Product » A free email server for Windows and Linux » FAQ
Xeams Change Log
Version 9.5 build 6346
December 12, 2024
New Features
- The fake receipt filter is updated to detect fake receipts from PayPal.
- Ability to add MTA-STS exceptions for certain domains.
- Ability to identify and remove stale users in Xeams that no longer exists in AD.
- The Content-Security-Policy header is remove before displaying unsafe images.
Bug Fix:
- The user id and password fields are not saved correctly when configuring the HTTP proxy server.
- The EXAMINE command in IMAP server does not contain a value for UIDVALIDITY
- Top-level domains are not clustered.
Version 9.4 build 6338
October 22, 2024
New Features
- Single Sign-On using OAuth 2.0 with Microsoft Azure and Google Workspace. Details...
- Outbound SMTP for legacy devices that do not work with OAuth 2.0 Details...
- Individual Outbound Tracking. Details...
- FriendlyIP.txt can now accept hostnames. Details...
- User management screen is enhanced to indicate if a user is created as a result of SSO or AD.
- Ability to use SMTP Authentication from AD without creating a local user.
- Ability to create new user login can now be disabled using the GUI.
- Ability to add missing headers, like Message-ID even for internal and outbound emails.
- Ability to enforce authentication for secondary SMTP port
Bug Fix:
- User's password appears in the log file when AUTH PLAIN is used.
Version 9.3 build 6330
August 06, 2024
New Features
- RESTful APIs for sending emails from applications. Details...
- A tool to investigate email delivery problems. Details...
- Ability to select multiple messages when managing outbound queue. Details...
- Ability to sanitize headers for outbound messages. Details...
- The trigger word for end-to-end encryption is now a regular expression, allowing multiple values for trigger word.
- Improved External Web Reference filter.
- Configuration for SMTP Proxy server has been removed from the home page.
- An A lookup is performed in addition to PTR lookup when hostnames are specified for relaying in SMTP configuration.
- Ability to optionally display date, sender and recipient when displaying messages in compact view.
Bug Fixes
- Message-ID header is not enclosed in square brackets.
Version 9.2 build 6320
May 22, 2024
New Features
- Web-based end-to-end encryption, in addition to the existing PDF method.
Click here to watch a video or here to learn details.
- Ability to view incoming and outgoing SMTP communication logs by clicking status icons. Details...
- Improved logic for modifying existing distribution list.
- Ability to remove users when a domain name is removed.
Bug Fixes
- Information about newsletter subscription is not clustered.
- Updated URL for QR Code when configuring 2FA for TOTP.
Version 9.1 build 6311
March 28, 2024
Bug Fixes
- Unable to add users when Xeams is running as Stand-alone or Hybrid
- Missed-Email Alert Plugin generates false alert when watching for an NDR
March 25, 2024
New Features
- Ability to specify quota for user repository. Details...
- Ability to ask end-recipient to create a password for End-To-End encryption. Details...
- Ability for administrators to manage passwords for End-To-End encryption.
- DNS integration with Cloudflare. Details...
- Ability to assign a score if DKIM is missing
- Ability to display disk usage in the Manage Users screen
- Ability to sign DKIM for internal emails
- Ability to generate quarantine reports for distribution list.
- Domain administrators can manage their users and distribution list
- Auto-create user wizard can automatically run every day around 11 PM
- Ability to search and remove entries from Auto-Learn sender database.
- Ability to exclude certain domains from AD
- AntiPhishing filter is improved
- Xeams can add manadatory headers, such as Date and Message-ID for outbound emails if they are missing.
- Ability to specify a CC address when sending outbound Junk NDR. Done by specifying a value for
junk.ndr.cc.recipient=admin@xyz.com
in server.properties
Version 9.0 build 6302
Jan 22, 2024
Security Fixes
- Security Fix: CVE-2023-46589, CVE-2023-45648, CVE-2023-44487, CVE-2023-42795
- Security Fix: Ability to terminate connections if SMTP smuggling is detected. Details...
New Features
- Manage Users screen now contains a sticky search
- RFC compliant filter is updated to follow guidelines suggested by GMail
- Ability to stay logged in for configurable number of days
- Ability to block an IP address from Intrusion Detection screen
- Ability to view SMTP Communication for an IP address from Intrusion Detection screen
- Ability to generate alerts when an administrator logs in
- New features configuration is added
- Image Finger Printing custom filter is enhanced.
- Ability to ignore forgery alerts for certain domains by adding entries to
config/ForgeryAlertExceptions.txt
file.
- Ability to generate an NDR if an outbound email get blocked
- Ability to generate alert if emails stay in the processing queue for long
- No need to restart Xeams after modifying server.properties file.
Bug Fixes
- Sender rollback does not work if the address in MAIL FROM does not have an SPF record
- Spelling error fixed when creating MTA-STS policy
Version 8.9 build 6291
November 15, 2023
Bug Fixes
- The new emoji filter occasionally runs into a NullPointerException
Version 8.9 build 6289
November 07, 2023
- New custom filter added to detect emojis in the subject.
- Inverted country filters. Details...
- Ability to search associated email addresses when searching for users.
- Improved logging when SSL certificate is not trusted and MTA-STS is enabled.
- Diagnostic Check - Inbound has been improved.
- Emails under Message Repository are displayed with respect to the user's timezone rather than the timezone where Xeams run.
- A new report, call Outbound Statistics, is added displaying number of outbound messages sent by users.
