Note: July 27 – A fix to Outlook that was caused by the Windows Creators Update is now available by upgrading to most current version of OutlookConnector – version 4.5.1. Click here to download the update.
The Creators Update for Microsoft Windows 10 has introduced various technical issues. One of the issues is that it may cause Outlook to become unstable when Outlook Connector is used. The issues with Outlook are not isolated to Alt-N products.
Our technical team is working to find a solution to address the issues as soon as possible.
Who is affected?
Customers using Outlook Connector with the Windows 10 Creators Update are affected.
What is the issue?
After installing the Creators Update, Outlook may, under some circumstances, crash or stop working. We have also had reports of searches not returning results.
How do I fix it?
There are a number of workarounds available but the only solution at this time is to uninstall the Windows Creators Update and install the Windows 10 Anniversary Update (version 1607). Using older versions of the Windows operating system can put your system at risk; please use caution.
How do I install the Microsoft update – version 1607?
Dropbox Integration for Webmail Users, Popular IM Client Connections, Support for Let’s Encrypt, new Message Scheduling, and More!
Businesses around the world have depended on the reliability and security of MDaemon for over 20 years.
With the release of MDaemon 17, we’ve included additional security features and introduced several new features for WorldClient, MDaemon’s feature-packed web-based email client.
Below, you’ll find a summary of key new features. A more comprehensive list of all new features and enhancements can be found in the MDaemon release notes on the MDaemon Download page.
New Security Features
MDaemon Health Check Utility
MDaemon’s new health check utility will analyze all security-related settings and display a report of each feature that is not configured with the recommended setting. This report includes the name of the feature, the current setting for that feature, its recommended setting, and the GUI path to the setting. Administrators can select an entry in the report and click on “Set to Recommended” to re-configure the selected feature with the recommended setting, or by holding down CTRL or SHIFT, multiple items can be selected and re-configured simultaneously.
Enhanced Password Security
An option has been added to store mailbox passwords using non-reversible encryption. This protects the passwords from being decrypted by MDaemon, the administrator, or a possible attacker.
WorldClient Instant Messenger now uses the XMPP protocol for instant messaging instead of WorldClient’s proprietary protocol. This gives users more chat client options (those that support XMPP), especially when wanting to use mobile chat clients to connect with MDaemon users on their desktop.
WorldClient users now have the option of sending a message at a later date and time. This feature is located under the Advanced button in the message compose window. Simply select the desired date and time in the new drop-down menus, and then click on Send. For more information on how to enable this feature, please see the MDaemon release notes.
Support for Multiple Email Signatures
WorldClient now supports multiple email signatures. This is useful in situations where a user has additional aliases for his account, such as email@example.com, etc. A default signature can be assigned to the user’s primary email address and to each alias. When composing a message, users can use the default signature assigned to the email address (or alias) currently used, or choose from among their other signatures via the Advanced button in the message Compose window.
Easily Share Contacts with Other Email Clients
When using the LookOut or WorldClient themes, WorldClient users can now import vCards (.vcf files) into their default contacts folder. vCards enable users to send and receive contact information in a format that can be easily read in other email programs. A vCard may contain a contact’s name, title, phone number, email address, mailing address, and other information.
Enhanced Desktop Notifications
Desktop notifications are now available for WorldClient tasks and events. When a reminder is configured for an event or task, a pop-up window will display to alert the user.
ActiveSync Corrupt Message Notifications notify administrators if a particular message cannot be processed.
The ActiveSync Migration Client now supports the ability to select which folder types to migrate.
A new content filter option has been added which will quarantine the entire message when it contains a restricted attachment.
The Retry Queue configuration screen has a new checkbox which enables sending of a “successful delivery” DSN (delivery status notification message) any time a message is delivered which has previously been delayed and placed in the retry queue for whatever reason.
Options have been added to the Outlook Connector centralised management for local cache filename and attachments directory.
