MailEnable Professional Edition Release Notes Last Updated: 5th November 2008 Important: You should submit your email address and subscribe to the RSS feed to receive notification of product updates and hotfixes. Version 2.53: 5th November 2008 Fix: Updated Microsoft runtime to stop install files being put on root drive Fix: Some messages would cause AV check to fail Fix: SMTP service could duplicate inbound messages when large list emailed to Fix: IMAP could crash on retrieving certain messages Fix: Various other minor fixes Version 2.52: 13th March 2008 Kits updated to include the ME-10040 hotfix. If you have applied this hotfix, there is no need to upgrade. FIX: IMAP crashing - http://secunia.com/advisories/29277/ FIX: SMTP crashing - http://secunia.com/advisories/29300/ Version 2.51: 6th March 2008 FIX: SMTP could crash when resolving some domains FIX: SMTP could crash with W3C logging enabled FIX: Installer may incorrectly set webmail to wrong framework if no script maps detected in root IIS path for .Net FIX: New runtime DLLs could be installed into wrong path which stopped options working Version 2.50: 6th February 2008 ADD: Delivery notifications now include the subject in bounced message subject ADD: Updated runtime for more security ADD: Improved System Diagnostics FIX: Catch all was allowed to be the reply to address in administration program FIX: Autoresponder saved from admin was not chosing any mapped address as sender address if default email not set FIX: Reverse DNS not checked for smarthosted domains and catchalls when postoffice level is set FIX: SMTP AUTH LOGIN not working if blank space at end when client tries to authenticate FIX: Adding IPs as domain literals was not prompting for an SMTP restart FIX: IMAP Sevice may crash intermittently with null pointer exception if message contained incorrectly formatted date FIX: Scripted filter searching for multiple attachment extensions does not action anything after the first one in the list FIX: SPF error. A pass can turn into a fail if a redirect occurs in record FIX: IMAP EXPUNGE/CLOSE reponses are not handled properly by other connections FIX: IMAP not notifying other connections if the last connection was FETCH or STORE or SEARCH FIX: Sequence store in IMAP not notifying other connections FIX: Script checking in admin is requiring uppercase FilterResult FIX: POP Debug log was adding extra LOG FILE STARTED FIX: SMTP continues to scan for blocked URLs in messages when it detects one FIX: Scripted Filters may stop processing when placed under load FIX: URL blacklists under SMTP options was not marking messages as spam FIX: Removing a catch all when using a database for configuration store did not work FIX: Auto Responder may not always respond when set to one per day. Version 2.40: 17th October FIX: Display of mailbox quota in webmail may be inaccurate FIX: IP Address bindings for SMTP do not require postoffice binding to be enabled FIX: Some header formats could stop messages from being listed when using ASP web mail ADD: Postoffice list is sorted in the treeview now FIX: Renaming a filter could render it inoperative FIX: SMTP could leave a handle if outbound connections were failing FIX: IMAP wildcard search was not working (could cause new messages not to display on iPhone) FIX: IMAP service could fail to authenticate with CRAM-MD5 on slow connections FIX: IMAP SSL could fail to send messages when partial sends were used by the client of a certain size FIX: Postoffice purge in management service may not purge if using MySQL for configuration storage FIX: OL2007 may not appear to get new messages if using IMAP FIX: Account lockout could generate option file for mailboxes that did not exist FIX: Trying to forward empty messages in web mail could fail to forward the attachment FIX: Bayesian administration restricts the amount of spam/ham addresses now FIX: Messages which were just images would fail to be viewed in web mail FIX: SMTP was delaying 1 second between subsequent sends on the same inbound connection FIX: Attachments in webmail which have semi-colon in the filenames could fail to be downloaded FIX: Setting skins for sites could produce an "out of bounds" error in administration program FIX: Under load scripted filters could produce an exception and not run FIX: Autoresponder check to only respond once