graphs) you need to update the end user Toggle preview on HTML/text message part is now supported

End user interface considerations

Released on 2015-06-04

New Added an "update" function to the cache that can pick expired (but valid) items

Added an "update" function to the cache that can pick expired (but valid) items New Added a background flag to the http function for async, non-response calls

Added a flag to the http function for async, non-response calls New Added a hash function, useful together with http() 's background mode

Added a hash function, useful together with 's background mode Imp Added a syslog port settings

Added a syslog port settings Imp Support implicit SSL (wrapper mode) by specifying "465" as the first listener port

Support implicit SSL (wrapper mode) by specifying "465" as the first listener port Imp Raised the free disk requirement to 1 GiB in order to receive new messages

Raised the free disk requirement to 1 GiB in order to receive new messages Bug Fix regression when enabling the DLP process maildlpd and viewing license users

Fix regression when enabling the DLP process and viewing license users Bug Fixed augmented assignment (+=) behavior with function calls when dereferencing arrays

Fixed augmented assignment (+=) behavior with function calls when dereferencing arrays Bug First run didn't add the second domain to the relay table

First run didn't add the second domain to the relay table Enduser If you use end-user logging, you may want to employ the new http background feature

Released on 2015-05-11

New Validate HSL scripts when saving a text file (in file store)

Validate HSL scripts when saving a text file (in file store) New Added a Defer() function to the AUTH flow

Added a function to the AUTH flow Imp Automatically detect and support all network interfaces supported by FreeBSD

Automatically detect and support all network interfaces supported by FreeBSD Bug The backend could crash when using LDAP in the API (auth) script

The backend could crash when using LDAP in the API (auth) script Bug Regression in web admin causing some requests to fail due conservative settings

Regression in web admin causing some requests to fail due conservative settings Bug Adding new cluster nodes could fail if remote systems were unsorted (by id)

Adding new cluster nodes could fail if remote systems were unsorted (by id) Dep SOAP function configValidateArgument replaced with hslCheckScript

Released on 2015-04-27

Imp return statement in HSL without a value

statement in HSL without a value Bug ESC key in console may not work as expected if pressed twice rapidly

key in console may not work as expected if pressed twice rapidly Bug Temp disk may become full

Released on 2015-04-22

Imp Updated a lot of FreeBSD packages to quarterly

Updated a lot of FreeBSD packages to quarterly Imp Support for Intel(R) 10Gb (ix) network adapters

Support for Intel(R) 10Gb (ix) network adapters Bug SOAP request could be delayed with up to 1 second on idle systems

SOAP request could be delayed with up to 1 second on idle systems Bug Adding too large text files in the File store now returns an error

Adding too large text files in the File store now returns an error Dep switch statement in HSL with explicit variable storage

Released on 2015-04-16

New dovecot_lookup_auth() to authenticate using Dovecot's authentication protocol

dovecot_lookup_auth() to authenticate using Dovecot's authentication protocol New Done() makes it easier to do advanced routing

Done() makes it easier to do advanced routing New pcre_quote() makes it possible to use regex on user input

pcre_quote() makes it possible to use regex on user input New Preview on PKI page

Preview on PKI page New Review & save in plain-text editor

Review & save in plain-text editor Imp http() function may skip SSL/TLS verification with ssl_verify_peer = false

http() function may skip SSL/TLS verification with ssl_verify_peer = false Imp Performance improvements in HSL's file handling

Performance improvements in HSL's file handling Imp Updated third-party libraries

Updated third-party libraries Imp Easier to use CSV editor in web admin

Easier to use CSV editor in web admin Imp Add support for keep-alive and gzip/deflate encoding in SOAP API

Add support for keep-alive and gzip/deflate encoding in SOAP API Imp Support for QLogic NetXtreme II (bcm) network adapters

Support for QLogic NetXtreme II (bcm) network adapters Imp Fixed bug in "release duplicate" regarding delta files

Fixed bug in "release duplicate" regarding delta files Imp Fixed bug with creating a cluster over HTTPS

Fixed bug with creating a cluster over HTTPS Dep ScanSPF() in favor of spf()

ScanSPF() in favor of spf() Dep ScanSARules() in favor of ScanSA(["rules"=>true])

ScanSARules() in favor of ScanSA(["rules"=>true]) Dep Quarantine profile's trigger URL

Released on 2015-03-02

New VHD image runs on Microsoft Azure

VHD image runs on Microsoft Azure New DHCP addressing, default on Azure and GCE

DHCP addressing, default on Azure and GCE Imp Support hardware-assisted software RAID for many vendors such as Intel

Support hardware-assisted software RAID for many vendors such as Intel Imp Support for VirtIO (vtbd) and Xen (xbd) disks

Support for VirtIO (vtbd) and Xen (xbd) disks Imp Support for Intel 10Gb (igb) network adapters

