Tip: All changes are tracked in the Gateway documentation, see the information in the last row of the documentation agreement.
For the latest 14.1 releases, see https://downloads.seppmail.com/extrelnotes/141/ERN14.1.html
For the latest 14.0 releases, see https://downloads.seppmail.com/extrelnotes/140/ERN14.0.html
For the latest 13.1 releases, see https://downloads.seppmail.com/extrelnotes/131/ERN13.1.html
SEPPmail Gateway news via Statuspal As of July 2025, SEPPmail Secure E-Mail Gateway customers and partners can register for Statuspal messages under the link https://seppmail.statuspal.eu/#subscribe. Information about the Gateway is now also published here.
Release Date: April 15th, 2026
SEPPmail version: 15.0.4
Author: Birgit Grossmann
In the Admin GUI under "Mail processing" >> "Show ruleset", there is a "Copy to Clipboard" function for downloading the current ruleset. However, this contained non-ASCII whitespace characters, which made it impossible to import these rulesets. The whitespace characters have now been corrected, and a ruleset downloaded this way can be imported without any problems.
The values entered under "System" in the "Comment" section should have been retrievable via SNMP, but they weren't. This has been fixed now.
Previously, if one tried to delete a single email from the list of emails in the queue, all emails in the queue would be deleted. This has now been fixed, and individual emails can be deleted without any issues.
An umlaut in the ClientID for the SwissSign REST MPKI Connector meant that the settings could not be saved. This has been fixed now.
The GINA grace period settings were only relevant for non-client-capable systems. As all systems are now client-capable, multi-customer systems, these settings were removed here.
User, GINA Accounts, Managed Domains, GINA Domains and Mail Processing Groups now have a comment field. An example for Managed Domains:
Managed Domain comment field
When the GINA Accounts page is loaded in the Admin GUI, the number of users displayed per customer is now limited. The default is 1,000. If you uncheck the box next to "Limit the number of returned accounts", all users will be displayed.
Warning for limited output - uncheck "Limit the number of returned accounts", if desired
There was an issue with CSR generation when names containing the "+" character were used. The "+" character is now correctly escaped.
Due to stricter requirements from the Browser Forum, Harica had to create a new certificate chain for its MPKI service. This has been added to our system now, ensuring a seamless connection to Harica.
Customer admins were unable to view users (i.e. the users associated with the customer) in the admin GUI. This has been fixed now.
Some customers had encountered the problem that SpamAssassin checks were failing because the rate limit for certain RBLs had been reached. Previously, however, it was not possible to configure SpamAssassin to ignore these RBLs.
Now customers can modify the SpamAssassin configuration, and decide for themselves whether certain RBLs should be ignored.
Spamassassin Additional Config
ClamAV’s unofficial signatures were not updated if the system was configured to use a proxy. This has been fixed now in the freshclam configuration.
In the request to the /crypto/rootca endpoint of the REST API, the value "Factory" was missing from the enum list for the certOrigin value. This has been fixed now.
For the following Vuln: issues, this comment applies:
In the beta version of GINAv2 on the appliance, various test endpoints were active which were intended solely for development purposes and should not have been included in the release. These have been removed. The relevant CVEs will be published later.
Switch to sequoia-pgp to comply with RFC 9580 and to implement additional security features that are not possible with GPG2.
When processing SOAP requests, there was an issue with calculating the size of attached files, as these contained line breaks that disrupted the incremental processing of the Base64-encoded data. This has been fixed now.
When replying to an email in the GINA GUI using the "Reply" function and the option to change recipient addresses was disabled for the GINA domain, the CC field would appear after adding an attachment, allowing the sender to add any recipients. This has been fixed now.
If someone wrote an email via the GINA GUI and added attachments, and the recipient received and read that email as a GINA email, the file names in the ZIP archive were base64-encoded when downloading the single ZIP file with all attachments. This has been fixed now.
An infinite loop in the account activation process for GINA accounts was causing issues during activation. This has been fixed now.
When trying to compose an email in the GINA GUI, an error would be received due to a missing Perl module. This has been fixed now.
