Release Notes

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

This section has release notes for hotfix and patch releases. Cumulative hotfix releases are produced in response to specific customer requests and provided via support. Patch releases are available for download by customers with support contracts on A complete listing of patch and feature releases is available on the Patches by Release page. Each release includes a Readme with a buglist showing bugs and enhancement requests addressed in that release. This section provides supplementary information about enhancements.

Release Notes for

  1. Runtime Sieve and recipe errors now include line number and file location information. Errors occurring in subroutines will report the line number where the subroutine was called in addition to the line where the error occurred.
  2. A new recipe language function, get_option_modification_locations, returns a list of locations in the current recipe where a configuration modification occurred.
  3. A :expire subcommand has een added to the Sieve redis command. The command sets the expiration (timeout) for a specified key. Additionally, the :store, :add, :replace, :adjustup, and :adjustdown subcommands now accept a :timeout parameter when operating on sets or sorted sets.
  4. Support has been added to the smartsend utility to create a stream of message processing latency information that is then sent to a "latency server" for additional processing. This support is enabled through the smartsent dequeue_access mapping callout.
  5. Support has been added to send information about missing information that causes delivery delays to the latency server. This support is enabled through the smartsend auth_rewrite and auth_access mapping callouts.
  6. The date and currentdate Sieve tests now accept the private format values "unixepoch" and "milliunixepoch" values, which produce the time in seconds or milliseconds since the UNIX epooch, respectively. Note that many time values do not include millisecond information.
  7. The sequence $+1C ends processing of the current template and proceeds to the next entry in the mapping. (This is intended for use in temporary failure handlers; it is unlikely to be useful in other contexts.)
  8. Temporary failures from routine callouts in rewrite rules are now supported, and will use any temporary failure value set with a $. metacharacter sequence.
  9. Header and from field logging will now be performed on Q records as well as E, D, and R records.
  10. Additional forms of conditional evaluation "p ? : z" and "p ? n" are now supported in the recipe language and Sieve in addition to the usual "p ? n : z" form.
  11. A log_dkim MTA option has been added which if enabled logs the results of any DKIM signing operations.
  12. A $> flag returned by the DEQUEUE_ACCESS mapping causes a value to be tranferred from the mapping result to the smartsend log value.
  13. A $> flag returned by the AUTH_ACCESS mapping causes a value to be tranferred from the mapping result to the smartsend log value.
  14. A $> flag returned by the AUTH_REWRITE mapping causes a value to be tranferred from the mapping result to the smartsend log value.
  15. A dequeue_access callback has been added to smartsend. This callback is used add message processing latency information to log entries.
  16. The grouping of the various more specific backoff channel options with the general backoff channel option has been eliminated, allowing the other options to be used to partly override backoff option for specific priorities.
  17. -encoding and -relaxed switches have been added to the imsimta test -hash utility.
  18. A -width switch has been added to the imsimta calc and imsimta test -expression utilities. This controls the allowed width of string result output, and defaults to 60.
  19. A log_create_counters MTA option has been added. If set, it enables automatic creation of the counters section by the dispatcher, job controller, and return job.
  20. Support has been added to the address substitution facility to access a secondary address; this is now used by the smartsend return-path building facility. address.

Release Notes for

  1. Bit 4, value 16 of the log_conversion_tag MTA option, if set, will cause the conversion tags associated with the current message being dequeued to be logged in the extra field of any generated connection log records.
  2. Support has been added for Redis sets and sorted sets. The :set and :sortedset nonpositiona parameters are used to indicate that the operation is to be performed using appropriate set or sorted set Redis commands, respectively.
  3. An additional private Sieve environment item,, now allows scripts to check and see if any Sieve warnings have occurred. The operation only succeeds if one or more warnings have occurred since the last check of - or if no previous calls have been made, since the start of script processing. The item return value is the text of those warnings.