Bug Fixes
- Incorrect profile is assigned when a new user is created from AD
Version 8.8 build 6281
August 21, 2023
- Ability to publish policy for MTA-STS right from Xeams interface. Details...
- TLS reports are automatically accepted and processed. A summarized view is displayed in the web interface.
- Ability to integrate DNS providers. As of now GoDaddy and AWS Route 53 are supported. More will be added in later versions. Details...
- Outbound Diagnostic Check has been enhanced to include MTA-STS. Additionally, links to add SPF, DKIM and DMARC records are displayed on the result page.
- Ability to add multi-level distribution list. For example, listA@yourcompany.com could not include listB@yourcompany.com in the recipient.
- Emails with large attachments that are detached by SynaMan do not get sandboxed.
Bug Fixes
- Quarantine reports are not generated occasionally.
Version 8.7 build 6270
June 29, 2023
- The IP-Based filter incorrectly assigns score for URLs containing an email address.
Version 8.7 build 6269
June 28, 2023
Enhancements
- Domain Age filter is added, which assign scores if the sender's domain name was registered recently. Details...
- IP-Based URL filter is added, which assign scores if IP address is used instead of host name in a URL.
- AntiPhishing filtering is enhanced. It now fetches phishing URLs from https://openphish.com/feed.txt
- High volume outbound queue, which sends outbound messages in multiple threads. Details...
- Message Analysis is added when trying to simulation spam
- Bulk message database is updated when an email is marked as good.
- Email association page display warning if a user's email addresses span over multiple profiles.
- Outbound diagnostic check is improved.
- SMTP Proxy server is deprecated. A warning is displayed if Proxy server is still in use. Details...
- Ability to specify session timeout in server.properties using phrase
synametrics.http.session.timeout=60
to set it to 60 minutes.
Bug Fixes
- Outbound forgery alerts are generated when TO field is blank.
- Object filter is ignored when using generic LDAP.
- CSV file for MailMerge does not accept a single column with just emails.
Version 8.6 build 6257
March 21, 2023
Enhancements
- Missed Email Plugin is added. Details...
- Ability to display disk usage from the Home Page. Click the magnifying glass icon to bring it up.
- Improved interface for non-admin users, allowing them to configure their times for quarantine reports, newsletter subscriptions and more.
- Improved challenge/response
- Ability to bypass certain domains from SPF lookup by adding SpfBypass.dat and SpfBypassDomains.dat in the config folder. The former contains IP addresses to bypass and latter contains a list of domains.
- Ability to toggle auto renewal in the About screen
- POP3 Fetcher works with IMAP in addition to POP3.
- Host.txt file can now accept host names besides IP addresses. Multiple names can be separated by a comma.
- Ability to contact Synametrics Support and sending sample messages has been improved and works even if outbound port 25 is blocked.
- Email header is added in a forged email alert, making it easier to identify the message.
Bug Fixes
- Mail Merge configuration page does not display the Browse button to upload file.
- PTR lookup fails if an IP resolves to multiple names
- Creating a new user with existing login resets their password
- Sandbox URLs get corrupted if two dashes are found in the URL.
Version 8.5 build 6250
December 06, 2022
Enhancements
- Watchdog service is added. Details...
- Ability to convert popular attachments to their text, allowing users to safely open them. Details...
- Outbound Learner email is added. Details...
- Ability to add custom headers. Details...
- Ability to import Distribution List from a CSV file.
- Users are forced to change their password when importing from CSV file.
- Ability to prevent users from whitelisting their own domain. Done by adding
prevent.users.from.whitelisting.local.domains=true
to server.properties.
- Embedded HTTP server is updated.
Security Fix
- Fixes the Path-relative style sheet vulnerability in the web interface.
Version 8.4 build 6238
September 06, 2022
Enhancements
- Two-Factor authentication for users as well as administrators. Click here for details...
- RFC Verifier rule has been enhanced.
- Strict-Local users when using Xeams in Hybrid Mode. Click here for details...
- Ability to return a
450
instead of 550
for invalid users. Click here for details...
Bug Fix
- NDRs are not generated when asynchronous processing is disabled for SMTP server.
- System generated emails where not sent to local users when running in Hybrid mode.
Version 8.3 build 6232
July 20, 2022
Bug Fix
- The Reverse IP Lookup header does not fold host names correctly if an IP address refers to multiple names.
Version 8.3 build 6231
July 18, 2022
Enhancements
- Ability to filter emails based on direction when viewing all messages in the repository.
- New filter called BCC Rejector has been added.
- Ability to restrict DRV for domains that are explicitly specified in the web GUI.
- Hello Inspector filter has been enhanced to assign score if the PTR record does not match with HELO string.
- A new header called
X-SMClassification
is added when using in Hybrid/Firewall mode, allowing downstream servers to assign rules.
- SPF Filter is enhanced to treat misconfigured records as fail.
- Reverse IP Lookup header has been added.
- AttackerIP.txt can now accept CIDR notations.
- DeletedEmails.log contains the IP address of the sender.
Version 8.2 build 6227
April 04, 2022
Bug Fix
- Count for outbound emails in daily summary report is incorrect
- Screen for whitelisted ip addresses display incorrect information
Version 8.2 build 6225
March 01, 2022
Enhancements
- Plugin for Read Receipt is added. Watch a video on this topic.
- Ability view/remove blocked IP addresses.