Support for Intel 10Gb (igb) network adapters Imp Ctrl+A/E in web terminal

Ctrl+A/E in web terminal Bug Fixed regressions in web admin

Released on 2015-02-16

New Updated to FreeBSD 10.1

Updated to FreeBSD 10.1 New Added transparent proxy features The system_nonlocal_source setting enables SetSourceIP() to spoof source IPs XCLIENT support for external proxies

Added transparent proxy features New Added new features to the scripting language (HSL) SetMetaData() and GetMetaData() to pass data between DATA and queue scripts syslog() function unset() statement SetRecipient() in pre-delivery script $senderhelo in pre-delivery script $transfertime in post-delivery script $saslusername in queue (pre- and post-delivery) script Raw strings, like ''raw string'' Allow globalview() and dnsbl() to be executed from hsh

Added new features to the scripting language (HSL) New Extended search filters (HQL) syntax metadata.field= corresponding to SetMetaData() size= (message body) helo= (HELO/EHLO hostname)

Extended search filters (HQL) syntax Imp Web admin interface Refreshed with many improvements (in layout and functionality) The icons and images are vectorized (to support retina/HiDPI displays) Button to reset (RRD) graphs Custom score popup for Internet Explorer (which allows spam scores and refid to be copied)

Web admin interface Imp Added "msgsize" and "msghelo" to SOAP API

Added "msgsize" and "msghelo" to SOAP API Imp SMTP balancing uses uniform distribution of traffic

SMTP balancing uses uniform distribution of traffic Imp Support for QLogic 10Gb (bxe) network adapters

Support for QLogic 10Gb (bxe) network adapters Imp Searching text logs is a lot faster

Searching text logs is a lot faster Imp mail_queue_threads may now be raised

may now be raised Imp Updated 3rd-party components such as CYREN (8.0.110) and Kaspersky (3.8.0.4)

Updated 3rd-party components such as CYREN (8.0.110) and Kaspersky (3.8.0.4) Dep Built-in batv_*() is removed, use the HSL implementation

Built-in is removed, use the HSL implementation Dep Renamed "gmt0" to "utc" in SOAP API

Renamed "gmt0" to "utc" in SOAP API Dep $recipientdomains and $recipients in DATA context are now read-only

and in DATA context are now read-only Dep http() return empty results on non 2** responses

return empty results on non 2** responses Dep GetAddressList() returns empty list on parse errors instead of throwing an exception

returns empty list on parse errors instead of throwing an exception Dep Web admin's flow block "Add header" appends a new header instead of using SetHeader()

Web admin's flow block "Add header" appends a new header instead of using Dep GetID() is now removed, was deprecated in 3.0

is now removed, was deprecated in 3.0 Dep $directprocessing is now removed, was deprecated in 3.2

Released on 2014-12-23

Bug Stability fixes in mailscand

Stability fixes in Bug Fixes regression that caused some admin and clusterd requests to fail

Released on 2014-11-17

Imp SetSender() in pre-delivery (queue) script

SetSender() in pre-delivery (queue) script Imp LSI MegaRAID tool (mfiutil) available

LSI MegaRAID tool (mfiutil) available Imp hslCacheClear() SOAP API may clear a specific namespace/function

hslCacheClear() SOAP API may clear a specific namespace/function Imp Added SOAP API mailQueueRetryBulk() function

Added SOAP API mailQueueRetryBulk() function Imp Added 'duplicate' option to SOAP's queue function for cloning messages(s) from an archive

Added 'duplicate' option to SOAP's queue function for cloning messages(s) from an archive Imp Setting mail_log_size to zero will disable logging (even realtime)

Setting mail_log_size to zero will disable logging (even realtime) Imp Disable SSLv2 and SSLv3 on administration UI (and SOAP)

Disable SSLv2 and SSLv3 on administration UI (and SOAP) Imp Add custom headers to HSL mail() created messages

Add custom headers to HSL mail() created messages Imp pcre_replace() HSL function

pcre_replace() HSL function Imp Variable substitution with ${name}

Variable substitution with ${name} Bug 'Next retry' could be presented with the wrong timezone (didn't affect delivery)

'Next retry' could be presented with the wrong timezone (didn't affect delivery) Bug Memory usage could show erroneous on 64 bit platforms

Memory usage could show erroneous on 64 bit platforms Dep SOAP API mailQueueRetryAll() removed (reimplemented with mailQueueRetryBulk)

SOAP API mailQueueRetryAll() removed (reimplemented with mailQueueRetryBulk) Dep SOAP API devList() removed

Released on 2014-10-01

New Added LMTP support, useful for more efficient Dovecot delivery

Added LMTP support, useful for more efficient Dovecot delivery Imp retry=x in search filter, useful to show delayed messages

retry=x in search filter, useful to show delayed messages Imp Added "\r

\t" syntax in HSL strings

Added "\r

\t" syntax in HSL strings Imp Added HSL http() max-time timeout, also renamed connect_timeout