  4. In order to meet recent government security requirements, MTA hash function usage has been altered to either eliminate or provide alternatives to the use of MD4, MD5, and in some cases SHA-1. More specifically:

    1. Various internal caches which used MD4 or MD5 to construct cache entry names have been changed to use SHA-1 instead.
    2. The names of *.data-failed files associated with the reuse of timed out message transfers are now constructed using a SHA-1 hash of the transaction.
    3. Internally generated MIME boundaries are now constructed using SHA-1 as the compression function
    4. For reasons that should be obvious, Content-MD5 (RFC 1864header fields continue to be generated with MD5.
    5. A new option, vacation_hash_algorithm, can be used to set the hash algorithm used to create the names of vacation database entries.
    6. A new option, tracking_hash_algorithm, can be used to set the hash algorithm used on message tracking and recall secrets.
    7. A new option, mecache_hash_algorithm, can be used to set the hash algorithm used to optionally hash memcache keys prior to lookup.
    8. A new option, srs_hash_algorithm, can be used to set the hash algorithm used to build SRS addresses.
    9. A new option, proxy_hash_algorithm, can be used to set the hash algorithm used for authentication in the XPEHLO command.
    10. The existing option, message_hash_algorithm, can be used to set the hash algorithm used to compute hashes for message archiving.
    11. A new channel-specific option, HASH_ALGORITHM, can be used to set the hash used to create ManageSieve filenames. The default remains at MD5 to insure backwards compatibility with any existing files.
  5. Two new MTA mappings, MTA_STARTUP and MTA_SHUTDOWN, have been added. These mappings are called when the MTA initialized and shuts down, respectively, and are intended to be used for initialization, cleanup, and tracking purposes. Corresponding mta_startup and mta_shutdown callbacks have been added to the set of available smartsend callouts.

  6. A log_action callback has been added to smartsend. This callback operates in conjunction with the mta_startup and mta_shutdown callbacks to maintain deliverability metrics in Redis.
  7. A maxconnectionrateperdomain channel option and corresponding smartsend parameter have been added, and can be used to limit the rate at which connections are made to a given destination.

Release Notes for

  1. A log_from MTA option has been added which if enabled logs the address found in the header From: field.
  2. The X-Job: header field and corresponding conversion tag are no longer used in OCI email. As such, code to proccess the header as well as the (positional) conversion tag have been removed.
  3. $O and $o can now used in a AUTH_ACCESS mapping templae to cause all ($O) or nonauthoritative ($o) DNS lookup failures to be treated as temporary.
  4. The dnsforcetemporary channel option is no longer restricted.
  5. A url_result_cache_case MTA option has been added to support case-sensitive entry names in the URL result cache.
  6. Support has been added for a "friendlier" JSON transaction log format. This support is enabled by setting the log_format MTA option to 6.

Release Notes for

  1. A new pair of channel options, sourceinner and nosourceinner, provide source channel-based control over whether or not inner message processing is performed.
  2. A debug parameter has been added to the smartsend facility. Currently this parameter only engages additional debugging with the AUTH_ACCESS mapping.
  3. The maximum allowed length of a smartsend IP list entry - including both the entry name and value - has been increased from 1024 to 4096 characters.
  4. An auth_rewrite callout has been added to the smartsend facility. This callout can be used to validate a IP list identifier tag that appears in a header field.
  5. The imsimta test -mapping utility has been enhanced to provide the ability to initialize the MTA for writing using the -source_channel switch. This is needed to test most of the smartsend plugin, which rely on this initialization being done.
  6. An EXTERNAL_TO_INTERNAL mapping has been added that provides the means to specify external to internal address mappings for the smartsend plugin.
  7. The Sieve "deleteheader" action has been extended to allow the use of glob-style wildcards in the field name.
  8. Mapping $N substitutions were previously limited to 256 characters. This has been extended to 1024 characters.
  9. Mapping callout argument and result strings were both limited to 256 characters. This limit has been extended to 1024 characters.
  10. The action field of enqueue and reject transaction log entries will now include characters indicating if the message had lines longer than the 1000 byte limit and were wrapped (W), truncated (T), or caused the message to be rejected (R).
  11. A log_smartsend MTA option has been added which if enabled provided additional logging of smartsend callout actions in dequeue records.
  12. Bit 13, value 8192 of the include_conversiontag MTA option, if set, will cause the message-wide set of conversion tags to be included in the AUTH_ACCESS mapping probe.
  13. $H and $I can now used in a AUTH_ACCESS mapping templae to override the received_domain and id_domain option settings, respectively, for this message.
  14. Support for Proxy Protocol V1 has been added to the SMTP server. This support is enabled by the proxyprotocol channel keyword. This works with STARTTLS (port 25 & 587) but does not presently work with submissions (port 465).
  15. Trailing commas are now allowed in string lists in both the recipe and sieve language implementations.
  16. The maximum size of a list of conversion tags has been increased from 256 to 1024 bytes.
  17. The maximum size of a transactionlog (tl) field in a log entry has been increased from 256 to 1024 bytes.
  18. Negative version numbers -N can now be used in msconfig DIFFERENCES and REVERT commands to refer to the Nth most recent saved version.
  19. Bit 14, value 16384 of the include_conversiontag MTA option, if set, will cause an X-Tags: field containing the global conversion tag list to be included as an X-Tags: field in the first section of the second part of any DSNs that are generated. Note that this potentially exposes internal information and is intended to only be used when DSNs are processed internally.
  20. $Z can now be used in an AUTH_ACCESS mapping to disable the SMTP chunking extension for the session.
  21. Two additional smartsend parameters, chunking and tls, which control the use of the SMTP CHUNKING and STARTTLS extensions, respectively.
  22. A backoff parameter has been added to the smartsend facility. This parameter is equivalent to the backoff in terms of functionality.
  23. A backoff parameter has been added to the smartsend facility. This parameter provides the ability to hold or return specified messages.
  24. Bit 15, value 32768 of the include_conversiontag MTA option, if set, will cause the current conversion tags to be included in any SMTP_ACTIONS mapping probe.
  25. Added support for per-sender and per-tenant entries to the smartsend plugin for the AUTH_ACCESS mapping.
  26. A override_host parameter has been added to the smartsend facility. This parameter provides the ability to override the destination host.
  27. MX "rollup" functionality has been implemented through the addition of a new MX_ACCESS mapping and a pair of new smartsend callouts one for the FORWARD mapping and another for the MX_ACCESS mapping.
  28. Redis is now supported as a back end for vacation response storage. This is accomplished by configuring the vacation_template MTA option with a Redis URL.
  29. Header logging can now be placed in the primary transaction log entry rather than appearing as a separate entries. This is controlled by bit 2, value 4, of the log_header MTA option.
  30. The header logging option file can now be stored in the log_header_options MTA option.
  31. The AUTH_REWRITE and AUTH_ACCESS mappings can now specify a list of headers whose contents will be included in the primary transaction log entry. The new log_headers_maxchars MTA can be used to control the maximum number of characters from each field to include in the log; it defaults to 200 bytes.

