Issue 208: If the cipher list contains unsupported ciphers, hMailServer will now report an error but continue running.
This change will prevent hMailServer from stop working after an upgrade (which previously happened if the cipher list contained ciphers supported in the old but not in the new version)
OpenSSL upgraded from 1.0.1u to 1.0.2j. OpenSSL 1.0.1 is no longer supported by the OpenSSL team (starting 2017-01-01). OpenSSL 1.0.2 contains a lot of changes, for example removal of several weak ciphers.
If your cipher list references ciphers which no longer exists, hMailServer will fail to start. This issue will be fixed in the next build.
Version 5.6.6 - Build 2383 (2016-09-22) - Production
OpenSSL upgraded to 1.0.1u.
Version 5.6.5 - Build 2367 (2016-06-07) - Production
Deleting an account with an empty account address deletes the data directory.
Issue 127: hMailServer should be able to accept email from and deliver email to quoted mailboxes containing spaces.
Issue 166: When hMailServer is running, it should accept to OS-shutdown requests from Windows (this should reduce the number of errors logged when a server running hMailServer reboots).
Custom script files are no longer uininstalled when uninstalling hMailServer.
The error message when trying to create two IP ranges with the same name has been improved.
A confirmation dialog has been added when deleting or emptying an IMAP folder in hMailServer Administrator.
OpenSSL has been upgraded to 1.0.1s.
The hMailServer service is now registered in Windows with a quoted path, to prevent the service from being vulnerable to "Unquoted service path". Unquoted service paths would allow a user with access to the server where hMailServer runs, but with less privileges than hMailServer, to gain the privileges of hMailServer by creating a new executable and placing it in C:\Program\Files\hMailServer\hMailserver.exe.
Issue 109: Fixed plaintext injection vulnerability when using STARTTLS. This issue made it possible for an attacker with man-in-the-middle access to intercept traffic.
Sometimes when stopping the server, an error regarding "abandoned wait" was reported.
If the log file was locked by an external processed, a crash dump file was created.
Issue 99: If a TCP disconnect occurs during TLS handshake, the connection is not immediately released
Version 5.6.3 - Build 2249 (2015-04-03) - Production
The new ini file setting DisableAUTHList allows you to specify a comma-separated list of SMTP ports which authentication should not be enabled for. This is useful when working with legacy systems with malfunctioning SMTP support.
Issue 94: When upgrading hMailServer, the list of languages in hMailServer.ini is no longer over-written.
Issue 97: When TLS is used, elliptic crypto should be available.
Version 5.6.2 - Build 2234 (2015-03-19) - Production
Issue 50: When performing forwarding, hMailServer now keeps the original From address rather than changing to that of the forwarding account. This change was made to reduce risk of message delivery failures. To force the previous behavior, set RewriteEnvelopeFromWhenForwarding=1 under the [Settings] section in hMailServer.ini.
Issue 86: Server did not restart after the delivery queue was manually cleared.
Version 5.6.1 - Build 2208 (2015-01-26) - Production
Issue 77: Domain administrators should not be able to change server administrator password (security)
Version 5.6 - Build 2145 (2014-11-13) - Production
Sometimes an error was logged when hMailServer received a message over SMTP (issue has not existed prior to 5.6)
The number of current TCP connections were not always counted properly (normally 2-3 extra connections were shown), leading to incorrect info on Status page. Issue occurred when you had multiple ports set up for same protocol.
If an IP address is specified as Target SMTP Host for a SMTP Relayer or SMTP Route, hMailServer would always attempt to deliver to 127.0.0.1 and the delivery would fail.
An experimental fix has been made to an issue related to session counting. Previously, hMailServer could assume that the number of current sessions were higher than they actually were.
When communicating with other SMTP servers, hMailServer will now assume that they support ESMTP, even if they do not advertise that in the initial greeting. This solves an issue where hMailServer would not use STARTTLS even if the remote server supported it.
When communicating with MySQL, hMailServer will now use the utf8mb4 character set for the connection if MySQL supports it. Previously hMailServer as using the utf8 character set.
WebAdmin has been updated to use UTF-8, which means that entering for example a signature with Japanese characters now works.
Issue 18: If several attachments were blocked in the same email, hMailServer now adds the same number of new attachments describing that the original attachment was removed. Previously only one attachment was added.
Issue 21: The SMTP error code for "Recipient not in route list" has been changed from 421 to 550, to indicate that this is a permanent error.
hMailServer now consolidates outgoing email messages smarter when routes and SMTP relayer is in use. This results in fewer connections to the SMTP relay / route server.
Sometimes using SpamAssassin resulted in corrupt email messages due to incorrect parsing by SpamAssassin response.
Quotes have been added around 7bit to be RFC3501 compliant.
Mailbox sometimes remained locked after a timeout.
All recipients to particular route kept combined instead of split into individual emails.
File permissions of 7z backup could be admin-only or incorrect when backing up messages due to 7za temp folder usage. Now using hmail's temp folder instead of system temp.
Issue 409: Issue with forwarding (Auto-Submitted header)
Added Auto-Submitted header. Will contain the value auto-replied for messages which is generated using auto-reply funcitonality or rules. Also prevents hMailServer from auto-replying to auto-submitted messages.
Stability fixes. In certain scenarios, hMailServer could stop processing incoming requests.
Version 5.3.3 - Build 1879 (2010-06-06) - Production
Issue 312: In some cases, the POP3 server returned incorrect data which could lead to corrupt attachments. Changes have been made to prevent this error. The error was apparent when retrieving PDF files which had been sent using Outlook Express.
