Administration:

– Allow public X.509 certificates, root CAs and OpenPGP key bulk export
– Make sure the system time is in sync when using hardware sensors
– Automatic frontend sync for mail processing and GINA
– Show more relevant information in blocked mails log
– Allow frontends to update vendor domain certficates
– Test mail console menu option

Processing:

– Runtime disclaimer selection using extended signature marker
– Log reject code and message for internally rejected mails
– Option to trust imported CA certificates automatically
– Properly tag non-managed domain encryption in log
– Domain-based default and reply disclaimer
– Skip PTR check if sender is authenticated

GINA:

– New GINA password reset option: SMS or hotline without question/answer
– Disable reply button when reply to default recipient list is empty
– Confirmation password feature for additional authentication factor
– Provide relevant local issuer CA along with certificate on search
– Improved GINA secure attachment lanuage selection and support
– Allow to disable strict Server Name Indication (SNI) checks
– Allow multiple authentication methods in one GINA domain
– Limit session access to User Agent / IP combination
– Prevent error when uploading empty keys to GINA
– Prevent improper log entries in GINA user log
– Implement 12 hour hard timeout

MPKI:

– GlobalTrust MPKI connector

System:

– Update to OpenBSD 6.8 / LibreSSL 3.2
– OpenSSL 1.1.1h

Patch release 1, 2020-11-13

– Interpret waiting status in D-TRUST MPKI revoke as success
– Correctly handle private S/MIME RSA keys in PKCS#8 format
– Prevent display of invalid entries in mail log overview
– Remove LDAP bind failed message when LDAP is reachable
– Improve CSV user imports

Patch release 2, 2020-11-17

– Correctly recover mail service on unrelated watchdog error
– Allow HIN domain-encrypted subjects to appear in mail log
– Properly replace subject tags for plugin use
– Fix issue with external GINA authentication
– Fix fetchmail startup issue

Patch release 3, 2020-11-27

– nslookup for all record types in consolemenu
– Fix issue with registration process

Patch release 4, 2020-12-14

– Show lock for HIN encrypted mails
– Do not allow PKCS7 in SSL import
– Allow frontend server backups
– Disable vioscsi and correctly detect Nutanix Hosts
– Do not set accountLastUsed for domain for internal mails
– Fix sporadic syntax error in system view
– Fix race condition in watchdog starting GINA portal
– Fix missing fromemail in GINA secure attachment
– Fix customer/mailroute assignment issue

Patch release 5, 2021-01-05 (Azure 12.x Release)

– Better error handling for all MPKI connectors
– Read vioscsi with manual disable possibility
– Fix azure provisioning
– Fix bad formating in tracker
– Fix case where frontends are detected as cluster members

Patch release 6, 2021-01-27

– GINA GUI code hardening
– improved license usage for LFT users
– notify() with parameter ‚admin‘ now also notifies the postmaster of the managed domain
– Improve GINA domain configuration speed with large number of installed managed domains
– Add SMS provider prosms.dds.a1.net
– Fix issue where where smarthost credentials are used for internal delivery
– Fix bad DN formating for S/MIME certificates issued by rule engine
– Fix bad encoding in D-Trust MPKI connector
– Fix IncaMail tag handling
– Fix ldap proxy crash

Patch release 7, 2021-02-01

– Fix issue with appliances that have a very old ruleset

Patch release 8, 2021-02-04

– Fix issue with non starting GINA portal
– Fix issue with GINA replies from unknown domains

Patch release 9, 2021-03-08

– generate internal CA list after a transfer of a CA from a cluster member
– session invalid message after session timeout in GINA portal
– suppress logging of the value in setvar()
– allow import of domain PGP keys without email
– add warning message for Hyper-V appliances with a legacy network controller
– Fix GINA portal configuration issue with virtual hosting
– Fix issue with GINA portal registration
– Fix service restart on frontend/backend system
– Fix memory leak in system libraries

Patch release 10, 2021-03-25

– Enhance connection stability when using a proxy to connect to the update/license server
– Add new policy to emulate a HIN MGW
– Correct handling of long MIME lines (RFC 2821)
– Correctly remove forbidden headers from decrypted S/MIME mails
– Fix display problem with CRL and CA Issuers URI in S/MIME details
– Fix GINA language text file handling with master template dependency
– Update ClamAV to 0.103.1
– Update OpenSSL to 1.1.1j
– Update OpenLDAP to 2.4.58

Patch release 11, 2021-04-29

– Update root hints for bind
(This solved a problem i.e. for M365 users when they select «use built-in DNS Resolver»)
– Sync CRL from backend to frontend
(In a Backend/FrontEnd Configuration, Frontends now have the correct CRL which is maintained by the backend)
– better TLS compatibility for external LDAP authentication
(Using AD Controllers with Secure LDAP with TLS 1.2 works now)
– Fix CRL generation for local CA
(Fixes a bug that caused the CRL for the local CA not to be generated)
– Fix PKCS12 password encoding
(Fixes a bug where P12 files could not be imported because the original password was ASCII or ISO-8859-1 encoded)
– Fix managed domain assignment in customer settings
(Fixes a bug where a managed domain could not be assigned to a customer because it doesn’t show up as selectable)
– Fix header handling in GINA mails
(Fixes a bug where reassigned headers to GINA mails were not handled correctly and a new line was added, ending the section with the mail headers)
– Fix PGP secret key import
(i.e. Show Key ID if Subkey is empty)
– Fix sporadic PGP signature verification failure
(Fixes a bug in a PGP module, the symptoms of which were a sporadically valid or invalid signature)
– Fix handling of long MIME lines (RFC 2821)
(Fixes a bug where the conversion to RFC2821 compliance removed the ending CRLF)
– Fix handling of forbidden headers from decrypted S/MIME mails
(Fixes rare cases where attachments have been removed from S/MIME mails)
– Prevent whitelisting for auto-reply messages
(When using Protection Pack, auto-reply messages – i.e. during public holidays where blacklisted)
– Update OpenSSL to 1.1.1k

Patch release 12, 2021-06-11

– Update ClamAV to 0.103.2

– use gaurd pattern to prevent time consuming PGP signature detection in large HTML mails
In cases where large HTML files where processes by PGP, the CPU load was overstressed.

– CSM module improvements
According to customer feedback, the CSM module has been improved to more stability

– fix search for LFT partition
LFT partition doesnt get its partition size from fstab anymore, which was error prone

– fix rare case when a mail has to be redirected to a cluster member because of a bypass LFT upload
In cluster-environments LFT upload couldt find the other node correctly, that works now

– fix access rights for MPKI operator certificates
With invalid operator certificates, issuing a new certificate failed.

– fix creation of local CRL to track all revoked certificates
In environments with a local Certificate Authority, the Certificate Revocation List (CRL) was not maintained correctly

– fix verification of static subject inputs in the admin GUI
All input fields for static subject (mPKI users) can now correctly identify OID´s

– fix rare case of currupted mail structure after S/MIME decryption
We found rare situations where the last mailheader ended with a semicolon

– fix nrpe SSL handshake failure
Connection to nagios via SSL didnt work, they may now be established securely