Release Date: March 3rd, 2026
SEPPmail version: 15.0.3
Author: Birgit Grossmann
When creating a GINA domain with umlauts or other UTF8 characters, for example, there was a problem where the domain was displayed in the drop-down menu in Managed Domains but was not selected by default. This meant that the Managed Domain lost the GINA domain setting when the Managed Domain was saved. This has been fixed now.
In the Admin GUI under System, it was not possible to simply enter the bind IP for the Admin GUI as an IP without receiving an error message. However, if the IP was entered in such a way that it was accepted, it was in the wrong format and the Admin GUI did not load correctly. The validation of the entered IPs has now been corrected.
In the previous release, there was an issue with the CARP password. It was displayed and the default password was sometimes not used. This has been fixed.
There was a problem with passwords that contained the character ". This has been fixed now.
When the database was rebuilt during DB-based logging, the user received an error message stating that the DB was defective. This sometimes led to the user initiating the creation of the DB again. Now, the user receives a reasonable message stating that the DB is being created and the percentage of the process completed.
In order to offer users the option of better restricting the search period in the mail log view, we incorporated a feature in a previous version that rotates the mail log file at least once a day. Unfortunately, this resulted in the mail log file being rotated four times between midnight and 1 a.m. We have corrected this and the mail log is now rotated at least once every day, but only once between midnight and 1 a.m.
The browser form requires the first and last name to be entered for certain certificates. These are then stored in the CN of an S/MIME certificate as "FirstName LastName". However, the CN may only be 64 characters long, which causes problems with some names. We now also limit the length of first and last names in SwissSignRest MPKI so that they do not exceed 64 characters. Furthermore, improved verification of available products and overrides for the use of the pseudo attribute and for special characters has been incorporated.
Form for entering certificate data
There has been an update at GlobalSing regarding root and intermediate certificates, and ee have added them to our list of GlobalSign certificates. Users can add them in the MPKI settings for GlobalSign using the "Add or update..." button.
Add or update root and intermediate certificates
When creating a user in the core of the REST API, there was an error whereby users could specify their future groups and their existence was also verified, but the user was not added to the groups. We have now corrected this and when creating a user, their group memberships are set correctly.
With this ticket, we are closing a security vulnerability CVE-2026-2743 found by Infoguard. This concerned a possible path traversal in file.app, which is used by the Outlook add-in for bypassing LFT upload.
The following vulnerabilities have been fixed:
When using our SOAP interface (only used by webcrypt), an incorrect and no longer existing function was used, which led to processing being interrupted. This has been fixed now.
The following HTML Headers are now added:
Documents (HTML)
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Static assets (JS/CSS/fonts/images/assest/... with exception of the mobiletest.css)
Cross-Origin-Resource-Policy: same-origin
Logout response:
Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"
Legacy hardening:
X-Permitted-Cross-Domain-Policies: none
We have further completed and corrected the French translations.
Update to OpenSSL version 3.0.19 to fix a list of security findings:
Release Date: January 27th, 2026
SEPPmail version: 15.0.2
Author: Birgit Grossmann
Previously, there was a problem when saving the TLS settings under "GINA Domains" if the option "Disallow insecure ciphers (breaks compatibility with older browsers, but necessary for PCI compliance)" was activated and ciphers were selected that were not permitted for this mode in the multi-select. This resulted in an error message stating that some of the selected ciphers were not permitted for PCI. Now, the unauthorised ciphers are simply ignored and removed from the selection, allowing to save without any problems.
Under Logs > "Mails currently in queue", you can now filter by From, To, Queue name and Status.
Filters for "Mails currently in queue"
Until now, frontend systems have not cleaned up/deleted the cached emails in GINA Cache mode. As a result, the local directory continued to grow. Starting with version 15.0.2, the local cache will also be cleaned up on frontend systems.
There was an error in the restore script for the daily snapshots in the event of a full snapshot restore. This has been fixed now.
When sending the daily backup and daily digest, we have not previously set the envelope sender for sending. This led to problems, especially in ExO environments. We now set the envelope sender to the postmaster (which must of course be configured).