Issue 313: If hMailServer was configured to download messages from a server which did not support UIDL, hMailServer timed out. hMailServer has been changed to disconnect immediately and report an error when this happens. The External account functionality in hMailServer does not work with POP3 servers not supporting UIDL.
Issue 314: If DKIM was enabled and a user sent an email with no text in the body, hMailServer did not correctly sign the message.
Issue 1879: OpenSSL has been upgraded to version 0.9.8o.
If public folders are used and the logged on user does not have permission to modify folder contents, hMailServer now explicitly tells the client that the mail box is read only. Before, hMailServer only informed the user when he tried to perform an action he did not have permission for.
In DataDirectorySynchronizer, it's now possible to select from a list what domains should be synchronized.
The OpenSSL package included with hMailServer has been upgraded to version 0.9.8n.
Issue 294: If an IMAP client issued the SELECT or EXAMINE command, hMailServer did not produce a complete response - the UIDNEXT value was missing from the response. This is not known to cause any errors apart from being an incorrect behavior.
Issue 303: If a domain administrator had access to the API, it was possible for him to create new domains. Only server administrators should have permissions to do this.
Version 5.3.2 - Build 1769 (2010-01-24) - Production
If hMailServer tries to report statistics to hMailServer.com, and hMailServer.com is not available, the SMTP delivery will stop. Messages will still be queued up so no email will be lost.
When Spamhaus were used, false positive were sometimes reported (under high Spamhaus load?). In the DNS blacklist settings, it's now possible to specify ranges by using -, for example 127.0.0.1-5. It's also possible to specify more than one address by using |, for example 127.0.0.1|127.0.0.25. This makes it possible to specify more granular values than before.
In some cases hMailServer extracts the senders IP address from the Received headers in email when doing anti-spam. If hMailServer was unable to do this extraction, the anti-spam tests were aborted. This has now been changed so that hMailServer still does the anti spam tests, but skips the ones which are dependent on the IP address (DNS black lists and SPF).
Issue 285: The catch-all address specified in the domain settings did not have any effect.
Version 5.3.1 - Build 1748 (2009-12-28) - Production
Issue 284: If a message is sent to an alias, which forwards the message to a route, and that route only has the aliased address listed - not the original address, hMailServer will not accept the message delivery.
hMailServer sometimes reported an error about being unable to notify IMAP clients about mailbox changes. The problem occurred if the client had disconnected in an incorrect way.
If a user was a part of two groups, and these two groups had conflicting permissions, it was not clear what permission was used. Now the first permission is used.
When setting up a rule, the Body criteria did not include the HTML body part of the email message. It does now.
Issue 242: Performance improvements have been done to the message indexer when Microsoft SQL Server or PostgreSQL is in use.
Issue 274: It was not possible to rename a folder from SomeName to SomeNameTest without first renaming it to something completely different. This issue was introduced in the previous build.
Issue 282: hMailServer did not work properly with Symbian N60. When the phone was notified about new messages, the sender name was not always shown.
There was a memory leak when using PostgreSQL. Memory increased steadily over time.
hMailServer no longer caches the administrator password. Should solve problem with the Invalid password-message directly after install.
The log message TCPConnection - Posting AcceptEx on ip:port did not log the correct ip:port details.
If a client sends a POP3 command while hMailServer is delivering a message to it, that command will now be processed after hMailServer has sent the message.
If the delete threshold was set to a lower value than the mark-threshold in the anti spam settings, hMailServer only executed a single anti spam test.
When doing DNS lookups, hMailServer no longer parses the services-file. The services file is a file included in Windows which contains a mapping between a service name (http, smtp, etc) and a port number (80, 25, etc).
The built-in diagnostic test always attempted to connect on port 25 when testing outgoing connections. If a SMTP relayer is in use, hMailServer now uses the TCP/IP port specified in the SMTP settings instead.
If a DNS reply takes more than 20 seconds to execute, hMailServer now reports an error to the error log. Slow DNS replies may be an indication of incorrect DNS configuration in Windows.
OpenSSL has been upgraded to version 0.9.8l.
Issue 268: If an IMAP client asked hMailServer to sort messages based on the Date, hMailServer did not always give the correct result.
Issue 274: Using Outlook, it was possible to corrupt the hMailServer folder structure by moving a folder into one of its own sub folders. For example, it was possible to execute a command which moves the folder Test\Sub to Test\Sub\Sub1. If a user did this, he could no longer access his mailbox.
Issue 267: hMailServer sometimes generated invalid message UIDs. This could have the effect that new messages did not show up in folders. The problem occurred if a rule executed a script function which saved a message, and another rule moved the same message after that. This fix prevents the problem from occurring again. To repair the problem in the database, run the Reset folder UIDs maintenance script, located here: http://www.hmailserver.com/documentation/latest/?page=maintenance_scripts
hMailServer now reports results from DNS blacklists to the TCP/IP log. This makes it easier to figure out which DNS blacklists caused a message to be rejected.
To improve security, empty passwords are no longer permitted.
When an error occurs it's logged to the hMailServer error log and the standard log (if application logging is enabled). In the normal log file, the first column of the error line contained APPLICATION rather than ERROR. It now says ERROR which makes it easier to locate error-lines in the standard log file.
