Special Considerations
•Microsoft Internet Explorer is longer supported for accessing the Administration Console. Please use the latest version of Microsoft Edge, Firefox, Chrome, Safari, or a modern mobile browser.
New Features
Authenticated Received Chain (ARC)
ARC is an email authentication protocol that allows intermediate mail servers to digitally sign a message's authentication results. When a downstream mail server performs DMARC verification and detects that SPF or DKIM have failed (due to forwarding or mailing list modifications, for instance), it can review ARC results from a trusted server to determine whether to accept the message.
ARC verification can be configured under Security | Anti-Spoofing | DMARC Verification and is enabled by default. Trusted ARC Sealers are domains whose ARC results are trusted. ARC results from non-trusted domains will be ignored during DMARC verification.
ARC signing can be enabled under Security | Anti-Spoofing | DKIM Signing. Messages that are not from a local domain are eligible for ARC signing, and ARC signing uses the same selector as DKIM signing. ARC signing is disabled by default.
For more information on the ARC protocol, see: RFC 8617: The Authenticated Received Chain (ARC) Protocol.
Search Settings
There is now a "Search Settings" link on the title toolbar at the top of the page. This feature is useful for more easily locating any of the many settings and pages within SecurityGateway. Simply start typing words contained in the setting or page that you are looking for, and a list of links to those locations will be listed below. This feature is available to administrators and users, but excludes Secure Messaging recipients.
Improved DKIM selector management
Added support for shared/global selectors that can be used across multiple domains.
DKIM signing can now be globally enabled by selecting a shared/global selector as the default. This requires creating a DNS record pointing to the selector’s public key for each domain.
Introduced the ability to import and export selectors.
Location Data Enhancements
The country and continent of the sender's IP address are now stored in the database. These fields can be displayed as optional columns in the Message Log and used as search criteria when querying the Message Log.
New Reports introduced: Summary | Junk Email - Top Countries, Inbound Email | Top Countries, Anti-Spam | Top Countries
Location data can be utilized when creating Custom Dashboard Reports.
Added a "Quarantine Administrator" role.
This role allows a user to be configured to manage and optionally view messages in the user quarantine queue without being allowed to change any settings.
Additional Features and Changes
•Added connection IP address as an available column to Message Log.
•LetsEncrypt will change the HTTP host name and AlternateHostNames to use all lower case characters.
•Added an option to Custom Dashboard Reports to "Show the top X number of Y property"
•Added default values for Host Block list ("localhost", "friend", "user", "ylmf-pc", "-*", "*_*", "#.#.#.#", "*.invalid", "*/*", "*|*"). These hostnames are commonly associated with botnets.
•SPF Check Behavior Update: When the reverse-path (MAIL FROM) is null, the SPF check will now use the EHLO/HELO domain value for verification, provided it is a valid domain.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 10.0
New Features
•Added the ability to create custom charts/reports for the administrative Dashboard.
•CPU and memory counters have been added to the administrative Dashboard for the SecurityGateway, SpamAssassin, Ikarus AV, and ClamAV processes.
•QR Code Detection - SecurityGateway has a new Anti-Abuse option to provide protection from QR phishing (also called QRshing or Quishing). When SecurityGateway finds a QR code image attached to a message, the message can be refused, quarantined, or accepted but tagged with text and have its message score adjusted.
•The Select Certificate section of the Encryption page now includes a Configure Let's Encrypt button, which opens a new Let's Encrypt PowerShell Update page. This option allows you to automate a PowerShell script that downloads SSL certificates from Let's Encrypt. Let's Encrypt is a Certificate Authority that offers free certificates through an automated process. This process is designed to simplify the traditionally complex procedure of manual creation, validation, signing, installation, and renewal of certificates.
•Added support for Abusix Mail Intelligence (Security | Anti-Spam | Abusix), which is a curated suite of real-time DNS Blocklists. Abusix Mail Intelligence requires a valid subscription and usage key provided by Abusix.
