Release Notes for IMail Server 2006.23

Ipswitch, Inc.

In this File

System Requirements

IMail Folder Permissions and IIS Configuration

External Database Changes (2006.1)

Registry Checker

For more information about Ipswitch components, click in the list below to read the release notes:

Instant Messaging Release Notes
WorkgroupShare Release Notes
Antivirus Release Notes (only if installed)

New for IMail Server 2006.23

Features and Defect Fixes:

A new version of WorkgroupShare has been released v2.2, for IMail Premium users. See WorkgroupShare v2.2 Release Notes for more information.

Vulnerabilities

Ipswitch would like to thank Secunia Research for reporting the issue below that has now been removed:
[SA26905] The "IMail.exe" Client provided in the IMail Server contained a vulnerability due to a boundary error when processing emails with multipart MIME data, which could potentially compromise a user's system.

"IMail.exe" will no longer be delivered during installation.

Caution: It is recommended that existing installations remove "IMail.exe from the IMail directory. It has been determined that utilizing this feature could potentially corrupt mailboxes.

Web Client

Added logging to the API to track and capture system errors. This log file will have the format "apimmdd.txt" and will reside in the Log Directory setting under System Settings of the Web Administration. This log was designed to assist Technical Support in diagnosing errors that occur in the Web Client.
Added ability to send messages through SMTP servers that do not support authentication.
Fixed client issues causing "Attempted to read/write protected memory" errors.
Fixed users on virtual domains not being able to login.
Web Client can now handle external email addresses with RFC 2822 compliant special character strings.
Fixed issue with Autosuggest not working when contact with apostrophe in the email address existed. Contacts can now handle the following special characters in the email address: ! # $ % * / ? | ^ { } ` ~ & ' + - = _
Fixed issue with "Reply All" including the sender email address. Sender will no longer be included.

Services

IMAP. Fixed list "" inbox command which was returning two inbox folders, causing some clients to crash.
Fixed the inserted x-header for Premium Antispam to now be RFC compliant.
Potential buffer overflow issues relating to Active Directory have been fixed.

Install

DSN Configuration for WorkgroupShare will no longer be overwritten during an upgrade or repair. Specifically for WorkgroupShare users that have switched from Access to SQL database.

Product Description

IMail Server is an Internet standards based mail server system for Microsoft Windows 2000 and Microsoft Windows 2003. IMail Server includes powerful antispam and antivirus management tools, a new Web-based administrator and client, and implements a series of programs that run as services including:

Simple Mail Transfer Protocol (SMTP) service for sending and receiving mail over the Internet or in an internal TCP/IP network.
Post Office Protocol, version 3 (POP3) service to allow POP3 clients (such as Microsoft Outlook Client and Qualcomm Eudora) to download mail from the IMail Server.
Internet Message Access Protocol, version 4 (IMAP4) service to allow IMAP4 clients (such as Outlook or Outlook Express) to access mail on the IMail Server.
Lightweight Directory Access Protocol (LDAP) service for publishing user information in an LDAP directory.
Language support for Web Messaging: English, French, Italian, German, Spanish, Chinese Simplified, Chinese Traditional and Japanese.

IMail also provides features such as a List server for creating and managing mailing lists and a mail to pager/beeper feature that lets you set up aliases on the IMail Server that forward mail from a mail client to preconfigured pager or beeper address.

IMail Server Features

Web Messaging (Web mail client) lets you send and receive mail using a web browser. You can log on to the Web Messaging from a browser on any computer with a supported browser and manage email without installing email client software. When a user creates a mailbox in the Web client, the mailbox is created on the mail server and mail folders and messages reside on the server.
IMail Web Administration (server) provides local or remote access to IMail Server administration features via a Web browser. You can administer all email functions, including users, groups, services, shared calendars and contacts, and anti-spam and antivirus settings.
If WorkgroupShare is implemented in current IMail (Premium) version, Microsoft® Outlook contacts are able to transfer and sync with IMail Web Messaging.

Optional Enhancements

IMail Antivirus Premium (available separately)
IMail Antivirus Premium is fully integrated with IMail Server and is powered by Symantec ScanEngine Server, a high performance, scalable, reliable solution to protect against viruses.
IMail Antivirus (available separately)
AntiVirus for IMail fully integrates with IMail Server and is powered by state of the art anti-virus technology developed by SOFTWIN BitDefender.
IMail Server Plus
Provides standard IMail configuration with Premium Antispam filtering.
IMail Server Premium
Provides standard IMail configuration with Premium Antispam filtering and Instant Messaging

Installing/Upgrading/Repairs

Registry Checker - Regcheck.exe is run automatically during a repair or upgrade, and can also be run from the command line. Regcheck troubleshoots registry conflicts during upgrades and repairs.