If a DNS lookup fails, this was reported as an error before. DNS lookups may fail if the recipients DNS server is not properly configured, and this is not an error in the hMailServer installation. Due to this, this is no longer reported as an error to the hMailServer log, but rather mentioned in the bounce message.
Issue 247: When a new message is added to a folder using an IMAP client, hMailServer now explicitly tells the same client that a new message has been added to the folder. This should solve problems with listing of Draft messages in Thunderbird.
Issue 249: If spam protection was enabled, but header tagging was not, hMailServer would fail to download messages from external accounts containing spam messages.
Issue 250: If SPF test passed, but another spam test failed and the message was rejected during the SMTP conversation, sometimes the rejection description sent to the client was empty.
Issue 253: When clearing the delivery queue, orphaned rows were left behind in the hm_messagerecipients table.
It's now possible to bypass grey listing if a connection arrives from a MX or A record for the sending domain.
In the SpamAssassin settings, there's now a Test button which allows you to easily confirm that the SpamAssassin connection information is correct.
In the MX query, you can now right click on rows and copy to clipboard.
There was some inconsistencies related to IMAP folder hierarchy delimiter. When creating rule actions, the only valid IMAP folder delimiter is the one specified in the IMAP settings. If you've selected that . is the delimiter, specifyinng the IMAP folder name Folder\SubFolder will cause a folder with the name "Folder\SubFolder" to be created, rather than one named Folder and a second named SubFolder.
A new event has been added, OnExternalAccountDownload.
Issue 238: IMAP: hMailServer sometimes produced a BODYSTRUCTURE response with a syntax error.
Issue 240: If you tried to add route members prior to saving the route, an error was shown.
Issue 244: IMAP: The \Recent flag not removed properly, which made duplicate messages appear in RoundCube.
Issue 245: The AD integration in hMailServer Administrator didn't always add correctly configured hMailServer accounts.
Issue 241: When IMAP clients requested body structure information for a message, hMailServer were in some cases unable to create this, which resulted in the message not being shown to the client. An error message related to PartStructure were logged when this error occurred.
If invalid folders had been created in 5.1, the upgrade to 5.2 would fail. The upgrade scripts have been modified so that if an invalid folder is found, it will be renamed to foldername-folderid.
If an email is being sent to a multihomed host with no MX records, hMailServer will bounce the delivery saying that there are no email servers. (Issue 229)
If one test resulted in PASS and another one FAIL, an empty X-hMailServer-Reason line was added to the MIME headers.
If two clients was auto-banned at the exact same time (millisecond), hMailServer could fail to auto-ban one of them if they were connecting from different IP addresses.
When connecting to a new server using Administrator, the server name in the title was not updated.
In hMailServer Administrator, under Utilities, a new basic diagnostic tool is now available. This tool helps you troubleshoot basic set up issues.
If a client sends a message from a local domain, the sener is now considered local. The same applies if his address matches a route. The previous behavior was that a sender was only considered local if his address matched an local account. This means that if you send from an alias address, you are now considered local. Please note that it's still not possible to authenticate using an alias though.
In the grey listing options you can now choose to bypass greylisting if SPF passes.
In the grey listing options you can now choose to bypass greylisting if SPF passes.
A new rule action has been added; Create Copy. This can be used for example to deliver copies of the same message to different destination servers.
A new rule criteria has been added; Delivery attempts. This can be used for example to deliver messages to different routes, depending on the current number of delivery attempts.
If hMailServer tries to deliver the same message multiple times, global rules will now be executed every time.
When you delete domains in hMailServer, you now need to confirm the deletion before the domain is removed.
The database upgrade is now done in a transaction (assuming the underlying database supports it).
In the database setup wizard, the creation log on the second last page is now cleared when the page is shown. Previously, the log could contain data from previous creation attempts, which could cause confusion.
Issue 145: IMAP UIDNEXT is now implemented.
Issue 201: It's now possible to index messages in folders, which increase disk usage but speeds up IMAP sort.
Issue 207: Incomplete upgrade of WebAdmin may result in bad error message.
Issue 209: If a Date header contained the timezone "GMT" (with quotes, obsolete syntax) the message was not displayed if Outlook Express was used.
Issue 213: If MySQL with InnoDB was used, message ID's could sometimes repeat themselves, which could lead to lost messages (client dependant).
Issue 215: If a message is downloaded from an external account, the message was not delivered to recipients on routes. There is now a new option in the external account settings which allows you to enable this behavior.
Issue 218: Attachment names containing non-latin characters didn't always show up properly.
Version 5.1.2 - Build 346 (2009-05-09) - Production
Issue 216: SMTP connection sometimes dropped during DKIM verification. This problem occurs if a the DNS server publishing the publi key publishes a CNAME record which points at the TXT record which contains the actual public key.
Issue 203: In Administrator, it was possible to enable DKIM signing without specifying settings.
Issue 204: In the IMAP protocol, ACL was advertised to the client as enabled even if it was not.
Issue 205: If SpamAssassin hanged or crash, hMailServer would hang as well.
Version 5.1.1 - Build 341 (2009-04-15) - Production
SMTP: When disk was full, hMailServer gave a permanent error to the client. This has been changed to temporary.
Core: Auto-ban does not always work, depending on the client IP address.
Administrator: No error message was displayed when user tried to create two routes with the same name.
Administrator: When changing TCP/IP port configuration, the user is now asked if he wants to restart the server. (Which is required for the change to take effect).
Administrator: The window position saved in full screen mode. This had the effect that it was sometimes a bit hard to restore the window size after a restart.