- Auto-renewal status is displayed on the About screen.
- Sent/received emails count since midnight is displayed on the Manage Users screen.
- Daily status report sent to administrators now contains number of outbound emails.
- Ability to add a friendly name when adding IP addresses for relay.
- ClamAV integration has been improved to work with newer versions.
- Improved logging during communication with ClamAV.
- Xeams checks X-Forwarded-For header in the HTTP server.
- Improved integration with gateway.dat. Xeams now checks multiple headers.
Bug Fixes
- Message count in quarantine report is incorrect when possible spam messages are included in the report.
Version 8.1 build 6213
November 17, 2021
Enhancements
- Ability to force incoming emails to use SMTP Authentication if sender is local
- MS Office filter is improved to look for Excel sheets with VelvetSweatshop as the password
- DRV is enhanced to use STARTTLS
- System generated emails can now be saved to local accounts when running in Hybrid mode
Bug Fixes
- An error occurs and gets logged when trying to parse certain PDF files
- File corruption when reading user's mailing list are handled correctly
- Security Fix: HTML Base tags are removed from an email before viewing it through the web interface.
Version 8.0 build 6201
July 14, 2021
Enhancements
- Ability to broadcast email to every user within your company. Refer to this page for details.
- A dot can be used for temporary/throwaway email address. Refer to this page for details.
- Ability to add multiple
CatchAll
addresses separated by a comma. This allow administrators to use a separate CatchAll
for every domain.
- End-to-End encryption is enhanced. Senders can skip the encryption password if the recipient is also a local user in Xeams. The system will automatically use the user's password for encryption.
- Ability to force new users to change their password after their account is created in Xeams.
- Ability to pull distribution list from Microsoft Active Directory and create local lists in Xeams.
- Contact Support page is improved
Bug Fixes
- Bug Fix: Xeams would not accept multiple values for administrator's email address.
Version 7.9 build 6186
April 19, 2021
Enhancements
Version 7.8 build 6180
April 08, 2021
Enhancements
- PDF link Inspector filter has been improved to look for URLs with blacklisted TLD and assign a score
- Hidden HTML filter has been enhanced to look for dynamic scripts
- Zipped Executable filter has been improved to look for JavaScript files
- Macro Detector filter has been improved to detect embedded objects
- Bug Fix: Sandboxing does not occur for multipart/related messages
- Bug Fix: Searching IP address does not work
Version 7.7 build 6174
January 20, 2021
Enhancements
- A new filter called PDF Link Inspector is created that looks inside a PDF file for harmful links
- Ability to view PDF attachments as HTML script, allowing users to see if a PDF file refers to foreign links
- Ability for individual users to manage news letter subscriptions. Details...
- Ability to add custom headers for added security in the HTTP server
- Ability to deny users from restoring messages from Quarantine Reports
- Ability to restart Xeams automatically after renewing SSL certificate from Let's Encrypt
- Bug Fix: Message search does not return correct results when field name is either Sender's or Recipient's Email.
- Bug Fix: MS Macro detector filter was marking *.xls files incorrectly if foreign characters were found.
Version 7.6 build 6161
October 22, 2020
- Bug Fix: Incoming email runs into an error if the message is received from an IP where SPF does not apply
- Bug Fix: MS Macro filter occasionally runs into a false positive for Excel files
Version 7.6 build 6159
October 21, 2020
Enhancements
- Messages having a forged sender are marked as Inbound rather than Internal.
- A special header called
X-SMForgedSender
is added when the sender is forged.
- Ability to send outbound emails through slaves in a clustered environment.
- Ability to limit outbound emails once hourly quota reaches. Click Authenticated Messages under Reports to configure this limit.
- MS Office Macro filter is updated to handle dynamically generated macros in Excel spreadsheet. Details...
- Ability to perform SPF looks on whitelisted addresses and domains.
- Ability to specify key size for DKIM, allowing smaller public keys for DNS servers that do not accept larger values.
This is done by adding
xeams.dkim.key.size=1024
to server.properties.
- Bug Fix: Searching messages with their ID does not work with older messages.
Version 7.5 build 6148
August 31, 2020
Enhancements
- Bug Fix: POP3 connection does not work with Apple Mail on a MAC.
Version 7.5 build 6147
August 17, 2020
Enhancements
- Ability to check if any user is connecting in an unsecure manner. Details...
- Connections to IMAP server that are not using SSL are denied if your Xeams supports STARTTLS for IMAP. Add
imap.disable.plain.login.without.ssl=false
in server.properties to change this behavior
and allow connections in clear. This work-around is NOT recommended.
- Message to Restart Xeams is not displayed when Profile admins log in
- Bug Fix: Several bugs related to Searching in IMAP are fixed
- Bug Fix: Occasionally, Thunderbird does not download every attached file when using IMAP
Version 7.4 build 6137
July 01, 2020
Enhancements
- Ability to select different color themes for the web interface. Details...
- MS Office Macro filter has been enhanced to detect tricky Excel sheets.
- Bug Fix: Attachments containing UTF-7 encoding in file name are not processed correctly.
- Bug Fix: Currency symbol is displayed incorrectly during purchase
Version 7.3 build 6130
May 20, 2020
Enhancements
- New payment model introduced. Details...
- Enhanced Temporary Emails. Details...
- Pre-Approval Plugin is added. Details...
- Ability to put *.eml file in
$INSTALL_DIR\InputMessageQueue
for manual deliver. Operation 267 triggers processing
- Ability to block password-protected RAR files.
