Linogate Internet Technologies
   

4.2-2-0

Security issueFeature not included, enabled, used or useful on all systems Update of SPAM filter

A possible denial of service attack was discovered in the SPAM filter.

NewIn this release series only available on systems with software maintenance contract Automatic filtering of HTML mails

The mail server's MIME filter capabilities have been extended in different ways. It is now able to rename dangerous HTML elements. This will affect e.g. scripts and elements used to embed active components like ActiveX or Java Applets. Links to executables will be filtered, too. Form elements, often used in Phising Mails, are hidden. The feature will also protect from so called web bugs, automatically loaded references to external resources. Spammers use these to verify email addresses. The value of a verified address goes up which results in even more SPAM.
As an option, the filter can even be configured to disable every link and reference.
Some emails send the contents twice - as plain text and as HTML. In combination with the MIME filter the redundant HTML part can be removed automatically now.

NewFeature not included, enabled, used or useful on all systems Switch to enable ZIP file browsing of MIME mail filter

After installing this update, the MIME filter will now longer scan the contents of ZIP files for banned filenames. This feature had been introduced in release 4.2-1.0 and there was no way to disable it. Many of our customers asked for a way to disable the feature again. From now on you have to enable this option manually. If you want to keep on filtering ZIP files depending on the contents, you have to reenable this feature in the configuration.

NewIn this release series only available on systems with software maintenance contract Mail server greylisting

Greylisting requires incoming emails to be delivered by SMTP. Particularely when polling a POP server for incoming emails, greylisting is useless.
Greylisting can help to reduce the amount of SPAM and it will stop most viruses even before they are transmitted. The load of SPAM filter, virus scanner and hence of the whole system will be reduced. Greylisting relies on the fact that many spammers and most viruses will only make one single attempt to deliver an email. If the combination of source IP, sender and recipient is unrecognized yet, greylisting will refuse delivery with a transient error status code. After a configurable minimum amount of time, any subsequent retransmission will be accepted, however. Besides the possiblity to whitelist certain addresses, greylisting will automatically collect a database of well-known communication relationships. These will then no longer be affected by any delay.
You will find further information on greylisting in the manuals or the online reference.

ChangeFeature not included, enabled, used or useful on all systems Improved mail backups

Mailbackup files may become very large and restoring a large backup file might cause problems or even fail. The new structure of the mailbackup files addresses these problems. Uploading old mailbackups is of course still supported.
As in previous releases, the mailbackup file will contain the backups of all users. However now you can extract individual backup files for each user by opening the mailbackup with a ZIP archiver. It is even possible to step down one more level. The backup file of a user consists of two backup files, one containing the inbox and one the home directory of the respective user. It is now your choice if you want to restore the complete backup with all users, the backup of a specific user of even a part thereof.
Please consider the manual or the online reference for further information.

NewFeature not included, enabled, used or useful on all systems Reject delivery to individual recipients in virtual mail adresses

The virtual adresses configuration of the mail server can now be used to refuse delivery to individual local mail addresses, too. In previous releases this was only possible for "all other addresses within a domain".

NewFeature not included, enabled, used or useful on all systems Configuration of SPAM filter realtime lists in the mail wizard

To date the SPAM filter's realtime lists had to be enabled in expert mode. As enabling the realtime capabilities of the SPAM filter has a considerable impact on the filter's quality, it is now possible to enable them in the mail wizard, too.

NewFeature not included, enabled, used or useful on all systems Proxy wizard

The new wizard will guide you through the basic configuration of web and ftp proxy. The first time setup of all core components is now covered by wizards.

NewOnly on individual systems or under very specific conditions Button to delete old logfiles

This feature comes in handy on systems with very large logfiles. If the system is running out of disk space, all old logs can be deleted now. However this feature should only be used as a last resort. Rapidly growing logfiles are often caused by misconfiguration or other problems. Try to identify and remedy the problem.