Additional Features and Changes
•The Encryption page has a new option: Automatically detect and activate newer certificates. When this option is enabled, the system will perform a check during its nightly maintenance process. For each active certificate, it will check to see: if there's another certificate on the system that expires later, if it is for the same host name, and if it includes all alternative host names. If such a certificate exists, the system will automatically make it the active certificate. This feature is particularly useful when there's a scheduled task on the system that automatically updates the certificate, such as Let's Encrypt. This new option is enabled by default.
•A warning email is now sent to global administrators when an SSL certificate configured for use is about to expire.
•A Secure Message Recipient can use the Forgot Password link on the sign-in page, even if they have not completed the setup process. In this situation, the account setup invitation message will be resent.
•Added a new log file, "*-FailedAuth.log", which logs failed authentication attempts.
•Updated the default Attachments to Block list for new installations. A new action link, "Block recommended files" allows these extensions to be applied to upgraded installations.
•The Location Screening option "SMTP connections are accepted but authentication is blocked" is now per country instead of global. Blocking SMTP connections prevents your server from receiving mail from a country. Allowing SMTP connections with authentication disabled lets your server receive mail from a country while blocking brute force / dictionary attacks from them.
•ESMTP support for AUTH is not advertised when authentication is blocked by a country's Location Screening policy.
•Updated Acme-PS PowerShell module used by the Let's Encrypt PowerShell script to version 1.5.9.
•A domain's SMTP AUTH Password will now match any user of the domain when using the SMTP Authentication requirement that "Authentication credentials must match those of the email sender."
•There is a new User Option under Access Control to "Allow users to view message transcripts". If this option is disabled, only administrators will be able to view the transcript details for a message in their message log or quarantine. This option is enabled by default for upgrades, but disabled for new installations.
•The New/Edit Administrator page includes a new option: "Can view the source of domain user's messages". This option applies to messages that SecurityGateway has retained according to the Database Data Retention settings. Messages that are queued for delivery to a Domain Mail Server and messages that are quarantined are always retained. This option does not apply to archived messages.
•The SMTP Authentication page has a new option: "Do not allow authentication on the SMTP port". If enabled AUTH will not be offered in the EHLO response and will be treated as an unknown command if provided by the SMTP client. This setting is useful in configurations where all legitimate accounts are using the MSA or other port to submit authenticated mail. In such configurations the assumption is that any attempt to authenticate on the SMTP port must be from an attacker.
•Increased the default size of the "Message Information" (View Message) window.
•Updated ClamAV to version 1.0.6.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 9.5
Special Considerations
•Please review DNSBL and URIBL lists and scores after upgrading; extensive changes have been made to both features to support additional functionality.
•Renamed all occurrences of "whitelist" and "blacklist" to "Allowlist" and "Blocklist" respectively.
•Message Certification via Vouch by Reference (VBR) has been removed. There are no known active certification providers. The standard never reached widespread use and unfortunately is effectively dead.
New Features
MDaemon (XML API) User Verification Source
MDaemon (XML API) was added as a new type of user verification source. MDaemon's XML API provides a better alternative to Minger as it can authenticate accounts for which MDaemon has not stored a copy of the password using reversible encryption. It can also return all aliases for an account in a single call. NOTE: This option requires MDaemon version 23.0.2 or later.
WebAuthn Support for Passwordless Sign-in and Two Factor Authentication
SecurityGateway can now allow users to sign in utilizing the Web Authentication API (also known as WebAuthn), which gives them a secure, passwordless sign-in experience, by allowing them to use biometrics, USB security keys, Bluetooth, and more for authentication. It can also be used as an additional authentication method for Two Factor Authentication. Support for WebAuthn can be enabled/disabled from the User Options page. Users can register their passwordless sign-in credentials on the My Account » Settings page and their Two Factor Authentication devices on the My Account » Two Factor Authentication page. See: webauthn.guide for more information on WebAuthn and how it works.