Until now, we have not explicitly set the key usage of the CA certificate when creating the local CA. However, this causes problems for communication partners who must communicate in a BSI-compliant manner, as setting the keyUsage is a prerequisite here. Starting with version 15.0.2, the key usage for newly issued CAs will be set to "keyCertSign, cRLSign".
Only SwissSign Gold products require a first and last name, this has been adjusted now in the SwissSign MPKI Connector.
There was a problem in the REST API with targeted access to the key material of specified users or domains. If the user or domain was not found, all data was returned. Now we return an error message stating that the user or domain does not exist.
When setting customer settings in the REST API, there was a problem in that it was not possible to set empty values for maximumEncryptionLicenses and maximumLFTLicenses, but only positive integers. This meant that it was not possible to allow the customer an unlimited number of licences, but only a fixed number. Now it is possible to leave the value empty again and thus remove the licence limit.
A security-critical change in 15.0.1 caused incorrect processing, mainly when decrypting HIN-encrypted emails, because reprocessing the headers caused the rule set to select the wrong path for the next rules and marked decrypted emails as "encryption failed". This has been fixed now.
In a change in 15.0.1, which introduced more compliant parsing of email addresses, there was an error whereby we MIME-decoded email addresses and then parsed them. This is incorrect and led to "invalid email address" error messages. This has been fixed now.
Previously, when logging the size of the email, the size of attachments uploaded via bypass upload was not included. These are the attachments uploaded by the Outlook add-in for LFT. This is now logged.
Every change to the headers of an email is now logged - deleting, adding, replacing. This means that the customer can always see in the log when which headers were set. (Only the transfer of headers from decrypted emails is not yet logged.)
In the code for renewing S/MIME certificates issued by the local CA, there was an error that prevented automatic renewal if the MPKI connector was not also configured for the domain in question. We have now removed this dependency and the renewal of local certificates is working again.
There were some wrong translations in the GINA GUI, mostly in French. These are fixed now.
We used to have a mechanism to determine whether we were on a mobile device in a proper browser or just in an HTML viewer. However, this mechanism is no longer reliable, so we have removed it. But since all old GINA emails from before the removal still rely on one of the removed files, we have added it back, and the old GINA messages should now be readable again without any problems.
In version 15.0.0, we added logging of the X-Forwarded-For header for GINA. We now log this header for all web accesses.
During a penetration test, it was noticed that forms could be embedded in GINA emails. Form tags in HTML are now removed using "defang" when displayed in the GINA GUI.
In the GINA account detail views, "floating" was displayed for the time zone under "Account info". Now the time zone as configured under "System" is used.
We had the problem that when a large number of entries for the GINA cache mode were stored on an S3, the time required to retrieve and display a cached email was very high. However, since S3 only allows prefix searches, we had to change the naming of the cache entries so that access can now take place much faster.
Texts were added twice in GINA mail creation. This has been fixed now.
Release Date: January 6th, 2026
SEPPmail version: 15.0.1
Author: Birgit Grossmann
We no longer issue a warning about the absence of an LFT disc on hardware systems.
If you previously used the master template settings for the extended settings in the settings of a GINA domain and deactivated this for a domain-specific setting, you could save invalid settings that later led to malfunctions. This is no longer possible.
With older Nutanix installations, there is a problem with the vioscsi driver, which leads to very long boot times. For this reason, it is actually possible to disable the vioscsi driver under Nutanix. The problem was that if someone switched to Nutanix from another platform, they previously could not disable the vioscsi driver beforehand. This is now possible.
As there were repeated UTF-8 encoding problems with SMS messaging, we have added a new option "Use UTF encoding" that allows to define whether data should be transferred as UTF-8 or not.
Use UTF encoding
Mainly in Azure environments, there was the problem that after about 10 minutes, the support connections were no longer usable, even though the connection was still visible on the SEPPmail side. We have now adjusted the parameters for the SSH connection so that it is automatically tested and kept open by the appliance.
