MDaemon Server v18.5 Release Notes
MDaemon 18.5.2 - February 12, 2019
 Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit:
CHANGES AND NEW FEATURES
-  Webmail - Removed the "Click here to edit your signature" button by default (which
allows the signature to always be edited). To require the button in order to edit
the signature add ProtectSignature=Yes to the [User] section of the User.ini.
-  Updated to MDaemon Connector version 5.6.1
-  fix to Webmail - Missing attachment warning is not displayed when using non-ASCII
-  fix to MDRA - Domain admins cannot create the allowed number of mailing lists
-  fix to WorldClient theme - "New Email" is not translated in the compose
-  fix to Content Filter "Search and replace within HEADER" does not work
for header values that have leading whitespace
-  fix to MDRA - ActiveSync Assigned Policy screen does not default to
having the currently assigned policy selected
-  fix to Webmail - WebIM (XMPP) client's multi-user chat not working
-  fix to Webmail displays incorrect sizes for very large attachments
-  fix to Webmail - Accepting a recurring meeting invitation may only place the
first occurrence in the calendar
-  fix to hijack detection account frozen notification says the cause was dynamic
-  fix to CalDAV - iOS devices adding calendar events with no reminder have
a 22467964 minute reminder applied
-  fix to MDaemon's "Maximum simultaneous connections to any single IP"
setting does not work properly
-  fix to MDaemon.exe memory leak on Windows XP and Server 2003
-  fix to LetsEncrypt script may return an error when running under an external
-  fix to read-only iOS ActiveSync user can decline another user's meeting request
within their shared calendar
-  fix to Webmail - XSS vulnerabilities
-  fix to MX lookups performed on smart host name when a route slip is used
-  fix to route slip is not moved along with message file when quarantined
-  fix to MDaemon fails to validate remote SMTP server's certificate when MX
cache file is used
-  fix to Webmail - When removing an event via a cancellation e-mail, the calendar
event is not removed
MDaemon 18.5.1 - November 13, 2018
CHANGES AND NEW FEATURES
-  The AV update schedule now defaults to once every hour. Existing AV schedules
set to update daily will be reset to hourly. Please check your AV schedule at Setup |
Event Scheduling and make whatever changes you feel necessary.
-  The options to refuse messages that are not RFC compliant or incompatible with
DMARC do additional checks for invalid syntax in the From header.
-  Added support for a $COMPANYNAME$ macro that can be used in the MDaemon Connector
pushed settings which returns the value of the CompanyName setting in the section for the
user's domain in \MDaemon\App\Domains.dat. There is no UI for this setting.
-  Settings for the XMPP BOSH server have been added to the UI at Setup | Web & IM
Services | XMPP.
-  Webmail - Changed the view snoozed messages option to display only
snoozed messages, instead of displaying snoozed messages in addition to other
-  MDRA - Added "Enable password recovery" and "Enable Remember Me" options
to the Webmail domain settings at Main | Domain Manager | %DOMAIN% | Edit |
Webmail Settings, and added "Enable password recovery" to Main | Webmail
Settings | Settings.
-  MDRA - Added the Full Wipe button on the ActiveSync Clients page. The
button is only enabled when the device has agreed to the designated policy.
-  MDRA - Added the Policy Usage page when clicking on the Usage button at
Mobile Devices | ActiveSync | Policy Manager.
-  Webmail - Added a status message when the user clicks "Apply
Changes" on the Signatures page and the request to the server completes.
-  AntiVirus - Updated Cyren AV to version 6.2.0r2. This version
fixes a few reported scanning errors.
-  fix to LetsEncrypt error emails not being sent when specific errors occur
-  fix to IMAP server does not return failure when AUTHENTICATE PLAIN authorization
-  fix to MDRA - a global or domain administrator can delete their own account
-  fix to Spam Filter max size setting is disabled in the GUI when using a remote
-  fix to Webmail - a long "cke_protected" line may be added to messages
when replying in IE and Firefox
-  fix to Webmail Mobile theme - cannot scroll left to right on HTML emails on
-  fix to MDRA - unable to add entries to the Spam Filter White and Black
-  fix to MDRA - non ASCII characters in mailing list member names are not displayed
-  fix to "Authenticated SMTP sessions are exempt from OP processing"
option does not work
-  fix to Webmail - compose toolbar tooltips are not translated
-  fix to HTML markup in account signatures is escaped when inserted into
-  fix to Webmail LookOut theme - hang while loading on IE 8 and IE 9
-  fix to reminder message is still sent after a calendar event's reminder is
-  fix to ActiveSync XML/WBXML archiving does not function correctly
-  fix to clamd.exe is started even if ClamAV is disabled when MDaemon runs the
first time after installing
-  fix to Webmail - non-ASCII characters in full name of meeting organizer are
corrupted when creating an event in a shared calendar folder
-  fix to ActiveSync RequireAdminApproval not enforced when assigned at User Level
-  fix to Webmail - Autocomplete returns an old distribution list found in
the common contacts list
-  fix to Webmail - meeting organizer is not able to edit attendees when creating
a meeting in a shared calendar folder
-  fix to WorldClient theme - selecting messages and clicking "more"
then "Toggle Flag" does nothing
-  fix to the "credentials must match" white list is not checked for
the return path address
-  fix to MDRA - registration links are hard coded. Added dynamic Pricing,
Purchase, and Upgrade links to each product.