Administrator: Listing accounts in larger Active Directory domains sometimes timed out.
WebAdmin: The title on the Greylisting page was "Auto-ban" instead of "Greylisting.
Administrator: Improvements have been made to the live log performance.
SMTP: If hMailServer rejects a SMTP client command with a temporary 4xx-error (such as greylisting), this is no longer counted as an invalid command which may get the client disconnected.
Installation: The performance of the database upgrade scripts for upgrades to v5.1 has been improved.
Added a limit so that hMailServer never processes more than five DKIM-Signature headers in a single email message (to prevent different types of abuse).
Administrator: The numbers on the Status page is now refreshed automatically.
Installation: If the user is using an old version of the internal MySQL database and tries to upgrade to v5 before first installing the latest v4-build, the hMailServer installation program will stop.
Installation: If a user is using v4 with the internal database, uninstalls hMailServer (and MySQL) and then upgrades to version 5, the hMailServer installation program will stop. A user cannot do this, since he will then not have any MySQL installation.
POP3: When a user logs on, any message which has been marked by deletion by his IMAP client but not been deleted will have it's \Deleted flag removed. This is to prevent issues for users who are using both POP3 and IMAP to access the same mailbox.
Other: OpenSSL has been upgraded to 0.9.8k.
Other: Data Directory Synchronizer has been added to the hMailServer group in the Start menu.
Administrator: It's now possible to sort the lists under Undelivered Messages and Live log again.
WebAdmin: A robots.txt has been added to prevent search engines from trying to index WebAdmin.
Core: The stability of the thread pool has been improved.
Core: The message deliverer performance has been improved slightly.
Core: The return-path header is now added when the message is put into the user account, rather than when the message is received from the sending SMTP client / server. The reason is that according to the SMTP spec, SMTP servers should add the header when making the final delivery.
SMTP: New SMTP authentication options are available.
WebAdmin: Rule editing didn't work when register_globals were set to off.
SMTP: More logging is added when DKIM verification is made. If DKIM verification fails, the Debug log now contains information on what caused the failure.
hMailServer now supports DKIM. Signing options are available in the domain settings and verification options in the anti-spam settings.
The "Forwarding relay" option is no longer a setting in IP ranges but instead stored separately as "Incoming relays". The settings are found next to the IP ranges in hMailServer Administrator and WebAdmin. This change was made partly because the term "Forwarding relay" was a bit confusing and partly to improve performance.
In the external account settings, there's now options to enable Anti-spam and Anti-virus. In earlier versions, the IP range configuration was used to determine whether or not Anti-spam or Anti-virus should be run for external accounts.
In IP ranges, you can now specify an expiration time when the IP range will be automatically removed by hMailServer.
It's now possible to auto-ban users after a number of failed logon attempts. When a user is auto-banned, an IP range matching his IP address is created which prevents the client from connecting again. By default, a user who fails to log on 3 times within 30 minutes will have his IP address banned for 60 minutes.
In IP ranges, it's no longer possible to select Require authentication for deliveries to local account or Require authentication for deliveries to external accounts. Instead, there is a single option named Require SMTP authentication. When this option is selected, local users must authenticate prior to sending an email.
The layout in WebAdmin has been changed to a tab-based system. This makes the user interface less cluttered.
If you're doing a new installation, the installation program will ask you whether you want to use the built-in database or an external one. If you're upgrading, the installation program will assume you want to keep the current database and not ask you about it.
Issue 160: The timezone information added to the Received and Date header is sometimes incorrect. hMailServer only considers hours but not minutes when adding this text. In some timezones, such as Newfoundland which is GMT -03:30, the minutes are relevant.
The Database Delivery Log function has been removed and replaced by a script, found in the User contributed scripts section of the online forum.
In the scripting event OnAcceptMessage, the oClient.Port number returned the port the client was connecting from, rather than the port it was connecting to.
When selecting "Download now" in an external account, any changes made to the external account configuration after the latest save was not used.
When configuring hMailServer to connect to another server using SSL, it's now possible to enable verification of peer certificate (via certificate authority).
If the MySQL client is not available, a better error message is now shown to the user.
It wasn't possible to give IMAP folder permission to "Anyone".
A new version of OpenSSL is included (0.9.8i).
The "Maximum number of invalid commands" in the SMTP settings now applies to logon failures as well, which means that the setting can be used to limit the number of invalid SMTP auth attempts. This is no complete solution though, since the user can simply reconnect and continue trying.
If an IMAP client did not have permission to modify message flags but tried to do it, no error was reported to the user (the request was silently ignored).
Improvements have been made to the database scripts to speed up upgrades of large databases.
If the database delivery log was enabled, a warning was shown when opening up the SMTP settings.
The "Move up" and "Move down" buttons were missing in the rule list.
In version 4, forwarding was performed after account level rules. In V5, this ordering was changed. It's now changed back to the v4-order to maintain backwards compatibility.
WebAdmin now contains a version check which confirms that the WebAdmin version matches the hMailServer version.
IMAP: If a folder was shared, expunge notifications weren't sent properly between clients.
Issue 153: If the InnoSetup flag /VERYSILENT is passed to the setup executable, hMailServer Administrator will no longer be started after the installation is done.
Issue 155: SMTP: When hMailServer rejected messges, a non-standard SMTP error code was used. While this shouldn't cause any problems, a standard error code is now used instead
In the Rule criteria dialog, it's now possible to test whether a specific value will match the criteria. This makes it easier to create, for example, regular expressions.
