MDaemon Server v12.X Release Notes

MDaemon 12.5.5 - May 1, 2012

SPECIAL CONSIDERATIONS

CHANGES

FIXES

MDaemon 12.5.4 - March 6, 2012

CHANGES AND NEW FEATURES

FIXES

MDaemon 12.5.2 - December 1, 2011

CHANGES AND NEW FEATURES

FIXES

MDaemon 12.5.1 - November 9, 2011

CHANGES AND NEW FEATURES

FIXES

MDaemon 12.5.0 - October 18, 2011

SPECIAL CONSIDERATIONS

  1. [6697] ActiveSync for MDaemon license key is now subject to product activation. Trial keys must be activated within 5 days and production keys within 30 days.
  2. [7084] Incorporation of MDS-CS has required that your "BlackBerry Enterprise Server logging" value found at Alt+B | Options be reset to a default value of "Informational". If this is not what you want you can easily change it there.
  3. [7210] The Domain Sharing option "Incoming Minger lookups trigger Domain Sharing processing" has been removed.  If you have multiple servers using Domain Sharing be sure to configure each node to use all the other nodes for Domain Sharing (if appropriate for your setup) and this option should not be needed.
  4. [7003] The Ctrl+U | Quotas option "Over quota accounts can accept mail but not send mail" has been removed and replaced with two separate options "Refuse incoming messages sent to over quota accounts" (enabled by default) and "Refuse outgoing messages sent from over quota accounts" (disabled by default).  These new defaults may not replicate previously configured behavior so check and change as needed.

MAJOR NEW FEATURES

[7784] ACTIVESYNC FOR MDAEMON NOW SYNCS EMAIL + PIM DATA

ActiveSync for MDaemon has been improved and is now capable of sync'ing email as well as PIM data. For information on configuring your specific ActiveSync device see the documentation that accompanied your device. Some information on basic configuration is available from the Alt-N web site for Windows Mobile, iOS, and Android devices.

ActiveSync for MDaemon is a separately licensed product available from Alt-N Technologies. ActiveSync for MDaemon will not work beyond a one-time 30-day evaluation period unless a license is purchased.

[7494] TABLET SUPPORT AND OTHER WORLDCLIENT IMPROVEMENTS

WorldClient's flagship theme, LookOut, has undergone major architectural and design changes to accomodate tablet devices such as the PlayBook and the iPad.  Users should not have to change any settings to take advantage of these changes.  Specific items of interest:

  1. Single finger scrolling
  2. Dragging and dropping between folders with one finger; use two fingers to copy to the destination folder
  3. No popup windows for message composition, item entry and item editing to help maintain context
  4. Inline message preview to help preserve the flow of the mail folder and maximize screen real estate

Other WorldClient improvements:

  1. Various HTML5 & CSS3 features have been used to improve performance and loading time (Lookout theme).  The Compose view now uses app-caching to help load up the HTML editor more quickly (particularly over SSL connections) on browsers such as the PlayBook, Chrome and Firefox that support the manifest HTML attribute.
  2. [5349] WorldClient now supports some of the dynamic screening settings. By default, 5 authentication failures will cause an IP to be banned for 30 minutes. New settings for this can be found at Ctrl+S | Dynamic Screening. DYNAMICSCREEN.SEM in the \MDaemon\WorldClient directory will reload any manual changes.
  3. [7115] If ActiveSync is enabled for any domain and WorldClient is configured to use the internal web server then WorldClient will automatically run on port 80 in addition to whatever other ports might be configured if it's not already running on port 80 or 443. ActiveSync requires port 80 or 443. If you are running WorldClient via IIS or if you have configured specific IP:Port binding combinations via the MDaemon UI then this does not apply and you must manually configure those items to include port 80 or 443.
  4. [7790] WorldClient's LookOut theme now lets you add an email contact to your whitelist or blacklist (when users have access to these features) through a drop down menu when they hover over the email address in the message preview
  5. [3692] Advanced message searching has now been enhanced with a number of other new search parameters to help make finding messages easier
  6. ComAgent chatting has been moved to a side panel instead of being in a 'floating' tab that may cover other parts of the interface (Lookout theme).
  7. Calendars can now be viewed together to help see schedules for multiple users (Lookout theme).
  8. Autoresponder settings moved to own options view to help make management easier.
  9. [4600] WorldClient's LookOut theme now auto-saves draft messages every minute.
  10. [2461] WorldClient can decode malformed =?ISO-8859-1? style header lines.
  11. [4723] WorldClient will not include Outlook winmail.dat attachments when forwarding a message.
  12. [4512] WorldClient's LookOut theme supports "Forward As Attachment" with multiple messages selected.
  13. [6177] Added "Mobile Phone 2" field to WorldClient.
  14. [5949] When importing calendar .csv file in WorldClient, if no end date/time is specified assume the event is one day long.
  15. [5443] Exposed BlackBerry PIN field in WorldClient for Contacts.