Added HSL http() max-time timeout, also renamed connect_timeout Imp Added the SMTP ping command

Added the SMTP ping command Imp Decouple antivird and clamd for more efficient RAM utilisation

Decouple antivird and clamd for more efficient RAM utilisation Imp New installations are 64-bit, with VMware "guest OS" set to "freebsd-64"

New installations are 64-bit, with VMware "guest OS" set to "freebsd-64" Imp Review before save on virtual text files and DLP pages

Review before save on virtual text files and DLP pages Imp New certificates are generated with SHA256

New certificates are generated with SHA256 Imp Faster clearing of rate limits (may interrupt garbage collection)

Faster clearing of rate limits (may interrupt garbage collection) Imp Faster connect() timeout in smtp_lookup_rcpt()

Faster connect() timeout in smtp_lookup_rcpt() Imp Lower connect() timeout to 30s (like Postfix)

Lower connect() timeout to 30s (like Postfix) Bug Problem when searching rates in web user interface

Problem when searching rates in web user interface Dep Undefined values in HSL was branched as true (not false)

Released on 2014-09-11

Sec Updated to FreeBSD 10.0-RELEASE-p8 which addresses new OpenSSL bugs

Updated to FreeBSD 10.0-RELEASE-p8 which addresses new OpenSSL bugs New Multiple "shadow" port support for mail listener, for better pool utilisation

Multiple "shadow" port support for mail listener, for better pool utilisation New Added SetHELO() function and $sourceip to pre-delivery script

Added function and to pre-delivery script Imp Global HSL variables are committed when calling a second function

Global HSL variables are committed when calling a second function Imp New chart for swap operations, as complement to swap usage chart

New chart for swap operations, as complement to swap usage chart Imp Updated Kaspersky anti-virus engine to 8.3

Updated Kaspersky anti-virus engine to 8.3 Imp Some search queries are maintained when browsing cluster nodes

Some search queries are maintained when browsing cluster nodes Imp Many 64-bit fixes in preparation for upcoming 64-bit release

Many 64-bit fixes in preparation for upcoming 64-bit release Imp Display Kaspersky virus base version in log on startup

Display Kaspersky virus base version in log on startup Bug Rate limit page support any valid UTF8 as namespace and entry

Rate limit page support any valid UTF8 as namespace and entry Imp Overall improvements throughout the system

Overall improvements throughout the system Bug Fixes NTP client regression

Fixes NTP client regression Bug Fixes VMware guest info regression

Fixes VMware guest info regression Bug Link aggregation fixes; omitted from cluster, and brings up all ports

Link aggregation fixes; omitted from cluster, and brings up all ports Bug Fixed cluster system update page's node link

Fixed cluster system update page's node link Bug Fixed cluster configuration override page with multiple fields per key

Fixed cluster configuration override page with multiple fields per key Dep Forbids ambiguous HSL concatenation of numbers

Released on 2014-08-20

New Implemented a pre-delivery (queue) script for dynamic transport behaviour

Implemented a pre-delivery (queue) script for dynamic transport behaviour New Added the log() function which can be used for things such as GeoIP lookup

Added the log() function which can be used for things such as GeoIP lookup New Added the timelocal() function to get time in local time

Added the timelocal() function to get time in local time New Link aggregation support

Link aggregation support Imp Support using system disk as storage on bare-metal installs, or if the virtual disk is grown

Support using system disk as storage on bare-metal installs, or if the virtual disk is grown Imp The post-delivery (transport) script is unified for all transport, on the flow page

The post-delivery (transport) script is unified for all transport, on the flow page Imp The GetHeaders() function can be used to fetch all headers as a multidimensional array

The GetHeaders() function can be used to fetch all headers as a multidimensional array Imp Allow multiple include of same file in HSL

Allow multiple include of same file in HSL Imp The post-delivery (transport) script executed for successful deliveries, useful for external logging

The post-delivery (transport) script executed for successful deliveries, useful for external logging Imp Added $actionid variable to DATA, queue and transport flows, for tracking of recipients, etc between flows

Added variable to DATA, queue and transport flows, for tracking of recipients, etc between flows Imp Loopback addresses configuration, useful for DSR load balancing

Loopback addresses configuration, useful for DSR load balancing Imp Change VLAN and link aggr. settings from console

Change VLAN and link aggr. settings from console Imp Updated FreeBSD packages to latest quarterly

Updated FreeBSD packages to latest quarterly Imp Auto-configuration on Google Compute Engine

Auto-configuration on Google Compute Engine Imp Many minor improvements

Many minor improvements Bug Changed SpamAssassin queue algorithm to decrease wait time

Changed SpamAssassin queue algorithm to decrease wait time Bug Issue when searching logs larger than 2 GiB fixed

Issue when searching logs larger than 2 GiB fixed Bug Issue where Kaspersky wrote files to /tmp fixed

