Webmail Messenger release notes
- The virtual appliance OVA file should not contain the nvram file because older vSphere Web Clients cannot import an ova file which contains an nvram file. vSphere Web Client error report: The "Deployed an OVF with NVRAM is not supported (incompatible vCenter version)."
- Fix for Securosys HSM data at rest encryption with keys generated on the HSM
- The TLS settings used by Postfix now exclude configurations that are deemed insufficient by NCSC-NL, like the SSLv3 protocol and RC4 encryption algorithm. Ref: NCSC-NL TLS Guidelines
- Patched JQuery 1.12.4 to fix all open security issues.
- PAM authentication added to the administrative web interface. Administrators
can now log in with their Unix credentials. PAM authentication can be disabled
from the Admin page (after logging in) or by adding the properties file
- The virtual appliance is now based on RHEL 8.
- CipherMail core packages (ciphermail-webmail, ciphermail-webmail-web) now require the ciphermail-core-os package. There are two packages that provide the new ciphermail-core-os dependency: ciphermail-core-os-no-deps and ciphermail-core-os-rhel8. When installing on RHEL 8 or CentOS Stream 8, use ciphermail-core-os-rhel8. In other cases use ciphermail-core-os-no-deps.
- The back-end log file is now written to
- The front-end log file is now written to
- The Unix domain socket
/var/opt/ciphermail/run/postfix/cm-postfix-socketmap.socket:authorized-recipientswas moved to
/run/ciphermail/cm-postfix-socketmap.socket:authorized-recipients. This requires changes to Postix main.cf (rc_reply_recipient_restrictions setting). The update script will do this automatically for you.
- A default built-in administrative user is no longer created on first start. Administrators should log in with their Unix account after which they can configure a built-in administrative user if needed.
- The IP filter properties file was moved from
/etc/ciphermail/ip-filter/ip-filter.properties. This required changes to the administrative web interface and console module.
systemctlin all scripts. The back end should now be started with
systemctl restart ciphermail-webmail-backendand the front end should be started with
systemctl restart ciphermail-webmail-frontend.
- The graphs to show on the admin homepage are now read from a json file.
- Unix domain sockets are now placed in
/run/ciphermailwhich is auto-created by the systemd service.
- The Unix domain socket
/usr/share/ciphermail-webmail/var/ciphermail-dict:ciphermailwas moved to
- ciphermail-dict group renamed to cm-dovecot.
- The restore function of the backup page is now only enabled if the user is logged in via PAM. i.e., with a Unix account. The additional system password field for restoring has been removed.
- Files from the application directory are now by default owned by root. Files and directories that should be owned by the back-end user are excluded.
- There is now only one build of the console app which is shared by the gateway and webmail messenger.
- The Certbot manage script could no longer detect whether or not a Let's Encrypt certificate was available or not because the text returned by Certbot was changed. We now check whether the dir /etc/letsencrypt/live/ciphermail exists or not.
- Some password fields are now configured with autocomplete="new-password" to prevent autofilling.
Version 4.0.0 was an internal release.
- Unread email notification added. If enabled, it will periodically check if a user has unread mail. If so, a notification will be sent.
- Bouncy Castle jars updated to 1.67.
- Roundcube updated to 1.4.9.
- Logo color changed to match new color scheme.
- Templates are now sorted (with the exception of custom templates which always come at the end).
- Postfix now prefers IPv4 addresses. This slightly improves connection performance as IPv6 connection attempts (which are not yet supported in our products) are now skipped.
- The X-Forwarded-For header is now removed from all requests by default unless
the request comes from a trusted proxy (see
/etc/httpd/conf.d/x-forward-for.conf). This is done to improve logging accuracy.
- The administrator can override the default (root) target processor on the respool page.
- MTA "after queue filter size" and queue_min_free are now calculated based on the configured max mail size
- MTA "before queue filter size" renamed to "Message size limit" and "after queue filter size" removed from GUI
- Web GUI session timeout can be configured using the property ciphermail.gui.admin.max-inactive-interval
- Show error message "You are not authorized to send email to ..." if the webmail user sends an email to an unauthorized domain.
- The authorized recipients are now read from the database using postfixSocketMapService. This service uses a Unix domain socket that only allows access to the 'cm-postfix' group. The 'ciphermail-webmail' and 'postfix' users must be members of this group to make use of this feature.
- Roundcube updated to 1.4.6.
- Logging improved for unacceptable emails (e.g. those with very large email bodies) that are sent from the back end.
- Fix for privilege escalation issue (CVE-2020-12713).