Ipswitch IMail uses InstallShield® Wizard to install the IMail components on your computer. Use the on-screen instructions to select the installation features that set up the mail server to your preferences.

The installation program automatically configures Microsoft Internet Information Services (IIS) 5.0 or later and Microsoft® .NET Framework 2.0 or later. It also sets user permissions automatically; however, if you need to configure permissions manually, the following Default IMail Permissions and Configuration must be set on your mail server to make it fully functional or for administrators who do not want to use the default configuration, you can use the Non-default IMail Permissions and Configuration. If you need to configure IIS manually, see IIS Settings. For using IIS Virtual Directories, see Using IIS Virtual Directories.

Starting Web Admin and Web Client

After installation, you have the option to launch the IMail Web Admin automatically. If you choose not to launch IMail Web Admin automatically, in your browser address box, type the IP address or domain name of the IMail Web Server followed by the path where you installed ICS Web Admin.

For example:

http://mail.domain.com/IAdmin, then press ENTER. The Ipswitch Web Admin login page appears.

-OR-

Click Start > Programs > Ipswitch IMail Server > IMail Server Administration. The Ipswitch Web Admin login page appears.

To launch the Web Client, in your browser address box, type the IP address or domain name of the IMail Web Server followed by the path where you installed ICS Web Client.

For example: http://mail.domain.com/IClient, then press ENTER. The Ipswitch Web Client login page appears.

Web Messaging Notes for Upgraders

The Web Messaging templates have been redesigned and no longer support the Web template infrastructure implemented in previous versions of Web Messaging (included in IMail 8.2 and earlier). When you upgrade to IMail v9.0/ICS 2006 or later, the previous versions of the Web templates are not functional.

Web Calendaring Notes for Upgraders

There were no updates to the Web Calendaring templates in this release.

The Web Address for IMail Web Calendaring:
By default, the IMail Web Calendaring server is assigned a Web address that consists of the domain name of the IMail Server and a Web server port number. The default port number is 8484. For example, if your mail host has a name of host1.ipswitch.com, then the address is: http://host1.ipswitch.com:8484

IMail users can start IMail Web Calendaring by entering the address in the browser's address field. If you are not running another Web server on the same host, you can set the port number to the normal HTTP (Web) server port of 80. In this case, users do not have to specify the port with the Web address. For example, users enter: http://host1.ipswitch.com.

Important: Some firewalls may block the 8484 port, in which case you need to change the port number.

Secure Sockets Layer (SSL) Notes

The private key file is protected using a password specified in SSL Configuration Utility. This password is required for decoding the key file while loading the SSL server. This password is stored in the registry and automatically retrieved during the loading process of SSL Server. The registry path for IMail is usually SOFTWARE\Ipswitch\imail\ssl. The registry path must be correct; otherwise an error message is generated and the files will not be created.

Changing Web Client Default Directory (Redirect)

To set a redirect so Web Messaging users do not have to use \IClient in the URL for Web Messaging:

Click Start > Programs > Administrative Tools > Internet Information Services. The IIS console opens.
Right-click IClient (usually located under Web Site > Default Web Site).
Select Properties. The IClient Properties dialog box opens.
In the Execute Permissions list, click Scripts only.
Copy the directory path in the Local Path box.
Click OK.
Right-click Default Web Site.
Select Properties. The Default Web Site Properties dialog box opens.
Click the Home Directory tab.
Paste the directory path you copied from the IClient dialog box Local Path box into the Default Web Site Properties dialog box Local Path box

Downgrading

You can downgrade the IMail Server 2006.23 back to a previous version of 2006 or earlier ICS installation (v2.0, 2.0A, 2.01, or 2.02) without uninstalling as follows:

Open the Registry Editor and locate the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{42A05E51-7514-4330-A784-B4C45412F04D}
Change the Version value to 2000000 (hex)
Launch the installation file and proceed as normal.
When asked if you would like to convert your LDAP database, select no.

Note: The IAdmin and IClient virtual directories and web files will still be on the computer.

Important: Mailbox sizes are corrupted after downgrading IMail 2006 to an earlier version (IMail 8.x). If you have quotas set up, they will fail. To correct this, delete the .uid and .xml files.

Important: When downgrading IMail Server 2006.23 to a previous Imail version, you need to delete the configuration.xml file from the top-level IMail folder

Uninstalling

Open the Add/Remove Programs applet in the Windows Control Panel.
Select the IMail or ICS Edition you want to uninstall.

