New Available Build Notification (90943)

Tweet

This is our spam / virus filter update for customers on the mx1 / mx2.tnpw.net filtering cluster. The information is brought to you by our vendor, SpamExperts.

What's new this week:

Command-line Bulk Protect for cPanel & Odin addons:

With today's update of the cPanel and Odin Plesk addons, we have added an option to run the initial "Bulk Protect" option directly from the command line.  This is especially useful for setups with a large number of domains, where using the GUI for this operation, it can sometimes be time-consuming.  Information on how to use this can be found on our Knowledgebase here and here.

 New password policy available

A frequent error that people make when selecting a password is to use a common word - maybe just putting in some case changes, like "elEphanT".  These passwords are very insecure, and easily found by any automated system.  As such, you may wish to prevent your web interface users from using such passwords, and you can now do this.  We’ve added a new optional policy in the "User Settings" page, "Allow dictionary words".  Like all the other policies, this will apply to any users at that level, and lower (so if you set this to "no" at an admin level, all their sub-admins will be forced to have it set to "no" as well).  We prevent using passwords from whichever language the user is currently using, so that they aren’t forced to know words in all the languages that we support.

Per-day Outgoing user limit

You are able to configure a limit for the number of messages that an outgoing user may send; you specify a limit in terms of per month, per week, per day, per hour, and per minute (or disable the limits).  Previously, the per-day limit was not exposed in the web interface, although the other limits were.  We now expose all of these options for your convenience.  Note that the existing per-day limit is set extremely high, so that it does not unexpectedly trigger, and the limit does not change with this update.

Protection against empty-sender bounces

We do not verify the recipient address for outgoing messages prior to accepting the message (as doing so can cause problems with some systems).  However, in the case of messages that do not have an envelope sender address ("null sender" messages), this can lead to large build ups in the queue, as the messages get frozen with periodic retries.  As of this update, we will do recipient address verification for all outgoing messages that do not have an envelope sender; this means that if you do have users that are sending such messages, they need to ensure that the recipient address is valid (of course, they should be doing this anyway).

Changelog:

Filtering (services):

• · Submission users can now use a default sender blacklist, this works just like the "default" system for the Delivery sender blacklist (#25017)
• · Temporary SMTP delivery errors are now logged correctly in the delivery details logs, and will be available in the api_get_delivery_errors API (#24500)
• · When processing an outgoing messages that has a null sender, the recipient will now be checked using a callout at the destination server. This enhancement prevents large queue build-ups of messages that are frozen because there is no sender and the recipient is not valid. (#24434)
• · Resolved issue that prevented the optimization of delivering outgoing messages locally when the recipient's domain was also handled by the same cluster, for domains that had multiple custom MX records (#25445)
• · Two new APIs methods are now available 'api_get_trusted_xclient_list' and 'api_set_trusted_xclient_list'. These methods expose the ability to manage a set of IPs that are authorized to use the XCLIENT SMTP extension (#16275)

Front-end / GUI:

• · Removed "Invalid recipient limit" option from the Outgoing User Settings page (#24780)
• · Resolved issue with specific non-ascii characters not visible in the Archiving Search page (#25395)
• · Resolved issue with whitelisted sender discrepancy between API and GUI (#25351)
• · Resolved issue with on screen error messages when using the ControlPanel API 'getbandwidthusage' method for admins (#25434)
• · Optimized internal systems to handle bulk domain removal more efficiently (#24704)
• · Added a new 'no dictionary words' password policy that prevents passwords that are dictionary words (in any of the supported languages) (#22390)
• · 'Message ID' is now a link to the View Page on the Incoming / Outgoing Delivery Queue pages (#23770)
• · Added 'Per-day' limit to outgoing user options (#24651)
• · Resolved issue with error response 'Domain exists, but the Domain user was not found in SpamExperts' when using the ControlPanel API (#25383)
• · Resolved issue with option 'Download as .eml' only partially downloading the message in the Quarantine page (#25488)

Plugins & Integration tools:

• · cPanel: Added support for command line "Bulk-Protect" (#16908)
• · cPanel: Resolved issue with an incorrect cron entry (#24937)
• · Plesk: Added support for command line "Bulk-Protect" (#16908)
• · Plesk: Resolved issue with an incorrect cron entry (#24937)

For more information, please do not hesitate to contact us.