- Fix for weak Diffie-Hellman parameters (CVE-2020-12714).
A patch script for both vulnerabilities is available for users of older Webmail Messenger versions.
- Java 8 or up is now required.
- CXF jars and their dependencies updated from 3.0.12 to 3.3.6.
- ECallSMSTransport2 with support for the new ECall API added.
- Roundcube updated to 1.4.4.
- Certbot timer was not started.
- Docker Compose file added for unit tesing.
- Support for requesting certificates via ACME (Lets Encrypt) added.
- Wizard added which can be used to import a trusted system root certificate.
- Portal footer option added to global settings. The footer will be added to all portal pages (but not to the webmail page).
- Redirect rule added for redirecting '/' to '/webmail/'. We no longer need the index.html file to do this redirection.
- Dovecot prefetch is now supported and enabled. Now only one user lookup has to be done instead of two.
Version 3.1.0 was an internal release.
- The Webmail Messenger portal now uses a completely new skin based on Roundcube 1.4's Elastic skin. This makes Webmail Messenger scale better on mobile devices.
- DKIM signing is now supported. It can be configured globally or for each domain individually.
- Webmail Messenger portal styles (like colors) can now be edited from the GUI to match the company colors.
- Logos modifiable by the administrator are now stored in a logo registry. A standard logo editor can now be used to add additional editable system logos.
- System sender and From addresses can now be specified. These addresses are used by some system-generated notification messages. The default system sender is the null sender. The default From address is 'postmaster'. The default email templates have been modified to reflect this change; From is set to 'postmaster' if not overridden.
- The MPA log viewer now supports multiple log files. Previously only the last two MPA log files were shown. The admin can now select the number of log files to show, and filter on (up to 9 log files).
- The system URLs (Base URL, OTP URL etc.) can now be set on domain and user level. Previously this was only possible on the global system level.
- Special PDF subject and header trigger added (only used in 'standalone' mode).
- On the "Compose a test email" page, if the "deliver via webmail messenger" checkbox is selected, the email will be delivered via the back end and handled as if it was a Webmail Messenger email, i.e. the message will be delivered to the recipient's webmail inbox.
- Native NTLM client support is now disabled because only version 1 was supported, which is insecure and discouraged by Microsoft. If you need NTLMv2 support, use the included cntlm proxy or an NTLM proxy of your choice.
- Notify and PDFEncrypt "userProperty" must now be a JSON string. If you have modified the standard config.xml file, or any other MPA XML fragment that uses Notify or PDFEncrypt and where "userProperty" is set, please update these XML files to make sure the new JSON configuration is used.
- Support for some obsolete browsers (e.g. Internet Explorer 8) has been dropped. The Webmail Messenger supports all browser versions that are supported by the latest Roundcube version.
- System jars updated for Java 11.
- The type of the cm_value field of the cm_properties_cm_name_values table was changed to mediumtext in order to support larger values. This change only affects installations that use a MariaDB or MySQL DBMS.
- The max MPA log size is now 20MB (was 10MB). The log is rotated once it reaches this size.
- Packages are signed with a new signing key. The fingerprint of this key is 034416869EBF877A9C37B22E81DD361DC65A8999.
- dnsjava upgraded to 2.1.9.
- All non-CipherMail package dependencies of the RPM and Debian packages are removed. This makes it easier for us to support multiple RedHat/CentOS and Debian/Ubuntu releases.
- Parts of properties code changed to improve multitenancy.
- Email address highlighting was missing the '-' character in domain names.
Version 3.0.0 was an internal release.
- Additional email forwarding rules can now be added.
- ServerMode property added. You can now select ADD-ON (default) or STANDALONE to choose the desired Webmail Messenger deployment type. The separate standalone configuration fragment and script are no longer needed.
- PDF option "Use reply sender" added. If "Use reply sender" and "Reply sender" are set, the "Reply sender" email address is used as the sender of the PDF reply email.
- Wizards added: initial setup wizard, encryption setup wizard, TLS/SSL import wizard and more. The wizards make it easier to set up and configure Webmail Messenger.
- Every admin page now contains the admin menu, i.e., if you open an admin page, you no longer have to use the back button to select another admin option.
- Additional email forwarding rules can be added.
- For most pages and settings there is now a help button. If clicked, the online help page for that page/setting will be opened.
- Additional HTTP security headers added (Content-Security-Policy, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, Feature-Policy).
- The DNS and network configuration is now always reloaded in the background when initiated from the administrative web interface.