Note:
• Removing IMail Server using the Add/Remove Programs applet does not delete the IMail directory or the subdirectories and files it contains. To remove these, you must delete them manually.
• Everything is deleted in the Windows registry under HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail (but the Ipswitch key is not removed).
• Directories and files created by setup.exe are removed if they have not been modified. For example, if you have not added any users (and root never gets mail), the Users directory is removed. If these directories have been modified (i.e. the root or users accounts have received mail), you must remove them manually.

New for IMail 2006.22

Features and Defect Fixes:

New maintenance release for Symantec AntiVirus Scan Engine 5.1.4
Premium Antivirus Install/Upgrade Only - Has been modified to use ICAP protocol for all versions subsequent to IMail 2006.22. Native protocol will continue to be used for this current release.
Fixed issue where Japanese OS was crashing with SMTP size command.

Web Administration

Fixed Web Calendar - When using SQL DB where creating new user would not allow access to until re-saving user properties.
Fixed ODBC issue with external databases where passwords and flags were being reset.
Improved "Help" for Trusted Black List.
Removed and updated "Help" documents on Backup instructions for IMail.
Added "Help" documentation and examples for the Domain White List wildcard feature.
Added "Help" documentation and examples to hide Active Directory (Built-in) users from the IMail Server.
Added "Help" documentation on option to not require login with localhost.

Services

SMTP - Fixed the version number displaying incorrectly under the services page.

Web Client

Fixed login issues after upgrading to 2006.21, where the login page was not authenticating against primary domain if URL domain did not exist in IMail.
Fixed Safari issue, where the Folder Tree did not always display when logging in or when refreshed.
Added "Help" documentation on display feature of the Mailbox Folder Sizes.
Fixed issue where IIS's worker process crashes were making the web messaging templates unreachable.

Install

Fixed Install/Upgrade when selecting an alternate path users directory would still setup in default "c:" path.

New for IMail 2006.21

Web Client: CuteEditor by CuteSoft Components, Inc., a new HTML editor has replaced FreeTextBox for composing messages.

New Release of Premium Antispam (Mail-Filters): IMail Server 2006.21 also includes an update to the Premium Antispam (Mail-Filters) software. The latest version of the StarEngineService provides new options for configuring spam filtering of message header content. These options are available on the Premium Filter Settings page. (Click Services > Antispam.) Click Help for detail information.

Vulnerabilities

Ipswitch would like to thank TippingPoint (www.tippingpoint.com) and Zero Day Initiative (www.zerodayinitiative.com) for reporting the following issues that have been fixed:

A heap overflow condition in Imailsec allowed unauthenticated users arbitrary code execution.
Buffer overflow due to unchecked buffer length in subscribe.

Ipswitch would like to thank iDefense Labs (labs.idefense.com) for reporting the following issues, that are now fixed:

[IDEF2131] Buffer overflow in the IMAP Search command.
[IDEF2474] Buffer overflow vulnerability in the Search Charset command.
[IDEF2390] Overwritten Destructor causes IM Server to crash without authentication.

Web Administration

Added the ability to hide Active Directory (Built-in) users from IMail Server.
1. Open Active Directory Users and Computers.
2. Select the user to be hidden, then right-click to open user properties.
3. In the Description box, add the following text to the beginning of the description: Built-in This text is not case sensitive. It does require a dash between the word. Any Active Directory user that has the Built-in prefix in the description box, will not appear as an IMail user.
Added an option to the System Settings to force encryption for authentication when logging in to SMTP, POP, or IMAP services. See Require CRAM-MD5 Authentication on the System Settings page.
In the Antispam white list, added wild card support for trusted addresses.
Fixed help display errors for Antispam pages and the Default User Settings page.
Fixed an error that caused content filtering for authenticated users to override the whitelist.
Fixed an error that occurred when copying an Inbound Rule to a domain that has a domain name with more than 16 characters.
Fixed fields that were not being updated in external users SQL DB: NumNotify, LastNotify. Causing PostMaster notifications to fill up mailbox when "Full Mailbox Notify (percentage)" is set.

Services

SMTP service will no longer crash when the white list is too large (over 100kb), it will simply not load the white list.
SMTPD: Fixed an error that caused multiple message ID headers to be inserted into the message.
POP3: Fixed an error that caused POP3 client connections to be denied, intermittently.
Queue Manager: When sending mail, if a valid 1xx or 2xx response is not received when connecting, the Queue Manager will roll to the next MX record.
Queue Manager: Fixed an error in handling the trailer.txt message. If you use the trailer.txt message, it is now appended to messages sent in all supported message formats. including: HTML, MIME Base64, MIME Quoted Printable, MIME with no encoding, and UUencode.
SMTP - Fixed Japanese OS from crashing SMTP when size parameter (RFC 1870) used in "Mail From".