per day may not remember previous addresses FIX: Using directory entries created in admin mailbox properties window could show same Nickname in web mail for all entries FIX: Improved web mail viewing of HTML emails FIX: Setting public/private skins for virtual directories for web mail was only able to set Professional version web mail FIX: Connection dropping value in SMTP security settings would produce error if left blank FIX: PTR lookups for SMTP would fail when trying to resolve if first DNS server failed FIX: Removing catchall address in web administration could remove other address entries Version 2.39: Not Released in production, changes rolled into 2.40 Version 2.38: 2nd July IMP: MTA logs COM plugin events and failures IMP: IMAP service performance improvements when dealing with large mailboxes MOD: Web mail has been split into 3 code behind assemblies MOD: Web admin has been split into 3 code behind assemblies FIX: System Tray utility has been updated so as to not display erroneous update messages FIX: Admin program could generate "Out of stack space" error with lots of mailboxes FIX: Removing a catchall via the ASP.NET web admin could remove other addresses for the domain FIX: A global filter to add subject prefix was failing when blank subject was found FIX: List server was setting wrong Reply-To address if ME_MEMBER_EMAIL was used in an annotation FIX: Webmail was not decoding attachments under about 50 bytes long FIX: Installation and hardening server was assuming bad mail and config directories were in the default data location FIX: Hardening server was not setting permissions on log directories if they were changed from default install FIX: Messages with MIME boundaries are not decoded by Bayesian filter FIX: Bayesian was not always traversing MIME boundaries correctly FIX: Bayesian filter did not support base64 encoded messages FIX: Bayesian not ignoring HTML if HTML message was not quoted printable FIX: Bayesian incorrectly scored for multipart messages when content-type is not ended with a semicolon FIX: When installing Professional Edition or Enterprise Edition multiple default document specifiers could be registered for MailEnable Web Applications FIX: Webmail is may have issues generating creation of email time in header when using Thai language FIX: Systray menu does not autohide FIX: Systray icon is not being removed properly FIX: Percent wildcard LIST is ignoring first parameter for IMAP FIX: IMAP fetch command for TEXT not returning the correct tokens FIX: POP service could crash with TOP command under load FIX: When MTA updating message status through pickup/filter it could write status line twice and create duplicates Version 2.37: 14th February FIX: Access control list was allowing 127.* when needed to be 127.*.*.* FIX: Installer detects IIS 6 running in IIS 5 isolation mode and will adjust web.config file accordingly FIX: SMTP was timing out on some antispam gateways which trickled data to MailEnable on connection FIX: VRFY not returning anything for group expansion FIX: If Plesk control panel is installed then IME_ADMIN is given access to the ISAPI filters FIX: POP Retrieval not waiting for cr/lf at end of result lines which could corrupt messages being downloaded from some servers FIX: URL blacklisting done after message accepted to avoid message duplication if DNS took too long FIX: Bayesian Filtering Auto Training thresholds adjusted to better allow messages to be added to dictionary FIX: MailEnable was not responding correctly to 421 response code when sending messages FIX: Image attachments are not always being shown in message view/preview for some messages in webmail FIX: IMAP/webmail folder naming improved for extended characters FIX: ORDB removed from blacklist providers FIX: Improved support for autoresponders with foriegn character sets FIX: IMAP may not show correct receive date when domainkey data is contained in the header FIX: Javascript could be executed if a malicious link was clicked when logged into webmail using ASP webmail FIX: Javascript could be executed for messages received in webmail Version 2.351: 18th Dec 2006 FIX: This security update provides updated services for MailEnable Standard, Professional, and Enterprise Editions. FIX: The services have been updated to include additional checking/prevention against exploitation