- Some pulldown menu items are now in sorted order (Settings/Other, Admin/Other and MTA).
- For most RPM spec config files, "%config(noreplace)" is replaced by "%config" (i.e, (noreplace) was removed).
- Domain validator is now more strict. A domain fragment cannot end or start with dot (.) or contain consecutive dots.
- The TLS/SSL import page now allows an empty password.
- Improved layout of network, software and system update display.
- A PDF reply message will now contain an "X-CipherMail-Reply: true" header.
- Fixed sonarlint warnings.
- HTML/CSS refactored. Bootstrap HTML/CSS framework is now used for the web GUI. The web GUI is now responsive and scales on small mobile devices (iPhone, iPad etc.). Some menu items are now combined under one pulldown menu (S/MIME) and some menu items are moved. This was a major change because all GUI pages had to be updated.
- Startup script loads user override file /etc/default/ciphermail-webmail-override (if available).
- MimeEncodeHeaderMethod freemarker method added which can be used to MIME-encode a header to make it 7-bit safe.
- The back-end memory limit is now 16 GB instead of 2 GB.
- Logo in Webmail will now always fit (resize if needed)
- General cleanup (copyright statements, code cleanup etc.)
- System page now has a "Restart Web Server" button which will restart Apache (required if the SSL/TLS certificate is replaced).
- A red exclamation mark is now shown next to buttons on the System page whose services should be restarted.
- The admin pages are now proxied via Apache HTTP Server. If the SSL/TLS certificate is replaced, only Apache has to be restarted instead of the whole application, which is faster and does not invalidate existing logins. This change also makes it easier to support Let's Encrypt.
- Module added which can retrieve the IP ranges used by Gmail (SPF lookup) and Office 365 (Microsoft-provided web service). This is needed if you need to set up the Webmail Messenger to be used with Gmail or Office 365. A background cronjob will periodically check if there are updates to the IP ranges. Note: this module is disabled by default, enabling it requires command line interaction.
- System notifications can be configured to be sent by email to an administrator. For example, if the IP range used by Office 365 or Gmail is updated, or the license is about to expire, an email notification will be sent to the configured email addresses.
- Webmail Messenger can now be configured to add read receipt requests in the
form of a
Disposition-Notification-To:header. After enabling this feature, the webmail user interface will automatically send read receipts when the user first opens a message.
- The reply sender can now be rewritten to a preconfigured email address. If rewritten, the sender name field of the email address will be set to contain the original email address of the sender. See the feature's documentation for an example.
- The "New mail" and "Invite" notification sender can now be changed. This works in a similar way as the "Rewrite reply sender" option.
- Support for Clickatell Connect API (SMS transport) added.
- Factory properties can be set/overridden by placing property files in conf/ciphermail-webmail.properties.d.
- In standalone mode, it's checked whether the sender is licensed. If not, the sender will be notified and the message will not be handled. A notification is sent if 25%, 50%, 75% and 100% of the max licenses have been assigned. A license expiration warning is shown if the license is about to expire in 30 days. A daily notification is sent if the license expires within 7 days.
- Postfix long queue identifiers are now enabled by default. The benefit of these longer identifiers is simpler log file analysis, because the queue IDs are only reused after a long time.
- MariaDB JDBC driver updated to 1.7.4.
- Some image URLs and links did not take the port number into account if the webmail portal was externally reachable on a different TCP port.
- TLSv1.0 and TLSv1.1 are now disabled. Only strong TLSv1.2 ciphers are enabled.
- Debian packages are now built for the amd64 architecture instead of i386.
- Clickjacking protection added. The web interface now adds an
- SMTP lookup tables can now be edited using the web interface.
- The password reset email no longer uses the null sender (<>). Some anti-spam systems block emails with an empty sender address.
- 'Relay recipient' is no longer a required option. This change allows deploying Webmail Messenger as a standalone system.
- The back end now supports a mail attribute named
remote-delivery.smtp.relay-host. It can be used to deliver mail to a different relay host or local service based on the message content.
- It is now possible to export the database in XML format.
- The Webmail Messenger virtual appliance is now based on CentOS 7 instead of Ubuntu and runs MariaDB instead of PostgreSQL. Unfortunately this means that backups of previous virtual appliances cannot be imported directly in Webmail Messenger 2.1.0+. Users with a support contract can contact us for help with migrating the database to the new version. Note: this change only impacts customers who wish to upgrade to the new CentOS-based virtual appliance.
- Jetty upgraded to release 9.4. This requires Java 8 or up.
- Postgres JDBC driver updated to support Postgres 10.
