Product » Xeams » FAQ
Xeams Change Log
Version 7.0 build 6082
July 01, 2019
- Bug Fix: Auto renewal for Let's Encrypt certificate does not work when using a third-party web server, such as IIS or Apache
Version 7.0 build 6080
June 11, 2019
- URL Sandbox - ability to wrap URLs in incoming emails with a different URL allowing
users to analyze the link before clicking them. Details...
- Ability to add a body snippet for incoming emails. Version 6.9 allowed adding a subject tag. v7.0 adds a similar snippet in the body
of the message. Details...
- Ability to forward emails from Message Repository. Email can be forwarded to:
- Xeams Support - for analyses
- Any other recipient
- Analyzing Messages feature is enhanced to contain information about
intermediate hops and delays.
- Ability to look inside winmail.dat file
- Message Viewer has been enhanced to handle background images displayed through CSS styles
- Bug Fix: Newly created users are not saved when using Import Wizard
- Bug Fix: Message Analysis window does not handle PTR records that result in multiple host names.
Version 6.9 build 6064
April 10, 2019
- Ability to integrate with Let's Encrypt to create SSL certificates. Watch a video.
- Ability to make HTTP server listen on two ports
- Ability to look inside a RAR file
- Ability to analyze messages. Details...
Version 6.8 build 6047
February 19, 2019
- Language Filters - allow filtering based on the language of the email.
- A new custom filter called Sender Name Forgery has been added, which prevents employee name spoofing. details...
- A new custom filter called Non-Printable Characters has been added, which looks for non-printable characters to avoid detection. Bitcoin Scam is one example that can be prevented with this rule.
- Ability to add a tag in email subject for inbound emails. Details...
- Office macros detection is improved
- RTF files renamed as *.doc are filtered
- Ability to add multiple domain names when configuring SMTP Server
- Performance improvements have been made in the IMAP server
- Variables in Mail Merge campaign are no longer case-sensitive. Additionally, duplicate emails are ignored.
- Bug Fix: The To field is incorrectly displayed in Message Repository for messages that come into a Slave Xeams when clustering is enabled.
Version 6.7 build 6028
December 03, 2018
- Safe Attachment Viewer - safely look inside attachments to confirm they are safe.
making them safe to open.
Note: This feature will only be available in the Enterprise Edition.
- Enhanced End-To-End Encryption - Users can
set predefined passwords for senders they frequently send emails to when using
end-to-end encryption. Click here for details.
- Enhanced Greylisting when receiving emails from Office365. Microsoft recently deprecated a
mechanism used by Xeams to pull IP addresses belonging to Office365. This update uses
the new suggested method
by Microsoft to pull IP addresses.
- Enhanced Direction - previous versions of Xeams used the sender's domain to determine the direction (outbound or inbound).
This used to incorrectly classify a forged sender as outbound
even when the actual message came in from the Internet. This version considers a message outbound, if one of two conditions
are met: a) SMTP Authentication was used, OR b) Message came from an IP that is allowed to relay.
This information is used to draw the direction arrow in Message Repository.
- Xeams now supports encoded emails in UTF-7
- Ability to unsubscribe from email campaigns
- Emojis are now displayed correctly when viewing emails in Message Repository
- Performance improvement when fetching emails from IMAP/POP3 server.
- Warning alert is sent to administrator if JRE version is older
Version 6.6 build 6009
October 11, 2018
- Bug Fix: Emails cannot be marked good or spam in Message Respository.
- Bug Fix: Xeams takes a long time to start if UDP port 123 is blocked.
Version 6.6 build 6008
October 10, 2018
- New Plugin - End-to-End Email Encryption. Watch a video on this topic.
- Ability to sort messages in Message Repository
- A new status icon has been added for end-to-end encryption
- Bug Fix: Incoming email gets corrupted if body is missing.
Version 6.5 build 6000
August 20, 2018
- Updated graphs - every graph in Xeams is now dynamic, which display information when hovering a mouse.
- Additional graphs are added for the home screen
- Smtp Connections vs email ratio. Details...
- Top domains
- Memory graph is updated to contain historic values
- Two new reports added targeted towards legal requirements:
Click Reports → Legal Reports to run these reports.
- Message Catalog Summary - Details...
- Attachment Report - display in-bound as well as out-bound emails containing attachments.
- Xeams Plugins - Email Campaign and Mail-Merge. Watch a video on this topic.
- Ability to block IP addresses automatically if malicious activity is detected. Check Block Malicious IP Addresses under the Advanced tab of Server Configuration.