Spamhaus Data Query Service (DQS)
Added support for the Data Query Service (DQS), which is a set of DNSBLs, updated in real-time and operated by Spamhaus Technology in order to block over 99% of email-borne threats. DQS requires a valid subscription and usage key provided by Spamhaus Technology.
Additional Features and Changes
•Added options on their respective pages to export the message log, user quarantine, admin quarantine, and message queue lists to a CSV file.
•The Mail Delivery page now has options to "...include full message transcript informing the sender" when sending a non-delivery report (NDR) for a transient or permanent delivery failure. These options are disabled by default; only the final error message from the remote SMTP server will be included.
•Added the ability to change the order of the DNSBLs and URIBLs. The entry at the top of the list is the first one queried.
•The Mail Delivery page now has an option to manage the SMTP connection failure and SMTP host failure cache. The cache can be enabled/disabled, and the amount of time that entries remain in the cache can be specified.
•Added HTTPS support for Outbreak Protection.
•Added a link to the Administrative Quarantine Report email template to delete individual messages from the administrative quarantine.
•Added option on the Quarantine Configuration page to not include the "Always Allow" link in the user quarantine report email.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 9.0.2
Special Considerations
•9.0.3 — Outbreak Protection has been restored to SecurityGateway.
•9.0.2 — Cyren Anti-Virus has been replaced with IKARUS Anti-Virus. Cyren recently announced its plans to discontinue operations with little warning. This necessitated the need for us to find a new anti-virus partner. After a thorough evaluation, IKARUS Anti-Virus stood out for its excellent detection rate and speed. It offers reliable protection from malicious and potentially hostile programs, and it combines traditional anti-virus defense methods with the latest proactive technologies. IKARUS Anti-Virus automatically updates its definitions every 10 minutes.
•9.0.0 — By default, mailbox names that contain a plus character (+) will now be considered to be subaddressed. The user verification process will consider the subaddress to be an alias. For example, user+folder@example.com will resolve as user@example.com and an alias where user+folder@example.com = user@example.com. New users for which the mailbox name contains a plus character cannot be created. Existing users for which the mailbox name contains a plus character are not automatically removed. They can be fixed up (renamed or merged) by running the Verify Users process on the User Verification Sources page. An option to restore the previous behavior (called "Allow user mailbox name to contain plus (+) character") has been added to the User Options page. When enabled, these mailbox names will not be considered aliases/sub-addresses. For example, user+folder@example.com will be considered its own user and not an alias of user@example.com.
Major New Features
A new From Header Screening page was added to the Anti-Spoofing section under Security, to help expose fraudulent (spoofed) "From:" headers in messages sent from spammers, that could potentially trick users into believing a message was sent from a legitimate source.
Web Interface Usability Enhancements
•Changed the Search dialogs to use a "Show/Hide Search" tools paradigm, and added a Cancel Search button in the main toolbar.
•Added the ability to include up to four additional search Header patterns, Results, and Reasons on Message pages. Header patterns can be separated by AND/OR using a button toggle. Results and Reasons are always separated by OR.
•There is now a basic Search option on the toolbar of the Domain List and User List.
•You can now resize, move, or maximize pop up windows.
•Added a mobile friendly list editor.
•Previous/Next buttons were added to the archived message view.
•A "Message(s) Restored" status message was added to the bottom right hand corner of the Search Archive pages.
Administrative Dashboard Page Improvements
•Available disk space is now displayed to global admins on the Dashboard page, and on the Disk Space page under Setup/Users » System.
•Active SMTP inbound and outbound sessions were added to the Dashboard.
•The count of messages in the administrative and user quarantine queues was added to the Dashboard page for global administrators.
•You can now freeze the inbound and remote delivery queues from the Dashboard.
