Product » A free email server for Windows and Linux » FAQ

Xeams Change Log

Version 9.4 build 6338

October 22, 2024

New Features

• Single Sign-On using OAuth 2.0 with Microsoft Azure and Google Workspace. Details...
• Outbound SMTP for legacy devices that do not work with OAuth 2.0 Details...
• Individual Outbound Tracking. Details...
• FriendlyIP.txt can now accept hostnames. Details...
• User management screen is enhanced to indicate if a user is created as a result of SSO or AD.
• Ability to use SMTP Authentication from AD without creating a local user.
• Ability to create new user login can now be disabled using the GUI.
• Ability to add missing headers, like Message-ID even for internal and outbound emails.
• Ability to enforce authentication for secondary SMTP port

Bug Fix:

• User's password appears in the log file when AUTH PLAIN is used.

Version 9.3 build 6330

August 06, 2024

New Features

• RESTful APIs for sending emails from applications. Details...
• A tool to investigate email delivery problems. Details...
• Ability to select multiple messages when managing outbound queue. Details...
• Ability to sanitize headers for outbound messages. Details...
• The trigger word for end-to-end encryption is now a regular expression, allowing multiple values for trigger word.
• Improved External Web Reference filter.
• Configuration for SMTP Proxy server has been removed from the home page.
• An A lookup is performed in addition to PTR lookup when hostnames are specified for relaying in SMTP configuration.
• Ability to optionally display date, sender and recipient when displaying messages in compact view.
  

Bug Fixes

• Message-ID header is not enclosed in square brackets.

Version 9.2 build 6320

May 22, 2024

New Features

• Web-based end-to-end encryption, in addition to the existing PDF method. Click here to watch a video or here to learn details.
• Ability to view incoming and outgoing SMTP communication logs by clicking status icons. Details...
• Improved logic for modifying existing distribution list.
• Ability to remove users when a domain name is removed.

Bug Fixes

• Information about newsletter subscription is not clustered.
• Updated URL for QR Code when configuring 2FA for TOTP.

Version 9.1 build 6311

March 28, 2024

Bug Fixes

• Unable to add users when Xeams is running as Stand-alone or Hybrid
• Missed-Email Alert Plugin generates false alert when watching for an NDR

March 25, 2024

New Features

• Ability to specify quota for user repository. Details...
• Ability to ask end-recipient to create a password for End-To-End encryption. Details...
• Ability for administrators to manage passwords for End-To-End encryption.
• DNS integration with Cloudflare. Details...
• Ability to assign a score if DKIM is missing
• Ability to display disk usage in the Manage Users screen
• Ability to sign DKIM for internal emails
• Ability to generate quarantine reports for distribution list.
• Domain administrators can manage their users and distribution list
• Auto-create user wizard can automatically run every day around 11 PM
• Ability to search and remove entries from Auto-Learn sender database.
• Ability to exclude certain domains from AD
• AntiPhishing filter is improved
• Xeams can add manadatory headers, such as Date and Message-ID for outbound emails if they are missing.
• Ability to specify a CC address when sending outbound Junk NDR. Done by specifying a value for junk.ndr.cc.recipient=admin@xyz.com in server.properties

Version 9.0 build 6302

Jan 22, 2024

Security Fixes

• Security Fix: CVE-2023-46589, CVE-2023-45648, CVE-2023-44487, CVE-2023-42795
• Security Fix: Ability to terminate connections if SMTP smuggling is detected. Details...

New Features

• Manage Users screen now contains a sticky search
• RFC compliant filter is updated to follow guidelines suggested by GMail
• Ability to stay logged in for configurable number of days
• Ability to block an IP address from Intrusion Detection screen
• Ability to view SMTP Communication for an IP address from Intrusion Detection screen
• Ability to generate alerts when an administrator logs in
• New features configuration is added
• Image Finger Printing custom filter is enhanced.
• Ability to ignore forgery alerts for certain domains by adding entries to config/ForgeryAlertExceptions.txt file.
• Ability to generate an NDR if an outbound email get blocked
• Ability to generate alert if emails stay in the processing queue for long
• No need to restart Xeams after modifying server.properties file.

Bug Fixes

• Sender rollback does not work if the address in MAIL FROM does not have an SPF record
• Spelling error fixed when creating MTA-STS policy

Version 8.9 build 6291

November 15, 2023

Bug Fixes

• The new emoji filter occasionally runs into a NullPointerException

Version 8.9 build 6289

November 07, 2023

• New custom filter added to detect emojis in the subject.
• Inverted country filters. Details...
• Ability to search associated email addresses when searching for users.
• Improved logging when SSL certificate is not trusted and MTA-STS is enabled.
• Diagnostic Check - Inbound has been improved.
• Emails under Message Repository are displayed with respect to the user's timezone rather than the timezone where Xeams run.
• A new report, call Outbound Statistics, is added displaying number of outbound messages sent by users.

Bug Fixes

• Incorrect profile is assigned when a new user is created from AD

Version 8.8 build 6281

August 21, 2023

• Ability to publish policy for MTA-STS right from Xeams interface. Details...
• TLS reports are automatically accepted and processed. A summarized view is displayed in the web interface.
• Ability to integrate DNS providers. As of now GoDaddy and AWS Route 53 are supported. More will be added in later versions. Details...
• Outbound Diagnostic Check has been enhanced to include MTA-STS. Additionally, links to add SPF, DKIM and DMARC records are displayed on the result page.
• Ability to add multi-level distribution list. For example, listA@yourcompany.com could not include listB@yourcompany.com in the recipient.
• Emails with large attachments that are detached by SynaMan do not get sandboxed.