- Ability to prevent associated email addresses from logging in. This is done by setting
prevent.associated.users.from.logging=true in server.properties
- DevNullSMTP has been integrated with Xeams.
- Bug Fix: A null pointer exception is raised in SLAVE when just one profile exists and report is pulled.
Version 6.4 build 5990
June 01, 2018
- Introducing SynRBL - Synametrics own RBL server.
- New custom filter called missing SPF that checks if an email originates from sender's designated MX or A record if SPF is missing.
- New custom filter called Hidden HTML Blocks is added that looks for absolute positioning to hide text.
- Sender's IP address is extracted from received header when using Spam Simulator
- Ability to add friendly IP addresses that are immune from getting blocked if a user provides incorrect passwords
- Ability to generate an NDR before deleting a message from Outbound Message Queue. This is done by clicking the icon when viewing Outbound Queue.
- Ability to prevent well known domains from getting white listed. For example, gmail.com, hotmail.com, yahoo.com, etc... This is done by modifying data in
- Status icons updated to display STARTTLS for both incoming as well as outgoing messages. Refer to Status Icon page for details.
- Ability to use a non-blank address in envelope MAIL FROM when generating NDRs. This is done by adding
sender.4.ndr.message in server.properties file.
- Ability to force STARTTLS with certain domains by adding
$INSTALL_DIR/config/DomainsRequiringTLS.txt. Add one domain per line.
Using STARTTLS with certain business partners is required by the new GDPR regulations. Click here for details.
- Bug Fix: Generated NDRs do not have the Date header
- Bug Fix: Searching does not work when temporary email addresses are used
- Bug Fix: DKIM keys are not displayed on the web if mixed case characters were used to specify domain names during setup. This only occurs on Linux and Mac.
Version 6.3 build 5979
March 21, 2018
- New filter Misleading Sender has been added. It looks for recipient's domain in sender's name
- Disclaimers are improved and now supports HTML in signature
- Ability to specify maximum emails to import when importing emails from another IMAP account
- Hello Inspector rule is modified to work with IP addresses for Office365
- Link for Manage Disclaimers is moved from Server Configuration to Filter Management. This is done because disclaimers
can be set on a per-profile basis rather than globally.
- Inherited checkbox in profile management does not display correct value
- Copying emails via IMAP occasionally runs into errors
- The restore link in quarantine report does not work occasionally
- Results for PTR lookup add an extra DOT at the end
Version 6.3 build 5973
February 06, 2018
- Active Directory lookups can be done using SSL.
- CIDR format is now accepted for Relaying IP, White/Black listed IPs and Acces Control List
- Screen to manage White/Black listed IP address is enhanced.
- Ability to send quarantine reports to a different email address
- Ability to force HTTPS for the web interface
- A new filter called UniqueAnchors has been added
- SPF check is skipped if message comes from a server allowed to relay
- Access Control List for admin account, which restricts admin access to certain IP addresses
- Score for authenticated user is now configurable using the score.for.auth.users system property
- Activity by IP report has been updated to work with blacklisted IP addresses in CIDR format
Version 6.2 build 5968
December 11, 2017
- A new filter called Tricky Sender is added to handle a major security flaw
discovered in many email clients. Click here to learn more about this filter.
- Inherited Profiles are introduced
- Additional system alerts have added
- Virus Detector has been updated to look for zips within a zipped file
- Diagnostic Check - Outbound has been enhanced to report missing PTR records
- AUTH PLAIN and CRAM-MD5 are now supported in Smtp Authentication
- The license renew button in About screen does not calculate the correct number of license
- Active license count is incorrect when using AD
- Associated users are not bundled correctly
Version 6.1 build 5961
November 08, 2017
- Bypassed addresses are ignored in license
Version 6.1 build 5960
November 07, 2017
- Inconsistent sender filter is enhanced to look for valid DKIM signatures before assigning scores.
- Warning messages are added if quarantine report is not generated at midnight.
Click here for details.
- Licensing update. Distribution lists containing email addresses for local users is no longer counted towards a license.
- Auto Updates do not restart Xeams. Even if auto-updates are enabled, necessary files will be downloaded but won't be
patched until administrators restart Xeams
- Default AD is automatically selected even if local domains are missing in SMTP Configuration
Version 6.1 build 5958
October 25, 2017
Important: Version 6.1 requires that you enter your local domains under SMTP Configuration/Domains tab. This was not required
in earlier versions if you were using SMTP Proxy server for inbound emails.
- Message status icons are displayed when viewing messages. Click here for details.