-  fix to DKIM verification fails when using a domain or default signature that
contains an inline image
-  fix to outbound message restrictions may not be enforced when sending from
-  fix to SPF failure on HELO value can reject the connection before the client
-  fix to ActiveSync MaxClientsPerUser not being enforced correctly at all levels
-  fix to Content Filter "If RETURN-PATH and FROM HEADER differ" condition
only works on inbound email
-  fix to MD GUI's Queues list includes Bayesian Spam and non-Spam folders when
the paths have not been set
-  fix to MD GUI may crash when disabling the Enable XMPP Server option
-  fix to message body may be stripped when using a signature with inline image
and DKIM signing is enabled
-  fix to From Header Modification not always handling parsing correctly
-  fix to MDIM contact list expand/collapse buttons do not work properly
-  fix to Webmail error importing particular calendar CSV file
-  fix to archive copy of a message may be sent to a recipient when using a smart host
-  fix to incorrect MIME parsing causing message to not display in Webmail or
-  fix to signature images added using the $ATTACH_INLINE$ macro may be duplicated
-  fix to MDIM notifies about all online XMPP contacts when logging in
-  fix to MDIM window pops up after switching away from General Preferences
-  fix to MDIM window does not save its size or location
-  fix to corrupted non-ASCII characters in MDPGP public key creation emails
-  fix to Webmail may not show a paperclip for a message with a PDF attachment
-  fix to XMPP server is slow to send the roster presence after login
-  fix to duplicate public contact may be created when changing an account's domain
-  fix to gateway recipient verification is skipped if sender is noreply@domain
-  fix to Webmail - XMPP - client translations are missing for most
-  fix to error when attempting to download an MDPGP public key via HTTP
MDaemon 18.5.0 - September 25, 2018
 BlackBerry Internet Service feature integration has been deprecated and removed.
The BIS service (if it still exists) will now interact with MDaemon as it would any other
 WAB functionality has been deprecated and removed from Ctrl+U|Other.
MAJOR NEW FEATURES
 MDaemon Instant Messaging in Webmail
The WorldClient and LookOut themes now feature a browser-based XMPP client that lets users
instant message without needing to run the MDaemon Instant Messenger desktop application or
some other XMPP client application. Users can enable it from Webmail's Options | Personalize
screen, "Enable MDaemon's Instant Messaging feature in browser". Admins can enable or
disable instant messaging per domain using the Domain Manager, per account using the Account
Editor, or per group using the Group Manager. It operates on ports 7070 (HTTP) and 7443 (HTTPS).
 Exempt Webmail from Location Screening
Added a user option in Webmail to exempt Two Factor Authentication logins
from Location Screening. If a user has BypassLocationScreeningTFA=Yes in the
[User] section of their User.ini file, and Two Factor Auth is enabled for the
user, Location Screening is bypassed. This allows users to login to Webmail in
countries that would normally be blocked by Location Screening.
 Improved AD Integration
Users whose accounts are set to use AD authentication can now change their AD
password in Webmail if the "AllowADPasswordChange" setting is enabled in
\MDaemon\WorldClient\Domains.ini. It is disabled by default.
 Signature Macros
MDaemon signatures now support macros that insert contact information from the sender's
contact in its domain's Public Contacts folder. This allows default and domain signatures
to be personalized with the sender's information. $CONTACTFULLNAME$, for example, inserts
the sender's full name, and $CONTACTEMAILADDRESS$ inserts the sender's email address. Use
Webmail, MDaemon Connector, or ActiveSync to edit the public contacts. Blank values are
used if no contact exists for the sender. See the documentation for a full list of
The placement of MDaemon signatures can now also be controlled, if the sender wants them
somewhere other than the bottom of the message. Use $SYSTEMSIGNATURE$ to place the
default/domain signature, and $ACCOUNTSIGNATURE$ to place the account signature.