Bug Fixes

• Quarantine reports are not generated occasionally.

Version 8.7 build 6270

June 29, 2023

• The IP-Based filter incorrectly assigns score for URLs containing an email address.

Version 8.7 build 6269

June 28, 2023

Enhancements

• Domain Age filter is added, which assign scores if the sender's domain name was registered recently. Details...
• IP-Based URL filter is added, which assign scores if IP address is used instead of host name in a URL.
• AntiPhishing filtering is enhanced. It now fetches phishing URLs from https://openphish.com/feed.txt
• High volume outbound queue, which sends outbound messages in multiple threads. Details...
• Message Analysis is added when trying to simulation spam
• Bulk message database is updated when an email is marked as good.
• Email association page display warning if a user's email addresses span over multiple profiles.
• Outbound diagnostic check is improved.
• SMTP Proxy server is deprecated. A warning is displayed if Proxy server is still in use. Details...
• Ability to specify session timeout in server.properties using phrase synametrics.http.session.timeout=60 to set it to 60 minutes.

Bug Fixes

• Outbound forgery alerts are generated when TO field is blank.
• Object filter is ignored when using generic LDAP.
• CSV file for MailMerge does not accept a single column with just emails.

Version 8.6 build 6257

March 21, 2023

Enhancements

• Missed Email Plugin is added. Details...
• Ability to display disk usage from the Home Page. Click the magnifying glass icon to bring it up.
• Improved interface for non-admin users, allowing them to configure their times for quarantine reports, newsletter subscriptions and more.
• Improved challenge/response
• Ability to bypass certain domains from SPF lookup by adding SpfBypass.dat and SpfBypassDomains.dat in the config folder. The former contains IP addresses to bypass and latter contains a list of domains.
• Ability to toggle auto renewal in the About screen
• POP3 Fetcher works with IMAP in addition to POP3.
• Host.txt file can now accept host names besides IP addresses. Multiple names can be separated by a comma.
• Ability to contact Synametrics Support and sending sample messages has been improved and works even if outbound port 25 is blocked.
• Email header is added in a forged email alert, making it easier to identify the message.

Bug Fixes

• Mail Merge configuration page does not display the Browse button to upload file.
• PTR lookup fails if an IP resolves to multiple names
• Creating a new user with existing login resets their password
• Sandbox URLs get corrupted if two dashes are found in the URL.

Version 8.5 build 6250

December 06, 2022

Enhancements

• Watchdog service is added. Details...
• Ability to convert popular attachments to their text, allowing users to safely open them. Details...
• Outbound Learner email is added. Details...
• Ability to add custom headers. Details...
• Ability to import Distribution List from a CSV file.
• Users are forced to change their password when importing from CSV file.
• Ability to prevent users from whitelisting their own domain. Done by adding prevent.users.from.whitelisting.local.domains=true to server.properties.
• Embedded HTTP server is updated.

Security Fix

• Fixes the Path-relative style sheet vulnerability in the web interface.

Version 8.4 build 6238

September 06, 2022

Enhancements

• Two-Factor authentication for users as well as administrators. Click here for details...
• RFC Verifier rule has been enhanced.
• Strict-Local users when using Xeams in Hybrid Mode. Click here for details...
• Ability to return a 450 instead of 550 for invalid users. Click here for details...

Bug Fix

• NDRs are not generated when asynchronous processing is disabled for SMTP server.
• System generated emails where not sent to local users when running in Hybrid mode.

Version 8.3 build 6232

July 20, 2022

Bug Fix

• The Reverse IP Lookup header does not fold host names correctly if an IP address refers to multiple names.

Version 8.3 build 6231

July 18, 2022

Enhancements

• Ability to filter emails based on direction when viewing all messages in the repository.
• New filter called BCC Rejector has been added.
• Ability to restrict DRV for domains that are explicitly specified in the web GUI.
• Hello Inspector filter has been enhanced to assign score if the PTR record does not match with HELO string.
• A new header called X-SMClassification is added when using in Hybrid/Firewall mode, allowing downstream servers to assign rules.
• SPF Filter is enhanced to treat misconfigured records as fail.
• Reverse IP Lookup header has been added.
• AttackerIP.txt can now accept CIDR notations.
• DeletedEmails.log contains the IP address of the sender.

Version 8.2 build 6227

April 04, 2022

Bug Fix

• Count for outbound emails in daily summary report is incorrect
• Screen for whitelisted ip addresses display incorrect information

Version 8.2 build 6225

March 01, 2022

Enhancements

• Plugin for Read Receipt is added. Watch a video on this topic.
• Ability view/remove blocked IP addresses.
• Auto-renewal status is displayed on the About screen.
• Sent/received emails count since midnight is displayed on the Manage Users screen.
• Daily status report sent to administrators now contains number of outbound emails.
• Ability to add a friendly name when adding IP addresses for relay.
• ClamAV integration has been improved to work with newer versions.
• Improved logging during communication with ClamAV.
• Xeams checks X-Forwarded-For header in the HTTP server.
• Improved integration with gateway.dat. Xeams now checks multiple headers.