There are two cron jobs that renew or revoke certificates when necessary. Previously, these wrote to the syslog without any recognisable affiliation. Now, the log entries for these jobs have the corresponding prefixes ‘Autorenew’ and ‘Autorevoke’, making them easy to filter.
In the code that detects on a frontend system that the backend is no longer accessible and switches to another configured backend, there was an error that prevented the desired behaviour. This has now been fixed and works as intended.
There was an error when manually importing a licence. This is fixed now.
Previously, the SMTPd.pl process, which receives emails from Postfix, passed them to the RuleEngine and then forwarded them, writing its error and debug output to /tmp. This meant that important information for error analysis was sometimes lost during a restart. Now the process writes to /var/log/SMTP.err, which is persistent.
The mail log is rotated at least once a day. This allows file-based logging to be filtered by day.
In the rare case that there were no emails in the mail log, DB-based logging incorrectly assumed that there was an error. Now, a corresponding message is displayed indicating that there are no entries.
When processing the mail log and adding this data to the database in DB-based logging, there were rare instances where the file used to prevent the same process from being called at the same time (i.e. a lock file) was not deleted after termination. This prevented the process from ever running again (until the next reboot). Now the file is deleted cleanly.
To enable DB-based logging, we have now incorporated a test to check in advance whether there is sufficient disk space available. If not, DB-based logging will be prevented from being activated.
There were problems with the CN when issuing domain certificates using the SwissSign MPKI Connector. The CN of a certificate may only be a maximum of 64 characters long. Some domains are so long that this limit is exceeded. We are now trying to shorten them and if that does not help, we will refer you to SwissSign support.
In version 15.0.0, the automatic revocation of certificates for inactive users was introduced. However, as some customers wish to retain these certificates, we have now made this configurable under "Users" > "Advanced Settings" with the option "Automatically revoke certificates of inactive users".
Automatically revoke certificates of inactive users
There was/is a problem with umlauts using the Harica MPKI Connector. This is likely a problem on Harica's side, but until they resolve it, we implemented the setting "Umlaut Transliteration" to transliterate special characters and umlauts to avoid non-ASCII characters.
Transliterate special characters and umlauts to avoid non-ASCII characters
In the Nagios tests of local services, the static telnet test was previously used to check whether Postfix was still working. However, this led to errors. For this reason, we now use the designated smtp test.
Previously, authentication via the submission port was only considered sufficient for outgoing emails. Now this is also the case for internal emails.
When displaying the generated Ruleset in the Admin GUI, there was a problem whereby certain parts of if-else if-else branches were displayed incorrectly, especially when the conditions were negated. Internally, however, the Ruleset was correct; only the display was incorrect, and this has been fixed now.
With the ticket, a special treatment for the Incamail test mail address mta@check.incamail.ch has been added in the Ruleset. Otherwise, an attempt would be made to process an email to mta@check.
We received a very comprehensive security review (thank you to Andris Suter-Dörig working under the supervision of Matteo Scarlata and Prof. Kenny Paterson from the Applied Cryptography Research Group at ETH Zurich). This ticket closes the critical vulnerabilities and some of those classified as high.
Further vulnerabilities will be closed in upcoming releases.
Previously, we only allowed the import of pure RSA or EV X.509 certificates. Flavours such as RASSSA-PSS were rejected. Now we allow any type of RSA and EC.
It was recognised as problematic when both the password and the account to be used are specified in a text message ("for %s"). For this reason, we have adjusted the pwsend_smstext text so that it no longer contains the account. If customers have already made adjustments themselves in these translations, they must take action and check their texts.
For caching GINA messages on external S3 storage, we now omit the determination of free space on the S3, as this information is not available for S3. This greatly speeds up the processing of GINA emails in cache mode, especially when there are already a large number of emails in the cache.
The company logo is now also displayed in pwsend.app, the web application that sends the GINA password via text message.
With this ticket, we have fixed a bug that prevented the login history of GINA accounts from being cleared.
Release Date: November 4th, 2025
SEPPmail version: 15.0
Author: Birgit Grossmann
The "Save and apply all" button in the Advanced System Settings did not ensure that the changes were actually saved and applied. This has been fixed now.