Release Notes for 8.1 (Tezpur)

  1. Packages instead of commpkg
    Starting with Messaging Server 8.1, commpkg is no longer used to install/uninstall Messaging Server itself. Instead, Messaging Server is distributed as a package that can be directly installed or uninstalled with the rpm tool on Linux and the pkgadd/pkgrm tools on Solaris.

  2. Linux package version numbering
    Starting with Messaging Server 8.1, the package version numbering model has changed. Previously, the package version number was: sun-messaging-server64-major.update-patchnumber.buildnumber. The new package version numbering is: sun-messaging-server64-major.minor-update.patchnumber. As a result, an older package version of Messaging Server may have an apparently higher package version number. Full version information can always be obtained by running imsimta version after installing the product.

  3. Store Transaction Logging
    Store transaction logging is now enabled by default. To restore the previous default behavior, set messagetrace.activate to no.

  4. msprobe alarm submission
    This version of Messaging Server will not support port 25 for submitting alarm. Instead alarm submission is on port 587 for plain text and on 465 for SSL. The user will be authenticated on submit on both port.

  5. Recipe-based initial configuration
    Starting with Messaging Server 8.1, the init-config command (also known as configure) supports recipe-based initial configuration. In this mode of operation, a minimal configuration is generated and then special msconfig recipe files are run to configure individual server roles. For more information, see the command reference for init-config. The examples section gives example usage for common roles.

  6. routing-only MTA initial configuration (without LDAP)
    Starting with Messaging Server 8.1, the init-config command can generate an initial configuration for a routing-only MTA that does not require use of LDAP. Although the MTA has always supported operation without LDAP, this makes it simpler to configure such an MTA. Use init-config -r mta to generate an initial MTA configuration for this function.

  7. JMS support for ENS
    Java software wishing to subscribe to Messaging Server events can now use the bundled JMS ENS provider (ens-jms.jar). The Glassfish MQ JMS provider is no longer supported for use with Messaging Server.

  8. TLS 1.3 support
    TLS version 1.3 (RFC 8446) is now supported and enabled by default.

  9. Login user name and password normalization
    Login user names and passwords are now normalized to Unicode normalization form C. This is a conservative subset of the behavior recommended in RFC 8265. In addition, login user names containing a domain with an IDN A-label (RFC 5890) are canonicalized to IDN U-labels. As a result, non-ASCII user and domain names in LDAP must be provisioned in Network Unicode (RFC 5198). If user or domain names were previously provisioned in decomposed Unicode or IDN A-labels, the LDAP directory must be updated prior to deploying this release.