Issue where Kaspersky wrote files to /tmp fixed Dep Disabled Bayesian by default

Released on 2014-06-18

Bug Resolved uncommon stability issue

Released on 2014-06-10

Sec Fix OpenSSL CVE-2014-0195, 2014-0221, 2014-0224 and 2014-3470

Fix OpenSSL CVE-2014-0195, 2014-0221, 2014-0224 and 2014-3470 New DiscardMailDataChanges() function, allowing different data changes for different CopyMail()s

DiscardMailDataChanges() function, allowing different data changes for different CopyMail()s New Support for variadic function syntax in HSL

Support for variadic function syntax in HSL New Added spread operator (argument unpacking) to HSL

Added spread operator (argument unpacking) to HSL Imp Added executable file (by file name, even in ZIP and other archives) blocking to antivirus block

Added executable file (by file name, even in ZIP and other archives) blocking to antivirus block Imp Performance improvements in ScanDLP for efficient file extension scanning

Performance improvements in ScanDLP for efficient file extension scanning Imp Encode headers as quoted-printable instead of Base64 for readability

Encode headers as quoted-printable instead of Base64 for readability Imp View ScanRPDAV (VOD) results in web admin's message tracking

View ScanRPDAV (VOD) results in web admin's message tracking Imp Improved virtual text file editor, with HSL code support (great for includes)

Improved virtual text file editor, with HSL code support (great for includes) Imp Removed deprecated browser-specific CSS3 options (Mozilla, Opera)

Removed deprecated browser-specific CSS3 options (Mozilla, Opera) Imp Enable auto-scroll on keypress in web terminal

Enable auto-scroll on keypress in web terminal Imp Many minor improvements

Released on 2014-05-23

New Added SetDelayedDeliver() function to HSL for extra queueing time before delivery

Added SetDelayedDeliver() function to HSL for extra queueing time before delivery New Added builtin and global control structures to HSL functions

Added builtin and global control structures to HSL functions New Added json_encode() function to HSL

Added json_encode() function to HSL Imp Added max depth option HSL's ScanDLP(), useful for file extension matching in archives, eg.

Added max depth option HSL's ScanDLP(), useful for file extension matching in archives, eg. Imp Added named match groups to HSL's PCRE functions

Added named match groups to HSL's PCRE functions Imp Adding filtering on retry and sender field to HSL's GetMailQueueMetric function

Adding filtering on retry and sender field to HSL's GetMailQueueMetric function Imp Updated SpamAssassin to 3.4.0

Updated SpamAssassin to 3.4.0 Imp Web terminal (command page) support pasting with Ctrl+V

Web terminal (command page) support pasting with Ctrl+V Imp Always prefer IPv6 when clustering with hostnames

Always prefer IPv6 when clustering with hostnames Imp Support RFC 2231 header parsing

Support RFC 2231 header parsing Imp Various web admin enhancements, such as links from quarantine page to tracking

Various web admin enhancements, such as links from quarantine page to tracking Imp Overall performance and reliability improved

Overall performance and reliability improved Bug Resolved issue where adding and removing headers with zero offset conflicted

Released on 2014-04-28

Dep Deprecated updateNetwork SOAP API function

Deprecated updateNetwork SOAP API function Dep Deprecated HSL's null coalescing operator

Deprecated HSL's null coalescing operator New Added default function arguments in HSL

Added default function arguments in HSL Imp HSL's header functions decode and refold by default

HSL's header functions decode and refold by default Imp Added msgqueueid to mailHistory API and historyid search filter

Added to mailHistory API and search filter Imp Overall performance and stability improved

Overall performance and stability improved Bug HSL's per_message cache now works in functions

HSL's cache now works in functions Bug Pressing back button in Firefox no longer reset forms

Released on 2014-04-08

Sec Patched OpenSSL "heartbleed" vulnerability (CVE-2014-0160)

Patched OpenSSL "heartbleed" vulnerability (CVE-2014-0160) Dep Deprecated BATV functions in favor of HSL implementation

Deprecated BATV functions in favor of HSL implementation New Introduced array slicing to HSL

Introduced array slicing to HSL Imp HSL's DeliverWithDKIM() function can load private key from variable, such as http() request

HSL's DeliverWithDKIM() function can load private key from variable, such as http() request Imp New HSL variable $tlsstarted in AUTH and RCPT flow

New HSL variable $tlsstarted in AUTH and RCPT flow Imp New HSL variables $messageid and $queueid in transport flow

New HSL variables $messageid and $queueid in transport flow Imp Message queue IDs (exposed as $queueid or via SOAP API) upgraded to 64-bit integer

Message queue IDs (exposed as $queueid or via SOAP API) upgraded to 64-bit integer Imp Improved http()'s POST data serialisation and added "response_headers" option

Improved http()'s POST data serialisation and added "response_headers" option Imp Added a gethostname() function to HSL

Added a gethostname() function to HSL Imp Many performance optimisations in HSL

Many performance optimisations in HSL Bug Fixed Firefox quirk with forms resetting when going back on page