through any unforseen buffer overflow vulnerabilities. Version 2.35: 4th Dec 2006 FIX: Custom/Third Party mailbox delivery events may not fire when messages are delivered to mailboxes. FIX: Multiple IMAP vulnerabilities could be exploited by hacker sending malformed IMAP strings, causing the IMAP service to crash with buffer overflow condition. FIX: Improvements to Postoffice Connector Quota calculations Version 2.34: 29th Nov 2006 FIX: Some Thai regional settings may cause administration application to fail on load. FIX: .NET Webmail users may not be able to upload attachments. FIX: Multiple IMAP vulnerabilities could be exploited by authenticated user/hacker sending malformed IMAP strings, causing the IMAP service to crash. FIX: IMAP cache setting (See 2.33 release notes) is correctly handled when using a value of 4. Version 2.33: 27th Nov 2006 FIX: .NET WebAdmin allows logins with no password being specified (ME-10018) FIX: Potential Denial of Service Buffer Overflow Vulnerability (ME-10017) FIX: IMAP Extensions (such as NTLM authentication) are not enabled on upgrade FIX: IMAP Append header is not RFC correct (it is incorrectly formatted) FIX: Default option of Filter.bat specified as MTA event has been changed to be blank FIX: Some IMAP clients may not be able to set flags on messages (Read/UnRead) FIX: Renaming a folder to an existing folder name will remove the existing folder of the same name. FIX: IMAP command continuation does not work with some clients FIX: IMAP Command continuation will not work with SSL in IMAP FIX: Filtering critera for string pattern matching may give incorrect results FIX: MessageID header placed in list server notifications would omit local domain name FIX: Filtering may not match wildcard attachment strings FIX: The EDIT/DELETE features in .NET web mail for folders do not allow folder name change or deletion. FIX: SMTP bounce does not check for NDR and loops FIX: Some remote temporary SMTP responses may fail instead of delaying IMP: SMTP log improvements to make it clearer whether messages are being relayed FIX: Filtering on a FROM address is case sensative. FIX: User timezone is not used when javascript login bypassed FIX: URL Blacklisting does not check against the Whitelist to allow any whitelisted IP to send to the server. FIX: When a domain is disabled the mail is still delivered to the mailbox FIX: In IMAP cannot create a folder that proceeds with the word Public FIX: Calendering appointments to support extended characters FIX: Some 'foreign' charset messages not displaying correctly in webmail IMP: Quota notifications and general quota notification enumeration and checking is completed on disabled IMP: Advanced scripts no longer have alimit on the various criterias used in the script FIX: Unread counter in folder names does not update correctly; because of folder stats caching Version 2.32: 17th Oct 2006 (Minor Revision) FIX: ASP Version of Web Administration may not allow ADMIN users to login IMP: MMC now shows the Postoffice associated with outbound SMTP messages IMP: Secure Password Authentication (SPA) now processes NTLM V1 authentication (as well as Lan Manager authentication) Version 2.31: 12 Oct, 2006 (Minor Revision) FIX: WebMail Security Issue. An authenticated Web Mail user could maliciously read e-mail in another mailbox (issue related to both .NET and .ASP versions of Web Mail Version 2.3: 11 Oct, 2006 (Minor Revision) FIX: NTLM Vulnerability/denial of service issue FIX: Mailbox Quota were being enumerated on disabled mailboxes FIX: Contacts not showing Swedish charecters; message contents may not display correctly in swedish FIX: When linking to mailto: webmail doesn’t separate the address from the subject FIX: IMAP would not allow folders to be listed where they contained the string Public in the path name FIX: IMAP Service may incorrectly set some message flags FIX: Scripted Filters no longer require variable initialization FIX: Importing mailboxes from text file with set specific password was creating a random passwords FIX: Some servers would produce error message when trying to list websites in administration program FIX: Sending translation file to MailEnable in language migration utility would produce error dialog FIX: Blocking remote images in webmail was not blocking FIX: Possible "duplicate EHLO/HELO" errors when