Bug Fixes

• Message count in quarantine report is incorrect when possible spam messages are included in the report.

Version 8.1 build 6213

November 17, 2021

Enhancements

• Ability to force incoming emails to use SMTP Authentication if sender is local
• MS Office filter is improved to look for Excel sheets with VelvetSweatshop as the password
• DRV is enhanced to use STARTTLS
• System generated emails can now be saved to local accounts when running in Hybrid mode

Bug Fixes

• An error occurs and gets logged when trying to parse certain PDF files
• File corruption when reading user's mailing list are handled correctly
• Security Fix: HTML Base tags are removed from an email before viewing it through the web interface.

Version 8.0 build 6201

July 14, 2021

Enhancements

• Ability to broadcast email to every user within your company. Refer to this page for details.
• A dot can be used for temporary/throwaway email address. Refer to this page for details.
• Ability to add multiple CatchAll addresses separated by a comma. This allow administrators to use a separate CatchAll for every domain.
• End-to-End encryption is enhanced. Senders can skip the encryption password if the recipient is also a local user in Xeams. The system will automatically use the user's password for encryption.
• Ability to force new users to change their password after their account is created in Xeams.
• Ability to pull distribution list from Microsoft Active Directory and create local lists in Xeams.
• Contact Support page is improved

Bug Fixes

• Bug Fix: Xeams would not accept multiple values for administrator's email address.

Version 7.9 build 6186

April 19, 2021

Enhancements

• Plugins are now available even for less than 50 users, allowing your users to use features like End-To-End Encryption and Mail Merge
• The Email Import Wizard has been enhanced.
• Bug Fix: Xeams take up lot of CPU if a large email in HTML is received.

Version 7.8 build 6180

April 08, 2021

Enhancements

• PDF link Inspector filter has been improved to look for URLs with blacklisted TLD and assign a score
• Hidden HTML filter has been enhanced to look for dynamic scripts
• Zipped Executable filter has been improved to look for JavaScript files
• Macro Detector filter has been improved to detect embedded objects
• Bug Fix: Sandboxing does not occur for multipart/related messages
• Bug Fix: Searching IP address does not work

Version 7.7 build 6174

January 20, 2021

Enhancements

• A new filter called PDF Link Inspector is created that looks inside a PDF file for harmful links
• Ability to view PDF attachments as HTML script, allowing users to see if a PDF file refers to foreign links
• Ability for individual users to manage news letter subscriptions. Details...
• Ability to add custom headers for added security in the HTTP server
• Ability to deny users from restoring messages from Quarantine Reports
• Ability to restart Xeams automatically after renewing SSL certificate from Let's Encrypt
• Bug Fix: Message search does not return correct results when field name is either Sender's or Recipient's Email.
• Bug Fix: MS Macro detector filter was marking *.xls files incorrectly if foreign characters were found.

Version 7.6 build 6161

October 22, 2020

• Bug Fix: Incoming email runs into an error if the message is received from an IP where SPF does not apply
• Bug Fix: MS Macro filter occasionally runs into a false positive for Excel files

Version 7.6 build 6159

October 21, 2020

Enhancements

• Messages having a forged sender are marked as Inbound rather than Internal.
• A special header called X-SMForgedSender is added when the sender is forged.
• Ability to send outbound emails through slaves in a clustered environment.
• Ability to limit outbound emails once hourly quota reaches. Click Authenticated Messages under Reports to configure this limit.
• MS Office Macro filter is updated to handle dynamically generated macros in Excel spreadsheet. Details...
• Ability to perform SPF looks on whitelisted addresses and domains.
• Ability to specify key size for DKIM, allowing smaller public keys for DNS servers that do not accept larger values. This is done by adding xeams.dkim.key.size=1024 to server.properties.
• Bug Fix: Searching messages with their ID does not work with older messages.

Version 7.5 build 6148

August 31, 2020

Enhancements

• Bug Fix: POP3 connection does not work with Apple Mail on a MAC.

Version 7.5 build 6147

August 17, 2020

Enhancements

• Ability to check if any user is connecting in an unsecure manner. Details...
• Connections to IMAP server that are not using SSL are denied if your Xeams supports STARTTLS for IMAP. Add imap.disable.plain.login.without.ssl=false in server.properties to change this behavior and allow connections in clear. This work-around is NOT recommended.
• Message to Restart Xeams is not displayed when Profile admins log in
• Bug Fix: Several bugs related to Searching in IMAP are fixed
• Bug Fix: Occasionally, Thunderbird does not download every attached file when using IMAP

Version 7.4 build 6137

July 01, 2020

Enhancements

• Ability to select different color themes for the web interface. Details...
• MS Office Macro filter has been enhanced to detect tricky Excel sheets.
• Bug Fix: Attachments containing UTF-7 encoding in file name are not processed correctly.
• Bug Fix: Currency symbol is displayed incorrectly during purchase