- Ability to migrate emails from other IMAP/POP3 servers into Xeams. Click here for details
- Ability to use multiple LDAP servers. Each LDAP can be associated with a different domain.
- Ability to integrate with Zimbra LDAP
- Outbound Diagnostic Check
- Link for Diagnostic Check has been moved from Server Configuration to Tools
- Outbound forgery alerts. Email alerts are sent to administrators if Xeams detects an outbound email that will be considered a forgery by the receiving end
- New log file called OutboundForgeries.log has been added, which contains emails that were sent out and could be treated as forged
- New log file called DeletedEmails.log has been added, which will hold traces of messages that are deleted because their score went pass the deletion threshold
- Ability to snooze email alerts
- Preferred URL for the web interface. This is set under Server Configuration. Xeams will use this URL when generating alerts as well as when new users are created.
- Outbound reports for DMARC are not sent to the queue if the first attempt fails.
- Inconsistent sender rule gets triggered if the MAIL FROM value in SMTP envelope ends with upper-case letters.
- Subject line of incoming messages is not changed when using the POP3 fetcher
- Links within quarantine report do not work if the user account contains non-English characters
- The RUA email address for DMARC report ignores the message size parameter
- Xeams creates a new user account if a user from AD use their email address instead of the user ID to log in
Version 6.0 build 5948
August 14, 2017
- Support for DMARC has been added. Click here for details
- RFC822 Verifier rule has been updated to detect invalid email addresses in the FROM header
- Temp files are removed much sooner rather than waiting until shutdown.
- The web server can look for X-Forwarded-IP and X-Real-IP headers before black-listing IP addresses where unsuccessful login attempts are made.
- The Message-ID header is recreated when restoring messages, preventing MS Exchange from suppressing restored messages.
- Emails that go into Possible Junk cannot be searched.
- Email on iPhone cannot display contents when connecting via IMAP.
- Email containing special characters in buddy/enemy list cannot be removed
- Messages received via POP3-Fetcher are not included in quarantine reports
Version 5.9 build 5934
May 15, 2017
- A major security flaw is patched that could allow non-authorized users to login as admin using the web interface.
- New custom filter that looks for embedded attachments inside a PDF file leading to a ransomware.
- New custom filter that implements a fuzzy search algorithm to detect previously received spam messages from different senders but similar content
- Out-of-office notifications are added to user's screen, allowing them to automatically notify senders when they are not in office.
- Separator for score search is changed from a (-) dash to a comma. This is done to allow negative searches.
- MS Office Macro detector has been updated to filter XLSX extensions.
- BCC header filter does not work
- Messages cannot be moved from Possible Junk to Junk
Version 5.8 build 5925
March 14, 2017
- Restarting Xeams has been improved on Windows. The patcher will now try to restart Xeams multiple times if the first attempt fails.
- Temp files are cleaned sooner.
- New IP Reputation rule is introduced to mark subnets of IP addresses where junk messages are received
- Smtp Envelope field MAIL FROM is now used to filter buddy/enemy lists.
- A new operator To, CC, BCC is introduced for header filters
- New log file called QuarantineReports.log is added that helps troubleshoot problems with Quarantine Reports.
- IMAP server closes connection after 5 minutes if a client does not send requests but leaves connection open
- Appearance is applied when a profile-admin logs in
- A previously associated email address cannot be associated with a different user without restarting Xeams
Version 5.7 build 5908
January 30, 2017
- User import from AD now allow filtering OU.
- Bayesian database is now per-user allowing the Spam Learner email to only affect the user who marks the message.
- Bypassed users can now accept domain names besides email addresses
- Message count are generated in a background thread to speed up the web interface when connecting as non-admin user.
- Quarantine reports are not generate if an custom image is specified in Appearance
- User management screen does not allow modifying a user if the email address contains an
Version 5.7 build 5900
January 16, 2017
- Appearance - Allows you to put your company name, tag line and logo on the web interface. This feature is only allowed in the Enterprise Edition.
- Spam learner email - users can forward junk messages to Xeams allowing it to learn from it. Check http://www.xeams.com/spam-learner.htm for details.
- Bypassed users can now accept domain names besides email addresses
- New filter added to block top level domains like *.TOP, *.XYZ, etc...
- New filter to detect fake replies
- New filter to detect inconsistent "Reply-To" header.
- Message counts are consolidated across slaves when running Xeams in clustered mode
Version 5.6 build 5894
January 05, 2017
modified for Live Monitor. If your browser has cached an older version, you will see a blank screen when trying to use
Live Monitor. Refreshing the page will solve the problem.
- User Import Wizard now contains the ability to import associated emails from a text file
- DRV caching can optionally be disabled.