2016 was an exciting year for Alt-N Technologies as it marked the 20th anniversary of the MDaemon email server for Windows and our ongoing efforts to bring affordable, secure, and reliable email and email security software to the small-to-medium business segment. And as many of you know, a lot has changed in the last 20 years. One thing that hasn’t changed over the years is the ongoing threat of people trying to use email as the primary method to attack an organization or steal personal information.
Like any form of communication, it can be used for good or bad. Unfortunately, when email was initially developed, its creators didn’t anticipate the ways bad actors would exploit the technology through methods like phishing, hacking, and launching disabling applications like ransomware, Trojans, etc.
2016 also reflected changes the industry continues to see in the area of deployment options. We saw some resellers and customers turning over the management of their email to MSPs (Managed Service Provider) or other third-party providers. The driver for this behavior varied by customer and industry but can be summarized by the desire to move hardware and software costs from capital expenditures (CAPex) to operational expenditures (OPex), with pros and cons to each approach. Alt-N worked with many existing and new channel partners to see MDaemon Private Cloud hosted email services introduced into new markets like Africa, Asia Pacific, and Latin America with continued growth in existing markets like North America and Europe.
With regards to hosted email services, we also received growing requests from direct customers asking Alt-N to manage their email. In response, Alt-N launched its own service using the MDaemon Private Cloud version of the software by introducing WorldClient Private Email for Business. With this new service offer, we have been able to meet the needs of direct customers who want us to manage their email, such as a 600-user customer who chose our service and support after having a large Office365 reseller attempt to convert them away from MDaemon!
For 2017, we will look for sales growth in new and emerging markets while working hard to earn and retain the loyalty and support of our existing customers. We will continue our efforts to add valuable features to MDaemon and SecurityGateway for Email Servers as those products remain the focus of our development efforts. We will be working on improving features that support cloud-based deployments while keeping a close eye on the needs of customers who want the control of on-premise and hybrid environments. And we will continue to look for new ways to enhance and bring value through our partnerships with complimentary vendors like MailStore, as well as seek out new technologies and vendors to make integration with our software simple and easy to use.
As we begin 2017, we want to express our sincere gratitude to those customers and channel partners who have helped Alt-N Technologies grow these past 20 years. We also look forward to earning the business of new customers and partners as we work toward a successful 2017.
As always, we invite you to tell us what you think by sending us your feedback. You can reach me directly at kevin(dot)beatty(at)altn(dot)com.
Well, another year is almost over, but over the past year, we’ve managed to pack in lots of new features and enhancements to our products, and thanks to people like you sharing your ideas with us via the Alt-N Idea Engine, or on our community forums, our development staff can have a direct dialog with customers. For 2016, we’ve added the following new features to MDaemon:
Spambot detection – When multiple messages claiming to come from the same sender are received from multiple IP addresses, a spambot is often the culprit. This feature helps keep those pesky Spambots from sending mail to your server.
CardDAV support – Allows users to synchronize their contacts with their favorite mobile device or other mail client.
ActiveSync migration client – The ActiveSync migration client makes it easy to import data over from any other mail server that supports ActiveSync protocol version 14.1.
Third-party chat (XMPP) client – Users now have more options for chatting with their colleagues. In addition to the standard WorldClient Instant Messenger, users can now chat with their favorite XMPP client from their desktop or even their mobile device!
Automatic updates – With automatic updates, the administrator no longer has to manually check for new versions and install them. The automatic update feature will notify the postmaster when a new version is available. Updates can be automatically downloaded and installed at a designated time.
We also released SecurityGateway 4, which includes the following new features:
Enhanced anti-spoofing support with DMARC – DMARC allows domain owners to specify what actions to take for messages that don’t align with DKIM or SPF. This helps take out the guesswork on how to handle messages that may be spoofed.
Improved user interface for mobile devices – SecurityGateway’s web interface now scales to fit any screen size, so whether you’re using a mobile device or a PC, you’ll see a friendly, responsive interface that has been designed for the screen size you are using.