Web Client

Cute Editor - New functionality when composing messages. Virtual Keyboard, Undo & Redo buttons, fit to window (creating larger edit window), Preview button, superscript, subscript, inserting hyperlinks and much more.
Cute Editor - Fixed Safari issue when replying/forwarding messages, all encoding /HTML tags were displayed.
Cute Editor - Fixed double spacing when enter is pressed - will now only single space.
Added plain text messages to go along with HTML messages when new messages are sent. Fixed an error that caused improper handling of Base64 Japanese encoded attachments in the message header.
Vacation message & Auto Responder messages can now handle international encoding (unicode - UTF8) through client preferences.
Please Note: The Information Manager (Auto Responder) and Vacation Message from the Web Administrative side does not have the capability to handle international encoding. Any updates made when international character sets exists will be incorrectly saved.
Added the display of mailbox sizes. Click the root of the folder tree "Email" to view a list of the mailboxes and their sizes.
Fixed a vulnerability that allowed javascript (embedded in a message) to run when viewing the message. By default, Web Mail now removes the embedded javascript.
Removed a handle leak which was causing web client failures on high use servers.
Fixed an error in handling of inline images that have a filename associated. Such images are now shown inline.
Session will no longer time out when typing a new message. Still recommend "Save To Drafts" for safe guard.
Fixed an error where the slider selector was displayed in the Select Names dialog (when creating a new message) when there was less than 1 page of contacts.
Fixed an error that prevented a user with a one-character user ID from changing the Reply-to address in user preferences.
Fixed an error with loading the WorkGroupShare database that prevented display of the folder tree and prevented use of the Compose function.
Fixed an error that allowed a previous user session to be displayed if the user exits Web Mail without clicking Log Out.
On the Rules page, after sorting columns, then selecting a rule for edit, the wrong rule would display. This error has been fixed.
Now updates the lastlogin field when a user logs in.
Made corrections to user interface text in German and Italian versions.
HTML emails that have section separators now display properly.

Install

The install program now provides the option to create a separate application pool for IMail Server within Microsoft IIS, if it detects that IIS version 6 is running.
HASP Error will no longer appear during installation/upgrade when SP2 is installed on Windows 2003 Server.

Utilities

wgscvt.exe: Upgrading from 8.xx to 2006.2 - Contact groups will now all convert over correctly.
wgscvt.exe: Upgrading from 8.xx to 2006.2 - Fixed the aliases.txt issue where duplicate contact names were not handled correctly.
wgscvt.exe: Now creates a log file, under the IMail directory "wgscvt.out".

New for IMail 2006.2

Vulnerabilities

Addressed the following security vulnerabilities (identified by iDefense Labs):

[IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability
[IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow Vulnerability
[IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow Vulnerability
[IDEF2162] IMail Server 2006 IMailServer.Connect Buffer
[IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow Vulnerability

Remote exploitation of an ActiveX control buffer overflow vulnerability in IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. To exploit this issue, a user would have to visit a malicious website from a computer with IMail Server installed on it.The vulnerable component is also likely installed with any Ipswitch product that includes the IMail Server. This includes products such as its Collaboration Suite packages.