  10. It is now possible to control whether or not the foreverypart Sieve control looks inside of nested messages or treats them as leaf parts. The :processnestedmesssages argument tells foreverypart to look inside and is the default. :retainnestedmessages causes nested messages to be treated as leaf parts.

  11. The directory command in the imsimta qm utility now accepts two additional switches: -tag and -sieve. The -tag switch provides the ability to select messages based on the message's conversion tag list. -sieve specifies a sieve test which must evaluate to TRUE for the message to be selected.
  12. Use SMTP EXPN and VRFY commands are now logged in transaction log using H records. The new TCP/IP channel-specific option MAX_H_ENTRIES controls how many such records will be logged per session. The default is 10.
  13. Redis support has been added for MTA database lookups. This support is enabled by setting the appropriate database URL option to be a redis: URL.
  14. An ip_backoff callout has been added to the smartsend facility. This callout can be used to activate and deactivate IP backoff mode for specified IP addresses.
  15. An SMTP_ACTIONS mapping has been added that provides the means to modify and/or augment the handling of SMTP errors returned by remote SMTP servers.
  16. The imsimta counters -show utility now supports output in JSON format via the -format switch.
  17. The glob matching facility underlying Sieve :matches and the mapping facility has been enhanced to perform a preliminary scan to check and see if all the characters in the pattern are presentin the target string in the required order. This eliminates many unsuccessful match cases far more quickly.
  18. A max_sieve_match_iterations MTA option has been added which imposes a limit on the number of internal iterations allowed for Sieve :matches operations.
  19. A DKIM_SIGN_DOMAINS mapping has been added that can be used to modify the mapping between from addresses and the DKIM identity.

Deprecated and Removed Features for 8.1 (Tezpur)

  1. Solaris 10, Oracle Linux 6, Red Hat Enterprise Linux 6.
    These operating system versions are no longer supported.

  2. Index and Search Service (ISS)
    This version of Messaging Server no longer ships with the ISS component. Use of the old version of ISS with this version of Messaging Server is only supported for migration of search indexes from ISS to Elasticsearch.

  3. Cassandra Store Indexed Search
    This version requires use of Elasticsearch with Cassandra Store for Indexed Search. Use of Datastax Max with Solr integration is no longer supported starting with Messaging Server 8.1.

  4. Glassfish Message Queue (aka Java Message Queue)
    This version no longer supports use of Glassfish Message Queue (aka Java Message Queue), except for the purpose of migrating from ISS to Elasticsearch. A warning will be generated in the log if Glassfish MQ support is enabled without Elasticsearch migration. Customers wishing to use JMS can use the ENS JMS provider (ens-jms.jar) to subscribe to Messaging Server events.

  5. Sun Cluster and Veritas Cluster Agents
    The Sun Cluster and Veritas Cluster Agents have been removed and are no longer supported. Oracle Clusterware, Automatic Failover, and Cassandra Store continue to be supported as HA options. The ha_ip_config tool has been removed; you can use msconfig run HAConfig.rcp to configure the IP address for Oracle Clusterware HA.

  6. Delegated Administrator
    Starting with Messaging Server 8.1, the Oracle Communications Delegated Administrator tool is no longer provided with Messaging Server. The inetuser utility is included in the Messaging Server package and can be used as a basic limited provisioning tool. Customers may also develop their own provisioning tools based on the information in the Oracle Communications Schema Guide.

    The Delegated Administrator tool included with previous versions of Messaging Server is expected to continue to work since there are no plans to make incompatible schema changes. However, because that tool depends on software components developed by Sun Microsystems that are no longer updated, customers should limit access to that tool to trusted administrators on a trusted network.

  7. MMP Submission Proxy and MMP Legacy Config Support Removed
    The MMP mail submission SMTP proxy has been removed from this release. Configurations including the submitproxy will generate a warning and be ignored. The MMP requires use of unified configuration starting with this release. Use the configtoxml utility to convert a legacy configuration to a unified configuration.

  8. SSL server certificate validation: MMP connections to back-end IMAP/POP, immonitor-access, mshttpd POP collect
    Starting with Messaging Server 8.1, these three services will fail connections if the server certificate can not be fully validated (previous releases ignored invalid certificates for these services). Server administrators relying on these services should verify necessary certificates are properly issued and can be validated prior to upgrading to Messaging Server 8.1.