Version 7.3 build 6130

May 20, 2020

Enhancements

• New payment model introduced. Details...
• Enhanced Temporary Emails. Details...
• Pre-Approval Plugin is added. Details...
• Ability to put *.eml file in $INSTALL_DIR\InputMessageQueue for manual deliver. Operation 267 triggers processing
• Ability to block password-protected RAR files.
• Anti-Virus rule is updated to configure RAR files
• SuccessfulLogin.log is created, which logs successful login attempts from SMTP, HTTP, POP3 and IMAP servers
• Security Fix: Foreign URLs specified in DOCTYPE gets processed when parsing XML.
• Bug Fix: Several bugs fixed related to IPv6
• Bug Fix: The Spam Simulator runs into a error if there is no TO/CC field in the sample email
• Bug Fix: StackOverFlow occurs when too many invisible characters are found in an incoming email

Version 7.2 build 6108

March 10, 2020

Enhancements

• Enhanced relaying - administrators can now specify sender's domain name when adding a relaying IP. It can now also accept host names. For example, if you are using Xeams with Exchange on Office 365, you can create a relay host with the following values:
  
  

  Hostname/IP	Sender Condition
  *.outbound.protection.outlook.com	yourdomain1.com|yourdomain2.com

  
  Multiple domains can be separated by a pipe character.
  
  
• Ability to detach virus files from an email and replace them with a dummy TEXT file. Details...
• MS Office Macro filter has been enhanced to look for documents that automatically download harmful files
• RAR files renamed as *.gz are now detected
• Ability to bypass messages received from an ip/host allowed to relay. Default score is -300, which can be modified by setting the value for score.for.relayed.host in server.properties.
• Enhanced Email Directions. Now Xeams can distinguish between inbound, outbound and internal emails.
• Ability to search messages based on their direction
• A new graph showing the distribution of email direction
• Ability to connect to LDAP servers other than Active Directory
• Ability to disable caching for DomainInspector filter by setting use.cache.4.domain.inspector=false in server.properties.
• ReverseIPLookup filter has been modified to ignore IP addresses allowed to relay
• Comma separated values can be entered when adding/modifying domains in SMTP Server Configuration
• Bug Fix: The Change Profile screen does not format HTML properly when recipient/sender domain is long

Version 7.1 build 6090

December 02, 2019

Enhancements

• Ability to create multiple admin accounts Details...
• Ability to maintain an audit log keeping track of was was changed and who changed it
• Ability to ignore RBL lookups for well known domains, such as gmail.com, hotmail.com, yahoo.com, etc...
• Ability to send on-demand NDRs, giving the original sender an impression their email did not reach the final recipient.
• Anti-Virus rule is enhanced for look for HTTP redirects inside HTML documents.
• SPF lookups checks the FROM header if MAIL FROM is missing in the envelope
• Bug Fix: Modified headers were being ignored when External Subject Tag was used.
• Bug Fix: ALLDOMAINS in the local host file gets modified to lowercase string in the web interface.
• Bug Fix: HTTP challenge fails to auto-renew SSL certificate for Let's Encrypt when Xeams is configured to serve on port 80
• Bug Fix: Sandbox enable/disable did not have any affect.

Version 7.0 build 6082

July 01, 2019

Enhancements

• Bug Fix: Auto renewal for Let's Encrypt certificate does not work when using a third-party web server, such as IIS or Apache

Version 7.0 build 6080

June 11, 2019

Enhancements

• URL Sandbox - ability to wrap URLs in incoming emails with a different URL allowing users to analyze the link before clicking them. Details...
• Ability to add a body snippet for incoming emails. Version 6.9 allowed adding a subject tag. v7.0 adds a similar snippet in the body of the message. Details...
• Ability to forward emails from Message Repository. Email can be forwarded to:
  • Administrator
  • Xeams Support - for analyses
  • Any other recipient
• Analyzing Messages feature is enhanced to contain information about intermediate hops and delays.
• Ability to look inside winmail.dat file
• Message Viewer has been enhanced to handle background images displayed through CSS styles
• Bug Fix: Newly created users are not saved when using Import Wizard
• Bug Fix: Message Analysis window does not handle PTR records that result in multiple host names.

Version 6.9 build 6064

April 10, 2019

Enhancements

• Ability to integrate with Let's Encrypt to create SSL certificates. Watch a video.
• Ability to make HTTP server listen on two ports
• Ability to look inside a RAR file
• Ability to analyze messages. Details...

Version 6.8 build 6047

February 19, 2019

Enhancements

• Language Filters - allow filtering based on the language of the email.
• A new custom filter called Sender Name Forgery has been added, which prevents employee name spoofing. details...
• A new custom filter called Non-Printable Characters has been added, which looks for non-printable characters to avoid detection. Bitcoin Scam is one example that can be prevented with this rule.
• Ability to add a tag in email subject for inbound emails. Details...
• Office macros detection is improved
• RTF files renamed as *.doc are filtered
• Ability to add multiple domain names when configuring SMTP Server
• Performance improvements have been made in the IMAP server
• Variables in Mail Merge campaign are no longer case-sensitive. Additionally, duplicate emails are ignored.
• Bug Fix: The To field is incorrectly displayed in Message Repository for messages that come into a Slave Xeams when clustering is enabled.

Version 6.7 build 6028

December 03, 2018

Enhancements

• Safe Attachment Viewer - safely look inside attachments to confirm they are safe. This feature extracts text out of popular document types, removing any embedded macros, HTML links or JavaScript making them safe to open.
  
  Note: This feature will only be available in the Enterprise Edition.
  
  
• Enhanced End-To-End Encryption - Users can set predefined passwords for senders they frequently send emails to when using end-to-end encryption. Click here for details.
  