- Anti-Virus rule is updated to configure RAR files
- SuccessfulLogin.log is created, which logs successful login attempts from SMTP, HTTP, POP3 and IMAP servers
- Security Fix: Foreign URLs specified in DOCTYPE gets processed when parsing XML.
- Bug Fix: Several bugs fixed related to IPv6
- Bug Fix: The Spam Simulator runs into a error if there is no TO/CC field in the sample email
- Bug Fix: StackOverFlow occurs when too many invisible characters are found in an incoming email
Version 7.2 build 6108
March 10, 2020
Enhancements
- Enhanced relaying - administrators can now specify sender's domain name when adding a relaying IP. It can now also accept host names. For example, if you
are using Xeams with Exchange on Office 365, you can create a relay host with the following values:
Hostname/IP | Sender Condition |
*.outbound.protection.outlook.com | yourdomain1.com|yourdomain2.com |
Multiple domains can be separated by a pipe character.
- Ability to detach virus files from an email and replace them with a dummy TEXT file. Details...
- MS Office Macro filter has been enhanced to look for documents that automatically download harmful files
- RAR files renamed as *.gz are now detected
- Ability to bypass messages received from an ip/host allowed to relay. Default score is -300, which can be modified by setting the value for
score.for.relayed.host
in server.properties.
- Enhanced Email Directions. Now Xeams can distinguish between inbound, outbound and internal emails.
- Ability to search messages based on their direction
- A new graph showing the distribution of email direction
- Ability to connect to LDAP servers other than Active Directory
- Ability to disable caching for DomainInspector filter by setting
use.cache.4.domain.inspector=false
in server.properties.
- ReverseIPLookup filter has been modified to ignore IP addresses allowed to relay
- Comma separated values can be entered when adding/modifying domains in SMTP Server Configuration
- Bug Fix: The Change Profile screen does not format HTML properly when recipient/sender domain is long
Version 7.1 build 6090
December 02, 2019
Enhancements
- Ability to create multiple admin accounts Details...
- Ability to maintain an audit log keeping track of was was changed and who changed it
- Ability to ignore RBL lookups for well known domains, such as gmail.com, hotmail.com, yahoo.com, etc...
- Ability to send on-demand NDRs, giving the original sender an impression their email did not reach the final recipient.
- Anti-Virus rule is enhanced for look for HTTP redirects inside HTML documents.
- SPF lookups checks the FROM header if MAIL FROM is missing in the envelope
- Bug Fix: Modified headers were being ignored when External Subject Tag was used.
- Bug Fix: ALLDOMAINS in the local host file gets modified to lowercase string in the web interface.
- Bug Fix: HTTP challenge fails to auto-renew SSL certificate for Let's Encrypt when Xeams is configured to serve on port 80
- Bug Fix: Sandbox enable/disable did not have any affect.
Version 7.0 build 6082
July 01, 2019
Enhancements
- Bug Fix: Auto renewal for Let's Encrypt certificate does not work when using a third-party web server, such as IIS or Apache
Version 7.0 build 6080
June 11, 2019
Enhancements
- URL Sandbox - ability to wrap URLs in incoming emails with a different URL allowing
users to analyze the link before clicking them. Details...
- Ability to add a body snippet for incoming emails. Version 6.9 allowed adding a subject tag. v7.0 adds a similar snippet in the body
of the message. Details...
- Ability to forward emails from Message Repository. Email can be forwarded to:
- Administrator
- Xeams Support - for analyses
- Any other recipient
- Analyzing Messages feature is enhanced to contain information about
intermediate hops and delays.
- Ability to look inside winmail.dat file
- Message Viewer has been enhanced to handle background images displayed through CSS styles
- Bug Fix: Newly created users are not saved when using Import Wizard
- Bug Fix: Message Analysis window does not handle PTR records that result in multiple host names.
Version 6.9 build 6064
April 10, 2019
Enhancements
- Ability to integrate with Let's Encrypt to create SSL certificates. Watch a video.
- Ability to make HTTP server listen on two ports
- Ability to look inside a RAR file
- Ability to analyze messages. Details...
Version 6.8 build 6047
February 19, 2019
Enhancements
- Language Filters - allow filtering based on the language of the email.
- A new custom filter called Sender Name Forgery has been added, which prevents employee name spoofing. details...
- A new custom filter called Non-Printable Characters has been added, which looks for non-printable characters to avoid detection. Bitcoin Scam is one example that can be prevented with this rule.
- Ability to add a tag in email subject for inbound emails. Details...
- Office macros detection is improved
- RTF files renamed as *.doc are filtered
- Ability to add multiple domain names when configuring SMTP Server
- Performance improvements have been made in the IMAP server
- Variables in Mail Merge campaign are no longer case-sensitive. Additionally, duplicate emails are ignored.
- Bug Fix: The To field is incorrectly displayed in Message Repository for messages that come into a Slave Xeams when clustering is enabled.
Version 6.7 build 6028
December 03, 2018
Enhancements
- Safe Attachment Viewer - safely look inside attachments to confirm they are safe.
This feature extracts text out of popular document types, removing any embedded macros, HTML links or JavaScript
making them safe to open.
Note: This feature will only be available in the Enterprise Edition.
- Enhanced End-To-End Encryption - Users can
set predefined passwords for senders they frequently send emails to when using
end-to-end encryption. Click here for details.