  9. SSL server certificate validation: ldapcheckcert
    The base.ldapcheckcert option has been deleted in Messaging Server 8.1. LDAP SSL connections will fail unless the server certificate is valid. This option previously defaulted to 1 so there will not be a behavior change unless this had been explicitly set to 0.

  10. TLS version 1.1 disabled by default, version 1.3 enabled by default
    Messaging Server 8.1 now disables TLS 1.1 by default. In addition, it supports TLS version 1.3 and enables that version by default. The new base.tlsv13enable option can be used to disable TLS 1.3. The base.tlsminversion option can be used to re-enable TLS 1.0 or TLS 1.1 if required for compatibility with legacy clients. The sslv3enable option has been deleted; this version no longer supports SSL version 3.

  11. Legacy store msgtrace logging
    The legacy msgtrace log format has been removed with this release. Store Transaction logging will be generated instead of the legacy format. Note that store transaction logging does not include the Message-ID header value by default; see the messagetrace.actionattributes option for information on enabling Message-ID header value logging.

  12. capability_x_unauthenticate replaced by capability_unauthenticate
    With the publication of RFC 8437, there is now a standards-track UNAUTHENTICATE extension to IMAP. The imap.capability_unauthenticate option is now used to turn on the standard extension. The pre-standard option, imap.capability_x_unauthenticate now has no effect except to advertise the X-UNAUTHENTICATE capability. The new option must be used to enable the extension.

  13. IDN A-labels in LDAP
    Previous releases didn't process IDN A-labels (RFC 5890) present in a fully qualified user login identity. As a result it was possible to provision non-ASCII domain names to LDAP in their A-label form as long as the A-label form was always used. This release now decodes IDN A-labels in login user domains, so domains in LDAP must be provisioned in U-label rather than A-label form. This change is expected to improve readability of logs and improve end-user experience for non-ASCII domains.

  14. SSL version 2 CLIENT-HELLO
    Messaging Server no longer supports SSL clients that violate RFC 6176. Such clients will timeout during the SSL negotiation as the server will no longer interpret the prohibited SSL version 2 CLIENT-HELLO message.

Release Notes for

  1. Solaris 11.4 (bug 28685895)
    An incompatible interface change was made between Solaris 11.3 and Solaris 11.4. As a result, the fix for bug 28685895 is required to run Messaging Server on Solaris 11.4. Versions of Messaging Server prior to will crash when run on Solaris 11.4.

  2. NSS 3.41 upgrade
    Messaging Server uses the open-source Mozilla Network Security Services library to provide SSL/TLS functionality. This release updates to Version 3.41. Starting with version 3.39, NSS no longer supports SSL clients that violate RFC 6176. Such clients will timeout during the SSL negotiation as the server will no longer interpret the prohibited SSL version 2 CLIENT-HELLO message.

  3. IMAP Email Address Internationalization
    The IMAP server now advertises and implements IMAP Support for UTF-8 (RFC 6855). This means that email messages conforming to RFC 6532 can now be delivered to the message store if permitted by use of the utf8negotiate, utf8header, or utf8strict channel keyword.

    However, once these messages are in the message store they will be presented undamaged to legacy IMAP and POP clients (note that this behavior is not fully compliant with RFC 6855 but we believe this behavior is least likely to cause problems in the long run). It's possible legacy clients will have problems displaying these messages and likely legacy clients will be unable to reply to these messages. Sites choosing to allow EAI may wish to either create support materials explaining the issue or wait until significant clients have been upgraded.

    Note that IMAP APPEND has no restrictions on use of UTF-8 header mail messages. This is necessary to avoid surprises when migrating mail from other systems to our message store.

    The behavior of IMAP APPEND has changed with this feature: any line containing 8-bit characters in an email header that does not conform to either RFC 2047 or RFC 6855 will cause a blank line to be insertted prior to that line so it is treated as part of the message body.

  4. UTF-8 User Names, email addresses, and Domains
    Messaging Server now supports use of UTF-8 in user names, email addresses, and domains. When provisioning UTF-8 domains, be sure to store the U-label form in LDAP as described in RFC 5890. While Messaging Server supports this type of internationalization, be aware that supporting systems outside of Messaging Server (e.g., identity services, provisioning services, monitoring, and logging services) may not provide a similar level of support. Customers are encouraged to consider the consequences of deploying fully internationalized user and domain identifiers on systems external to Messaging Server prior to doing so. Reading the discussion of the provisioning considerations related to such identifiers in section 3.2 of RFC 5894 is recommended.