Send mail from each domain’s IP address – When you have more than one IP address on your server, each domain can be bound to a specific IP address. Mail from the domain will be sent from its assigned IP address.
We launched our blog over three years ago to provide another communication channel for our customers, to keep people updated on the latest email industry and security news, tips, product releases, and more. For 2016, we’ve compiled a list of the ten blog posts that generated the most interest. With email security featured prominently in the news over the last year, it comes as no surprise that the topics that generated the most interest revolve around email security and privacy.
Our friends at MailStore have been hard at work to make their email archiving solution more secure while providing more flexible administrative features. With the release of MailStore version 10, users and administrators benefit from the following improvements.
Keeping Archive Data Safe & Secure
Full Encryption of Database & Audit Logs
MailStore has always stored archived email in encrypted format, but now, they take encryption a step further by encrypting the internal databases and audit logs. Now, in addition to the messages themselves being encrypted, metadata such as message subjects, senders, and recipients are also encrypted, as well as the archive folder structure.
Restricted archive access for administrators
By default, MailStore administrators will no longer be able to browse, search, or export email of other MailStore users as long as the compliance setting “Archive Access” (formerly known as E-mail preview) is set to “Block Access.”
Extra Cloud Backup Protection
MailStore now allows you to use a specific recovery key to prevent archive data from being accessed from other systems by unauthorized users. This is useful in situations where cloud storage backup locations are used.
Making Life Easier for Administrators
Automatic Updates with Email Notifications
MailStore now includes an automatic-update feature that notifies the administrator when a new version is available. This helps to ensure that you can always benefit from the latest feature set.
Flexible Storage Location Options
Administrators now have more options when configuring archive stores. Each component of an archive (email content, search indexes, databases) can now have its own storage location.
Many Other Improvements
These are just the highlights of MailStore’s new features. To benefit from all of its new features and enhancements, download MailStore 10 today!
MDaemon has many features for fighting spam that, when configured properly, can be very effective at blocking out unwanted junk email. However, it is possible for the occasional spam message to slip through. Likewise, it is also possible for the occasional non-spam message to be mistakenly identified as spam and blocked from being delivered. This is especially true if you work in finance or the medical industry, where you are more likely to receive legitimate email messages that contain words often found in spam. This presents a challenge: How can administrators and end users improve the accuracy of the spam filter?
An effective solution to the problem is using Bayesian analysis to help MDaemon “learn” what is & is not spam.
You may be thinking, “So what is Bayesian analysis?” Bayesian analysis is based on Bayesian logic, which is a branch of logic that deals with probability inference – predicting future events based on knowledge of prior events. In the context of spam filtering, MDaemon’s Bayesian Learning feature uses Bayesian logic to make inferences about the probability that a message is spam based on the patterns contained within it and how those patterns compare with the patterns found in messages that have been fed to the Bayesian Learning engine.
Bayesian Learning helps train MDaemon’s spam filter to become more accurate over time by feeding it samples of spam and non-spam messages. This is especially useful for the medical and finance industries, where certain keywords are “spammy” to one industry but not the other. This feature also helps reduce false positives (legitimate messages mistakenly marked as spam) or false negatives (spam messages that were not marked as spam).
So how does Bayesian Learning work & how can users use it to train their inboxes to recognize spam? Keep reading to find out!
How to Use Bayesian Learning – The Short Version
Before we get into the details of how to use MDaemon’s Bayesian Learning features, let’s start with a high-level overview of how to use it. First, the administrator enables Bayesian Learning in MDaemon. Then, the administrator creates the Spam and Non-Spam public folders and grants users Lookup/Insert access rights to those folders. Ham/Spam forwarding addresses can also be enabled, so that messages sent to them as attachments can be fed to the Bayesian Learning engine accordingly. Users who receive false-negatives or false-positives can then feed those messages to the Bayesian Learning engine using various methods. By default, after 200 spam and non-spam messages have been collected, Bayesian Learning takes place & the contents of these messages are added to a database of “tokens.”