SURBL tests missed URLs which were split onto more than one line.
After Anti-Spam has been run, the debug log now contains the score returned by the different spam protection mechanisms.
Score based spam protection. In version 5, every spam protection mechanism generates a spam score for an email message. If the total spam score reaches a certain threshold, the message will be marked as spam. If it reaches an even higher threshold, it may be deleted. This new functionality will improve the overall spam classification of messages.
Built in SSL encryption. Using this new functionality, you can set up a secure connection between hMailServer installation and your users. The SSL functionality is also available when hMailServer communicates with other servers which supports SSL. For example, you no longer need to use external tools to download messages from other SSL POP3 servers.
hMailServer 5 includes a SpamAssassin integration which makes spam detection more efficient. After SpamAssassin has been installed, you can configure hMailServer to use it simply by enabling the integration.
hMailServer now supports Public folders. You can now set up public folders which some or all users on the server can access. It is possible to give users (or groups) separate permissions for these public folders, for example to make sure that only moderators can add or delete messages in the folder. Messages can be put into these public folders either manually, or by using rules.
hMailServer is now officially tested with Windows Vista and Windows Server 2008.
Support for PostgreSQL have been added. Next to MySQL and Microsoft SQL Server, hMailServer can now use PostgreSQL as backend store.
Fully integrated database. In earlier versions, MySQL was bundled as the default database option. In version 5, this has been changed to MSSQL CE. The database engine will be hosted by hMailServer which makes hMailServer easier to install. Upgrades will not be affected by this change.
It's now possible to trigger a manual download of messages from external accuonts.
In the account settings, you can now create and delete IMAP folders connected to the accounts. You can also manually empty accounts.
A Delivered-To header can be added to incoming messages. This header will contain the value of the recipient address specified in the SMTP conversation.
In hMailServer Administrator, it's now possible to see the number of currently active SMTP, POP3 and IMAP sessions.
You can now define a maximum size of messages which are going to be scanned for spam.
In hMailServer 5, you can use rules to specify which route should be used when delivering a message. This makes it possible to override the default routing functionality.
In version 5, the hMailServer COM API has full support for Unicode. This means that scripts which accesses email data will have no problem accessing messages containing for example japanese or arabic characters.
A lot of new functionality have been added to the hMailServer COM API. See the Com API change log for more information.
The Database Delivery Log function has been removed and replaced by a script, found in the User contributed scripts section of the online forum. The reason is that this functionality has caused problems for users who have enabled it without knowing what it does.
Many objects in the API has been removed or replaced. Please see the API change log for more information.
Version 4.4.4 - Build 287 (2008-12-23) - Production
The server could in some cases crash when resolving invalid DNS records.
Issue 254: SMTP: Specific error codes given by the recipients server aren't handled properly. This may cause hMailServer to retry delivery even if a delivery has failed permanently.
Version 4.4.3 - Build 285 (2008-11-09) - Production
This build fixes hMailServer Security Vulnerability (SA32597).
A security problem has been found in PHPWebAdmin which may be used by attackers to gain access to the server. The purpose of this build is to distribute a version which is open for review. Since the fix is still preliminary, it is recommended that you disable PHPWebAdmin until a final solution has been made.
Version 4.4.2 - Build 283 (2008-09-06) - Production
SMTP: A user could cause a hMailServer instance to crash by sending a large message which fills up the hard drive on the server. In this build, hMailServer will stop writing to the message file when the Max message size limitation is reached reducing the risks of this.
SMTP: In rare cases, hMailServer delivered duplicate messages to external recipients. It happened in some cases if multiple MX hosts were specified for the recipient domain, if the messages contained multiple recipients and some of them failed temporarily on both the first and second MX host. (Also depending on timing during disconnection from the remote server).
Data Directory Synchronizer: When adding messages to the database, the create-time of the message in the database is set to the timestamp found in the first Received header. If no such timestamp exists (or is unparseable), the timetamp in the Date header is used. If this isn't found (or is unparseable), hMailServer uses the current date and time as create-time.
POP3: If you configure hMailServer to delete messages from external accounts after X days, they are never deleted from the remote server.
Anti spam: Using two new ini file settings, it's now possible to configure how often expired greylisting records should be cleared from the database, and whether or not greylisting should be active during this period. The new settings are named GreylistingEnabledDuringRecordExpiration and GreylistingRecordExpirationInterval.
Issue 92: POP3: If a large number of external accounts were set up, hMailServer started too many parallel downloads.
Issue 93: Administration: When restoring a backup, descriptions for white listing records were not restored.
Issue 97: SMTP: E-mail addresses in white listing records were case sensitive.
Administrator: Minor GUI problem in External accounts dialog.
Administrator: When adding a new DNS blacklist or SURBL server, it was possible to two objects with the same name. This had the effect that you got a "Duplicate key" error message and had to restart the service.
POP3: hMailServer now adds a X-hMailServer-ExternalAccount header to the beginning of messages which have been downloaded from external servers. This header contains the name of the external account the message was downloaded from.
SMTP: After a rule script has been run, the message data is now re-loaded from disk, since the script may have changed its contents. This makes it possible to take different actions depending on the new content in following rules.
SMTP: A change has been made to the way email addresses are parsed in MIME headers, to allow larger deviation from the RFC's. (Because users who type in their email addresses in their email clients know little about RFC's. This is required when hMailServer downloads messages from other servers and is configured to deliver to the recipients in the MIME header).
