IMail - Version 8.21 Release Notes

Answer/Solution: IMail Server Version 8.21 Release Notes

Important: If you are using a custom ODBC.dll file developed by a 3rd party vendor, contact the vendor for information about an updated ODBC.dll file for IMail Server. Failure to update the ODBC.dll file could result in a message being misdirected or users unable to access their accounts.

Description

IMail Server is an Internet standards based mail server system for Microsoft Windows 2000, Microsoft Windows 2003, and Microsoft Windows XP Professional. IMail Server consists of a series of programs that run as services on the Windows system, including:

• Simple Mail Transfer Protocol (SMTP) service for sending and receiving mail over the Internet or in an internal TCP/IP network.

• Post Office Protocol, version 3 (POP3) service to allow POP3 clients (such as Microsoft Outlook Client and Qualcomm Eudora) to download mail from the IMail Server.

• Internet Message Access Protocol, version 4 (IMAP4) service to allow IMAP4 clients (such as Netscape
Communicator and Microsoft Internet Explorer) to access mail on the IMail Server.

• Lightweight Directory Access Protocol (LDAP) Version 3 service for publishing user information in an LDAP
directory.

• A List server for creating and managing mailing lists.

Web Messaging lets users access their mail on the IMail Server system from any Web browser on the Internet. It also provides remote management capabilities for IMail administrators. Web Messaging can also display banner ads at the top of the Web Messaging mail screens.

Mail to Pager/Beeper lets you set up aliases on the IMail Server system that can receive mail from a mail client and forward it to preconfigured pager or beeper addresses.

New Features

• IMail now provides Secure Socket Layer (SSL) for POP, IMAP, and SMTP.
• IMail now uses Sender Policy Framework (SPF) to enable increased capability for administrators to stop incoming email from forged email addresses.
• IMail now does Attachment Blocking and lets administrators set options to block email attachments.
• IMail now does Broken MIME header filtering to identify Broken MIME header characteristics in SPAM email and lets administrators set actions to take on messages with broken MIME headers.
• IMail now provides enhanced collaboration through new Ipswitch WorkgroupShare features such as additional user permissions control, administrator settings for user controlled permissions, and Active Directory sync for groups.
• IMail now provides HTML Content filtering with a new feature to scan HTML and/or plain text for hyperlinks embedded in email messages.
• IMail now checks for deceptive URLs by decoding domain components in HTML messages.

Optional Enhancements

• IMail AntiVirus Premium
IMail AntiVirus Premium is fully integrated with IMail Server and is powered by Symantec CarrierScan Server, a high performance, scalable, reliable solution to protect against viruses.

• IMail AntiVirus Standard
IMail AntiVirus Standard is fully integrated with IMail Server and is powered by BitDefender(TM), a reliable solution to protect against viruses.

• IMail Premium Antispam
Premium Antispam filtering (optional in the ICS Premium Edition Suite only) provides additional automated spam protection to the Standard Antispam filtering included in IMail and ICS Standard Edition.

Installing/Upgrading

1. To begin the installation, do one of the following:

• If you purchased an ICS CD, insert the CD into the CD/DVD drive. If the CD does not automatically start the installation wizard, click the Windows Start button, select Run, then enter the CD/DVD drive letter followed by autorun.exe. For example, enter D:\autorun.exe.

• If you downloaded the IMail or ICS program from the Ipswitch Web site, double-click the downloaded file.

2. On the installation screen, select the components you want to install, then click Install. IMail or ICS installs each selected component. Follow the on-screen instructions.

Notes:

• If you are currently using an external user database with an earlier (pre-v7.0) version of IMail, you must add
a new set of required columns to the database table in which user information is stored. Please refer to the
"External Database Changes" entry in the Release Notes section of this document for details.
• If you are upgrading from a previous version of IMail, a conversion of the LDAP database will take place. This
conversion can take a lengthy amount of time depending on the number of domains to convert. The LDAP server is also left running after the conversion.

Uninstalling

1. Open the Add/Remove Programs applet in the Windows Control Panel.

2. Select the IMail or ICS Edition you want to uninstall.

Notes:

• Removing IMail Server using the Add/Remove Programs applet does not delete the IMail directory or the subdirectories and files it contains. To remove these, you must delete them manually.
• Everything is deleted in the Windows registry under HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail (but the Ipswitch key is not removed).
• Directories and files created by setup.exe are removed if they have not been modified. For example, if you have not added any users (and root never gets mail), the Users directory is removed. If these directories have been modified (i.e. the root or users accounts have received mail),you must remove them manually.