  
• Enhanced Greylisting when receiving emails from Office365. Microsoft recently deprecated a mechanism used by Xeams to pull IP addresses belonging to Office365. This update uses the new suggested method by Microsoft to pull IP addresses.
  
  
• Enhanced Direction - previous versions of Xeams used the sender's domain to determine the direction (outbound or inbound). This used to incorrectly classify a forged sender as outbound even when the actual message came in from the Internet. This version considers a message outbound, if one of two conditions are met: a) SMTP Authentication was used, OR b) Message came from an IP that is allowed to relay.
  
  This information is used to draw the direction arrow in Message Repository.
  
  
• Xeams now supports encoded emails in UTF-7
  
  
• Ability to unsubscribe from email campaigns
• Emojis are now displayed correctly when viewing emails in Message Repository
• Performance improvement when fetching emails from IMAP/POP3 server.
• Warning alert is sent to administrator if JRE version is older

Version 6.6 build 6009

October 11, 2018

Enhancements

• Bug Fix: Emails cannot be marked good or spam in Message Respository.
• Bug Fix: Xeams takes a long time to start if UDP port 123 is blocked.

Version 6.6 build 6008

October 10, 2018

Enhancements

• New Plugin - End-to-End Email Encryption. Watch a video on this topic.
• Ability to sort messages in Message Repository
• A new status icon has been added for end-to-end encryption
• Bug Fix: Incoming email gets corrupted if body is missing.

Version 6.5 build 6000

August 20, 2018

Enhancements

• Updated graphs - every graph in Xeams is now dynamic, which display information when hovering a mouse.
• Additional graphs are added for the home screen
  • Smtp Connections vs email ratio. Details...
  • Top domains
  • Memory graph is updated to contain historic values
  
  
• Two new reports added targeted towards legal requirements:
  • Message Catalog Summary - Details...
  • Attachment Report - display in-bound as well as out-bound emails containing attachments.
  Click Reports → Legal Reports to run these reports.
  
  
• Xeams Plugins - Email Campaign and Mail-Merge. Watch a video on this topic.
• Ability to block IP addresses automatically if malicious activity is detected. Check Block Malicious IP Addresses under the Advanced tab of Server Configuration.
• Ability to prevent associated email addresses from logging in. This is done by setting prevent.associated.users.from.logging=true in server.properties
• DevNullSMTP has been integrated with Xeams.
• Bug Fix: A null pointer exception is raised in SLAVE when just one profile exists and report is pulled.

Version 6.4 build 5990

June 01, 2018

Enhancements

• Introducing SynRBL - Synametrics own RBL server.
• New custom filter called missing SPF that checks if an email originates from sender's designated MX or A record if SPF is missing.
• New custom filter called Hidden HTML Blocks is added that looks for absolute positioning to hide text.
• Sender's IP address is extracted from received header when using Spam Simulator
• Ability to add friendly IP addresses that are immune from getting blocked if a user provides incorrect passwords
• Ability to generate an NDR before deleting a message from Outbound Message Queue. This is done by clicking the icon when viewing Outbound Queue.
• Ability to prevent well known domains from getting white listed. For example, gmail.com, hotmail.com, yahoo.com, etc... This is done by modifying data in $INSTALL_DIR/config/PublicDomains.txt file.
• Status icons updated to display STARTTLS for both incoming as well as outgoing messages. Refer to Status Icon page for details.
• Ability to use a non-blank address in envelope MAIL FROM when generating NDRs. This is done by adding sender.4.ndr.message in server.properties file.
• Ability to force STARTTLS with certain domains by adding $INSTALL_DIR/config/DomainsRequiringTLS.txt. Add one domain per line. Using STARTTLS with certain business partners is required by the new GDPR regulations. Click here for details.
• Bug Fix: Generated NDRs do not have the Date header
• Bug Fix: Searching does not work when temporary email addresses are used
• Bug Fix: DKIM keys are not displayed on the web if mixed case characters were used to specify domain names during setup. This only occurs on Linux and Mac.

Version 6.3 build 5979

March 21, 2018

Enhancements

• New filter Misleading Sender has been added. It looks for recipient's domain in sender's name
• Disclaimers are improved and now supports HTML in signature
• Ability to specify maximum emails to import when importing emails from another IMAP account
• Hello Inspector rule is modified to work with IP addresses for Office365
• Link for Manage Disclaimers is moved from Server Configuration to Filter Management. This is done because disclaimers can be set on a per-profile basis rather than globally.