- Most dependencies have been removed from the Debian and Red Hat packages. This makes it easier for us to support different Debian and Red Hat/CentOS releases.
- SleepTimeOnError added to SMSGatewayImpl background thread. The thread will sleep for 30 seconds (configurable) if there was an exception in the background thread not caused by a transport. This is done to prevent filling up the logs if there is a problem with the database.
- Cipher suites for HTTPClient are no longer set. The cipher suites
configuration resulted in a bug after a Java update. This bug only affects
Webmail Messenger installations that use a link to
- Postgres 10 does not allow the JDBC URL to end with '/', which would cause database connectivity issues with Webmail Messenger installations after upgrading to that Postgres release. The last '/' has now been removed from the JDBC URL.
- SOAP communication between the front and back ends now uses HTTP Basic Authentication instead of Web Services Security to work around a recently introduced bug in Java 1.8.0_162. Ref: https://bugs.openjdk.java.net/browse/JDK-8196491, https://github.com/javaee/metro-jax-ws/issues/1209
- The Webmail Messenger license was only checked during startup.
- PDF encryption now supports deep MIME scanning. This feature ensures that all attachments are included in the encrypted PDF file, which was not always the case for messages sent with Mac Mail. Ref: GATEWAY-89.
ciphermail.d/*.confadded to Apache HTTP Server configuration. This can be used for things like custom skins and advanced web server options.
- Because some NIO classes are now used, Java 7 or up is now required.
- Multiple libraries updated.
- The TOTP secret used for two-factor authentication failed to generate.
- Two factor authentication with SMS or TOTP (e.g. Google Authenticator) is now supported.
- SMS gateway added.
- Support for Twilio and eCall SMS gateway added.
- Auto cleanup service added. When enabled, webmail accounts which are not used for some time will be cleaned up automatically.
- Multiple libraries updated.
- Minor bug fixes.
- The account portal can now be used to generate one-time passwords for decrypting PDF messages.
- The account portal now uses the Bootstrap CSS framework.
- MySQL/MariaDB jdbc drivers updated.
- CXF upgraded. CXF now uses Netty for SOAP server connections instead of Jetty.
- New admin roles could no longer be assigned/removed. Ref: GATEWAY-102.
- Script added for creating the required TLS certificate for database and IMAP replication in highly available setups.
- Script added for copying email to a second appliance.
- MTA config page refactored. The MTA page no longer has any advanced options since the old advanced options were important enough to show them at all times.
- The portal user password can be set to an empty value. This resets the password for the recipient. The next webmail message will then result in a new invite email.
- The X500 subject field now shows most settings by default and only shows the OU attribute under the 'more' option.
- Certificate/key import pages now return to the parent page (certificates, roots) after import. The import result is shown in the parent page.
- Tooltip was not always shown on top.
- Most close/cancel buttons were removed to make the user interface more consistent. Users should use the back button or menu items for navigation.
- CSS naming on some forms changed for consistency.
- Support for MySQL/MariaDB and Oracle Database added. A Dovecot dict service has been added to support Oracle Database, since Dovecot does not support Oracle Database natively.
- Database and IMAP replication support added for highly available setups.
- ciphermail.backup.enabled system property added which can be used to disable the backup option in the web interface.
- HTTP Strict Transport Security (HTST) is now enabled by default.
- Java wrapper upgraded to 3.5.28 to fix a memory leak on RedHat/CentOS.
- The user can now select their preferred language on the login page. The supported languages are English, German, Spanish, French, Italian, Japanese, Polish, Portuguese, Russian, Chinese and Dutch.
- The web interface is now fully responsive on mobile devices.
- Roundcube updated.
- HTTPS enforcement in Roundcube is now enabled.
- Authorized recipients, for email sent by webmail users, can now be configured from the web interface.
- SMTP transports can now be configured from the web interface.
- Per-user quota support added.
- The maximum attachment size can now be configured from the web interface.
- Configurable periodic mail purging added.
- Virtual Appliance updated to 64-bit Ubuntu 14.04 LTS.
- Passwords are now processed as UTF-8 strings in order to support Unicode characters.
- Roundcube updated.
- Legacy browser plugin for Roundcube added to support old Internet Explorer versions.
- Java wrapper updated to 3.5.26. This fixes a multibyte char logging bug which sometimes resulted in erroneous '?' characters in the log files.
- Mailbox manager added.
- rsyslog module added.
- Mail quota support added.
- HSM local mail encryption/decryption script refactored.
- Roundcube updated.
- Initial release.