- Enhanced Greylisting when receiving emails from Office365. Microsoft recently deprecated a
mechanism used by Xeams to pull IP addresses belonging to Office365. This update uses
the new suggested method
by Microsoft to pull IP addresses.
- Enhanced Direction - previous versions of Xeams used the sender's domain to determine the direction (outbound or inbound).
This used to incorrectly classify a forged sender as outbound
even when the actual message came in from the Internet. This version considers a message outbound, if one of two conditions
are met: a) SMTP Authentication was used, OR b) Message came from an IP that is allowed to relay.
This information is used to draw the direction arrow in Message Repository.
- Xeams now supports encoded emails in UTF-7
- Ability to unsubscribe from email campaigns
- Emojis are now displayed correctly when viewing emails in Message Repository
- Performance improvement when fetching emails from IMAP/POP3 server.
- Warning alert is sent to administrator if JRE version is older
Version 6.6 build 6009
October 11, 2018
Enhancements
- Bug Fix: Emails cannot be marked good or spam in Message Respository.
- Bug Fix: Xeams takes a long time to start if UDP port 123 is blocked.
Version 6.6 build 6008
October 10, 2018
Enhancements
- New Plugin - End-to-End Email Encryption. Watch a video on this topic.
- Ability to sort messages in Message Repository
- A new status icon has been added for end-to-end encryption
- Bug Fix: Incoming email gets corrupted if body is missing.
Version 6.5 build 6000
August 20, 2018
Enhancements
- Updated graphs - every graph in Xeams is now dynamic, which display information when hovering a mouse.
- Additional graphs are added for the home screen
- Smtp Connections vs email ratio. Details...
- Top domains
- Memory graph is updated to contain historic values
- Two new reports added targeted towards legal requirements:
- Message Catalog Summary - Details...
- Attachment Report - display in-bound as well as out-bound emails containing attachments.
Click Reports → Legal Reports to run these reports.
- Xeams Plugins - Email Campaign and Mail-Merge. Watch a video on this topic.
- Ability to block IP addresses automatically if malicious activity is detected. Check Block Malicious IP Addresses under the Advanced tab of Server Configuration.
- Ability to prevent associated email addresses from logging in. This is done by setting
prevent.associated.users.from.logging=true
in server.properties
- DevNullSMTP has been integrated with Xeams.
- Bug Fix: A null pointer exception is raised in SLAVE when just one profile exists and report is pulled.
Version 6.4 build 5990
June 01, 2018
Enhancements
- Introducing SynRBL - Synametrics own RBL server.
- New custom filter called missing SPF that checks if an email originates from sender's designated MX or A record if SPF is missing.
- New custom filter called Hidden HTML Blocks is added that looks for absolute positioning to hide text.
- Sender's IP address is extracted from received header when using Spam Simulator
- Ability to add friendly IP addresses that are immune from getting blocked if a user provides incorrect passwords
- Ability to generate an NDR before deleting a message from Outbound Message Queue. This is done by clicking the icon when viewing Outbound Queue.
- Ability to prevent well known domains from getting white listed. For example, gmail.com, hotmail.com, yahoo.com, etc... This is done by modifying data in
$INSTALL_DIR/config/PublicDomains.txt
file.
- Status icons updated to display STARTTLS for both incoming as well as outgoing messages. Refer to Status Icon page for details.
- Ability to use a non-blank address in envelope MAIL FROM when generating NDRs. This is done by adding
sender.4.ndr.message
in server.properties file.
- Ability to force STARTTLS with certain domains by adding
$INSTALL_DIR/config/DomainsRequiringTLS.txt
. Add one domain per line.
Using STARTTLS with certain business partners is required by the new GDPR regulations. Click here for details.
- Bug Fix: Generated NDRs do not have the Date header
- Bug Fix: Searching does not work when temporary email addresses are used
- Bug Fix: DKIM keys are not displayed on the web if mixed case characters were used to specify domain names during setup. This only occurs on Linux and Mac.
Version 6.3 build 5979
March 21, 2018
Enhancements
- New filter Misleading Sender has been added. It looks for recipient's domain in sender's name
- Disclaimers are improved and now supports HTML in signature
- Ability to specify maximum emails to import when importing emails from another IMAP account
- Hello Inspector rule is modified to work with IP addresses for Office365
- Link for Manage Disclaimers is moved from Server Configuration to Filter Management. This is done because disclaimers
can be set on a per-profile basis rather than globally.
Bug Fixes
- Inherited checkbox in profile management does not display correct value
- Copying emails via IMAP occasionally runs into errors
- The restore link in quarantine report does not work occasionally
- Results for PTR lookup add an extra DOT at the end
Version 6.3 build 5973
February 06, 2018
Enhancements
- Active Directory lookups can be done using SSL.
- CIDR format is now accepted for Relaying IP, White/Black listed IPs and Acces Control List
- Screen to manage White/Black listed IP address is enhanced.
- Ability to send quarantine reports to a different email address
- Ability to force HTTPS for the web interface
- A new filter called UniqueAnchors has been added
- SPF check is skipped if message comes from a server allowed to relay
- Access Control List for admin account, which restricts admin access to certain IP addresses
- Score for authenticated user is now configurable using the score.for.auth.users system property
- Activity by IP report has been updated to work with blacklisted IP addresses in CIDR format
Version 6.2 build 5968
December 11, 2017
Enhancements
- A new filter called Tricky Sender is added to handle a major security flaw
discovered in many email clients. Click here to learn more about this filter.