CHANGES AND NEW FEATURESS
-  ActiveSync: Enforcing the EAS spec so that full wipe of clients is only
possible if a policy has been applied.
-  Report Weak Password feature now reports an error if invalid or non-local
recipient is entered.
-  Errant AV definition count removed from UI and auto-generated emails.
This information is no longer available/relevant.
-  Added ActiveSync to the Accounts section in the left pane of the MDaemon GUI.
-  Low disk space calculations updated for large drives and auto generated
warning emails use MB now rather than bytes.
- (MDPC ONLY)  MDRA - Added ability for domain admins to export users
-  MDRA - Added mail list views (except List Administrators) for list
-  Webmail - Added options in the Compose and Options | Compose views
to toggle the direction of the editor.
-  Webmail - Added ability for remembering the collapsed state between
sessions for Favorite, Saved Search, Personal, Shared, Public, and My Folders.
- (MDPC ONLY)  MDRA - Added ability for Domain admins to give users access
to MDaemon Connector
-  MDRA - Added a completed action notification to the bottom of the page
when the user saves or takes an action on a page
-  MDRA - Added the rest of the Event Scheduling dialog for Mail Scheduling
-  Webmail - Added a plugin to the HTML editor that automatically converts
a pasted URL into a link
-  MDRA - Added options to set custom HTTP response headers for the built
in Webserver that WC and RA run on. Main->Webmail Settings->Web Server and
Main->Remote Admin Settings->Settings. The option to UseHttpStrictTransport
security is migrated when the server starts.
-  Webmail - Added an option to edit a contact after it is added from the
From header in the message preview and external message views
-  Webmail - Added the Days selection checkboxes to the Options |
-  Webmail - Added the ability to import an external calendar via URL on
the Calendar Import view. Added External Calendars view to manage added URLs.
-  MDRA - Added MultiPOP-retrieved messages to all inbound charts
-  WorldClient theme - Added an "urgent" indicator in front of the subject
heading on the compose view when a message is marked urgent
-  MDaemon can be configured to not create POP lock files, which prevent multiple
POP3 clients from accessing the same account at the same time, by editing MDaemon.ini
and setting [Special] CreatePOPLockFiles=No.
-  The Account Manager right-click menu has a new "Move Mail" option which
lets you select a new root path for the account folder structure (ie.. this
means you can replace the default C:\MDaemon\Users\ with an alternative).
Selected accounts will have their entire folder structure moved to the new
location. This includes all emails, folders, calendars, and really all
data for the account. Although you select the new root folder MDaemon will
automatically append "$DOMAIN$\$MAILBOX$\" to it so that the resulting filtered
mail folder paths stay properly separated. Keep the number of characters
in the root path as few as possible because there is still a 90 character limit
on the total length of the account mail directory field. The "New
Accounts" template's default mail folder path is also updated with this new
value. This operation can be used to easily migrate user data from one volume to
another either all at once or in blocks of users at different times. Pay
heed to warning screens. This operations moves and deletes your user's critical
data and there is always a potential for a mistake or failure to cause the
entire loss of it. Therefore make a backup of the user data before migrating.
This is easy by copying the existing root mail folder (C:\MDaemon\Users\ by
default) somewhere else manually (Windows Explorer).
-  Webmail - Added the ability to change the categories on a per
occurrence basis for calendar events.
-  Webmail - Added an option that allows a saved search to be cancelled
upon selecting a different message folder.
-  Webmail - Added an HTTP JSON API with full documentation located at
-  Webmail - Signature text in the compose editor now starts out read-only, to
prevent users from accidentally typing message text there and having it erased when
switching the From address.
-  MDRA - Frozen accounts are no longer allowed to login.
-  MDRA - Added Release and Re-Queue buttons to the Quarantine Queue
-  MDRA - Updated FusionCharts to 3.12.2
-  MDRA and Webmail - Updated CKEditor to 4.9.2 and added Speech
-  MDRA - Added "Importing Members" status indicator
-  MDRA - Added "Importing User Accounts" status indicator
-  MDRA - Added button to restrict MD folder access to Admins, Backup
Operators, and SYSTEM accounts at Setup | Preferences | Disk
-  The ATRN password field was moved from the Settings page to the Dequeue page
within the Gateway Editor and the ATRN field will not enable without a password.