Bug Fixes

• Inherited checkbox in profile management does not display correct value
• Copying emails via IMAP occasionally runs into errors
• The restore link in quarantine report does not work occasionally
• Results for PTR lookup add an extra DOT at the end

Version 6.3 build 5973

February 06, 2018

Enhancements

• Active Directory lookups can be done using SSL.
• CIDR format is now accepted for Relaying IP, White/Black listed IPs and Acces Control List
• Screen to manage White/Black listed IP address is enhanced.
• Ability to send quarantine reports to a different email address
• Ability to force HTTPS for the web interface
• A new filter called UniqueAnchors has been added
• SPF check is skipped if message comes from a server allowed to relay
• Access Control List for admin account, which restricts admin access to certain IP addresses
• Score for authenticated user is now configurable using the score.for.auth.users system property
• Activity by IP report has been updated to work with blacklisted IP addresses in CIDR format

Version 6.2 build 5968

December 11, 2017

Enhancements

• A new filter called Tricky Sender is added to handle a major security flaw discovered in many email clients. Click here to learn more about this filter.
• Inherited Profiles are introduced
• Additional system alerts have added
• Virus Detector has been updated to look for zips within a zipped file
• Diagnostic Check - Outbound has been enhanced to report missing PTR records
• AUTH PLAIN and CRAM-MD5 are now supported in Smtp Authentication

Bug Fixes

• The license renew button in About screen does not calculate the correct number of license
• Active license count is incorrect when using AD
• Associated users are not bundled correctly

Version 6.1 build 5961

November 08, 2017

Bug Fixes

• Bypassed addresses are ignored in license

Version 6.1 build 5960

November 07, 2017

Enhancements

• Inconsistent sender filter is enhanced to look for valid DKIM signatures before assigning scores.
• Warning messages are added if quarantine report is not generated at midnight. Click here for details.
• Licensing update. Distribution lists containing email addresses for local users is no longer counted towards a license.
• Auto Updates do not restart Xeams. Even if auto-updates are enabled, necessary files will be downloaded but won't be patched until administrators restart Xeams

Bug Fixes

• Default AD is automatically selected even if local domains are missing in SMTP Configuration

Version 6.1 build 5958

October 25, 2017

Enhancements

• Message status icons are displayed when viewing messages. Click here for details.
• Ability to migrate emails from other IMAP/POP3 servers into Xeams. Click here for details
• Ability to use multiple LDAP servers. Each LDAP can be associated with a different domain.
• Ability to integrate with Zimbra LDAP
• Outbound Diagnostic Check
• Link for Diagnostic Check has been moved from Server Configuration to Tools
• Outbound forgery alerts. Email alerts are sent to administrators if Xeams detects an outbound email that will be considered a forgery by the receiving end
• New log file called OutboundForgeries.log has been added, which contains emails that were sent out and could be treated as forged
• New log file called DeletedEmails.log has been added, which will hold traces of messages that are deleted because their score went pass the deletion threshold
• Ability to snooze email alerts
• Preferred URL for the web interface. This is set under Server Configuration. Xeams will use this URL when generating alerts as well as when new users are created.
• Outbound reports for DMARC are not sent to the queue if the first attempt fails.

Bug Fixes

• Inconsistent sender rule gets triggered if the MAIL FROM value in SMTP envelope ends with upper-case letters.
• Subject line of incoming messages is not changed when using the POP3 fetcher
• Links within quarantine report do not work if the user account contains non-English characters
• The RUA email address for DMARC report ignores the message size parameter
• Xeams creates a new user account if a user from AD use their email address instead of the user ID to log in

Version 6.0 build 5948

August 14, 2017

Enhancements

• Support for DMARC has been added. Click here for details
• RFC822 Verifier rule has been updated to detect invalid email addresses in the FROM header
• Temp files are removed much sooner rather than waiting until shutdown.
• The web server can look for X-Forwarded-IP and X-Real-IP headers before black-listing IP addresses where unsuccessful login attempts are made.
• The Message-ID header is recreated when restoring messages, preventing MS Exchange from suppressing restored messages.

Bug Fixes

• Emails that go into Possible Junk cannot be searched.
• Email on iPhone cannot display contents when connecting via IMAP.
• Email containing special characters in buddy/enemy list cannot be removed
• Messages received via POP3-Fetcher are not included in quarantine reports

Version 5.9 build 5934

May 15, 2017

Security Flaw

• A major security flaw is patched that could allow non-authorized users to login as admin using the web interface.

Enhancements

• New custom filter that looks for embedded attachments inside a PDF file leading to a ransomware.
• New custom filter that implements a fuzzy search algorithm to detect previously received spam messages from different senders but similar content
• Out-of-office notifications are added to user's screen, allowing them to automatically notify senders when they are not in office.
• Separator for score search is changed from a (-) dash to a comma. This is done to allow negative searches.

Bug Fixes

• MS Office Macro detector has been updated to filter XLSX extensions.
• BCC header filter does not work
• Messages cannot be moved from Possible Junk to Junk

Version 5.8 build 5925

March 14, 2017

Enhancements

• Restarting Xeams has been improved on Windows. The patcher will now try to restart Xeams multiple times if the first attempt fails.
• Temp files are cleaned sooner.
• New IP Reputation rule is introduced to mark subnets of IP addresses where junk messages are received
• Smtp Envelope field MAIL FROM is now used to filter buddy/enemy lists.
• A new operator To, CC, BCC is introduced for header filters
• New log file called QuarantineReports.log is added that helps troubleshoot problems with Quarantine Reports.
• IMAP server closes connection after 5 minutes if a client does not send requests but leaves connection open
• Appearance is applied when a profile-admin logs in

Bug Fixes

• A previously associated email address cannot be associated with a different user without restarting Xeams

Version 5.7 build 5908

January 30, 2017

Enhancements

• User import from AD now allow filtering OU.
• Bayesian database is now per-user allowing the Spam Learner email to only affect the user who marks the message.
• Bypassed users can now accept domain names besides email addresses
• Message count are generated in a background thread to speed up the web interface when connecting as non-admin user.