Under "Managed Domains" it is now possible to regenerate DKIM and ARC keys. In addition, the Master ARC key can also be regenerated under "Mail System".
Regenerate DKIM Key
Regenerate ARC Key
When the SEPPmail Gateway performs its revocation checks for root CA certificates, it sets the status to "untrusted" if the CA certificate has been revoked.
The file.app, which we use to bypass the upload of LFT attachments, has not previously returned any error messages when an upload was unsuccessful. As a result, users were never able to tell whether the upload had been successful or not. From version 15.0.0 onwards, we have error codes with meaningful error descriptions.
The X-Forwarded-For IP address is now logged in the Apache access log for the GINA GUI. This also gives us information about whether there is a proxy in front of the system that sets the HTTP header.
By default, the setting for "Verify recipient addresses using SMTP lookups" under "Mail System" is now inactive (not checked). The setting is therefore deactivated for new installations.
Under "Mail System", you can disable client certificate verification in the submission port settings. This also means that Postfix no longer transmits the list of subjects of the root CA certificates, which causes problems in some Exchange installations because the list is too large.
Enable or disable client certificate verification
For SwissSign MPKI, the specification of GivenName and Surname is only necessary for Gold products. Both values are therefore only required for Gold products, and a corresponding error message is displayed if the two values cannot be determined for the Gold products.
SEPPmail Gateway now offers a REST connection to the PKI of SwissSign.
New SwissSign REST MPKI connector
The new Harica MPKI connector replaces the no longer functional DFN connector.
New Harica MPKI connector
If the classic SwissSign MPKI Connector is used (not the new SwissSign Rest MPK Connector), it can now be used to issue domain certificates for managed domains.
Generate new SwissSign S/MIME Key
If a user's licence is revoked, either manually or after 3 months of inactivity, their S/MIME certificates will be revoked from version 15.0.0 onwards.
Previously, there was a problem that if a customer was exported from one appliance and then imported onto another appliance, deleting the customer on the original appliance would revoke all certificates belonging to the customer's users. This would also render all user certificates imported onto the new appliance useless. Now, when deleting a customer, you can choose whether or not to revoke the certificates or the users. Revocation is disabled by default.
Revoke user certificates before deletion
There was a discrepancy between the number of licensed users in the customer overview and the customer detail view. This has been fixed now.
Previously, the use of managed domains was not comprehensively searched for when they were deleted. This meant that some components retained the already deleted managed domains in their data. These references are now correctly cleared up.
It is now possible to manage encryption policies via the RestAPI.
Backups from non-multi-customer appliances (extension .bak) can now be imported as a new customer.
Import customer from Backup file
Our internal CMS module, which handles encryption, decryption and signatures, has so far been very complicated and memory-intensive. We are now using a more elegant approach, which reduces memory consumption considerably and is a little faster.
Previously, some headers were only written to the email via the RuleSet. This meant that these headers were not present in a self-written RuleSet, which in turn could lead to problems in the M365 environment, as the connectors created by our PowerShell module expect certain headers. These headers are now added directly by the RuleEngine functions.
There are two new functions for the RuleEngine that allow you to turn an email into an LFT message or revert an LFT message to an email. The functions are called make_lft and revert_lft, have no arguments, and return a corresponding value depending on success or failure, so that they can also be used in if conditions.
The new RuleEngine function getusetattr( “ATTRIBUTE_NAME”, “VARIABLE_NAME” ) is available. It has two required parameters: one is the user attribute to be queried and the other is the variable to which the value should be written. The function returns true if it was successful, so it can also be used in IF conditions.
An error in the code meant that changes to the language settings of a GINA domain, i.e. the texts used in the language, were not applied. This has been fixed now.
When GINA user authentication against the appliance's internal database was enabled, failed login attempts were not logged, meaning that users were never locked out after reaching the maximum number of unsuccessful login attempts. This has been fixed now.
The option "Certificate login" in the GINA settings has been removed.
--- end of document ---