Additional Features and Changes
•The Setup » System » HTTP Server page now has options to include an HTTP Strict Transport Security (HSTS) header with HTTPS responses. This option is enabled by default. When a browser that supports HSTS receives an HSTS header and the SSL certificate is valid, any future HTTP requests made to the same domain will be automatically upgraded to HTTPS.
•SecurityGateway now supports TLS 1.3 on newer versions of Windows. Windows Server 2022 and Windows 11 have TLS 1.3 enabled by default. Windows 10 versions 2004 (OS Build 19041) and newer have experimental TLS 1.3 support that can be enabled for inbound connections by setting the following in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server
DisabledByDefault (DWORD) = 0
Enabled (DWORD) = 1
•Added an option to allow users to view their messages listed in the quarantine report. Global Admins can enable it at: Setup/Users » Mail Configuration » Quarantine Configuration or Main » My Account » Settings.
•A "Do not remember me on this device/browser" option will now appear on a user's My Account » Settings page whenever the Remember Me option is active for their current device or browser. They can click that link to deactivate the Remember Me status on that device, and then the link will disappear. They can still use the Remember me on this device option the next time they sign in to SecurityGateway. This option will also be available to Secure Messaging users when Remember Me is currently active.
•There are new options on the Accounts » User Options and Secure Messaging » Recipient Options pages to allow you to add some administrator contact info to SecurityGateway's Sign-in and Secure Messaging Sign-in pages respectively.
•Added a "Save and Test" button to the User Verification Source editor.
•Added a CSRFToken to the sign-in page and added a secondary session ID to web interface URLs, to mitigate CSRF attacks.
•Added a public/private key verification method as part of the Remember Me feature.
•Updated the secure message notification emails with styles and slightly different language.
•Reduced number of database transactions. This helps prevent the database from growing in size.
•Added an option to the Archiving » Compliance page to "Only delete messages from active archive stores". The option controls whether or not older archived messages in inactive archive stores will be deleted along with those in active stores. This option is enabled by default, meaning that only the older messages in active stores will be deleted. This behavior is unchanged from previous versions.
•SMTP socket connection is now disconnected for SIEVE actions "error" or "reject" if they occur during the IP phase.
•At startup, locked messages in the inbound queue are now moved to the CrashDumps\InboundQueue directory. Messages in the inbound queue are unlocked when a response is sent to the sender. Locked messages may be orphaned in the inbound queue if the SecurityGateway process crashes or is terminated before it has a chance to shut down. Since the sender did not receive a response to the SMTP DATA command, they should send the message again. Delivering the message may result in the recipient receiving multiple copies. However, the content of these messages may be helpful for debugging crashes. Any messages moved to this directory are automatically deleted after 30 days.
•LetsEncrypt - Changed the Log function to use add-content instead of out-file. Add-content uses the default system code page which should enable the log file to be viewed in SecurityGateway. No change will be made to the encoding of the log file until a new log file is created.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 8.5.0
Special Considerations
32bit builds and support for 32bit operating systems has been discontinued. Starting with SecurityGateway 8.5.0, only 64bit builds will be distributed. This allows for us to streamline development and testing and utilize libraries that are only available as 64bit. If you are currently running a 32bit build on a supported 64bit operating system, you can simply download the 64bit build and install on top of the existing installation.
Major New Features
SecurityGateway's new Secure Messaging feature provides a way for your users to send secure message to recipients outside their domain but in such a way that the message never leaves the SecurityGateway server. It does this by utilizing a secure messaging web portal. When the message is sent, the recipient receives an email notification that a secure message for them is available, with a link to create a Secure Message Recipient account so that they can view the message located on your SecurityGateway server. The secure message is accessed via the recipient's browser, and end-to-end encryption is maintained between the SecurityGateway server and the recipient via HTTPS encryption. Secure messaging requires a valid SSL certificate and that HTTPS is enabled (see also: HTTPS Server). Recipients can view and reply to the messages within the SecurityGateway portal, and they can optionally compose new secure messages to a designated list of users. See: Recipients and Recipient Options for more information on secure message recipient accounts.