BugfixFeature not included, enabled, used or useful on all systems Firewall module for faking ICMP ping replies

Since upgrading to kernel 2.4.30 in update 4.1-4.0, the pingfake module no longer worked. Echo requests still have been intercepted, however the faked reply packets failed.

Minor bugfixes and improvements

4.2-1-2

Security issueOnly on individual systems or under very specific conditions Virus scanner pattern updates

Due to a bug in 4.2-1.1 the virus scanner signatures of Kaspersky and McAfee scanners were no longer updated. The F-Secure pattern update was not affected, however the email notification in case of a successfull update was missing. We must apologize.

BugfixFeature not included, enabled, used or useful on all systems Manually created large mailbackup files corrupted

The download of mailbackups with a size of more then about 8 MB sometimes terminated prematurely. The backup was incomplete. The problem affected manually downloaded files only. Backup files created automatically by the scheduled backup feature are not affected.

4.2-1-1

Security issueAll systems Updating to Linux Kernel 2.4.31

This update fixes a less critical vulnerability. The system will reboot about 2 minutes after the update finished.

Security issueAll systems Update of bzip2 and gzip file compression tools

Security vulnerabilities have been discovered in both programs.

Security issueOnly on individual systems or under very specific conditions Firewall rules with protocol *

On the tabs "DNAT" and "* -> interface" it is possible to define rules for protocols apart from TCP, UDP and ICMP like e.g. GRE, ESP or AH. You can use this area to define rules for all protocols, too (protocol *). Anyway, it doesn't make sense to specify port numbers here, as these are defined for TCP and UDP only. For this reason any port specification has been ignored in previous releases.
Some users might have misinterpreted the protocol * as a placeholder for "TCP and UDP" with fatal effects. Instead of granting access for TCP and UDP connections to a certain port they infact opened the firewall for any protocol - including TCP and UDP connections to an arbitrary port.
With this update behaviour will change. To keep the impact on existing configurations as low as possible, only firewall rules with protocol * and specified ports are affected. Instead of a rule for any protocol without port restriction, one TCP and one UDP rule with the respective port signature will be activated.
Nevertheless we discourage the use of * as a placeholder for "UDP and TCP".

NewFeature not included, enabled, used or useful on all systems Daily hangup of ADSL dial-up connections at configurable time

Some providers disconnect ADSL connections after being online for 24 hours. This might be bothering during business hours. It is now possible to configure an automatic hangup at a specific time so the reconnect can take place e.g. over-night.

NewFeature not included, enabled, used or useful on all systems Easy configuration of transparent proxies

To redirect all connections of specific types to the corresponding proxy several switches are now available in the firewall configuration. Configuring DNAT rules manually is no longer necessary, except the transparent proxy is to be used for specific sources or destination only or the interfaces trust level is either "low (DMZ)" or "none (Internet)".

NewFeature not included, enabled, used or useful on all systems Access to administration GUI via reverse proxy

In addition to webmail there is now also a switch to enable access to the administration GUI.

NewFeature not included, enabled, used or useful on all systems Verification of email sender domain when mail client is used

As an option the mail server can check the sender domain of emails. If the domain is invalid the mail server refuses to accept it. In previous releases the use of this option was discouraged in combination with the mail client. If DNS reports a transient problem with the sender domain which in fact is a permanent one, the same mail was retrieved over and over again. From now on the mail server will accept emails if the mail client is active and a transient DNS problem is reported.

BugfixFeature not included, enabled, used or useful on all systems Discarding tagged mails by the relay SPAM filter

In release 4.2-1.0 the relay SPAM filter did not discard emails if the redirection of tagged mails to a different address was enabled.

BugfixFeature not included, enabled, used or useful on all systems Email quarantine directories removed while cleaning old files

BugfixOnly on individual systems or under very specific conditions Syntax error when activating the web proxy ICAP feature

NewFeature not included, enabled, used or useful on all systems ActiveDirectory user import will now import the user's display name, too

UpdateFeature not included, enabled, used or useful on all systems New version 4.63 of F-Secure Antivirus

Minor bugfixes and improvements