- Inherited Profiles are introduced
- Additional system alerts have added
- Virus Detector has been updated to look for zips within a zipped file
- Diagnostic Check - Outbound has been enhanced to report missing PTR records
- AUTH PLAIN and CRAM-MD5 are now supported in Smtp Authentication
Bug Fixes
- The license renew button in About screen does not calculate the correct number of license
- Active license count is incorrect when using AD
- Associated users are not bundled correctly
Version 6.1 build 5961
November 08, 2017
Bug Fixes
- Bypassed addresses are ignored in license
Version 6.1 build 5960
November 07, 2017
Enhancements
- Inconsistent sender filter is enhanced to look for valid DKIM signatures before assigning scores.
- Warning messages are added if quarantine report is not generated at midnight.
Click here for details.
- Licensing update. Distribution lists containing email addresses for local users is no longer counted towards a license.
- Auto Updates do not restart Xeams. Even if auto-updates are enabled, necessary files will be downloaded but won't be
patched until administrators restart Xeams
Bug Fixes
- Default AD is automatically selected even if local domains are missing in SMTP Configuration
Version 6.1 build 5958
October 25, 2017
Important:
Version 6.1 requires that you enter your local domains under SMTP Configuration/Domains tab. This was not required
in earlier versions if you were using SMTP Proxy server for inbound emails.
Enhancements
- Message status icons are displayed when viewing messages. Click here for details.
- Ability to migrate emails from other IMAP/POP3 servers into Xeams. Click here for details
- Ability to use multiple LDAP servers. Each LDAP can be associated with a different domain.
- Ability to integrate with Zimbra LDAP
- Outbound Diagnostic Check
- Link for Diagnostic Check has been moved from Server Configuration to Tools
- Outbound forgery alerts. Email alerts are sent to administrators if Xeams detects an outbound email that will be considered a forgery by the receiving end
- New log file called OutboundForgeries.log has been added, which contains emails that were sent out and could be treated as forged
- New log file called DeletedEmails.log has been added, which will hold traces of messages that are deleted because their score went pass the deletion threshold
- Ability to snooze email alerts
- Preferred URL for the web interface. This is set under Server Configuration. Xeams will use this URL when generating alerts as well as when new users are created.
- Outbound reports for DMARC are not sent to the queue if the first attempt fails.
Bug Fixes
- Inconsistent sender rule gets triggered if the MAIL FROM value in SMTP envelope ends with upper-case letters.
- Subject line of incoming messages is not changed when using the POP3 fetcher
- Links within quarantine report do not work if the user account contains non-English characters
- The RUA email address for DMARC report ignores the message size parameter
- Xeams creates a new user account if a user from AD use their email address instead of the user ID to log in
Version 6.0 build 5948
August 14, 2017
Enhancements
- Support for DMARC has been added. Click here for details
- RFC822 Verifier rule has been updated to detect invalid email addresses in the FROM header
- Temp files are removed much sooner rather than waiting until shutdown.
- The web server can look for X-Forwarded-IP and X-Real-IP headers before black-listing IP addresses where unsuccessful login attempts are made.
- The Message-ID header is recreated when restoring messages, preventing MS Exchange from suppressing restored messages.
Bug Fixes
- Emails that go into Possible Junk cannot be searched.
- Email on iPhone cannot display contents when connecting via IMAP.
- Email containing special characters in buddy/enemy list cannot be removed
- Messages received via POP3-Fetcher are not included in quarantine reports
Version 5.9 build 5934
May 15, 2017
Security Flaw
- A major security flaw is patched that could allow non-authorized users to login as admin using the web interface.
Enhancements
- New custom filter that looks for embedded attachments inside a PDF file leading to a ransomware.
- New custom filter that implements a fuzzy search algorithm to detect previously received spam messages from different senders but similar content
- Out-of-office notifications are added to user's screen, allowing them to automatically notify senders when they are not in office.
- Separator for score search is changed from a (-) dash to a comma. This is done to allow negative searches.
Bug Fixes
- MS Office Macro detector has been updated to filter XLSX extensions.
- BCC header filter does not work
- Messages cannot be moved from Possible Junk to Junk
Version 5.8 build 5925
March 14, 2017
Enhancements
- Restarting Xeams has been improved on Windows. The patcher will now try to restart Xeams multiple times if the first attempt fails.
- Temp files are cleaned sooner.
- New IP Reputation rule is introduced to mark subnets of IP addresses where junk messages are received
- Smtp Envelope field MAIL FROM is now used to filter buddy/enemy lists.
- A new operator To, CC, BCC is introduced for header filters
- New log file called QuarantineReports.log is added that helps troubleshoot problems with Quarantine Reports.
- IMAP server closes connection after 5 minutes if a client does not send requests but leaves connection open
- Appearance is applied when a profile-admin logs in
Bug Fixes
- A previously associated email address cannot be associated with a different user without restarting Xeams
Version 5.7 build 5908
January 30, 2017
Enhancements
- User import from AD now allow filtering OU.
- Bayesian database is now per-user allowing the Spam Learner email to only affect the user who marks the message.
- Bypassed users can now accept domain names besides email addresses
- Message count are generated in a background thread to speed up the web interface when connecting as non-admin user.
Bug Fixes
- Quarantine reports are not generate if an custom image is specified in Appearance
- User management screen does not allow modifying a user if the email address contains an
&
sign.