Web Messaging Notes for Upgraders

If you have customized templates that you want to continue using, you may refer to the list of modified and added files in order to upgrade your customized templates.

v8.2

The following template(s) were modified in this version:

• whitelist.html

Web Calendaring Notes for Upgraders

There were no updates to the Web Calendaring templates in this release.

Secure Sockets Layer (SSL) Notes

Check the following if you have trouble getting SSL to work:

• IWebMsg.ini should have EnableSSL=1 (ForceSSL=1 may or may not be there).

• IWebMsg.ini is in the proper windows directory (%WINDOWS%).

• After changing IWebMsg.ini, stop the service and restart it again to have changes recognized by the application.

• Select Allow Service to interact with Desktop to see if there is a dialog box from SSL.DLL like initialization failure because the certificate or key file is not found. If SSL.DLL initialization has failed, then the application will not continue.

• If the application is running but SSL is not working, EnableSSL is the only problem.

• SSL.CGI allows change from secure to non-secure mode. If SSL is disabled, then changeover from secure to non- secure is not allowed; hence SSL.CGI is not parsed.

• The private key file is protected using a password specified in SSL Configuration Utility. This password is required for decoding the key file while loading the SSL server. This password is stored in the registry and
automatically retrieved during the loading process of SSL Server. The registry path for IMail is usually SOFTWARE\Ipswitch\imail\ssl. The registry path must be correct; otherwise an error message is generated and the files will not be created.

Known Issues

• The IMail shortcuts are not always installed on traditional Chinese. They should be manually created in this case.

Release Notes

• The function of the 'Hide from Information Services' feature has changed. There is currently no way to hide information within an OpenLDAP database. When this option is applied, LDAP information for the user is deleted from the LDAP database and must be re-added if you want to show LDAP information for this user again.

• The X-IMail-Rule header can be disabled by adding the following registry key:

HEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Global\BlockRuleHdr

This should be a DWORD value and should be set to non-zero value to block this header from being created. This is a server wide setting and affects all domain and user rules on the server.

• External Database Changes:
IMail supports multiple database connections. Enabling this feature will improve performance when using an external database. This can be enabled by creating and setting two registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Global\UseMultiConnect
HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Global\MaxConnect

The first key, UseMultiConnect should be set to 1 to enable multiple database connections. The second key,
MaxConnect should be set to the maximum number of connections allowed, 10 is recommended.

When installing IMail v8.2 over any version earlier than 7.1 in which one or more hosts are configured to use an external user database, new columns must be added to the database tables. This is due to additional user-level data which must be stored for use with the new Web Messaging features and for Web Calendaring. These new columns must be added to the user table for each IMail host configured to use an external database.

Notes:

If a custom ODBC driver was used with an earlier version of IMail, the driver must be modified to accommodate the new columns. Source code for the basic ODBCUser.dll driver (tailored for SQL Server and Access) may be obtained by download from the IMail Support Center:

ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/odbcuser.dll

These database column additions must be made before installing IMail v8.2. Also, if a custom ODBC database driver will be used with IMail, it must be created and ready for use. New columns and their types are as follows:

IMail Server v7.1 New Columns

IMail Server v7.0 New Columns

For all existing user records, these columns should be set to the default values shown in the table above.

Please note that when all domains use the IMail and/or NT user databases, these changes do not apply. Also, when creating a new external database, these columns will be automatically generated as the table is created.

IMail Server v8.21

• Rolled up IMail v8.2 HF-1 and IMail v8.2 HF-2.
• SMTPD: Will now correctly start list server to send digest.
• STMPD: Fixed ability to restart queue manager on failure.
• SMTPD: Added server wide connection limit. Uses the following registry key to obtain the setting:
   path=SYSTEM\\CurrentControlSet\\Services\\SMTPD32\\Parameters\
   value=ServerMaxConnections
   type=DWORD
   default value=1000
• Import Utility: Updated utility to correctly update new columns in WGS database.
• Queue Manager: Add ability to copy previously orphaned files on startup after a queue manager failure.

IMail Server v8.2 HF-2

The following vulnerabilities were discovered by and resolved with the help of iDEFENSE, Inc. For more information, see http://idefense.com.

• IMAP4d32: Fixed crash when malicious LSUB encountered.
• IMAP4D32: Fixed crash when SELECTing mailbox name with close to 256 characters.
• IMAP4D32: Fixed crash when LOGIN userid was excessively long.
• IMAP4D32: Fixed crash when STATUS mailbox name was excessively long.
• SMTPD32: Fixed bug causing corruption of attached files.
• QUEUEMGR: Fixed bug causing log information to be saved to wrong file.
• Web Calendaring: Removed vulnerability whereby user could read server files using ....\ in GET.