Fixed Firefox quirk with forms resetting when going back on page Bug HSL's dnstxt() concatenate multiple strings with space

HSL's dnstxt() concatenate multiple strings with space Bug Clustered line charts now merge new legends from secondary results

Clustered line charts now merge new legends from secondary results Bug Display error message if unable to clear cluster's HSL cache

Released on 2014-03-10

New Extended the HSL scripting language GetMailQueueMetric() to implement usage quotas in queues json_decode(), is_string() and is_number() for making API calls, etc http() function now supports custom request method and headers %= and **= operators Switch statements validates that a switch is directly followed by a case or default label

Extended the HSL scripting language Imp Updated SOAP API configKeys() now takes "key" (filter) argument which is also exported in $soapargs[] configKeySet() allows partial updates (not all parameters needs to be specified) hslRate() and hslRateClear() exports "ns" and "entry" to $soapargs[] hslRate() and statList() now implements pagination and backend-side search/filtering mailQueue() and mailHistory() includes msgsasl for username and msgts0 for GMT timestamp mailQueue() and mailHistory() supports filtering on sasl=

Updated SOAP API Imp SASL username can be viewed on tracking page

SASL username can be viewed on tracking page Imp DSN messages now include original header "Undeliverable: This was the original header"

DSN messages now include original header "Undeliverable: This was the original header" Imp Support for Broadcom's bge NICs

Support for Broadcom's bge NICs Bug Web admin interface fixes Netcat (nc) command with custom port was not correctly documented Active HTTPS sessions may not be degraded to HTTP The authentication script test sandbox could produce the wrong output Some quarantine retention policies were kept for too long, affected users need to reselect their intended policy

Web admin interface fixes

Released on 2014-02-12

Bug Xen PVHVM network driver "xn" was not detected properly

Xen PVHVM network driver "xn" was not detected properly Bug The command API could return empty results under extremely rare circumstances

The command API could return empty results under extremely rare circumstances Bug The web admin's hardware page didn't list "ada" devices

Released on 2014-02-10

New Hyper-V para-virtualization; gigabit network, VLANs, SCSI disks, etc

Hyper-V para-virtualization; gigabit network, VLANs, SCSI disks, etc New Virtio (KVM) para-virtualization; improved network and disk performance

Virtio (KVM) para-virtualization; improved network and disk performance New VMware VMXNET3 support

VMware VMXNET3 support New Xen PVHVM support

Xen PVHVM support New Line graphs showing disk IOPS and latency

Line graphs showing disk IOPS and latency New Show message modifications when browsing queued or quarantined messages

Show message modifications when browsing queued or quarantined messages New The DATA flow registers $recipients and $recipentdomains

The DATA flow registers and New New HSL function abs()

New HSL function New Added tcpdump to API and web administration

Added to API and web administration Imp Based on FreeBSD 10 and compiled with clang

Based on FreeBSD 10 and compiled with clang Imp LDNS and Unbound as replacement for BIND (as resolver and DNS cache)

LDNS and Unbound as replacement for BIND (as resolver and DNS cache) Imp Automatically grow storage disk when resized in hypervisor

Automatically grow storage disk when resized in hypervisor Imp Overall throughput increased by careful profiling

Overall throughput increased by careful profiling Imp Large number of HSL scripting language optimisations, such as R-value optimisations Made str_replace() significantly faster Optimised augmented assignments Pre-compiled regular expressions

Large number of HSL scripting language optimisations, such as Imp More concise and helpful logging throughout the system

More concise and helpful logging throughout the system Imp Increased swap partition size to 2 GB

Increased swap partition size to 2 GB Imp Updated all 3rd-party components

Updated all 3rd-party components Imp Show warnings if no storage disk is found or configured

Show warnings if no storage disk is found or configured Imp Rebrand Commtouch as CYREN

Rebrand Commtouch as CYREN Imp Enable some SpamAssassin DNSBLs by default

Enable some SpamAssassin DNSBLs by default Imp Cache DKIM signature for all recipients

Cache DKIM signature for all recipients Imp Overall improvements

Overall improvements Bug DKIM DNS generator lacked _domainkey part

DKIM DNS generator lacked part Bug Under certain circumstances, the command API could fail

Under certain circumstances, the command API could fail Bug Reload flows when file store objects are changed

Reload flows when file store objects are changed Bug Fixed issue with pre-boot command line shutdown

Fixed issue with pre-boot command line shutdown Dep Deprecated the second argument to HSL's round() function

Deprecated the second argument to HSL's function Dep Deprecated the DATA flow's $result and $directprocessing predefined variables

Deprecated the DATA flow's and predefined variables Dep New (S)ATA storage disks are identified as "ada" instead of "ad"

New (S)ATA storage disks are identified as "ada" instead of "ad" Dep At least one DNS server is necessary; unbound is not configured to traverse from the DNS root