    Note that use of Net Unicode as described in RFC 5198 is required for these identifiers. In particular, this requires use of Unicode normalization form C when transmitting Unicode text on the Internet and applies to these identifiers in LDAP, IMAP, and SMTP.

    The IMAP server now advertises URL-PARTIAL (RFC 5550) and STATUS=SIZE (RFC 8438) capabilities. Both of these were implemented in earlier releases but not explicitly advertised. The server now also advertises SAVEDATE (RFC 8514) which was previously implemented as a FETCH-only feature and now supports SEARCH as described in the RFC. See Supported Standards for a full list of IMAP capabilities.

  6. Support for the ADDHEADER and INSHEADER milter modification actions has been added to the MILTER_ACTIONS mapping table.
  7. Support has been added for the File Carbon Copy (Fcc) described in the Internet-Draft draft-ietf-extra-sieve-fcc-02.txt.
  8. A :noheadercheck nonpositional parameter has been added to the Sieve vacation extension. If specified, it suppresses the checks for List-*: intended to prevent vacation replies from being sent to mailing lists.
  9. A construct of the form $?a,b,c,... can now be used in a mapping template to perform random value selection.
  10. A DEQUEUE_ACCESS mapping has been implemented.
  11. A include_retries MTA option has been added which provides the means to include message retry information in various mappings.
  12. Bit 0, value 1, of the include_retries MTA option, if set, will now cause message retry count information to be included in the AUTH_ACCESS mapping.
  13. A "smartsend" facility intended to manage delivery of opt-in bulk email is in the process of being implemented. This facility takes the form of a number of callouts from MTA mappings.
  14. Support has been added for the DESTADDR and DESTPORT parameters to the XCLIENT SMTP command.
  15. Statefile support has been added to the msconfig utility, consisting of:
    1. A --statefile switch on the msconfig command line which is used to specify the path to the statefile to be read/updated. All statefile support is disabled if --statefile is not specified.
    2. The read function in the recipe language now accepts a third string paramater specifying the name of a statefile variable. The variable will be used if present or will be updated with any value that's entered.
    3. Three new recipe language functions have been added: exists_statefile, get_statefile, set_statefile, and delete_statefile. These functions can be used to get, set, and delete statefile variables, respectively.
    4. The msconfig write command has been extended to update the statefile in addition to writing out any new configuration information.
  16. A nextif statement has been added to the Sieve and Recipe language loop facility.
  17. The warn function in the Recipe language, if called without any arguments, now returns the number of warnings that have been issued during the current run.
  18. A new function, get_msconfig_info, has been added to the Recipe language. It can be used to return various pieces of information about the msconfig utility itself.
  19. Support for the SHA-2 family hash functions SHA-256 and SHA-512 has been added to the hash and hash_hmac functions in the Recipe and Sieve languages.
  20. The msconfig SET command now allows the C-style backslash sequences \r (carriage return), \n (line feed), \t (tab), and \uNNNN (Unicode character, must specify exactly 4 hexadecimal digits) in option values.
  21. The flagtransfer channel option now enables the use of a new XCONVTAG SMTP extension. This extension is used to pass along conversion tag information.
  22. The $S flag is set on input in the AUTH_ACCESS mapping if a connection to the destination for this message is already open and is going to be reused.
  23. Previously the $+R sequence in FROM_ACCESS and recipient access mappings was only capable of activating a single spam filter, using the syntax "$+Rnumber|optin-string". It now accepts an additional syntax, "$+Rn1,s1,n2,s2..." that can be used to activate multiple spam filters (n1, n2 ...), each with an associated optin string (s1, s2 ...).
  24. Two new options, REPROCESS_TIMEOUT and REPROCESS_CONNECT_TIMEOUT, have been added to milter configuration files. These option allow a different - and usually longer - timeout to be set when the milter is invoked during a reprocessing operation (and thus no SMTP/SUBMIT client is present).
  25. A "$+R" flag can now be used in the AUTH_ACCESS mapping to specify an alternate ALLOW_TRANSACTIONS_PER_SESSION TCP/IP channel-specific option value for the current message. Note that using the value to force the current session to terminate will cause the setting to return to the regular ALLOW_TRANSACTIONS_PER_SESSION value.
  26. A "$V" flag can now be used in the AUTH_ACCESS to specify a skip count to be encoded in the queue file name of the current message. This flag is specifically intended for use by smartsend  auth_access callout.
  27. A "$+." flag can now be used in the AUTH_ACCESS mapping to specify the host name to use in any HELO, EHLO, or LHDO commands that are issued.
  28. The "$S" input flag is now set for the LOG_ACTION mapping if the current log entry is going to be written to the log file, and clear if it is not.
  29. The new bccserver channel option, when placed on a SUBMIT server channel, enables the XBCC SUBMIT extension which can be used by clients to generate separate blind carbon responses with a single transaction. nobccserver disables the extension and is the default.
  30. A new AUTH_DEACCESSS mapping table has been implemented. This mapping forms a pair with the AUTH_ACCESS mapping table and is intended to be used to release resources allocated by the AUTH_ACCESS mapping. More specifically, AUTH_ACCESS can now be used to allocate some connection-related resource, which can then be used by one or more connections used to deliver the current and possibly subsequent messages. The AUTH_DEACCESSS mapping is called when the last connection is finally closed. The mappings communicate through the use of a deaccess parameter string, which is set by the new "$," flag in the AUTH_ACCESS mapping.