IMail Server v8.2 HF-1

• SMTPD: Properly supports AUTH for external databases.
• SMTPD: Correctly delivers mail when user name contains a dash (-).
• SMTPD: Corrected Nobody alias to work when receiving mail to host alias.
• SMTPD: Corrected HELO command to log properly.
• SMTPD: Fixed case sensitivity issues for sending mail or authing to a host alias.
• SMTPD: Corrected authentication for MAC clients.

IMail Server v8.2

• Secure Socket Layer for POP.
• Secure Socket Layer for IMAP.
• Secure Socket Layer for SMTP.
• Logging for forwards, vacation messages, bounces (and other error delivery), and info manager messages is now being done with the ID of the new message provided.
• POP3 - Domain is now included in logoff entries written to log.
• POP3 - Logging now uses a new Session ID.
• SPF - IMail connection filtering will support the draft RFC for Sender Policy Framework to enable administrators more control in stopping incoming mail from forged addresses.
• Attachment Blocking - Attachment blocking will remove attachments based on attachment extension and MIME type.
• Major SMTPD Enhancements - SMTPD is now multi-threaded and has been re-designed for better performance and stability.
• SMTPD can now listen on all IP addresses or only those configured.
• Ability to block spam messages with bad/incorrect MIME headers and flag it as spam.
• Ability to detect hyperlinks in plain text emails and check them against the spam URL blacklist table.
• The authority of a deceptive hyperlink is now decoded.
• IMail no longer uses Winsock 1.1. All programs now use Winsock 2.
• IMail now supports Remote NT Host Authentication.
• eAladdin now used for licensing.
• SMTPD can now block connections after max invalid recipients reached.
• SMTPD will close a connection after the maximum number of invalid recipients have been reached. This is not turned on by default. To enable this behavior create or edit the following registry key:
Key: MaxInvalidRCPTsPerSession
Type: DWORD
Default: 0
Location: HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPD32\Parameters

If the this value is non-zero, it the server will close the connection if that number of invalid Recipients are received.
• Support for additional listen port in SMTPD The following keys will be added by the server and can be modified as desired by the administrator.
ExtraPort: DWORD, default 587
EnableExtraPort: DWORD, default 0 (both keys are in CurrentControlSet\Services\SMTPD\Parameters)
• Added registry setting to force auth on second port in SMTPD:
under ../services/SMTPD32/Parameters
Value Name: ForceAuthOnExtraPort
Value Type: DWORD
Default Value: 1

This value is installed at startup and set to one, if not present. When set to 1 the server will force clients connecting to this port to authenticate.

Commands that can be issued without authenticating are: HELO, EHLO, XHLO, AUTH, QUIT and STARTTLS.

The error sent, if any other command is sent, is: "530 user must authenticate on this port"

Users will need to set their mail clients to authenticate.

Note for Outlook SSL/TLS users: If you tell Outlook to use SSL and set the port to anything other than 25 it will attempt to do the SSL negotiation before sending the EHLO as if it was talking to a dedicated SSL port. This does NOT work on the Extra Port (587 by default per RFC 2476). Because the extra port acts as the open port does with regard to SSL, users must issue EHLO and then STARTTLS to go secure. Thunderbird can do this on port 587 because its configuration settings allow you to choose between SSL and TLS regardless of what port number is set. Bottom line is if a user is using Outlook and wants to use SSL they need to use port 25 or 465.

For more information

You can download User Guides and view other information on the Ipswitch Collaboration Suite Support Center at http://visit.ipswitch.com/ICSSptCtr

Note: You need Adobe Acrobat Reader to view .PDF files. You can download the Acrobat Reader from our Web site at: http://www.ipswitch.com/Support/utilities.html

Copyright

The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of that license.

Copyright © 1995-2005 by Ipswitch, Inc. All rights reserved. IMail, the IMail logo, WhatsUp, the WhatsUp logo, WS_FTP, the WS_FTP logos, Ipswitch Collaboration Suite, Ipswitch Collaboration logo, Ipswitch Instant Messaging, and the Ipswitch Instant Messaging logo, Ipswitch, and the Ipswitch logo are trademarks of Ipswitch, Inc. Other products or company names are or may be trademarks or registered trademarks and are the property of their respective companies.

No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transferred without the expressed prior written consent of Ipswitch, Inc.