[7578] SPAM FILTER UPDATED TO INCLUDE SPAMASSASSIN 3.3.2

MDaemon's spam filter has been updated and now includes SpamAssassin 3.3.2.  A summary of changes and other documentation on SpamAssassin can be found here.

[7543] The Spam Filter update UI option "Run SA-UPDATE as part of update process" has been removed.  This will now always take place.  In fact, this is now the only way of doing the update.  The old and out-dated Alt-N method based on UpdateSpamAssassin.exe has been removed and that file has been deleted.  We now rely on sa-update to perform all necessary SpamAssassin updates.  Also, the 80_MDaemon_updates.cf file is no longer used and has been deleted.

[7631] Also, changed installer to no longer delete existing .cf rule content. The rule updating process will manage .cf files.

[5331] Also, the SMTP session log will now include a line indicating if spam filter processing was skipped due to message being too large.

[7084] BLACKBERRY MOBILE DATA SYSTEM - CONNECTION SERVICE (MDS-CS)

MDaemon's BES now includes MDS-CS. MDS-CS permits behind-the-firewall access to files and web applications from BlackBerry devices. This will (for example) allow you to access your private Intranet without a VPN connection. Click here for details about MDS-CS but please note that Alt-N does not necessarily support all the features and capabilities of MDS-CS that you may find there.

MDS-CS can be individually disabled while leaving other BES services running. This can be done from a new Alt+B | MDS-CS screen. You will also find settings there to set the default web port (MDS-CS is a web driven service) and a domain value which will appear on the BlackBerry device anytime the device prompts for authentication related to MDS-CS activities. This defaults to COMPANY.COM so you likely will want to change it.

[8076] IMPROVED BLACKBERRY SERVICE INTEGRATION

MDaemon's BlackBerry related service integration has been improved/changed as follows.

[7758] BES users can now configure their MDaemon autoresponder using the "Out of Office Reply" settings on the handheld.

[7405] Added Mobile Details tab to the Account Editor which lists BlackBerry and ActiveSync device details.

[6321] Added BES button to Account Manager which will allow you to BES enable selected accounts.  Note that each BES enabled account consumes server resources so only select and BES enable accounts which intend to activate a BlackBerry device.

[6749] MDaemon will update BES database with current computer name on startup.

[7264] A BES cleanup thread will run at midnight which will defrag BES database indexes.

[7263] A BES cleanup thread will run at midnight which will remove old history rows from the BES database.

[5557] Added SMTP server port option to BIS domain configuration UI.  This should not normally need special configuration but it is possible to point BIS to other SMTP servers so the ability to specify a port value is useful in those cases.

[7838] The BES Agent now automatically reloads users after their email address, full name, or mail directory has changed in MDaemon. A restart of the BlackBerry Controller service is no longer needed.