  31. A "$n" flag can now be used in the AUTH_ACCESS mapping to signal a temporary failure for the current message and cause it to be tried again later. Note that "$N" (upper case) is used to permanently fail the current recipient.
  32. A "$(" flag can now be used in the AUTH_ACCESS mapping to provide a value overriding the MAX_MX_RECORDS TCP/IP-channel-specific option.
  33. An alias_description alias option has been added so that aliases can have a description attached that shows up in unified configuration. This option has no effect on alias expansion.
  34. A general-purpose reservation system has been implemented on top of memcache. Note that while this system is accessible from the Sieve memcache test/action, it is primarily intended for internal use by the smartsend facility.
  35. A new TIMEOUT_MULTIPLIER TCP/IP channel-specific option has been implemented for SMTP and LMTP channels. This option is used to change the units of the various timeout parameters from the default of minutes to seconds, allowing for shorter timeouts with finer granularity.
  36. A new BANNER_RECEIVE_TIME TCP/IP-channel-specific option has been added. This new option specifies the amount of time the SMTP/LMTP client will wait to receive the initial banner from the SMTP/LMTP server. The default value for this option is 2 minutes. Prior to this option being available, the timeout to receive the banner was controlled by the STATUS_MAIL_RECEIVE_TIME TCP/IP-channel-specific option, which defaulted to 10 minutes.
  37. Specifying --dryrun on the msconfig command line turns off automatic configuration writes and if the configuration has been modified will cause msconfig to exit with an error (EX_CONFIG).
  38. A log_remote_mta option has been added that controls the generation of a separate logging field for remote MTA information.
  39. Native support for DKIM signing during message enqueue is now available. Signing can be controlled through the use of channel option, the CONVERSIONS mapping, or the smartsend facility.
  40. MTA connection and transaction logs can now be written in JSON format. JSON format is enabled by setting the log_format MTA option to 5. When this is done each line of the resulting log file consists of a single, separate JSON object.
  41. A bit-encoded include_domain MTA option has been added. At present only one bit (0, value 1) is defined, which if set causes destination domain information to be included in CONVERSIONS mapping probes.
  42. An id MTA option has been added. This option can be used to specify an identifier for a particular MTA or group of MTAs that share a common network setup. At present this is only used by the smartsend plugin in its probes for IP address lists.
  43. The $R input flag is now set for the DEQUEUE_ACCESS mapping when the message is being accessed in read-only mode by a utility such as imsimta qm.
  44. A $+% flag can now be used in a AUTH_ACCESS mapping to specify an override backoff time that will be used if the delivery attempt fails.
  45. The interfaceaddress source channel option has been extended to allow specification of two different addresses, one used for logging and the other as the actual TCP/IP source address. Normally the same address is used for both purposes. When two addresses are specified they must be separated by a sharp sign with the logging address appears first, i.e. "logging-address#bind-address".
  46. A new TLS_NEGOTIATION_TIME TCP/IP-channel-specific option has been added. This new option specifies the amount of time the SMTP/LMTP client will wait for the opposite end of the connection during TLS negotiations. The default value for this option is 1 minute. Prior to this option being available, the timeout for TLS negotiation in the SMTP server was controlled by the STATUS_TRANSMIT_TIME TCP/IP-channel-specific option and the timeout for the TLS negotiation option in the SMTP client was controlled by the STATUS_RECEIVE_TIME TCP/IP-channel-specific option, both of which defaulted to 10 minutes.
  47. The log_filename, log_envelope_id, log_tracking, log_message_id, log_auth, log_filter, log_reason, log_diagnostics, log_remote_mta, log_isc_status, log_uid, log_mailbox_uid, log_conversion_taglog_transactionlog, log_smartsend, and log_from, and log_dkim MTA logging options all accept an additional bit flag, position 2, value 4. If set along with bit 0 (value 1), this bit causes the attribute to appear unconditionally in XML and JSON log entries even if it is blank. The log_times, log_intermediate, and log_username use different bits to provide similar controls; see the option descriptions for details.
  48. Bit 3 (value 8) of the log_conversion_tag MTA option, if set, will cause the first conversion tag associated with each message recipient, if present, to be treated as an additional "virtual channel" by the MTA counter subsystem. This "channel" will then appear in counter output along with all the other channels. Note that no attempt is made to distinguish these virtual channels from normal channels; use of unique names must be dealt with by appropriate configuration.
  49. The $< and $> metacharacters can now be used in AUTH_REWRITE mappings to send messages to syslog. The semantics are the same as in other access mappings, e.g, SEND_ACCESS.
  50. The new authrewrite_extra_headers MTA option can be to include the content of additional header fields in AUTH_REWRITE mapping table probes.
  51. memcache and Redis throttle operations normally assume that whatever action is being throttled has already taken place and that the count should be incremented even when the throttle engages. This is appropriate for applications like throttling incoming connections but not for rate limiting the MTA's own behavior. In rate limiting situations the count should only be incremented if the throttle does not engage.