Instructions for Administrators
The administrator needs to enable Bayesian Learning in MDaemon, and configure Bayes folder access and optionally configure forwarding addresses, as outlined in the following steps.
In MDaemon, navigate to Security | Spam Filter, and click on Bayesian Classification in the left-hand navigation menu.
Check the first box to enable Bayesian classification.
By default, the second box (Schedule Bayesian learning for midnight each night) is checked. If you have a lot of spam/non-spam messages to learn from, you may want to schedule Bayesian learning at more frequent intervals by un-checking this box and entering a value in the following blank (Schedule Bayesian learning once every __ hours).
Most spam messages are relatively small, so to improve performance, you can enter a value in the “Do not learn from messages larger than” blank. 50,000 bytes is the default value.
Before we discuss the checkbox to enable spam/ham forwarding addresses, we need to create public folders for spam and non-spam messages. Click on the Create button to populate these fields with the default location for these folders, or use the buttons to the right to specify a different location. By default, access permission to these folders is only granted to local users of local domains and is limited to Lookup and Insert rights. The postmaster’s default permissions are Lookup, Read, Insert, and Delete. To prevent users from placing spam in the non-spam folder and vice-versa, you could remove access to these folders for all users except the administrator (via Setup | Public Folder Manager), and create another pair of spam/non-spam folders, then grant users Lookup and Insert rights to those folders instead. This allows the administrator to review the contents of these folders for improperly placed messages before placing them in the Bayesian Spam and Non-Spam folders.
You can optionally check the box “Enable spam and ham forwarding addresses.” When this box is checked, users can forward false-negatives or false-positives to firstname.lastname@example.org or email@example.com to feed these messages to the Bayesian Learning engine. This process is explained in greater detail later in this post.
Users who have been granted Lookup & Insert access rights to the Spam and Non-Spam folders can use the thumbs-up & thumbs-down icons in WorldClient to feed spam (false-negatives) and non-spam (false-positives) to the Bayesian Learning engine. Administrators who wish to remove these icons for all users can edit the MDaemon/WorldClient/Domains.ini file and add the following: [Default:UserDefaults] DisableSpamButton=Yes DisableHamButton=Yes Save the file and restart MDaemon (or IIS, if WorldClient is running on IIS).
Administrators who wish to remove these icons for a specific user can edit the User.ini file for the user (located at MDaemon/Users/example.com/(username)/WC) as follows: [User] DisableSpamButton=Yes DisableHamButton=Yes
Instructions for End Users
Now that Bayesian Learning is properly configured in MDaemon, users can begin feeding the Bayesian Learning engine samples of spam and non-spam messages to train the spam filter to become more accurate. There are various ways to train the Bayesian Learning engine – using the thumbs-up & thumbs-down icons in WorldClient, using drag & drop to drag messages to the Spam and Non-spam folders (when using IMAP or Outlook Connector), or forwarding messages as attachments to the assigned spamlearn@ or hamlearn@ addresses (useful for POP users).
The easiest way to train the Bayesian Learning engine is to select “This is Spam” or “This is Not Spam” (in the WorldClient theme) or the thumbs-up and thumbs-down buttons (in the LookOut and WorldClient themes) in WorldClient. Simply click once on it to highlight it, and then select “This is Spam” or click on the thumbs-down icon. If a legitimate, non-spam message was placed in your Spam folder, you can highlight it, and then select “This is Not Spam” or click on the thumbs-up icon.
Using Drag & Drop (IMAP & Outlook Connector)
IMAP and Outlook Connector users who have been granted Lookup and Insert access rights to the spam and non-spam folders can use drag & drop to move the message to the appropriate spam/non-spam folder.
Forwarding as Attachments (POP3)
POP3 users can forward these messages (as an attachment from an authenticated session) to the spamlearn@ and hamlearn@ addresses. Messages sent to these addresses must be received via SMTP from a session that is authenticated using SMTP AUTH.