using AVG SMTP proxy FIX: Possible IP address mismatches under load when connections coming to both alternate and normal inbound ports FIX: Large SPF records from lookups could cause SMTP service to fail FIX: Appointments could not be made for non-current year in ASP.NET webmail FIX: Notification messages for appointment from webmail would not show date in ASP.NET webmail, only time FIX: Removing a mailbox would leave behind option file and configured filters for mailbox FIX: BinHex and UUEncoded attachments were not decoding in ASP.NET webmail FIX: "inline" attachments weren't able to be downloaded from the attachments page in webmail FIX: AUTH extensions could not be disabled for IMAP FIX: Add SPF header for unauthenticated senders checkbox removed from administration program as no longer used FIX: Creating custom DNS blacklist may fail if type drop down list not selected FIX: Setting a delivery event for a mailbox when using MySQL for configuration store may not work FIX: Creating a filter to detect whether attachment or attachment type exists could miss some MIME boundaries and incorrectly fire IMP: Performance improvements for MTA Message Filtering IMP: Allow us to application of CSS color scheme to the usage bar in the .NET WebMail IMP: Web mail display message window setting not visible with high number of message in view. IMP: Improved MTA filter logging IMP: Improved System Diagnostics IMP: METray utility lists the version of MailEnable installed IMP: METray lists the status of all MailEnable services IMP: Improved SMTP outbound activity reporting IMP: Improved detection and recovery for failed executions of custom MTA pickup events IMP: Right clicking on a message in SMTP outbound queue in administration program will allow you to track message history Version 2.2: 23 Aug, 2006 (Minor Revision) ** KNOWN ISSUES: Scripted filters require this line at top of script: MEResultData = "SCRIPT" IMP: Significant enhancements to message filtering both for scripted and standard filters IMP: Significant improvement to filter logging, allowing better diagnostics for filters/etc. FIX: NTLM modifications to accomodate unusual behaviour from VISTA client (potential to cause excessive SMTP auth requests/crash service) FIX: URL Blacklisting may not detect unusually formatted URLS Version 2.1.3: 16 Aug, 2006 (Revision) FIX: Build number incorrectly indicated 2.11 in some places rather than the then current release of 2.12 FIX: IMAP may not mark Public Folders as "Dirty" when messages are moved into folders, resulting in messages within Public Folders not always being viewable in IMAP clients FIX: METray utility reports correct Bayesian Ham and Spam dictionary counters (formerly it may only report incremental values) Version 2.1.2: 8 Aug, 2006 (Revision) ADD: METray utility will show number of items being added to Bayesian dictionary ADD: Allow attachments, Attachment Path, Default Attachment Path registry settings for MEMail component ADD: Add language option to Language migration utility IMP: Webmail timeout message modified to consider session state and implemented as floating DIV. IMP: Performance improvements to IMAP where clients issue multiple body part fetches (may cause high CPU) IMP: Upgraded to 4.X release of heavyweight pinedit software IMP: Improved .NET Platform diagnostics by Diagnostic Report IMP: Some email messages display faster in webmail IMP: Online help file updated FIX: .NET webmail does not add the IP address to the message command file FIX: When logging into web mail using German spell checker still checks message using English. FIX: .NET Webmail messages list fails display real names when name is not embraced by quotes. FIX: .NET Webmail may enter ? marks in random places in messages when using the lightweight text editor. FIX: Webmail may not display messages with Quoted Printable encoding where they contain extended characters in the body FIX: Logging off webmail goes to German language (caused by cookie security issue) FIX: Initial messages delivered to postoffice connector may not always exceed mailbox quotas FIX: IMAP SEARCH comand may not always return valid date search results FIX: FindFirst/Next when using API for address map would FIX: Not all attachment extension types were being blocked by filter criteria FIX: Log analyser would not find log files if