- Live Monitor can display more than 20 records, which is done by adding
num.entries.in.livemonitor property in server.properties file.
- Reporting is improved to consume less memory
- A new Diagnostic Check is introduced to ensure Xeams does not accept emails for invalid users.
- A major memory leak is fixed that occurs when Xeams is configured to run as a SLAVE in clustering environment
- When messages are searched by non-admin users, records are not pulled from SLAVES. Applies when running in a clustered environment.
Version 5.5 build 5884
December 14, 2016
- User Quarantine Reports are generated even when running in Stand-alone mode
- When subject are changed in message action, emails are copied to INBOX, instead of Spam/Possible Spam folders, allowing POP3 clients to see these messages. This applies only if you are using POP3/IMAP on Xeams.
- User white/black list (Buddy/Enemy) list can be read from a CSV file, allowing administrators to import white/black list from third-party sources. Click here for details.
- Filtering is enhanced to detect and score messages containing incorrect base64 encoding to avoid detection
- Ability to read IP addresses for Office365 from a file instead of fetching them from the Internet. Applies when grey-listing is enabled.
Version 5.4 build 5878
November 16, 2016
- Read/Unread flag does not work in iPhone when using IMAP
- Flag to check/uncheck Temporary emails does not work in web interface.
Version 5.4 build 5876
November 08, 2016
- Ability to create temporary email addresses. Click here for details.
- Clustering has been enhanced. Files are compresses before sending them to slaves, making them work faster on slower networks.
- Outbound SMTP server communication has been improved to handle temporary failures.
Version 5.4 build 5872
November 03, 2016
- Dynamic Recipient Verification is introduced. Click here for details.
- Domain names for SMTP Configuration is now paginated, making it easier to maintain lots of domain names
- Anti-virus rule is updated
- Manage Aliases is now called Manage Distribution List under Server Configuration. Check this page for details.
- Trusted domain is not added when marking emails if there are multiple TXT records in the DNS server.
Version 5.3 build 5868
October 24, 2016
- Ability to bypass users for spam filtering, which also saves you a user-license. Click here for details.
Version 5.3 build 5867
October 21, 2016
- Ability to see how Xeams calculates actual users
- Implements licensing policy that gives users 90 days to make a decision instead of original 30.
Version 5.3 build 5865
October 19, 2016
- Ability to check with Active Directory for Smtp Proxy Server
- Allows a 15-day grace period if the "Active Users" count goes higher than the purchased licenses
- The About screen is blank when Multi-Profile option is enabled, but no profile other than Default exists.
- Clustering does not work when CSRF prevention is enabled.
Version 5.3 build 5864
October 14, 2016
- POPFetch now supports SSL
Version 5.3 build 5862
October 12, 2016
- Ability to add new RBL servers
- Smart Host does not work when SMTP Proxy is set to Asynchronous mode.
- Clustering does not work when CSRF prevention is enabled.
Version 5.3 build 5859
October 05, 2016
- Incoming messages are not received if Smart Host is enabled and SMTP Proxy server is configured to run in Asynchronous mode.
Version 5.3 build 5858
October 04, 2016
- Xeams Clustering, which allows junk filtering rules to be shared between multiple instances of Xeams.
- Virus Detector has been improved to catch tricks used by spammers to hide attached file name.
- Grey listing filter can now accept wildcards. For example: *.linkedin.com
- A global report recipient can be specified. Daily summary reports for quarantined messages will be sent to this global user besides the actual user.
- POP3 server does not return OK status for the LIST command where there are no messages.
Version 5.2 build 5848
September 22, 2016
- DKIM is now supported for both inbound and outbound messages. Click here for details.
Version 5.1 build 5842
September 13, 2016
- Ability to generate quarantine report by send an email. Click here for details.
- Not every country is displayed in the country filter.
Version 5.1 build 5840
September 06, 2016
- Ability to send/receive large files Click here for details.
- Bypassed IP addresses for Office365 has been updated. This affects Grey Listing
Version 5.0 build 5836
August 26, 2016
- Xeams is unable to process encrypted zipped files.
- The web interface keeps displaying latest news even when it is marked read.
Version 5.0 build 5834
August 18, 2016
- Ability to peek into an attached zipped file right from Xeam's web interface.
Since this is done without downloading, you can safely check if an attached zip file contains a virus.
- Non-admin users can now view messages for more than 1 day. The number of days match with what administrators see.
- Number of days since data is displayed for users is incorrect.
- User Filter screen displays a blank page.