API: A new event, OnDeliveryStart, has been added. This event is executed directly when the delivery of a message has started, before the global rules are executed.
Administration: hMailServer Administrator crashed if user tried to add two aliases or lists with same address.
Issue 90: Administration: In PHPWebAdmin, it was possible to delete your own account if register_globals was enabled.
POP3: If a client disconnects without QUIT'ing, any message deletion flag is now removed.
Issue 87: POP3: Sometimes sender address wasn't parsed properly when downloading messages from external servers. This may lead to problems if hMailServer is going to deliver the message to an external recipients. (Issue 87)
The built-in MySQL server is now configured to auto-recover if corrupt tables occur (myisam-recover=FORCE,BACKUP). This change only effects new installations.
PHPWebAdmin: When using PHP5, it was not possible to view account settings.
PHPWebAdmin: It was not possible to log on using a domain name alias.
PHPWebAdmin: Changes made to Active Directory settings were not saved. (Issue 85)
hMailServer Administrator: When renaming domains, accounts were sometimes incorrectly renamed. (Issue 86)
Misc: A new version of the auto-reply/vacation plugin for SquirrelMail has been included. Makes it easier to select expiration date. (thanks gruenie!)
FIX: A change has been made to prevent bounce-messages from looping when rules are used.
SMTP: Expired greylisting triplets are now cleared once every 4 hour instead every minute. (Increases database performance).
FIX: When using SQL Server or MySQL in strict mode, it was not possible to add new external accounts.
Performance: PHPWebAdmin now only shows sub-nodes for the currently selected object in the tree to the left, which speeds up the scripts in larger installations.
FIX: When an error notification is sent due to a delivery failure, the notification now contains a bit more information regarding the problem. (The IP address of the server hMailServer was trying to deliver to, and the hMailServer command which resulted in the problem)
FIX: Sometimes error HM4403 was reported when messages were being deleted due to spam/virus protection. (Caused incorrect IP address logged in Awstats log)
FIX: If messages were deleted using IMAP, but not purged some POP3-clients reported inconsistencies between the STAT and UIDL/LIST responses when accessing the mailbox.
API: It's now possible to check the current number of delivery attempts by accessing the DeliveryAttempt property on the hMailServer.Message object.
API: It's now possible to access headers by name, by calling Headers.ItemByName("Name") on the hMailServer.Message object to retrieve a hMailServer.MessageHeader object.
Feature (minor): It's now possible to configure how many times hMailServer should try to connect to the database server during start-up.
See http://www.hmailserver.com/documentation/?page=reference_inifilesettings (ConnectionAttempts, ConnectionAttemptsDelay)
FIX: If a user added a message to a mailbox (for example Sent items), but disconnected before it had completed, an orphaned message was left in the data directory.
FIX: If displaying of notices were enabled in PHP, it was not possible to add domains to PHPWebAdmin.
FIX: If a non-existant account had been specified as mirror address, hMailServer now prevents looping.
# FIX: Issue 80, If no subject had been specified in the auto-reply settings, the subject on the reply email always became "Re:".
FIX: Issue 82, Timeouts during DNS queries previously sometimes lead to message marked as spam.
FIX: Issue 83, If a password contained a \, it was not possible to log on POP3 (never has been).
Misc/FIX: A change has been made to the garbage collection algorithm to make it a bit more stable.
FIX: A new rule action exists, Stop rule processing which cancels the remaining rules on the current level
FIX: DNS/A lookups are now recursive. This means that if a MX record points at a CNAME record, hMailServer will now look up the IP address for the host name in the CNAME record.
When you list the messages in the queue, hMailServer now shows total message count under the list.
If an error occurs in PHPWebAdmin, it's now presented in a slightly more user-friendly way.
If checking of senders MX records have been enabled, hMailServer now checks for MX records both on the senders top-domain and sub-domain. (So if an email is sent from cgi.example.com, hMailServer checks for MX records both on cgi.example.com and example.com).
An extra check has been added to the DNS resolver to prevent invalid responses from DNS servers to create problems. (If hMailServer asks the DNS server for MX records for example.com, the DNS server may respond with MX records for another domain which could cause problems)
FIX: ID78, It was possible to create accounts exceeding the max domain size by entering incorrectly formatted account sizes.
FIX: Depending on date formats in the regional options, it was not always possible to save account changes.
FIX: hMailServer Administrator no longer shows the text "Warnings" on the status screen if there aren't any warnings.
ORDB is no longer included in the default list of DNS blacklists.
API: A hMailServer.MessageHeaders can now be retrieved using the Headers property on the hMailServer.Message object.
API: The RefreshContent method on the hMailServer.Message object allows you to reload the content of an email message from disk.
API: hMailServer.Account::VacationMessageExpiresDate is now of type String, instead of VariantDate.
If checking of senders MX records have been enabled, hMailServer now checks for MX records on the senders domain not including any sub domain. For example, if someone sends from cgi.example.com, hMailServer will check that the domain example.com has MX records. The reason for this is that there's no point in checking cgi.example.com, since this results in to many false positives.
_ has now been added to the list of valid plus addressing characters. (Not in PHPWebAdmin yet. Will be included in next build)
IMAP: hMailServer crashed if an incorrectly formatted RENAME was sent. A general fix has been made to prevent this type of error. (Issue 88)
Version 4.3.1 - Build 253 (2007-01-12) - Production
Bugfix C79 - If an external software had modified the .eml file in the data directory in an incorrect way, hMailServer could sometimes not send it to POP3 clients.