Bug Fixes

• Quarantine reports are not generate if an custom image is specified in Appearance
• User management screen does not allow modifying a user if the email address contains an & sign.

Version 5.7 build 5900

January 16, 2017

Enhancements

• Appearance - Allows you to put your company name, tag line and logo on the web interface. This feature is only allowed in the Enterprise Edition.
• Spam learner email - users can forward junk messages to Xeams allowing it to learn from it. Check http://www.xeams.com/spam-learner.htm for details.
• Bypassed users can now accept domain names besides email addresses
• New filter added to block top level domains like *.TOP, *.XYZ, etc...
• New filter to detect fake replies
• New filter to detect inconsistent "Reply-To" header.
• Message counts are consolidated across slaves when running Xeams in clustered mode

Version 5.6 build 5894

January 05, 2017

Enhancements

• User Import Wizard now contains the ability to import associated emails from a text file
• DRV caching can optionally be disabled.
• Live Monitor can display more than 20 records, which is done by adding num.entries.in.livemonitor property in server.properties file.
• Reporting is improved to consume less memory
• A new Diagnostic Check is introduced to ensure Xeams does not accept emails for invalid users.

Bug Fix

• A major memory leak is fixed that occurs when Xeams is configured to run as a SLAVE in clustering environment
• When messages are searched by non-admin users, records are not pulled from SLAVES. Applies when running in a clustered environment.

Version 5.5 build 5884

December 14, 2016

Enhancements

• User Quarantine Reports are generated even when running in Stand-alone mode
• When subject are changed in message action, emails are copied to INBOX, instead of Spam/Possible Spam folders, allowing POP3 clients to see these messages. This applies only if you are using POP3/IMAP on Xeams.
• User white/black list (Buddy/Enemy) list can be read from a CSV file, allowing administrators to import white/black list from third-party sources. Click here for details.
• Filtering is enhanced to detect and score messages containing incorrect base64 encoding to avoid detection
• Ability to read IP addresses for Office365 from a file instead of fetching them from the Internet. Applies when grey-listing is enabled.

Version 5.4 build 5878

November 16, 2016

Bug Fix

• Read/Unread flag does not work in iPhone when using IMAP
• Flag to check/uncheck Temporary emails does not work in web interface.

Version 5.4 build 5876

November 08, 2016

Enhancements

• Ability to create temporary email addresses. Click here for details.
• Clustering has been enhanced. Files are compresses before sending them to slaves, making them work faster on slower networks.
• Outbound SMTP server communication has been improved to handle temporary failures.

Version 5.4 build 5872

November 03, 2016

Enhancements

• Dynamic Recipient Verification is introduced. Click here for details.
• Domain names for SMTP Configuration is now paginated, making it easier to maintain lots of domain names
• Anti-virus rule is updated
• Manage Aliases is now called Manage Distribution List under Server Configuration. Check this page for details.

Bug Fixes

• Trusted domain is not added when marking emails if there are multiple TXT records in the DNS server.

Version 5.3 build 5868

October 24, 2016

Enhancements

• Ability to bypass users for spam filtering, which also saves you a user-license. Click here for details.

Version 5.3 build 5867

October 21, 2016

Enhancements

• Ability to see how Xeams calculates actual users

Version 5.3 build 5865

October 19, 2016

Enhancements

• Ability to check with Active Directory for Smtp Proxy Server
• Allows a 15-day grace period if the "Active Users" count goes higher than the purchased licenses

Bug Fix

• The About screen is blank when Multi-Profile option is enabled, but no profile other than Default exists.
• Clustering does not work when CSRF prevention is enabled.

Version 5.3 build 5864

October 14, 2016

Enhancements

• POPFetch now supports SSL

Version 5.3 build 5862

October 12, 2016

Enhancements

• Ability to add new RBL servers

Bug Fix

• Smart Host does not work when SMTP Proxy is set to Asynchronous mode.
• Clustering does not work when CSRF prevention is enabled.

Version 5.3 build 5859

October 05, 2016

Bug Fix

• Incoming messages are not received if Smart Host is enabled and SMTP Proxy server is configured to run in Asynchronous mode.

Version 5.3 build 5858

October 04, 2016

Enhancements

• Xeams Clustering, which allows junk filtering rules to be shared between multiple instances of Xeams.
• Virus Detector has been improved to catch tricks used by spammers to hide attached file name.
• Grey listing filter can now accept wildcards. For example: *.linkedin.com
• A global report recipient can be specified. Daily summary reports for quarantined messages will be sent to this global user besides the actual user.

Bug Fix

• POP3 server does not return OK status for the LIST command where there are no messages.

Version 5.2 build 5848

September 22, 2016

Enhancements

• DKIM is now supported for both inbound and outbound messages. Click here for details.

Version 5.1 build 5842

September 13, 2016

Enhancements

• Ability to generate quarantine report by send an email. Click here for details.

Bug Fix

• Not every country is displayed in the country filter.

Version 5.1 build 5840

September 06, 2016

Enhancements

• Ability to send/receive large files Click here for details.
• Bypassed IP addresses for Office365 has been updated. This affects Grey Listing

Version 5.0 build 5836

August 26, 2016

Enhancements

Bug Fix

• Xeams is unable to process encrypted zipped files.
• The web interface keeps displaying latest news even when it is marked read.