As explained under step 5 above (under Administrator Instructions), when granting users access to the Bayesian Spam and Non-Spam public folders, it’s possible for users to feed samples of spam and non-spam to the wrong folders, making the Bayesian learning process less effective, thus, you may consider creating a separate pair of Spam/Non-Spam public folders and having users place messages in those folders instead for administrative review.
When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in the following knowledge base articles:
We begin a series of posts on the importance of email security and why it should be a top priority for organizations. In this post, we share some insights from the founder of Alt-N Technologies, Arvel Hathcock, to get his perspective on security tips for email users.
Most everyone has an email account. Many have more than one. Email is really at the core of online life because it is tied to so many of our online services. Look at your phone. Many of the service apps you see connect with you via your email account. This is why I believe the wide-spread practice of “password reset via email message” or “Forgotten Password” has crowned the email account password the most significant and important of all passwords.
That’s not to say that password management for services like online banking are not critical. They are. But having a strong password for banking and not your email can expose you to some real dangers, as well. Imagine if a hacker or other bad actor can figure out your email password. One of the first actions they could take is to login and change your password. This locks you out. Next, they check through your inbox and folders looking for anything interesting, such as popular online services or banking portals. Now, they login with your email address and use the “Forgotten Password” feature. Soon an email will show up in your inbox (which is no longer controlled by you) allowing them to verify the change and now another important service is not controlled by you. This email and others like it will allow a hacker to change all of your online passwords – all because they found your email password.
This is not good and it leads me to security tip #1: Put effort into the security of your email account password.
It can be the key to all your other passwords. Also, do not use your email account password with any other online account or service because you do not know and cannot control when it will be that service’s turn to get hacked.
Because of the risk mentioned earlier, I would also recommend users disable “Forgotten Password” features where possible and use an alternative method. As bad as “Forgotten Password” can be to reset access, the Question and Answer options can be risky, too. I was horrified years ago to discover that an online app for a banking chain reset my password using only the “Question and Answer” method – no email at all! You know – the questions some services ask like “What’s your mom’s name?” or “Where did you grow up?” etc. If someone can get the answers right, they can change the password.
This idea assumes that would-be hackers will always be outsiders without access to even basic information about their targets. You should use caution before completely trusting these methods. One trick I recommend is to select the question (it’s usually in a drop-down list) and enter a totally random and completely unpredictable answer (but one that you can remember, of course).
I realize these features exist for convenience but remember that security can be reduced and new attack options exposed by these methods if not managed properly.
Earlier this year, we introduced several new security and convenience features for MDaemon, including contact synchronization via CardDAV, two-factor authentication in WorldClient, spambot detection, and an ActiveSync migration client for migrating from any mail platform that supports ActiveSync protocol version 14.1. If you’re running an older version of MDaemon and would like to see what you may be missing, check out our MDaemon Features by Version page for all features by release version.
For MDaemon 16.5, we continue the trend of packing in new features for both administrators and end users.
Administrators will Benefit From these New Features:
Centralized Management of Outlook Users
Outlook Connector allows Outlook users to share their email, calendars, contacts, tasks and notes. In previous versions of MDaemon and Outlook Connector, users would configure all settings on the Outlook Connector client, including host names, SSL and port settings, and other preferences. Beginning with MDaemon 16.5 and Outlook Connector 4.0 (also released today), these settings can now be stored centrally in MDaemon and pushed out to clients. When a new Outlook Connector profile is created, only the username and password are needed. All other settings are retrieved from MDaemon with the click of a button.
Unique Public Key Management for Encryption Security Control
OpenPGP uses public/private key pairs to encrypt and decrypt messages. If I want to send you an encrypted message, I would need to obtain your public key, which is used to encrypt the message, and you would decrypt it with your private key. WorldClient, MDaemon’s webmail client, can now be used as a basic public key server for exchanging public encryption keys. This allows WorldClient to honor requests for your users’ public keys using a specially formatted URL. Additionally, MDaemon’s OpenPGP feature now supports collection of public keys over DNS. This helps to automate the process of exchanging encryption keys.