Activity and Debug were not in same path FIX: Initial delay notifications were not waiting for the full time period set in SMTP options FIX: EOF character in message header could stop filters from finding header items FIX: Filter criteria for file size could return a match incorrectly FIX: Removing a host header for web mail and web admin was not removing entries from config files FIX: ISO-8859 characterset in web mail should be ISO-8859-9 FIX: IMAP was not displaying folders with . in name FIX: Messages sent from webmail did not record sender IP in command file so filters could not match FIX: SMTP service could crash on some invalid command files in queues Version 2.1.1: 21 Jun, 2006 (Revision) FIX: All issues published in Advisary SA20556 (outstanding issue 5 inclusive). FIX: .NET WebAdmin logoff button would not function when using host header configuration FIX: Corrupt messages directly or programatically inserted into MailEnable Queues could cause list connnector exception IMP: POP Retrieval Log Files can be multi-selected through MMC Version 2.1: 20 Jun, 2006 (Revision) FIX: ASP WebAdmin URLs may not render correct skin path causing skins to not render in webadmin client FIX: Addresses all issues published in Advisary SA20556 with the exception of item 5 which will be addressed in subsequent update FIX: Incresed buffer size for SSL to ensure that package truncation does not occur (relates to SMTP, POP, IMAP services) FIX: WebMail: ListAttachments page no longer embeds user password FIX: IMAP SEARCH comand would not return valid date search results FIX: Autoresponder to reply once per day locked autorespond file FIX: Quota notification for sender only was not notifying sender FIX: IMAP notifications (message deletion, or new message arrivals, flag status) may be recieved by mailboxes that recently unsubscribed to relevant folders FIX: .NET webmail does not render e-mail links correctly when embedded in message content FIX: Creating new mailboxes in webadmin may display some system/non-translated tokens FIX: MEAdmin logout not rolling back to correct login URL when using Host Header configuration. IMP: Webmail folder now places special folders at top of folder list IMP: METray utility always reported webmail status as Unknown Version 2.09.4: 11 Jun, 2006 (Revision) FIX: ASP WebAdmin URLs may not render correct skin path causing skins to not render in webadmin client Version 2.09.3: 10 Jun, 2006 (Revision) FIX: Quotes around delivery/pickup event items were not recognised FIX: Security issues with webmail FIX: ASP WebMail URLs may not render correct skin path causing skins to not render in webmail client FIX: MEInstaller may not set the ASP.NET version for script maps when using the troubleshooting option for reconfiguring virtual directories Version 2.09.2: 05 Jun, 2006 (Revision) FIX: If sending to a group that has a disabled mailbox as a member, the bounce would include all recipients Version 2.09.1: 02 Jun, 2006 (Revision) FIX: Installer may incorrectly report MEInstaller not being found. Version 2.09: 31st May, 2006 (Revision) FIX: .NET WebMail correctly removes underscores from mime encoded subjects IMP: Added 'No Library' option for installing WebMail skins and dictionaries (means faster installation) IMP: MEInstaller allows the forced setting of ScriptMaps should you need to set the minumum for Virtual Directories Version 2.08: 29th May, 2006 (Revision) FIX: WebMail/WebAdmin tabs may not work under some versions of firefox in some locale's/regional settings FIX: MEInstaller application may not set application pool identity on password change FIX: Web Administration may report only a subset of the lists configured for a postoffice IMP: Speed improvements to .NET Web Mail and .NET Web Admin through removing some COM Interop dependancies IMP: Changing asp/webmail support will also change root sites IMP: Modifications to WebMail and WebAdmin to facilitate better integration with Plesk Control Panel Software Version 2.07: 24th May, 2006 (Revision) FIX: Search Function in Webmail will not work if folder indexing is enabled FIX: MEInstaller may produce an Object Not Found Error when installing Version 2.06: 23rd May, 2006 (Revision) FIX: HTTPS urls would not load images with .NET WebMail/WebAdmin FIX: .NET WebAdmin would not configure default site, skin and language settings