User-based Mail Routing
•Using a new Mail Delivery section on the User Edit page, you can choose a specific domain mail server to use for the user's mail, rather than it using the default mail servers assigned to the domain.
•A new option has been added to the domain properties dialog: "Do not use this mail server to deliver domain mail, only make available to assign to specific domain users".
•These settings allow for a hybrid deployment where the mailboxes for some local users are hosted in the cloud while others are on site. This also makes it possible for you to use a single domain and a single SecurityGateway server to route mail to mail servers running at each location of your business.
SecurityGateway now provides various Performance Counters for use in the Windows Performance Monitor, which allow you to monitor SecurityGateway's status in real time. There are counters for the number of active inbound and outbound SMTP sessions, the number of messages queued for delivery, how many messages are quarantined, how long SecurityGateway has been running, the domain and user counts, and so on.
Additional Features and Changes
•Added an option on the User Options page to require strong passwords. This option can be disabled per user on the User Edit page.
•The dashboard and registration pages will now display if a service provider/private cloud registration key is used.
•Recipient allowlists for attachment filtering. A list of recipient addresses, including support for wildcards, may be defined for both attachment blocking and quarantining that bypass the relevant filtering.
•Lets Encrypt - the script will no longer delete the log file on each run.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 8.0.0
Major New Features
•SecurityGateway now supports active/active database replication in your Clustering environment, but it requires an external replication tool and its configuration is beyond the scope of this help file. For a discussion on its requirements and instructions on configuring your cluster to use active/active replication, see the PDF document: SecurityGateway: Configuring Active-Active Database Replication.
•Data Leak Prevention - Search for medical terminology. A list of medical terms may be defined and a score assigned to each. Messages are scanned for matching terms and the sum of the scores for all terms found is calculated. The specified action is performed on messages for which the calculated score exceeds the defined threshold.
•Added ability to run a custom process/script during message processing and select an action based on the result of the script.
•The script must be placed in the "Sieve Executable Path" directory which can be configured from Setup » System » Directories.
•The "execute" sieve keyword has been added which may be used as an action and a test.
•First parameter is the name of the script. At this time, .bat, .exe, and PowerShell are supported.
•The second parameter is arguments that will be passed to the process. The message_filename is populated with the full path to the RFC822 source of the message being currently processed.
•For example... if execute "Test.ps1" "-msg '${message_filename}'" { }
•Added the ability to export all archived messages for a domain.
•Change/Audit logging - Added a new log file which logs changes to the configuration and who made them.
•Added the ability to send user and administrative quarantine reports on a defined schedule.
•Added an option for emailed quarantine reports to include only new messages that have been quarantined since the last time the quarantine report email was sent. A quarantine report will not be generated if there are no new messages to include in the report.
Additional Features and Changes
•Updated the "Forgot Password" process to send an email with a link to change the user's password.
•LetsEncrypt - Updated script to look for the new Issuer being used by LetsEncrypt.
•Updated DKIM Signing to use SHA256 hash.
•Added GetServerSetting and PutServerSetting methods to XMLRPC API and PowerShell module.
•Added the SMTP connection and protocol timeouts to the Setup » Mail Configuration » Email Protocol page.
•Added the ability to download attachments from the Message Log » Message Information » Message tab.
•Updated the alert, confirm, and prompt message boxes.
•Added several example PowerShell scripts to the docs\API\PowerShell Samples directory for reference.
•The HELO Domain Name value (Setup » Mail Configuration » Email Protocol) is now a per-server setting in clustered environments. The value may be set to a unique value on each server in the cluster.
•Added the ability to manually execute an SQL statement against the database from the web interface. This feature should only be used on the instruction of technical support and it is recommended that a database backup be performed first.