[6695] A line is added to the BES log when a slow sync is started and finished for a BES user

[6804] Exposed additional BlackBerry Enterprise Server features to end user in WorldClient. The PIN, model number, platform version, and phone number of the user's activated device is displayed. The user may reset the device's password, resend service books to the device, change the service name, or wipe their device. This feature is enabled by default, however may be disabled via a new option added to the Web Services section of the Account Manager.

[6182] When a BlackBerry device is subscribed to an MDaemon account using BIS (not BES) the option "Allow multiple BlackBerry device integrations" found at Alt+B | BlackBerry Internet Service | Options will control what happens to previous subscribed BlackBerry devices.  If there are any, they will be removed from MDaemon's configuration and no further event notifications will be pushed to those devices.  However, the fully proper way to unsubscribe a device is to delete the email account from the device itself.  Still, the system will self police much better now.

[2222] HTML DOMAIN SIGNATURES

A new screen at "F2 | Default Domain / Servers" will allow you to configure an HTML version of your domain signature. You must compose your HTML using your editor of choice, then cut-and-paste the HTML into this screen. If present, MDaemon will afix the HTML version of your domain signature into any "text/html" message part found within outbound email. See the users manual for more details on how this feature works.

[5338] GLOBAL RECIPIENT (RCPT) BLACKLIST

The "Address Blacklist" feature has been renamed "Sender Blacklist" and a new "Recipient Blacklist" feature has been added.  The new "Recipient Blacklist" operates on SMTP envelope RCPT data only (not message headers).  You can configure it at Ctrl+S | Recipient Blacklist.  Also, the Blacklist.dat file has been renamed SenderBlacklist.dat and a new RecipientBlacklist.dat file has been created.  BLACKLIST.SEM now reloads both files into memory.

[6390] PERSONAL SENDER (MAIL) BLACKLIST

Each account now has a personal "BlackList" contact folder. Incoming messages from any SMTP mail sender listed in the BlackList will be rejected with "550 recipient unknown." Messages that make it past SMTP and into the local queue but have a blacklisted address in the FROM or SENDER header will be moved to the bad message folder. The BlackList folder is automatically created the next time a message is received for the account. Users can manage their account's BlackList folder via WorldClient just as with the WhiteList folder.

[7834] Added option to "Ctrl+P | White List (automatic)" to permit forwarding of messages to "BlackList@<domain>" which will automatically add the email address taken from the forwarded message's FROM header to an account's personal blacklist.  Future messages from that email address to the account which blacklisted it will be refused.  To use this feature, the option mentioned above must be enabled and the user must forward a message (as an attachment of type message/rfc822) to "BlackList@<domain>."  Each MDaemon account already has a "Spam Filter uses personal contacts, white list and black list files" checkbox on the "Account Editor | Options" screen which must also be enabled for this feature to be used.

[6958] OUTBOUND MESSAGE SENDING QUOTAS

New quota options are available in the new account defaults and account editor which let you set a limit to the number of messages an account can send via SMTP per day.  The counter automatically resets back to zero for all accounts at midnight each night.  Note that it's possible to exceed this limit slightly if messages come in faster than the cache can keep up, but it won't be much over the limit (if at all).

[7275] INBOUND MESSAGE SIZE RESTRICTIONS

Maximum acceptable message size limits can now be configured on a per-domain basis using new controls in F2 | Servers and Alt+F2 | Extra Domains. There is also a new control to set a global SMTP message size limit in F2 | Servers which will be applied to all domains. By default, size limits are applied to everyone however you can exempt size checks for authenticated sessions with a new switch in Ctrl+O | Miscellaneous.