-  MDRA - Added more Recommended Settings buttons to the following views:
- Security | Screening | Hijack Detection, Location Screening
- Security | Dynamic Screening | Options / Customize, Dynamic Whitelist,
- Security | Content Filter | Attachments, Notifications, Recipients, Compression
- Spam Filter | Spam Filter | Spam Daemon (MDSpamD)
- Spam Filter | Spam Honeypots
- Logs | Log Settings | Log Mode, Statistics Log, Windows Event Log, Maintenance,
Settings, Remote Admin Log Settings
-  MDRA - When deleting a message in the Queues the next message is
selected in the list
-  MDRA - When a log is filtered a user can click on a line and it will
open a frame to the page where that line is located, scroll to that line in the
log, and highlight the line.
-  MDRA - Added button in the log viewer to turn on AutoRefresh. The
setting for the auto refresh interval is located at Logs | Log Settings | Remote
Admin Log Settings and the value has a minium of 5 with a maximum of 9999 in
-  MDRA - Added sorting to the ActiveSync Devices list under Mobile Devices
| ActiveSync | Domains | Manage Devices. Sorting column and direction persist
between sessions in the same browser (saved to browser storage).
-  MDRA - Added ability to monitor, start, and stop SMTP, IMAP, POP3, and
MultiPOP services to Main | Status
-  MDRA - Added the 'Remove contacts which are missing name or phone data'
button to Spam Filter | Spam Filter | Whitelist (auto) page
-  MDRA - Added the Restore Queues page at Setup | Mail Queues/DSN | Restore
-  MDRA - Added avupdate.log to the log files list at Logs | Log Files.
-  Changed installer to only overwrite Cyren AV definitions if older or missing
-  Webmail - Added the ability to remove a contact from the common contacts
list when selecting a contact from the autocomplete list by using the "Delete"
key (in Windows) on the selected contact.
-  WorldClient theme - Made MDaemon PGP encryption options more visible to
-  MDRA - Added ability to assign/edit policy settings per account at
Mobile Devices | Active Sync | Account Management
-  MDRA - Added "Revoke All Accounts" button at Mobile Devices | Active
Sync | Account Management
-  MDRA - Added the Client Management page at Mobile Devices | Active Sync
| Client Management
-  MDRA - Added option to "Enable all domains unless explicitly disabled"
at Mobile Devices | Active Sync | Domain Management
-  MDRA - Added "Day of month reset bandwidth statistics" option at Mobile
Devices | Active Sync | Client Management | Select a client and click "Client
-  MDRA - Added "Enforce protocol restrictions" option at Mobile Devices |
Active Sync | Client Settings | Edit an item in the list to view the client
-  MDRA - Added more options to the Mobile Devices | Active Sync |
-  MDRA - Added the "Create Tasks/Reminders for Flagged Mail Items" option
at Mobile Devices | Active Sync | Client Settings | Edit an item in the list to
view the client settings.
-  Updated to MDaemon Connector version 5.6.0
-  MDRA - Added a session cookie to increase the session security
-  CalDAV and WebDAV now support the creation and deletion of calendar,
task, and contact folders from clients that support the MKCalendar and MKCol
-  CalDAV server now stores the calendar color property and returns it to
other CalDAV clients. At this time CalDAV calendar colors are not synchronized
-  Added support for the SASL-IR IMAP extension (RFC 4959).
-  Added IPv6 support to the XMPP server. Requires Vista/Server 2008 or newer.