Released on 2014-01-16

Bug Prevent NTP reflection attacks

Released on 2013-12-20

Imp Refactoring for performance improvements

Refactoring for performance improvements Imp Warn about 32-bit hosts as preparation for 64-bit releases

Warn about 32-bit hosts as preparation for 64-bit releases Imp Estimates the number of mail tracking search results

Estimates the number of mail tracking search results Imp Changed various settings from byte to megabyte

Changed various settings from byte to megabyte Imp Overall web administration improvements

Overall web administration improvements Bug Unable to add cluster nodes with literal IPv6

Unable to add cluster nodes with literal IPv6 Bug Regression on graph page's rate counter

Released on 2013-11-21

New Clustered rated process for improved rate limiting

Clustered process for improved rate limiting New GetAddressList() function in DATA flow

GetAddressList() function in DATA flow New is_subdomain() HSL function

is_subdomain() HSL function Imp Support sub-domains i black/whitelists (.example.com)

Support sub-domains i black/whitelists (.example.com) Imp Search for transports on tracking page

Search for transports on tracking page Imp Web admin terminals now work in background tabs

Web admin terminals now work in background tabs Imp IPv6 cluster support

IPv6 cluster support Imp Always give a authentication failure reason in mailpolicyd

Always give a authentication failure reason in Bug Catch exception in video console for systems without serial number

Catch exception in video console for systems without serial number Bug Do not create sessions for unauthorized web admin clients

Released on 2013-10-29

Imp Improved mail queue/quarantine delivery performance

Improved mail queue/quarantine delivery performance Imp Significantly improved mail tracking performance

Significantly improved mail tracking performance Imp Support for more than two NTP servers

Support for more than two NTP servers Imp Returns to current page, when fixing TLS fingerprints

Returns to current page, when fixing TLS fingerprints Imp Warns about Cisco SMTP fixup which is known to cause issues

Warns about Cisco SMTP fixup which is known to cause issues Imp Shows inode usage on storage/hardware page

Shows inode usage on storage/hardware page Imp Other minor improvements

Other minor improvements Bug Detect scrolling more accurately when viewing logs

Detect scrolling more accurately when viewing logs Bug Windows users couldn't type @ in the terminal

Released on 2013-10-10

Imp Improved Bayesian performance using SDBM database

Improved Bayesian performance using SDBM database Imp Cluster overview page shows new software versions

Cluster overview page shows new software versions Bug Regression causing issues for users with ATA write cache enabled

Released on 2013-10-09

New Based on FreeBSD 9.2

Based on FreeBSD 9.2 New Support for KVM VirtIO networking

Support for KVM VirtIO networking New Create pie graph from rate() information with r()

Create pie graph from rate() information with r() New Buy licenses directly from within product

Buy licenses directly from within product Imp Improved rate control page (with thresholds)

Improved rate control page (with thresholds) Imp DLP engine inspects more archive formats

DLP engine inspects more archive formats Imp Download messages as ZIP instead of tar

Download messages as ZIP instead of tar Imp Restructured menu layout

Restructured menu layout Imp Script editor behaviour in Firefox and Internet Explorer

Script editor behaviour in Firefox and Internet Explorer Imp Overall performance improvements

Released on 2013-09-23

Imp Better user experience for Hyper-V deployments

Better user experience for Hyper-V deployments Imp Pages loads faster thanks to GZIP compression

Pages loads faster thanks to GZIP compression Imp Overall performance improvements

Overall performance improvements Bug Rebooting was required to effectuate some license changes

Released on 2013-09-09

New DMARC flow block and ScanDMARC function

DMARC flow block and ScanDMARC function Imp Convert white/blacklist input to lower case

Convert white/blacklist input to lower case Imp Optimized history/mail API (database API)

Optimized history/mail API (database API) Imp Optimized message logs extractions (from 4 minutes to ~0 seconds)

Optimized message logs extractions (from 4 minutes to ~0 seconds) Imp Improved charset detection (ICU)

Improved charset detection (ICU) Imp Improved escape sequence in VMware terminal (detach keyboard)

Improved escape sequence in VMware terminal (detach keyboard) Imp Search for scores and RPD ID in tracking

Search for scores and RPD ID in tracking Imp Improved SPF caching

Improved SPF caching Imp Updated Ace editor and Kaspersky anti-virus engine

Updated Ace editor and Kaspersky anti-virus engine Bug IE9 had problems with search on tracking page

IE9 had problems with search on tracking page Bug Searchlog didn't always find message logs (if incomplete log)

Searchlog didn't always find message logs (if incomplete log) Bug 7-zip couldn't open downloaded tar (message) archives

7-zip couldn't open downloaded tar (message) archives Bug Paging with a quarantine folder selected

Released on 2013-08-12

Imp SMTP client prefers "strongest" SASL method announced by server

SMTP client prefers "strongest" SASL method announced by server Bug Memory leak in the console UI