[7310] IMPROVED USE OF DNS

MDaemon will now use all DNS servers found within Windows if configured to use Windows DNS servers (not just the first two that are discovered).  This required several internal changes including doing away with the old "max retry attempts" option for DNS lookups.   MDaemon will now try each DNS server once per lookup operation and in sequence until it exhausts the complete list of DNS servers or finds the first one that works.  Immediate retries of DNS servers that just failed one second earlier are not productive.  Also, on startup, the System log will display each DNS server and an indication of where it came from (manually configured or taken from Windows).  Also, the UI controls for primary DNS server and secondary DNS server have been  removed.  Now there is just a single edit box that lets you manually configure as many DNS servers as you want.  Finally, the options to use Windows DNS servers or manually configured DNS servers are no longer mutually exclusive.  If you configure both, MDaemon will use both.

[6244] Also, to meet RFC requirements, MDaemon will (when possible) randomly pick from amongst several A records when determining where to send mail.

[7453] Also, MDaemon will treat blank (NULL) MX values as if no MX was provided at all (because it wasn't).

[7410] Also, removed the following DNS related options from F2 | DNS in UI and from the server code: 1. "Lookup MX records when delivering mail" (no longer a need for this option) 2. "Use IP addresses returned with MX record lookup result" (these will be used if they are found).  Also, removed the GUI'less option [Domain] "UseMultiHomedMXARecords" as MDaemon should just always do these things.

[7256] Also, added option to Ctrl+S | Reverse Lookups which will allow you to refuse MAIL domains which do not have MX records.  This is disabled by default and should be used with caution as domains do not need MX records in order to exist, be valid, or send/receive mail.

[7033] CONFIGURATION SESSION IMPROVEMENTS

The "Configuration Session" UI has been improved in several ways. For example, the right-click menu now works properly and allows you to disconnect an active session and you can double-click or view "Properties" of one or more active sessions which displays the session log. You can also submit the connecting IP address to the IP and/or Dynamic Screen features.

[7031] Also, configuration session "Sessions" window will update individual line items more efficiently now and [7032] handle a much larger amount of session data.

[6919] Configuration session can also change the primary domain name now.

[6864] Finally, changes made to IP Screen, Host Screen, and Address BlackList via WebAdmin will now be picked up by configuration sessions.

[7388] IMPROVED IP SHIELD PROTECTION

The IP Shield has changed.  It is now enabled by default for new installations and supports the $LOCALDOMAIN$ macro which expands to cover all local domains (including gateways).  If you use this macro it is no longer necessary to keep the IP Shield up to date when local domains or gateways change.  Existing installs will not have their existing IP Shield values altered in any way.  However, a new "Default" button is in the IP Shield editor UI which will convert existing IP Shield values over to the new $LOCALDOMAIN$ system if desired.  Finally, by default (or if you hit the "Default" button in the UI) entries are added to the IP Shield associating all reserved IP address ranges with $LOCALDOMAIN$.

[7400] Also, when the IP Shield option "Don't apply IP Shield to authenticated sessions" is enabled the message returned to the SMTP client upon an access refusal will be "Authentication required" in order to give them a clue on how to fix the issue: by enabling Authentication in their mail client.

[7389] In addition, the IP Shield now has a master on/off switch.  It defaults to on and that's fine even when there are not yet any configured domain/IP pairs.

[5192] Also, the IP Shield has a new option "Check FROM header address against IP Shield" (disabled by default).  If you enable this then the IP Shield will compare the address taken from the message's FROM header in addition to that taken from SMTP MAIL value.  Note that this option can lead to problems with incoming list messages (for starters).  This option should not be enabled unless you are sure you need it. 

[7988] Also, added option to IP Shield to exempt Trusted IPs from the IP Shield.  This option is enabled by default.

[7391] Finally, the IPShield.dat file is now cached in memory to increase access speed. Create an IPSHIELD.SEM to reload the file into memory.

CHANGES AND NEW FEATURES

FIXES

MDaemon 12.0.4 - August 17, 2011

Fixes

MDaemon 12.0.3 - May 17, 2011

CHANGES AND NEW FEATURES

Fixes

MDaemon 12.0.2 - April 26, 2011

CHANGES AND NEW FEATURES

Fixes

MDaemon 12.0.1 - March 15, 2011

SPECIAL CONSIDERATIONS

  1. Installation and use of MDaemon's BlackBerry Enterprise Server components requires that the SQL Browser Service be enabled and running. The installation process will enable and start this service as necessary.