based on host headers FIX: .NET Web Calendar would not load when using host header configuration FIX: .NET WebMail will correctly decode address aliases with escaped /" characters FIX: Professional Edition .NET WebMail may list Global Address List in Address Book IMP: IMAP is more efficient in processing partial fetch requests (resolves potential high CPU usage) IMP: .NET WebMail will correctly decode message subjects with multi-part charset encoding IMP: Diagnostic Report now reports MailEnable system errors from the Windows Event Log (entries like permissions issues, and database failures). Version 2.05: 17th May, 2006 (Revision) ADD: WebMail and WebAdmin can be provisioned under dedicated MailEnable Web Sites as host headers FIX: Javascript error was occuring in webmail when mailbox filter limit was reached FIX: "Foreign" charset bug fixes to message body and subject encoding FIX: Diagnostic Report attempts to diagnose ASP.NET platform issues and reviews all relevant IIS web sites and virtual directories. FIX: Web Mail Contact Import feature would fail to import some quoted items IMP: Ability to define all webadmin hosts as their host name under single web site IMP: Friendly name/Display Name is quoted printable encoded for appropriate charsets IMP: Additional ASP.NET environment settings are queried by Installer Version 2.04: 04th May, 2006 (Revision) FIX: New message notification would not be displayed in Internet Explorer Browser FIX: WebMail import contacts function may fail/raise exception when importing some contact files FIX: Messages generated with some charactersets would not render correctly in webmail client FIX: Some WebMail and WebAdmin multilingual pages would not render correct character set FIX: ADMIN users were granted SYSADMIN rights through .NET WebAdmin application FIX: MEInstaller utility was not setting Application Pool Identity when used to change IME_ADMIN/IME_USER passwords FIX: WebMail Address Book may fail/raise exception when dealing with some contact lists IMP: MailEnable Diagnostic Report now queries Event Log for MailEnable generated Errors or Events Version 2.03: 01st May, 2006 (Revision) ADD: .NET Webmail and WebAdmin can now run in Native 64 bit under 2003 X64 Operating Systems ADD: WebMail Debug Log can now be directed to Windows Event Log IMP: Rework of MEInstaller Utility to allow ASP.NET version to be specified for application sites IMP: Installation kit performs diagnostic check of ASP.NET platform configuration and ensures that MailEnable always uses the same version of the framework. FIX: Some encoded mime subjects could cause an exception when attempting to list messages FIX: List server could miss a recipient falling on a 300 recipient boundary FIX: Some SSL menu options were incorrectly being shown in Professional Edition FIX: Installation kit would disable RDNS Blacklisting on upgrade Version 2.02: 24th Apr, 2006 (Revision) FIX: WebMail and WebAdmin Application Pools are now always configured under Windows 2003 Formerly, Web Sites that were enabled with webmail may not function correctly (permissions errors) if the Application Pool was no set. FIX: Installer would incorrectly detect the presence of .NET V2 Framework IMP: Diagnostic report now detects whether ASP.NET has been configured under IIS ADD: The quota usage meter (which was formerly only in the Enteprise Webmail) has been added to the default .Net Webmail. Version 2.01: 23rd Apr, 2006 (Revision) IMP: .NET Webmail no longer requires the use of a virtual directory (ie: you can point an IIS web site at the Webmail ASPX root) IMP: X-MimeOLE header added to webmail generated messages (to prevent some spam filters diagnosing as spam). IMP: Improvements to HTML rendering of complex HTML messages in WebMail MOD: Pro webmail: New messages delivered to the mailbox are marked as bold to indicate that they are new messages. FIX: Using reply-all to some messages may cause exception in web client FIX: Bayesian filtering criteria not visible in Pro v2 FIX: Reverse dns blacklisting settings might not save FIX: .NET WebAdmin would raise an exception if using a language other than english FIX: Contact E-Mail Address may not show in Professional Edition WebMail FIX: Professional Edition webmail could contain system tokens instead of translated tokens. Version 2.0: 21st Apr, 2006 (Release)