Version 5.7 build 5900
January 16, 2017
Enhancements
- Appearance - Allows you to put your company name, tag line and logo on the web interface. This feature is only allowed in the Enterprise Edition.
- Spam learner email - users can forward junk messages to Xeams allowing it to learn from it. Check http://www.xeams.com/spam-learner.htm for details.
- Bypassed users can now accept domain names besides email addresses
- New filter added to block top level domains like *.TOP, *.XYZ, etc...
- New filter to detect fake replies
- New filter to detect inconsistent "Reply-To" header.
- Message counts are consolidated across slaves when running Xeams in clustered mode
Version 5.6 build 5894
January 05, 2017
IMPORTANT:
If Live Monitor does not work after upgrading, simply refresh your browser. JavaScripts have been
modified for Live Monitor. If your browser has cached an older version, you will see a blank screen when trying to use
Live Monitor. Refreshing the page will solve the problem.
Enhancements
- User Import Wizard now contains the ability to import associated emails from a text file
- DRV caching can optionally be disabled.
- Live Monitor can display more than 20 records, which is done by adding
num.entries.in.livemonitor
property in server.properties file.
- Reporting is improved to consume less memory
- A new Diagnostic Check is introduced to ensure Xeams does not accept emails for invalid users.
Bug Fix
- A major memory leak is fixed that occurs when Xeams is configured to run as a SLAVE in clustering environment
- When messages are searched by non-admin users, records are not pulled from SLAVES. Applies when running in a clustered environment.
Version 5.5 build 5884
December 14, 2016
Enhancements
- User Quarantine Reports are generated even when running in Stand-alone mode
- When subject are changed in message action, emails are copied to INBOX, instead of Spam/Possible Spam folders, allowing POP3 clients to see these messages. This applies only if you are using POP3/IMAP on Xeams.
- User white/black list (Buddy/Enemy) list can be read from a CSV file, allowing administrators to import white/black list from third-party sources. Click here for details.
- Filtering is enhanced to detect and score messages containing incorrect base64 encoding to avoid detection
- Ability to read IP addresses for Office365 from a file instead of fetching them from the Internet. Applies when grey-listing is enabled.
Version 5.4 build 5878
November 16, 2016
Bug Fix
- Read/Unread flag does not work in iPhone when using IMAP
- Flag to check/uncheck Temporary emails does not work in web interface.
Version 5.4 build 5876
November 08, 2016
Enhancements
- Ability to create temporary email addresses. Click here for details.
- Clustering has been enhanced. Files are compresses before sending them to slaves, making them work faster on slower networks.
- Outbound SMTP server communication has been improved to handle temporary failures.
Version 5.4 build 5872
November 03, 2016
Enhancements
- Dynamic Recipient Verification is introduced. Click here for details.
- Domain names for SMTP Configuration is now paginated, making it easier to maintain lots of domain names
- Anti-virus rule is updated
- Manage Aliases is now called Manage Distribution List under Server Configuration. Check this page for details.
Bug Fixes
- Trusted domain is not added when marking emails if there are multiple TXT records in the DNS server.
Version 5.3 build 5868
October 24, 2016
Enhancements
- Ability to bypass users for spam filtering, which also saves you a user-license. Click here for details.
Version 5.3 build 5867
October 21, 2016
Enhancements
- Ability to see how Xeams calculates actual users
Version 5.3 build 5865
October 19, 2016
Enhancements
- Ability to check with Active Directory for Smtp Proxy Server
- Allows a 15-day grace period if the "Active Users" count goes higher than the purchased licenses
Bug Fix
- The About screen is blank when Multi-Profile option is enabled, but no profile other than Default exists.
- Clustering does not work when CSRF prevention is enabled.
Version 5.3 build 5864
October 14, 2016
Enhancements
- POPFetch now supports SSL
Version 5.3 build 5862
October 12, 2016
Enhancements
- Ability to add new RBL servers
Bug Fix
- Smart Host does not work when SMTP Proxy is set to Asynchronous mode.
- Clustering does not work when CSRF prevention is enabled.
Version 5.3 build 5859
October 05, 2016
Bug Fix
- Incoming messages are not received if Smart Host is enabled and SMTP Proxy server is configured to run in Asynchronous mode.
Version 5.3 build 5858
October 04, 2016
Enhancements
- Xeams Clustering, which allows junk filtering rules to be shared between multiple instances of Xeams.
- Virus Detector has been improved to catch tricks used by spammers to hide attached file name.
- Grey listing filter can now accept wildcards. For example: *.linkedin.com
- A global report recipient can be specified. Daily summary reports for quarantined messages will be sent to this global user besides the actual user.
Bug Fix
- POP3 server does not return OK status for the LIST command where there are no messages.
Version 5.2 build 5848
September 22, 2016
Enhancements
- DKIM is now supported for both inbound and outbound messages. Click here for details.
Version 5.1 build 5842
September 13, 2016
Enhancements
- Ability to generate quarantine report by send an email. Click here for details.
Bug Fix
- Not every country is displayed in the country filter.
Version 5.1 build 5840
September 06, 2016
Enhancements
- Ability to send/receive large files Click here for details.
- Bypassed IP addresses for Office365 has been updated. This affects Grey Listing
Version 5.0 build 5836
August 26, 2016
Enhancements
Bug Fix
- Xeams is unable to process encrypted zipped files.