•Added option to include "Blocklist Domain" link in the quarantine report email.
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
New in Version 7.0.0
Special Considerations
•On the Email Protocol page (at Setup » Mail Configuration » Email Protocol), two options have been removed: Use ESMTP whenever possible and Hide ESMTP SIZE command parameter. Both options are now always advertised and ESMTP is used whenever possible.
•Because of changes to and deprecation of many settings in clamd.conf, the installer will now overwrite the existing clamd.conf. If you have customized your clamd.conf you may need to review and make changes to it after installation.
•The Logging Configuration option to "Create log files based on the day of the week" has been removed. If this option was selected, it will be changed to "Create a new set of log files each day" by the upgrade process.
New Features and Changes
Clustering
SecurityGateway's new Clustering feature is designed to share your configuration between two or more SecurityGateway servers on your network. This makes it possible for you to use load balancing hardware or software to distribute your email load across multiple SecurityGateway servers, which can improve speed and efficiency by reducing network congestion and overload and by maximizing your email resources. It also helps to ensure redundancy in your email systems should one of your servers suffer a hardware or software failure. Here are a number of key points to know about SecurityGateway's Clustering feature (for more detailed information and setup instructions, see: Clustering):
•Clustering allows multiple active SecurityGateway instances/servers to share a single database.
•An external Firebird version 3 database server must be manually installed and configured.
•An option has been added to the installer that allows external Firebird server parameters to be specified during an initial installation. An existing installation may be configured to connect to an external Firebird database server via the sgdbtool.exe command line tool.
•Shared storage is required and shared directories must be set to a UNC path that all servers in the cluster can access. This may require changing the user account for the SecurityGateway Windows Service.
•The primary server is responsible for scheduled maintenance tasks.
•Each server in the cluster must have its own unique registration key.
Firebird 3 Database Upgrade
•Firebird 2 and 3 runtimes are included and installed in SecurityGateway 7.0.
•New installations of SecurityGateway 7.0 or later will use Firebird 3.
•When updating an existing SecurityGateway installation to SecurityGateway version 7 or later, Firebird 2 will continue to be used.
•Using the new Clustering feature requires a Firebird 3 database.
•Upgrading the database so that it is compatible with Firebird 3 requires that it be backed up using the 2.x runtime and restored using the 3.x runtime. The Administrator may upgrade an existing database from version 2 to 3 by using the sgdbtool.exe command line tool, located in the \SecurityGateway\App folder. To convert the database, stop the SecurityGateway service, open the Command Prompt, and run: "sgdbtool.exe convertfb3".
Two Factor Authentication
Under User Options, Administrators may allow and require Two Factor Authentication (2FA) globally or per domain. If 2FA is required, the user is presented with a Setup 2FA page the first time they sign in. Otherwise the user can go to Main » My Account » Two Factor Authentication to setup 2FA.
Check for Compromised Passwords
SecurityGateway can check a user's password against a compromised password list from a third-party service, and it is able to do this without transmitting the password to the service. If a user's password is present on the list, it does not mean the account has been hacked. It means that someone somewhere has used an identical password before and it has appeared in a data breach. Unique passwords that have never been used anywhere else are more secure, as published passwords may be used by hackers in dictionary attacks. See Pwned Passwords for more information.
Domain Administrators Can Create New Domains
There is a new option on the Edit Administrator page that allows you to give a Domain Administrator permission to create new domains. The administrator will be automatically added as a Domain Administrator for any domains that they create. There is also an option to set a limit on how many domains the administrator is allowed to create.