Version 5.0 build 5834

August 18, 2016

Enhancements

• Ability to peek into an attached zipped file right from Xeam's web interface. Since this is done without downloading, you can safely check if an attached zip file contains a virus.
• Non-admin users can now view messages for more than 1 day. The number of days match with what administrators see.

Bug Fix

• Number of days since data is displayed for users is incorrect.
• User Filter screen displays a blank page.

Version 5.0 build 5832

August 15, 2016

Enhancements

• OutBoundQueue Manager is added under Message Repository allowing administrators to manage messages stuck in the Outbound Queue
• User's screen is paginated
• Ability to search users on the user's screen
• Viewing messages has been improved.
  • Administrator's can run an email through Spam Simulator while viewing a message.
  • Embedded images referring to a foreign website are hidden by default, which prevents activation of a web-bug
• Xeams attempts to fix incoming messages containing UNICODE characters in the header.

Bug Fix

• Trailing spaces in a folder name are removed in the IMAP server

Version 4.9 build 5825

May 13, 2016

• Inconsistent sender filter is updated to ignore SPF checking
• MS-Office macro filter can not look for *.dot files
• Outbound messages can be forced through a specific IP if required
• The ReverseIPLookup rule is updated to ignore IP addresses listed in Gateway.dat
• The HoneyPot is updated to ignore IP addresses in Gateway.dat

Version 4.9 build 5816

April 05, 2016

Bug Fix

• SMTP Auth does not work with SSL

Version 4.9 build 5815

April 04, 2016

New Feature

• A new custom rule added to detect emails from fake stores, such as Amazon, Kohl's & Costco.
• The rule to detect macros in MS Word/Excel is updated

Version 4.9 build 5811

March 29, 2016

New Feature

• STARTTLS now works for out-bound emails.

Version 4.9 build 5810

March 28, 2016

New Feature

• User Repository for IMAP/POP3 is now separate from global repository.
• IDLE command now support for IMAP server
• A new custom filter has been added that looks for macros in an MS Word/Excel document.

Enhancements

• The Virus Detection filter has been updated to look for Crypto/Locky virus.

Version 4.8 build 5800

December 07, 2015

New Feature

• Administrators can set a max score for daily reports. This limits the number of entries that appear in the daily report hiding emails scoring higher than a pre-configured threshold

Enhancements

• Updated DNS lookups, which improves how SPF, RBL and any other DNS based lookups are performed
• Enhancements in SPF lookup logic
• Integration with ClamAV is improved

Bug Fix

• Incoming email occasionally gets corrupted when an email body contains a DOT in the beginning of a line.
• Some buttons are drawn with a very light color when web interface is viewed in Internet Explorer.

Version 4.8 build 5792

June 25, 2015

Enhancements

• Pie charts on the home page of the Admin Console are no longer scary :-)

Bug Fix

• Web page does not render correctly when Intranet Compatibility Mode is enabled in Internet Explorer.

Version 4.8 build 5790

June 23, 2015

Bug Fix

• Check boxes are not visible when marking messages

Version 4.8 build 5789

June 22, 2015

New Feature

• Live logs - ability to see log files as they are being written
• STARTTLS is now supported for SMTP Proxy Server
• New screen for ClamAV integration, which can also perform a test against a ClamAV daemon

Enhancement

• Completely redesigned web interface, which is responsive for mobile devices
• White/black list belong to users is automatically imported when a new user based on AD is created
• Live Monitor now contains a time column
• Embedded web server is upgraded, which disables SSLv3.
• Custom filter reports can display messages that were affected by the selected filter.
• Grey Listing filter has been enhanced. Administrators can now exclude IP addresses. Addresses belonging to Office365 are automatically excluded

Bug Fixes

• Attached zipped files were being ignored when file names were encoded

Version 4.7 build 5780

April 02, 2015

Enhancement

• Live Monitor gets a new facelift. A new AJAX bases live monitor replaces the old Java Applet that stopped working on newer browsers.
• New users can be created by pulling accounts from Active Directory
• A new custom rule has been added to detect WebBug Images

Version 4.7 build 5776

March 22, 2015

Enhancement

• User reports no longer contain Data URI Scheme to display images. Instead, contentID is used to display graphs. MS Outlook does not support Data URI Scheme yet and therefore, graphs were not visible in user report when using MS Outlook.

Bug Fixes

• Emails with zip files are not getting delivered. This bug only applies to older installations that use JRE 1.6. It does not affect JRE 1.7. Alternatively, visit this page for instructions on how to update JRE

Version 4.7 build 5775

March 17, 2015

Bug Fixes

• Some of the hyper links in the web interface were broken and resulted in a 404 error.

Version 4.7 build 5774

March 16, 2015

• Integration with Microsoft Active Directory. More info...
• Ability for users to search older messages. This is done when users login using their credentials
• Ability to display more than 3 days of messages when viewing all

Enhancements

• Email quarantine report sent to users is no longer cumulative - meaning if users are configured to receive more than one report per day, the data for next report contains records since the last report, rather than from midnight.
• Many email readers do not display images from a remote server, preventing the graph to appear in email report. This graph is now embedded inside the email itself and will be visible through any email reader.

Bug Fixes

• CSRF attacks are prevented. More info...
• Encrypted zipped files could not be processed

Version 4.6 build 5757

Aug 19, 2014