Web Client

Web Mail now uses .NET 2.0.
Web Mail message and folder lists have been redesigned for better performance and usability.
- Web Mail Move/Copy folder now stays open for multiple moves or copies.
- The Add Contacts grid for the Compose page redesigned for better performance.
- New visible progress indicator displays when sending messages.
- Web Mail now supports persistence for message list column and window sizes.
Compose page now autofills TO/CC/BCC in new messages.
The Ipswith icon called favicon.ico is now in the root of the Web client that is used for browser bookmarking. When Web Client is bookmarked, it will create a bookmark called "Ipswitch Web Messaging" with the Ipswitch IMail icon displayed to its left.
URLs in plain text emails are now clickable.
Japanese and Chinese (traditional and simplified) encoding are now available for sending messages.
Preferences Save button is now stationary when the User Preferences page is scrolled.
Disk Space Usage indicator now displays with a decimal point, and can be disabled globally or for a specific user.
Fixed an error in which deleting a mail folder in Web Messaging did not delete the XML.
Fixed an error in which, when server time uses Daylight Savings Time, received time is one hour off.
Fixed an error in which, when mail forwarded from Web Messaging with attachment, the attachment did not display when sent to an Exchange 2003 server.
Fixed an error in which mailbox space usage indicator in the Client did not work with domain level size limit.
Fixed an error in which Web Mail treated message as HTML even though it was sent in plain text.
If Signature is enabled, it is now included in a reply or a forward.
Fixed an error in the Plain Text option in whichs word wrap formatting was not maintained after a message was sent.
Rules - Fixed an error in Add/Edit Rule - Action for Condition - where "Move to Mailbox", if selected, saved as "Enter mailbox name" if the mailbox name was not changed. Rules: Fixed an error in which rules seemed to be causing duplicate messages.
Rules - Fixed an error in which a rule with "<" ">" could not be edited after created, as it became blank.
Fixed an error in which auto refresh stole focus when viewing another browser window.
Fixed an error in which Firefox would not resize the message columns in the message list.
Fixed an error in "Total Results Found:" in which advanced search results were not being cleared after closing Advanced Search.
Ability to select plain text emails as a default.
Force subscribe to public/private mailboxes no longer affects the Web client
No longer automatically loads first message in inbox
Fixed Spanish folder tree scroll issue due to columns
When adding user with external SQL database, and user account already exists, it will no longer be overwritten.
Fixed Disk Space usage display of 2000 MB to correctly show 2 GB
Web Mail message and folder lists have been redesigned for better performance and usability.
- Web Mail Move/Copy folder now stays open for multiple moves or copies.
- The Add Contacts grid for the Compose page redesigned for better performance.
- New visible progress indicator displays when sending messages.
- Web Mail now supports persistence for message list column and window sizes.
Web Mail: Compose page now autofills TO/CC/BCC in new messages.
Web Mail: there is a new file called favicon.ico (the Ipswitch icon) in the root of the Web client that is used for browser bookmarking. After you open Web Mail, if you click Add a Favorite in your browser, it will create a bookmark called "Ipswitch Web Messaging" with the Ipswitch IMail icon displayed to its left.
Apple® Safari Support

Administrator

Capability to select a different location for log files other than spool folder.
Deleting a user will also allow simultaneous deletion from lists and aliases.
Adding a user will allow users to be added to lists and aliases.
Activation status and/or duration of trial mode now display on the interface.
Now includes an "About" box that displays product name, version number, and license key.
Fixed an error in which global user changes did not apply when using an external user database.
Added the ability where renaming a user gives you the option to change the username in the WorkgroupShare.mdb.
Fixed an error in which renaming an existing user through IAdmin while using an external SQL database did not rename the user in the database.
Added the ability where, when a user is deleted, the user is deleted from aliases and lists.
Added the ability to not require a login when going to localhost.
Added the ability to load the Administrator even if no domains are configured.
Fixed an error in which Max users was not being honored, allowing domain admins to exceed number of users.
BRANDING: (Upgraders only). Rename or copy this new branding.example folder to "branding" if you would like to brand the Web Client.
Web Mail now supports adding a brandable title to browser.

Installs

Online and offline activation and registration are now included in the installation.
Option available to not reset permissions on repair

Services

Queue manager: Fixed an error in which Queue Manager would write a log line for adding a file even after the file had already been added.
SMTPd: Fixed an error in which using mixed case in host names causes a memory/handle leak.
Peering: Fixed an error in which peering does not work properly when Gateway setting is enabled.
OpenSSL – IMail Server now uses Version 0.9.8c.
IMAP - Web Mail no longer uses IMAP for mailbox access: it now reads/writes mailboxes directly.
ODBC - Changes made to ODBCUser.dll allow you to add, find, and implement global user changes for external databases.
POP3 now can be configured to restrict how often clients can pop their mail.
SMTPD - Better error reporting in logs for smtp_deliv_failed.
Queue manager now supports RFC 1870 on outbound mail.

Utilities

WGSCVT.exe will not be able to convert contacts for some domains that are using a custom ODBCuser.dll. These users will not have access to contacts from previous versions.

Known Issue

Safari: Web Client - When replying/forwarding HTML messages, all encoding/HTML tags in original message are displayed.

For More Information

You can download User Guides and view other information at the IMail Support Center at http://www.ipswitch.com/support/IMail/index.asp

Copyright

The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of that license.

Copyright © 1995-2008 by Ipswitch, Inc. All rights reserved. IMail, the IMail logo, WhatsUp, the WhatsUp logo, WS_FTP, the WS_FTP logos, Ipswitch Collaboration Suite, Ipswitch Collaboration logo, Ipswitch Instant Messaging, and the Ipswitch Instant Messaging logo, Ipswitch, and the Ipswitch logo are trademarks of Ipswitch, Inc. Other products or company names are or may be trademarks or registered trademarks and are the property of their respective companies.

No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transferred without the expressed prior written consent of Ipswitch, Inc.