Support for Windows Vista has been added. Please note that this is still experimental.
In earlier versions of hMailServer it was not possible to send a message to a distribution list if one of the recipients did not exist. From now on, hMailServer will accept the message and deliver it to the existing recipients.
If a SMTP client had added a leading space to the host name in the HELO command (which is a violation of the SMTP RFC), hMailServer did not accept email from the client. The implementation has been changed so that hMailServer ignores this client error.
Bugfix C69 - IMAP literals did not work in previous builds. This bug had the effect that some IMAP commands in specfic clients failed. For example, logging on Horde/IMP did not always work.
Bugfix C21 - The fix for an old bug which was fixed in 4.2.2 was not included in hMailServer 4.3. This had the effect that an infinite loop was created when downloading messages formatted in a specific way. The risk of the problem occuring is relativly low and it will only occur with some specific POP3 clients.
Bugfix: C65 - If an hMailServer Event Script tried to access something in the API which it did not have privileges to access, hMailServer sometimes failed to report a descriptive error message.
Bugfix: C63 - In some cases, hMailServer was unable to determine whether a client had disconnected. In theese cases, hMailServer did not force a client disconnect. But if this happened often, it lead to a high memory usage.
Bugfix: C61 - Validation of hosts in the HELO command were performed for IP addresses as well. This may have the effect that hMailServer falsely classifies an email as spam.
Bugfix C62 - Plus addressing did not work recursively. For example, it was not possible to set up an alias which forwarded to a "plussed" address. This is now possible.
Performance: An performance improvement has been made which speeds up the time it takes for hMailSever to MIME-decode email with a lot of message recipients in the headers (>500). In previous version, parsing a list of 2 500 recipients could take as long as 15 seconds. This has been decreased to about 0.05 seconds.
Performance: An improvement has been made to the IMAP Sort algorithm. Sorting large mailboxes on From, CC and Subject headers is now up to 4 times as fast.
UI: Error message when a script has failed to call Authenticate() has been improved.
UI: All the language files have been updated. To prevent incorrect characters in the user interface, all translation is now in Unicode.
Bugfix: C59 - If a "Move to IMAP folder" had been set up in an account-level rule, this could under certain circumstances be performed for other local recipients of the email as well.
Bugfix: C60 - MIME-decoding could fail for certain messages. This had the effect that they could not be processed by rules and scripting. It could also have the effect that they were not displayed properly in the email client.
Functionality: When DataDirectorySynchronizer imports messages from the data root directory, it no longer sends messages to all external recipients of the email messages. This change has been done to prevent duplicate emails from being sent. Earlier versions, running DataDirectorySynchronizer could for example forward email back to mailing lists.
Bugfix / Performance: DataDirectorySynchronizer now releases objects from memory when they are no longer needed, which leads to an performance improvement when importing a large number of messages.
UI: In hMailServer Administrator, the following changes have been made to the user interface:
* The Backup node have been moved to the Utilities node. The reason for this is that the backup functionality is not server settings but more a server utility.
* The Spam protection and AntiVirus nodes have been moved to the Settings node. The reason for this is that spam protection and AntiVirus are applied on email downloading from other servers using POP3 so it does not only effect SMTP.
Functionality: If you add AddXAuthUserHeader=1 to the Settings section in hMailServer.ini, hMailServer will add a X-AuthUser header to email (if SMTP authentication has been used). This functionality should be seen as experimental.
Functionality: If SMTP authentication is used, hMailServer now re-authenticates the user between every email in the same session. This change was made to prevent (authenticated )inactive users from being able to continue to send email by keeping the SMTP connection open.
Functionality: A change has been made to the IMAP implementation to resolve compatibility problem with misbehaving Nokia E61s.
Bugfix: C58 - When adding an email message to an IMAP folder, the client should be able to set the \Answered and \Flagged flags immediately. This was not implemented in hMailServer. (Caused the two flags to be lost when copying email messages between different accounts / server)
Bugfix: C57 - Delivery of email could sometimes fail, leading to email not being delivered before sevice restart.
Bugfix: C56 - COM API methods Client.IPAddress and Client.Port always returned an empty value in the OnAcceptMessage event.
UI: In the Live log in hMailServer Administrator, it's now possible to sort the data by clicking on the different columns. Please note that the sort is text-based and not numerical. This means that for example 125 will appear before 90.
UI: Translations of the user interface have been added.
COM API: An exception is now thrown if hMailServer::Application::Database::ExecuteSQL() fails.
When hMailServer downloads messages from other POP3 servers, and you have configured hMailServer to search for recipients in the MIME headers, hMailServer now searches in all the Received: headers as well.
Improved logging when email can't be parsed.
If an unhandled error occurs while hMailServer is parsing an email message, the .EML file is now moved to \Logs\Problematic messages\ folder. Feel free to forward such .EML-files to the hMailServer Development Team for further troubleshooting.
Bugfix: C55 - IMAP: Search command doesn't include for flags
When a client uses a IMAP SEARCH command, hMailServer ignored the flags specified in the search command. This had the effect that email clients sometime could show incorrect messages in message listings.
Issue 37: If a message was deleted during virus scanning, or by a rule, this wasn't logged in the AWstats-log.
Issue 49: When a message is deleted during SURBL anti spam protection, this isn't logged to the application log.
Issue 54: DefaultDomain is applied to empty addresses. This means that if you have specified a default domain, and someone tries to send you an email with empty sender adderss, the email address will be set to @defaultdomain.com and hMailServer won't accept the eamil.