Released on 2013-08-09

Bug Initial vApp configuration imported multiple times

Initial vApp configuration imported multiple times Bug XML warning on non-VMware system's interface page

Released on 2013-08-07

New Network setup guide in OVF (VMware vCenter)

Network setup guide in OVF (VMware vCenter) Imp Create cluster with optional TLS

Create cluster with optional TLS Imp Test end-user API with from scripting page

Test end-user API with from scripting page Imp Added an extra certificate (pki:2) for SMTP

Added an extra certificate (pki:2) for SMTP Imp http() support HTTPS

http() support HTTPS Bug Clustering with SSL certificate chains

Released on 2013-07-24

New Black/whitelist module for end-user interface

Black/whitelist module for end-user interface Imp Full-text search in subject lines

Full-text search in subject lines Imp Clear search query on tracking page

Clear search query on tracking page Imp Return to referring page when editing profiles, etc

Return to referring page when editing profiles, etc Imp Export users per domain on license page

Export users per domain on license page Imp Prefer outbound CRAM-MD5 authentication method if supported

Prefer outbound CRAM-MD5 authentication method if supported Bug BATV interoperability improvements

Released on 2013-07-05

Imp Search filters are now case-insensitive for from/to/ip

Search filters are now case-insensitive for from/to/ip Imp Blacklist module in RCPT TO flow

Blacklist module in RCPT TO flow Imp Dragging/selecting an interval in a graph opens tracking

Dragging/selecting an interval in a graph opens tracking Imp Various improvements to the DLP engine

Various improvements to the DLP engine Imp Filter commandRun and fileRead arguments in authentication script

Filter commandRun and fileRead arguments in authentication script Imp Compare IP addresses with in_network() in white/blacklists blocks

Compare IP addresses with in_network() in white/blacklists blocks Imp Discard mailqueue's pre-fetched work queue when deleting messages

Released on 2013-06-25

New Complete overhaul of the product

Complete overhaul of the product Imp The SOAP API is completely changed

The SOAP API is completely changed Imp SNMP MIB is completely changed

SNMP MIB is completely changed Dep Quarantine is deprecated; moved from the system to a GitHub project

Released on 2013-02-21

Imp Microsoft Hyper-V legacy network driver support

Microsoft Hyper-V legacy network driver support Bug Some freshclam still couldn't download daily updates

Released on 2013-02-18

Bug ScanSA() could miscalculate the estimated queue wait time

ScanSA() could miscalculate the estimated queue wait time Bug Workaround for freshclam failing to update since ClamAV didn't create a daily diff

Released on 2012-10-15

Imp Overall improvements

Overall improvements Bug Resolved bug in recipient flow's blacklist module's script generation

Resolved bug in recipient flow's blacklist module's script generation Bug Resolved statistics bug that could create spikes during database failures

Resolved statistics bug that could create spikes during database failures Bug Resolved database issues generating warnings under rare circumstances

Resolved database issues generating warnings under rare circumstances Bug Cluster overview's reporting could fail to load

Released on 2012-10-09

New Based on FreeBSD 9

Based on FreeBSD 9 New ScanSA() got fair queueing, time estimation, size limit, etc

ScanSA() got fair queueing, time estimation, size limit, etc New Boot-time management via bootsysmgr

Boot-time management via bootsysmgr New TTL argument to IP Policy's Allow() and Block()

TTL argument to IP Policy's Allow() and Block() Imp Improved performance

Improved performance Imp Improved watchdog with better logging

Improved watchdog with better logging Imp Save RAM by only starting maildlpd if ScanDLP() is used

Save RAM by only starting maildlpd if ScanDLP() is used Imp In case of storage disk problems, boot without storage

In case of storage disk problems, boot without storage Imp Allow messages to be viewed instead of downloaded in quarantine

Allow messages to be viewed instead of downloaded in quarantine Imp GetDSN() and GetDSNHeader() to support text/rfc822-headers

GetDSN() and GetDSNHeader() to support text/rfc822-headers Imp DNS shuffling based on MessageID (always the same per message)

DNS shuffling based on MessageID (always the same per message) Imp Reboot/shutdown is significantly faster

Reboot/shutdown is significantly faster Bug Missing {FOOTER} replacement in WrapMessage

Missing {FOOTER} replacement in WrapMessage Dep The following SOAP API's has been removed: System_Reboot_Hard System_Shutdown_Hard System_Online_Status Management_SetStorageRecover Management_StorageRecoverStatus Management_SetStorageMigrate Mail_Domain_Report Config_Diff System_GetKey("system_config_revision") System_Command_Run_XXX (replaced with by System_Command_Run) Management_GetArguments' filter parameter

The following SOAP API's has been removed:

Released on 2012-09-07

Bug Regression in backend 's SOAP server

Released on 2012-09-04

New Deliver to an MX of a hostname using lookup-mx:hostname

Deliver to an MX of a hostname using lookup-mx:hostname Imp Configuration diff is coloured in red and green