-  fix to Webmail - Folder ACL editor corrupts non-ASCII characters in Hiwater.mrk
-  fix to MDRA - When you create a new mailing list with a group as a
member, a notification is sent to the actual "GROUP" entry
-  fix to LookOut theme - User Permissions for shared folder not displayed
-  fix to Mobile theme - Events are not loaded in the calendar view when
switching months or years
-  fix to MDRA - "To address is missing" appears in "send note"
content filter rules created by MDRA
-  fix to Webmail - In certain instances, a recipient's Display Name will
be sent in punycode
-  fix to MDRA - Unable to add Dynamic Screening blacklist entry to an
-  fix to whitelist@ and blacklist@ message parser ignoring \"From\" data when
split to multiple lines
-  fix to pfdata.dat file not updating when renaming a public folder via the GUI
-  fix to mail folders are not moved during domain rename operation
-  fix to errant data in email sent when accounts are frozen by hijack detection
-  fix to possible crash when closing Mailing List Manager
-  fix to MDRA - Up/Down arrows don't move content filter rules
-  fix to MDRA - Domain Admins cannot apply the password options in an
-  fix to MDRA - Added the De-list button to the Account Manager page
-  fix to Webmail - When the Edit IMAP Filters option is disabled, the Add
Filter option is available
-  fix to Webmail - Forwarding mail in the Edge browser causes message body
-  fix to MDRA - excess whitespace on DS White and BlackList dialogs in Firefox
-  fix to MDRA - DS notification address can be saved without entering an
-  fix to MDRA - DS system options visible on Protocols dialog
-  fix to MDRA - Dynamic Screening Options lists an "Always" log level
-  fix to MDRA - When moving a user from one domain to another, MDaemon
Connector permissions don't migrate
-  fix to MDRA - IMAP public folder extension is case sensitive
-  fix to MDRA - Going from ActiveSync Client Settings to Mailing Lists in
the pop-out account editor results in mailing lists without a side menu
-  fix to MDRA - Alias selection does not remain highlighted when moving
-  fix to MDRA - Cannot select default DKIM selector without selecting
-  fix to MDRA - Have to select No and then Yes to be able to save in
-  fix to MDRA - Exit Code condition in Content Filter allows non-number
entry, saves as NaN
-  fix to MDRA - The 'default notification address' field in the Dynamic
Screen feature does not support external addresses
-  fix to MDRA - German account creation error is partial in English
-  fix to MDRA - the Log Parser is only parsing the Routing log file for
-  fix to MD_VerifyUserInfo() not returning MDDLLERR_INVALIDFWD when
account forwarding address field is not a valid email address
-  fix to Minger server refusing "noreply@" as invalid address when it
-  fix to Webmail may truncate To header when sending a message to many addresses
-  fix to Webmail - Opening non-ASCII attachment on the Compose window in IE causes a
-  fix to LookOut and WorldClient themes - opening Webmail using MDIM by
clicking on a folder other than Inbox, results in the clicked folder missing
from the list
-  fix to Webmail - Pasting print screen image when composing message in
Firefox using print screen button displays image twice
-  fix to MDRA - DomainPOP rules do not show up translated
-  fix to MDaemon Statistics Database fails to upgrade from version 17 to 18 and
causes a hang
-  fix to possible MDaemon crash when archiving is enabled
-  fix to MD does not fully evaluate SPF records with deeply nested includes
-  fix to WorldClient theme - Other Headers prompt is missing the OK button
-  fix to MDRA - A message forwarded to a local account is routed to Remote
queue when released
-  fix to MDRA - Unable to click the "Client Blacklisted/Whitelisted" boxes
-  fix to MDRA -"Replicate aliases to LDAP" in Alias settings is not
disabled when LDAP is not being used
-  fix to MDRA - Shared Folders page doesn't refresh after adding new
folder from Account Editor page
-  fix to MDRA - LAN Domains and LAN IPs are not listed
-  fix to MDRA - Invalid email address allowed at Main->Webmail
-  fix to MDRA - missing string for Bandwidth chart
-  fix to MDRA - Alert does not work when Accessing Subscriptions page
-  fix to MDRA - Creation of user doesn't auto populate in list
-  fix to Webmail - Meeting request attendee is able to add additional
attendees to the event
-  fix to LookOut and WorldClient themes - Compose attachments screen may
not list all documents
-  fix to several MDaemon whitelists do not support IPv6 addresses
-  fix to Webmail - Meeting invite attachments that are included in the
message instead of the ics file are not added to the meeting when accepted
-  fix to MDaemon Configuration Session is not updated with changes made in
Remote Administration to LAN Domains, LAN IPs, IP Shield, and Domain Sharing
-  fix to MDRA - The Webmail Settings screen in Remote Admin's Domain
Manager doesn't show the default values for most settings
-  fix to possible WorldClient.exe crash
-  fix to MDRA - Always allow connections from IP doesn't accept IPv6
address at Setup | Server Settings | Servers
-  fix to MDRA - Refuse messages larger than field can be set to negative
values at Setup | Server Settings | Servers
-  fix to recipient blacklist is not checked when a null reverse path is used
-  fix to non-ASCII characters in signatures may not appear in received messages
-  fix to accounts are able to access ActiveSync even though ActiveSync is
disabled for the domain if auto-provisioning is enabled. Note: You must also un-authorize
any existing users from the domain that have already been granted access.
-  fix to MDaemon Connector release notes are sent to admins even when it's not