CHANGES AND NEW FEATURES

Fixes

MDaemon 12.0.0 - February 15, 2011

SPECIAL CONSIDERATIONS

  1. Windows 2000 is no longer a supported operating system.  MDaemon 12.0 requires Windows 2008, 2003, 7, XP, or Vista.
  2. MDaemon's new BlackBerry integration feature could result in duplication of data when combined with other sync techniques like SyncML or BIS Integration (see below).  Care must be taken to avoid this.
  3. Passwords are now required to be at least 4 characters long. Existing passwords are not required to change however the next time you try to change the password it will need to be 4 characters long minimum.
  4. The new BlackBerry Device Integration functionality (see below) will require Outlook Connector 2.2.5 if you want to seamlessly sync Outlook created content to your BlackBerry.
  5. WorldClient has an updated version of the CKEditor WYSIWYG editor for message composition.  If you do not have custom themes it is recommended that you remove the MDaemon\WorldClient\HTML\fckeditor\ directory.  This directory is not removed by the installer because of template customization.

MAJOR NEW FEATURES

[5294] BLACKBERRY DEVICE INTEGRATION (MDaemon PRO and select markets only)

The following BlackBerry Enterprise Server feature for BlackBerry smartphones is not available in all markets. To view a list of available territories, please visit http://www.altn.com/bes-features-by-territory.

MDaemon now includes support for BlackBerry devices though the installation of a custom built BlackBerry Enterprise Server designed exclusively for distribution and use with MDaemon. This new functionality:

The installation process will install all the files and services necessary to achieve this capability and is the reason the installer has grown in size.  BlackBerry Enterprise Server is a database driven app which requires .Net 2.0, SQL Server Express 2005, and other components which the installation process will handle setting up.  All these components will be installed to the \MDaemon\BES\ folder.

In order to begin using this functionality an account must "activate" a BlackBerry device with MDaemon.  This is a two-step process.  First, use the Account Editor to select an account and then configure the account for use with BES through the new options on the "BlackBerry BES" screen.  Second, log into WorldClient using the account's credentials and select "BlackBerry Management" from the left hand pane.  Follow the on-screen instructions which involve plugging the BlackBerry device into the computer via USB.  Alternatively, you can use OTA (over-the-air) activcation if your BlackBerry device supports it.  Once the activation process has completed the BlackBerry will be paired with the MDaemon account.  Within a short time data will begin to synchronize.

Alt+B has had several new screens added to manage these new BlackBerry integration features.  There's a Status page which shows you the state of the various necessary services.  Logging options allow you to enable logs and set detail level.  Logs are stored in the \BES\ sub-folder within MDaemon's root log folder.  These logs will obey MDaemon's global log settings for size and roll-over but are slightly different in format than other MDaemon logs.  The Domains page lets you pair up a policy (more on that in a minute) with a domain.  When new users within that domain are created any BlackBerry they activate will have the associated policy pushed down to the BlackBerry.  There is also a button to push the selected policy to all existing domain accounts which may already have activated a BlackBerry.  The Integrated Accounts page shows you how many accounts are ready to activate a BlackBerry (but haven't yet) and how many have done so.  Finally, the Policy page allows you to create and save your own device policies.

Policies

When a BlackBerry device is activated a policy is pushed down to the device to control device behavior.  Policies are really just a set of rules.  To create a policy select NEW, give the policy a name, and then begin setting the various policy rules to your liking.  Rules allow you to do things like require passwords.  After setting the rules to your liking, click SAVE. For a description of what each policy rule does hover the mouse over the rule and read the tooltip help.