Automatic Product Updates
It’s easier to ensure that you’re running the latest version of MDaemon, Outlook Connector, and SecurityPlus with the new Automatic Updates feature. Updates can be automatically downloaded and installed at a designated time.
MDaemon’s OpenPGP features can now verify embedded signatures found within messages. This helps the recipient ensure that the message is authentic. WorldClient will display an icon or text label for verified messages. WorldClient will also display labels for messages with valid DKIM signatures, messages decrypted by OpenPGP, and messages signed with an OpenPGP key.
WorldClient Categories for Easier Inbox Management
When using the LookOut and WorldClient themes, WorldClient has new category selections for easy sorting and identification of email messages. Messages can be sorted by category, and multiple categories can be assigned to a message. Authorized users can also create their own custom categories in addition to using the built-in categories.
Connect with most IM Clients
MDaemon 16.5 includes two separate chat systems. In addition to WorldClient Instant Messenger, users can now chat with each other using their favorite third-party chat (XMPP) client. With the addition of this feature, users now have the flexibility to chat from any device with a compatible XMPP client, including mobile devices.
There are many XMPP clients to choose from, including Trillian (Windows), Adium (Mac OSX), and Mozilla Thunderbird (Linux, OSX, Windows). A list of XMPP clients can be found here: http://xmpp.org/software/clients.htm.
Features may vary depending on which XMPP client is used. WorldClient Instant Messenger’s features can be found here:
The SMTP Authentication screen has a new option which, when enabled, will require all incoming messages from local IP addresses to use SMTP authentication. When this setting is enabled, if a message that is not authenticated arrives from a local IP address, it will be rejected. We recommend enabling this setting for added security.
Modification of “From” header as additional protection from spoofing
Sometimes users are fooled into thinking an email comes from one person when it is actually from an attacker. This happens because email clients often display only the sender’s name and not his email address. This new option defeats such an attack by altering the From: header value. If enabled, when a message arrives for a local user, its From: header is modified. For example: From: “Spartacus” <firstname.lastname@example.org> would become From: “email@example.com — Spartacus” <firstname.lastname@example.org>.
WorldClient can check for attachments if they are mentioned in the subject/body.
When an attachment is mentioned in the subject or body of a message, yet no file is attached, WorldClient can be configured to remind the sender of a possibly missing attachment when clicking the Send button.
A company’s greatest asset is its customers, and here at Alt-N, we strive to listen to our customers’ needs. A direct result of that effort was the creation of the Alt-N Idea Engine, which allows customers to submit feature requests and other ideas to improve our products. Many of these ideas have made their way into our products, and many more are being considered for future versions.
Recently, we introduced some exciting new features to MDaemon, including a flexible Remote Administration interface and enhanced security via DMARC (Domain-Based Message Authentication, Reporting, and Conformance). I’m pleased to announce that these and other great new features have now been added to SecurityGateway!
With the proliferation of handheld devices and an increasingly mobile workforce, users will benefit from an updated, responsive web interface that is optimized for mobile devices. The format of the information displayed is dependent on the size of the browser window, so whether you’re on a desktop PC, a tablet, or a mobile phone, the interface adjusts for a more user-friendly experience regardless of what type of device is used.
Enhanced Anti-Spoofing Support with DMARC
DMARC (Domain-Based Message Authentication, Reporting and Conformance), enables domain owners to direct the actions to take when handling messages purporting to be from their domain(s) but were not actually sent by them.
Bind Domain to Its Own IP address
For servers that have multiple IP addresses and multiple domains, each domain in SecurityGateway can now be bound to its own IP address. This allows messages from a specific domain to be sent only from its assigned IP address.