Configuration diff is coloured in red and green Imp SPF module is moved to content flow in default configuration

SPF module is moved to content flow in default configuration Imp SOAP API's WSDL file moved to /remote/?wsdl

SOAP API's WSDL file moved to /remote/?wsdl Imp SOAP API deprecated key system_config_revision, use GetHistoryEntries

SOAP API deprecated key system_config_revision, use GetHistoryEntries Imp SOAP API deprecated Config_Diff

SOAP API deprecated Config_Diff Imp SOAP API's gSOAP updated

SOAP API's gSOAP updated Imp Disallow saving a configuration with no changes

Disallow saving a configuration with no changes Imp Web administration checkbox labels made clickable

Web administration checkbox labels made clickable Imp backend's watchdog report error codes

backend's watchdog report error codes Bug SPF couldn't verify IPv6 senders

SPF couldn't verify IPv6 senders Bug The configuration partition wasn't checked properly

The configuration partition wasn't checked properly Bug Monotonic time was not used for all timers

Monotonic time was not used for all timers Bug Visual bugs in web administration resolved

Released on 2012-07-18

Bug Fixes various spam assassin errors

Fixes various spam assassin errors Bug Fixes clustering page when clustering is not configured

Released on 2012-07-04

New Introduces pattern analysis rules from Halon

Introduces pattern analysis rules from Halon New Introduces valid bulk (RPD score 40) for non-spam

Introduces valid bulk (RPD score 40) for non-spam Imp Rate limits now summarized in cluster

Rate limits now summarized in cluster Imp Display of rate limits and licensed users loads faster

Display of rate limits and licensed users loads faster Imp Table elements' full content shown on mouse over

Table elements' full content shown on mouse over Imp Improved cluster navigation behavior

Improved cluster navigation behavior Imp Updated 3rd-party libraries

Updated 3rd-party libraries Imp Faster spam-assassin updates

Faster spam-assassin updates Imp Faster rendering of log files

Faster rendering of log files Bug IP policy charts was not available on overview page

IP policy charts was not available on overview page Bug Spam assassin error (introduces in previous release)

Spam assassin error (introduces in previous release) Bug Fixed MIME-decoding in quarantine

Released on 2012-06-08

New French translations

French translations Imp Pattern analysis' (SA's) score values are reported in Tracking/History

Pattern analysis' (SA's) score values are reported in Tracking/History Imp HSL's ScanSARules() can return score values

HSL's can return score values Imp HSL's Quarantine() has new reject and final action options

HSL's has new reject and final action options Bug Issue with HSL's Quarantine() $recipient resolved

Released on 2012-05-08

New Added tcpdump to CLI's Network > Diagnostic Tools (console/SSH)

Added to CLI's Network > Diagnostic Tools (console/SSH) Imp Commtouch reference IDs in web administration

Commtouch reference IDs in web administration Imp HSL's ScanRPD() can return reference ID

HSL's can return reference ID Imp Added server= and transport= to the Tracking's search filters

Added server= and transport= to the Tracking's search filters Imp HSL pcre_match improved, empty capture groups, etc.

HSL improved, empty capture groups, etc. Bug Web administration spelling

Released on 2012-03-22

New Mail tracking supports boolean search filters

Mail tracking supports boolean search filters New Mail tracking integrates history and queue

Mail tracking integrates history and queue New HSL pcre_match functions

HSL pcre_match functions New HSL Mail Content GetHeaders function

HSL Mail Content GetHeaders function Imp Cluster mail tracking displays scores, and more

Cluster mail tracking displays scores, and more Imp Jump between message tracking and logging seamlessly

Jump between message tracking and logging seamlessly Imp Jump between pages/tabs before loading completes

Jump between pages/tabs before loading completes Bug Issue with DSNs/NDRs displaying in Microsoft OWA resolved

Issue with DSNs/NDRs displaying in Microsoft OWA resolved Bug Issue with UDP when ARP tables changes resolved

Issue with UDP when ARP tables changes resolved Bug Web administration diagnostics issue resolved

Released on 2012-02-23

Imp Multi-line reject/defer messages

Multi-line reject/defer messages Imp Updated 3d-party modules (ctipd, ctengine, postfix, clamav, openldap)

Updated 3d-party modules (ctipd, ctengine, postfix, clamav, openldap) Imp Added user defined callback to cache[], using "ttl_function" argument

Added user defined callback to cache[], using "ttl_function" argument Imp Include SMTP transaction state in SMTP errors

Include SMTP transaction state in SMTP errors Imp Support for CA in LDAPs

Support for CA in LDAPs Bug Web admin could visually overflow if too many remote systems

Web admin could visually overflow if too many remote systems Bug Resolved rare bug with anti-virus engine

Resolved rare bug with anti-virus engine Bug Fix TLS warning on startup

Fix TLS warning on startup Bug Verify last fingerprint in SSL chain (consistently)

Verify last fingerprint in SSL chain (consistently) Bug Scri