Issue 48: hMailServer sometimes sent duplicate messages. The problem occured when hMailServer tried to send to a domain with several MX records and is able to deliver messages to the first MX server, fails to connect to the second and then is able to connect to the third.
When an email has been downloaded from an external account, and processing of MIME headers is enabled but no recipients could be found, hMailServer will now deliver the email to the account in which the external account was created.
Issue 47: The new list auhtorization lookup in 4.3 wasn't recursive. This had the effect that it was possible to circumvent the authorization by creating lists and then send via them.
Issue 45: When IDLE is enabled, and an IMAP client issues an EXPUNGE, the IDLE-subscribers will always receive a message that a message has been removed from the INBOX, regardless of what folder the message was deleted from.
hMailServer now supports ClamWin 0.88.1 and later. (There was an update in ClamWin on how the command line parameters were parsed, which broke compatibility)
Issue 25: The restore process sometimes hung when restoring distribution list recipients.
Version 4.2.1 - Build 197 (2006-06-17) - Production
Issue 17: PHPWebAdmin: The 'Allow empty sender address' setting was is inverted.
Issue 18: IMAP: Non-UID COPY failed when folder name contained space.
Issue 19: SMTP: If a rule was set up to forward message to non-existant accounts, endless loops cound be created.
Issue 20: SMTP: Under certain circumstances, hMailServer allowed SMTP deliveries even though the IP ranges where set up to disallow this.
Issue 16: hMailServer did not always detect attachments of type message/rfc822 correctly. This had the effect that they were not always displayed correctly in SquirrelMail.
hMailServer failed to download messages from certain POP3 servers.
Messages with a certain type of MIME formatting, wasn't parsed correctly by hMailServer. This had the effect that some attachments did not show correctly in some email clients.
It's now possible to run backup's even the service is running, but the server isn't started.
Issue 13: When sending an email, and using SMTP authentication, the user name had to be a primary domain name and not an alias.
When deleting a message using the COM API, the message was not removed from the hMailServer message list cache, which caused email clients to show a message that the message was missing.
If an attachment contained non-ASCII characters, it was not always added to the Attachments collection in the COM API.
When choosing language in hMailAdmin, it was not possible to choose Catalan.
If you added an attachment using the COM API, it was not possible to fetch the name of it afterwards. Also, when using the COM interface to iterate over attachments in an existing message, it was not always possible to extract the file names of the attachments.
If a single MX record pointed at a host name with several A records, hMailServer only tried to deliver email messages to the first A record. If the delivery to the first A record failed, hMailServer did not try the next.
Extended error logging when parsing XML streams.
The SMTP relayer password was sometimes lost when editing SMTP server settings.
The Microsoft SQL Server databse scripts includes a number of new indexes to improve performance.
hMailServer no longer does tarpitting for connections coming from an IP range where spam protection is deselected.
If the database went down at the exact same moment hMailServer was saving a message, the message wasn't saved and the user wasn't notified. This is now fixed.
A number of small fixes were made to the way attachmens are handled by the COM interface. It should now be possible to create emails that includes both a HTML body, a plain text body and attachments.
Under certain circumstances, Outlook could fail to show that new messages has arrived. This problem occured when several clients accessed the same mailbox at the same time. hMailServer now keeps track of folder state per IMAP connection.
This is the first hMailServer 4.2 beta. It includes a wide range of new features such as built in backup support, awstats support, IMAP sort extension, new API's and increased performance.
Version 4.1.1 - Build 140 (2006-06-17) - Production
Internal message date not always set properly when an IMAP client appended a mailbox. This had the effect that when using certain IMAP clients, the Received-date wasn't displayed properly after copying messages from one IMAP server to another.
The To column in Undelivered messages didn't show recipients properly. Instead of showing recipients for the current message, the column showed all recipients for the message plus the recipients for the previous message in the list. Only an error in the user interface.
When upgrading from pre-4.0, the installation program copies hMailServer.ini from the Windows directory to the bin directory. But it leaves a copy of hMailServer.ini in the Windows directory, which may cause confusion. From this build, after the installatoin program has copied the file from the Windows directory to the Bin directory, it renames the old file to hMailServer.ini.old.
Installation program now remembers whether you're using internal or external database. So the next time you install, you do not have to select it again.
hMailAdmin, DBSetup and other hMailServer tools now starts at least double as fast. (The language file is parsed more efficiently).
The recipient is now shown properly in the undelivered message list. Since 3.0, this column has been empty.
Live logging now works even if you have not configured the service to interact with the desktop. It now also works when using terminal services.
Using the Message.HeaderValue property, it's possible to add and modify existing headers.
The Message.Date property in the COM API is no longer read-only.
When creating a new message using the COM interface, the Date-header is now added automatically.
The Message.HTMLBody property in the COM API is now writeable, which makes it possible to modify the HTML content of email using scripting, and to send email messages that contains a HMTL part.
Caching of domains can now be enabled to improve performance.
Previously, when hMailServer could not connect to the DNS server, it treated that as a fatal error. This had the effect that outgoing messages were bounced immediately if the DNS was not available. This has now been changed so that if the DNS isn't available, hMailServer will retry later.
It's now possible to specify a max message size. It's possible to specify both on server and domain level.
Better support for multihoming. In hMailAdmin, you can now specify whether hMailServer should listen on all available IP addresses or not. It's possible to set up a list of IP addresses the server should listen on.