New SMTP Extensions
The RequireTLS effort in IETF is finally finished, and support for this has been implemented. RequireTLS allows you to flag messages that must be sent using TLS. If TLS is not possible (or if the parameters of the TLS certificate exchange are unacceptable) messages will be bounced rather than delivered insecurely. RequireTLS is enabled by default, but the only messages that will be subject to the RequireTLS process are messages specifically flagged by a Content Filter rule using the new Content Filter action, "Flag message for REQUIRETLS...", or messages sent to <local-part>+requiretls@domain.tld (for example, arvel+requiretls@mdaemon.com). All other messages are treated as if the service is disabled. Additionally, several requirements must be met in order for a message to be sent using RequireTLS. If any of them fail, the message will bounce back rather than be sent in the clear. For more information about these requirements and how to set up RequireTLS, see the Enable REQUIRETLS (RFC 8689) option. For a complete description of RequireTLS, see: RFC 8689: SMTP Require TLS Option.
SMTP MTA-STS (RFC 8461) - Strict Transport Security
The MTA-STS effort in the IETF has finished, and support for this has been implemented. SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate. MTA-STS support is enabled by default. See the Enable MTA-STS (RFC 8461) option for more information on setting this up. SMTP MTA-STA is fully described in RFC 8461: SMTP MTA Strict Transport Security (MTA-STS).
TLS Reporting allows domains using MTA-STS to be notified about any failures to retrieve the MTA-STS policy or negotiate a secure channel using STARTTLS. When enabled, SecurityGateway will send a report daily to each STS-enabled domain to which it has sent (or attempted to send) mail that day. There are several options provided for configuring the information that your reports will contain. TLS Reporting is disabled by default and discussed in RFC 8460: SMTP TLS Reporting.
Additional Features and Changes
•Updated the SecurityGateway GUI with a more modern appearance.
•Updated the FusionCharts graphing component.
•Added ability to exclude specific senders from virus scanning.
•Added option for allowlist to take precedence over blocklist.
•LetsEncrypt will now check the version of PowerShell running on the machine and return an error if the correct version has not been installed.
•LetsEncrypt will now check the PSModulePath environment variable to make sure the SG module path is included, if it is not, it will be added for the session.
•LetsEncrypt will now delete and recreate the account when changing between the staging and live LetsEncrypt systems.
•LetsEncrypt will now retrieve errors from LetsEncrypt when a challenge fails and write the data to the log and to the screen.
•LetsEncrypt has a new -Staging switch that can be passed on the command line. If this switch is passed the script will use the LetsEncrypt staging system to request a certificate.
•Updated JSTree library to version 3.3.8.
•Added ability to specify which user account the SecurityGateway Windows Service runs under.
•Added support for SIEVE Variables Extension RFC-5229.
•Added :eval modifier to SIEVE Variables Extension, which allows you to do simple computations.
Example:
require "securitygateway";
require "variables";
require "fileinto";
if header :matches "from" "*" {
set :length "length" "${1}";
set :eval "fileintovar" "${length} * 25 - 1 / 8+3";
fileinto "${fileintovar}";
}
•The "Create log files based on the day of the week" option has been removed. If this option was selected, it will be changed to "Create a new set of log files each day" by the upgrade process.
•Added an option to toggle viewing a password when it's being typed. A new access control option added to the User Options page allows this feature to be disabled.
•Changed Cyren AV updater to use TLS when downloading virus definitions.
•Added an option to include the computer name in the log file name. This option is required if the log directory is set to a UNC path and allows multiple servers in a cluster to log to the same location.
•Added option to the installer to specify external Firebird server parameters during initial installation.
•Updated Chilkat library to verson 9.5.0.82.
•Added a logging option to not log SMTP or HTTP connections from specified IP addresses. Incomplete and rejected SMTP messages from a specified IP address will also not be added to database. If the message is accepted for delivery it will be added to the database.
•Added Sieve action "changesender" to allow the SMTP envelope sender that SG will use to deliver the message to be changed/specified
•Updated Cyren AV engine to 6.3.0r2
•Updated ClamAV engine to version 0.102.4
For a complete list of all changes and bug fixes, see the Release Notes located in the SecurityGateway program group under the Windows Start Menu.