MDaemon will ship with three pre-built policies which you can not change or delete.  These policies are "Default" which instructs the BlackBerry to use out-of-the-box "under control of a BES" device defaults for all settings. "Require Password" sets a single policy rule - require password - to YES.  This policy requires that the BlackBerry device maintain a password.  The third policy, "Expiring Passwords", enabled the require password rule and the maximum password age rule which get set to 30 days.

Be aware that BlackBerry device behavior while tethered to a BES may be different than when not.

SRP

In order to transact data between MDaemon and your user's BlackBerry devices across the wireless network an SRP ID and SRP Key are needed.  The installation process will automatically obtain an SRP ID and SRP Key for you and store them with MDaemon.  SRP data is used to authenticate and identify your BlackBerry traffic across the wireless infrastructure.  There is no additional charge for these keys - they are included free for all MDaemon PRO users and can only be used with your MDaemon.  SRP data can be manually configured using Setup| BlackBerry...| Status.

BIS and SyncML

A BES enabled BlackBerry does not require any other sync client software on the device.  Running SyncML to sync data AND activating a BlackBerry for sync'ing using this new feature will likely result in duplicates of everything.  BIS integrated accounts could experience similar problems so this is not recommended.  BIS integrated accounts may wish to unsubscribe from BIS first and then activate to MDaemon's new BES.

Calendar Sync Potential Issue

At the time of activation, if the BlackBerry calendar contains entries (ie.  BlackBerry is not wiped prior to or at the start of activation), then the activation process will not send existing calendar events on the MDaemon server to the BlackBerry.  The BlackBerry user must either perform a device wipe before activating, or perform the calendar RSET procedure as described here:
http://www.blackberry.com/btsc/microsites/search.do?cmd=displayKC&docType=kc&externalId=KB15139

Known Limitations

[4334] ACTIVESYNC FOR MDAEMON (MDaemon PRO only)

MDaemon now includes support for "ActiveSync for MDaemon" which is a separately licensed OTA ActiveSync (AirSync) server. This server is capable of synchronizing a user's default calendar and default contact data between their MDaemon/WorldClient account and an ActiveSync capable device. A UI for configuring ActiveSync for MDaemon has been added to the Setup|Web, Sync, & IM Services menu but there is little to no configuration possible with ActiveSync implementations.  A checkbox is also present in the Account Editor|Options page to disable ActiveSync on a per-user basis.

ActiveSync for MDaemon will only run for 30 days so that you can see if you like it. After that, a small (and low) one-time fee is necessary. The 30 day timer starts when you install MDaemon and enable ActiveSync for the first time.  After 30 days, if you need it, you can acquire a license key from www.altn.com or your local distributor/reseller. 

All first time syncs with ActiveSync will be a one way sync from the server to the device! You will lose the data on the device when you hookup with ActiveSync for the first time. This is an ActiveSync implementation requirement. Therefore, backup your device data BEFORE using ActiveSync for the first time. The devices we've seen which contain an ActiveSync client will warn the user "If you proceed with this your device data will be lost" but some do NOT provide this warning.  Please handle ActiveSync with care.

ActiveSync is a web-service extension which only works on ports 80 (for http) and 443 (for https). ActiveSync is not possible on other ports. Therefore, ActiveSync will not work for you *at all* unless your web server (either WorldClient's built-in web server or other) is running on port 80 and/or port 443. This is an ActiveSync implementation requirement. 

If you intend to run ActiveSync under IIS you MUST call our ActiveSync DLL (MDAirSync.dll) when "/Microsoft-Server-ActiveSync" is requested. This is the request that all the ActiveSync clients will use. Some versions of IIS do not have this capability without downloading, installing, and configuring third party software.

CHANGES AND ADDITIONAL NEW FEATURES

Fixes

MDaemon is a registered trademark of Alt-N Technologies, Ltd.
Copyright ©1996-2011 Alt-N Technologies, Ltd.