- The web interface keeps displaying latest news even when it is marked read.
Version 5.0 build 5834
August 18, 2016
Enhancements
- Ability to peek into an attached zipped file right from Xeam's web interface.
Since this is done without downloading, you can safely check if an attached zip file contains a virus.
- Non-admin users can now view messages for more than 1 day. The number of days match with what administrators see.
Bug Fix
- Number of days since data is displayed for users is incorrect.
- User Filter screen displays a blank page.
Version 5.0 build 5832
August 15, 2016
Enhancements
- OutBoundQueue Manager is added under Message Repository allowing administrators to manage messages stuck in the Outbound Queue
- User's screen is paginated
- Ability to search users on the user's screen
- Viewing messages has been improved.
- Administrator's can run an email through Spam Simulator while viewing a message.
- Embedded images referring to a foreign website are hidden by default, which prevents activation of a web-bug
- Xeams attempts to fix incoming messages containing UNICODE characters in the header.
Bug Fix
- Trailing spaces in a folder name are removed in the IMAP server
Version 4.9 build 5825
May 13, 2016
- Inconsistent sender filter is updated to ignore SPF checking
- MS-Office macro filter can not look for *.dot files
- Outbound messages can be forced through a specific IP if required
- The ReverseIPLookup rule is updated to ignore IP addresses listed in Gateway.dat
- The HoneyPot is updated to ignore IP addresses in Gateway.dat
Version 4.9 build 5816
April 05, 2016
Bug Fix
- SMTP Auth does not work with SSL
Version 4.9 build 5815
April 04, 2016
New Feature
- A new custom rule added to detect emails from fake stores, such as Amazon, Kohl's & Costco.
- The rule to detect macros in MS Word/Excel is updated
Version 4.9 build 5811
March 29, 2016
New Feature
- STARTTLS now works for out-bound emails.
Version 4.9 build 5810
March 28, 2016
New Feature
- User Repository for IMAP/POP3 is now separate from global repository.
- IDLE command now support for IMAP server
- A new custom filter has been added that looks for macros in an MS Word/Excel document.
Enhancements
- The Virus Detection filter has been updated to look for Crypto/Locky virus.
Version 4.8 build 5800
December 07, 2015
New Feature
- Administrators can set a max score for daily reports. This limits the number of entries that
appear in the daily report hiding emails scoring higher than a pre-configured threshold
Enhancements
- Updated DNS lookups, which improves how SPF, RBL and any other DNS based lookups are performed
- Enhancements in SPF lookup logic
- Integration with ClamAV is improved
Bug Fix
- Incoming email occasionally gets corrupted when an email body contains a DOT in the beginning of a line.
- Some buttons are drawn with a very light color when web interface is viewed in Internet Explorer.
Version 4.8 build 5792
June 25, 2015
Enhancements
- Pie charts on the home page of the Admin Console are no longer scary :-)
Bug Fix
- Web page does not render correctly when Intranet Compatibility Mode is enabled in Internet Explorer.
Version 4.8 build 5790
June 23, 2015
Bug Fix
- Check boxes are not visible when marking messages
Version 4.8 build 5789
June 22, 2015
New Feature
- Live logs - ability to see log files as they are being written
- STARTTLS is now supported for SMTP Proxy Server
- New screen for ClamAV integration, which can also perform a test against a ClamAV daemon
Enhancement
- Completely redesigned web interface, which is responsive for mobile devices
- White/black list belong to users is automatically imported when a new user based on AD is created
- Live Monitor now contains a time column
- Embedded web server is upgraded, which disables SSLv3.
- Custom filter reports can display messages that were affected by the selected filter.
- Grey Listing filter has been enhanced. Administrators can now exclude IP addresses. Addresses belonging to Office365 are automatically excluded
Bug Fixes
- Attached zipped files were being ignored when file names were encoded
Version 4.7 build 5780
April 02, 2015
Enhancement
- Live Monitor gets a new facelift. A new AJAX bases live monitor replaces the old Java Applet that stopped working on newer browsers.
- New users can be created by pulling accounts from Active Directory
- A new custom rule has been added to detect WebBug Images
Version 4.7 build 5776
March 22, 2015
Enhancement
- User reports no longer contain Data URI Scheme to display images.
Instead, contentID is used to display graphs. MS Outlook does not support Data URI Scheme yet and therefore, graphs were not visible in user
report when using MS Outlook.
Bug Fixes
- Emails with zip files are not getting delivered. This bug only applies to older installations that use JRE 1.6. It
does not affect JRE 1.7. Alternatively, visit this page for instructions on how to update
JRE
Version 4.7 build 5775
March 17, 2015
Bug Fixes
- Some of the hyper links in the web interface were broken and resulted in a 404 error.
Version 4.7 build 5774
March 16, 2015
- Integration with Microsoft Active Directory. More info...
- Ability for users to search older messages. This is done when users login using their credentials
- Ability to display more than 3 days of messages when viewing all
Enhancements
- Email quarantine report sent to users is no longer cumulative - meaning if users are configured to receive more than one report per day, the
data for next report contains records since the last report, rather than from midnight.
- Many email readers do not display images from a remote server, preventing the graph to appear in email report.
This graph is now embedded inside the email itself and will be visible through any email reader.
Bug Fixes
- CSRF attacks are prevented. More info...
- Encrypted zipped files could not be processed
Version 4.6 build 5757
Aug 19, 2014