New available build notification (100147, 99956)

Tweet

Verified Domain Ownership

With the incoming filter, it’s straightforward to know that a user is in control of a domain, because in order for the mail to have arrived at the filtering server, the user must have had access to change the MX records to point to the cluster. With the outgoing filter, this is more complicated. This means that we are unable to provide functionality that would be useful, because of security and privacy considerations.

For example, a Super-Admin can search across multiple sender domains in the outgoing log search, but a domain level user can only search for messages that were sent with a matching authentication domain - most likely, the outgoing mail is actually going through a number of smarthosts, and so the user wants to search across multiple authentication domains, and those domains don’t match the sender. The control panel cannot simply give access to all domain level users, because of the security and privacy problems that would create.

The solution to this problem, and other similar ones (such as securely and simply adding outgoing mail to the archiving product), is to have a method where a control panel user is able to prove that they own or control a domain. Once the control panel knows that, then it is safe to provide complete access for that user to mail that relates to that domain.

In this week’s build, we have added a method for users (at domain level or higher) to demonstrate that they control the DNS for a domain, by adding a simple CNAME record. This functionality is found on the dashboard in the “Domains” section, under "Domain ownership”. Users may verify control of any number of domains by following the straightforward instructions in the control panel.

In later updates, we will be making use of this functionality to provide secure and private access to outgoing filter users’ mail at levels lower than super-user. For now, users can get ready to take advantage of this functionality by verifying their domain ownership.

OpenSSL Vulnerabilities Patched
Last week the OpenSSL Software Foundation released an advisory containing 6 vulnerabilities that resided in the OpenSSL library. As of this week’s build all servers will have the latest patch.

Changelog

Filtering (services)

• Resolved issue with unsure subject notation not being correctly added. (#28216)
• Resolved issue with the unlock link from the lock notification email. (#28207)
• Resolved issue with the wildcard domain check for black and white lists. (#28248)
• Resolved classification issue of outbound messages delivered to inbound filtered domains. (#27106)

Front-end / GUI:

• Optimized the loading of jQuery progress bars. (#27157)
• Added method to verify ownership of a domain. (#25411)
• Resolved an issue with incorrect error message shown by `/api/domain/add` on clusters without archiving product. (#28218)

Plugins & Integration tools:

• cPanel, Plesk (Linux), Plesk (Windows): Optimized add-on uninstallation procedure. (#25450)
• APS2:Fixed wrong condition of the Login button availability for service users on customer level. (#27959)
• APS2: Resolved the auto-provisioning issue of the first added domain. (#27740)

• Resolve issue in api_clear_outgoing_retry_hints causing the hints to be removed on the recipient and not the route (#28195)

• No new updates this week

• No new updates this week