Version 5.0 build 5832
August 15, 2016
- OutBoundQueue Manager is added under Message Repository allowing administrators to manage messages stuck in the Outbound Queue
- User's screen is paginated
- Ability to search users on the user's screen
- Viewing messages has been improved.
- Administrator's can run an email through Spam Simulator while viewing a message.
- Embedded images referring to a foreign website are hidden by default, which prevents activation of a web-bug
- Xeams attempts to fix incoming messages containing UNICODE characters in the header.
- Trailing spaces in a folder name are removed in the IMAP server
Version 4.9 build 5825
May 13, 2016
- Inconsistent sender filter is updated to ignore SPF checking
- MS-Office macro filter can not look for *.dot files
- Outbound messages can be forced through a specific IP if required
- The ReverseIPLookup rule is updated to ignore IP addresses listed in Gateway.dat
- The HoneyPot is updated to ignore IP addresses in Gateway.dat
Version 4.9 build 5816
April 05, 2016
- SMTP Auth does not work with SSL
Version 4.9 build 5815
April 04, 2016
- A new custom rule added to detect emails from fake stores, such as Amazon, Kohl's & Costco.
- The rule to detect macros in MS Word/Excel is updated
Version 4.9 build 5811
March 29, 2016
- STARTTLS now works for out-bound emails.
Version 4.9 build 5810
March 28, 2016
- User Repository for IMAP/POP3 is now separate from global repository.
- IDLE command now support for IMAP server
- A new custom filter has been added that looks for macros in an MS Word/Excel document.
- The Virus Detection filter has been updated to look for Crypto/Locky virus.
Version 4.8 build 5800
December 07, 2015
- Administrators can set a max score for daily reports. This limits the number of entries that
appear in the daily report hiding emails scoring higher than a pre-configured threshold
- Updated DNS lookups, which improves how SPF, RBL and any other DNS based lookups are performed
- Enhancements in SPF lookup logic
- Integration with ClamAV is improved
- Incoming email occasionally gets corrupted when an email body contains a DOT in the beginning of a line.
- Some buttons are drawn with a very light color when web interface is viewed in Internet Explorer.
Version 4.8 build 5792
June 25, 2015
- Pie charts on the home page of the Admin Console are no longer scary :-)
- Web page does not render correctly when Intranet Compatibility Mode is enabled in Internet Explorer.
Version 4.8 build 5790
June 23, 2015
- Check boxes are not visible when marking messages
Version 4.8 build 5789
June 22, 2015
- Live logs - ability to see log files as they are being written
- STARTTLS is now supported for SMTP Proxy Server
- New screen for ClamAV integration, which can also perform a test against a ClamAV daemon
- Completely redesigned web interface, which is responsive for mobile devices
- White/black list belong to users is automatically imported when a new user based on AD is created
- Live Monitor now contains a time column
- Embedded web server is upgraded, which disables SSLv3.
- Custom filter reports can display messages that were affected by the selected filter.
- Grey Listing filter has been enhanced. Administrators can now exclude IP addresses. Addresses belonging to Office365 are automatically excluded
- Attached zipped files were being ignored when file names were encoded
Version 4.7 build 5780
April 02, 2015
- Live Monitor gets a new facelift. A new AJAX bases live monitor replaces the old Java Applet that stopped working on newer browsers.
- New users can be created by pulling accounts from Active Directory
- A new custom rule has been added to detect WebBug Images
Version 4.7 build 5776
March 22, 2015
- User reports no longer contain Data URI Scheme to display images.
Instead, contentID is used to display graphs. MS Outlook does not support Data URI Scheme yet and therefore, graphs were not visible in user
report when using MS Outlook.
- Emails with zip files are not getting delivered. This bug only applies to older installations that use JRE 1.6. It
does not affect JRE 1.7. Alternatively, visit this page for instructions on how to update
Version 4.7 build 5775
March 17, 2015
- Some of the hyper links in the web interface were broken and resulted in a 404 error.
Version 4.7 build 5774
March 16, 2015
- Integration with Microsoft Active Directory. More info...
- Ability for users to search older messages. This is done when users login using their credentials
- Ability to display more than 3 days of messages when viewing all
- Email quarantine report sent to users is no longer cumulative - meaning if users are configured to receive more than one report per day, the
data for next report contains records since the last report, rather than from midnight.
- Many email readers do not display images from a remote server, preventing the graph to appear in email report.
This graph is now embedded inside the email itself and will be visible through any email reader.
- CSRF attacks are prevented. More info...
- Encrypted zipped files could not be processed
Version 4.6 build 5757
Aug 19, 2014