    A new :limit argument has been added to provide this behavior - if specified on either memcache or Redis throttle operations it will restrict incrementing the count to cases where the throttle does not engage (and a value of FALSE is returned). Additionally, when the throttle check cannot be performed for some reason - server failure, network problem, wrong data type, etc. - the operation returns FALSE, meaning the throttle doesn't engage. With :limit failures return TRUE, causing the throttle to engage.

  52. The prefix for MTA-generated syslog messages (except for log_connections_syslog and log_messages_syslog) is now controlled by the sndopr_prefix MTA option. The default value for sndopr_prefix is "IMTA-W-". Note that setting the option to the empty string eliminates the prefix entirely.
  53. The prefix used on syslog messages generated by the log_connections_syslog and log_messages_syslog MTA options is now controlled by the log_syslog_prefix MTA option. IMPORTANT NOTE: The default prefix in this case has been changed to be an empty string; it is no longer "IMTA-W-", which never made sense as a prefix for such messages.
  54. The processnestedmessages and retainnestedmessages options have been added. These options control whether or not the conversion channel "looks inside" of nested message parts (processnestedmessages, the default) or treats them as leaf parts (retainnestedmessages).

Release Notes for (Hatch)

  1. Elasticsearch support; ISS Deprecated
    Starting with the final release, Messaging Server supports Elasticsearch as an index and search service for use with the classics message store. For more information, see the Index and Search section. Support for use of Messaging Server with ISS is now deprecated and may be removed in a future release.

  2. ISC and FIT optimization in Cassandra Store
    The ISC (Indexed Search Converter) and FIT (Field Input Transformer) components of the Cassandra Message store have been optimizied. The new FIT no longer needs to communicate with the ISC. The old FIT requires the old ISC. If a rolling update is performed, either upgrade the FIT or configure it to connect to an ISC.
    The LMTP server no longer has configurable pre-conversion support. Conversion for indexed search is now always attempted at store insertion time and if a failure occurs, a repair task job is scheduled. impurge will complete the indexing tasks synchronously.

  3. NSS 3.35 upgrade
    Messaging Server uses the open-source Mozilla Network Security Services library to provide SSL/TLS functionality. This release updates to Version 3.35.

  4. Store logging for search/sort/thread
    If store transaction logging is enabled by the messagetrace.activate option, then a new se event is logged for search operations.

  5. Store logging of flag change and copy operations (27344986, 27903242)
    If store transaction logging is enabled by the messagetrace.activate option, then new fc and cp events are logged for flag change and copy operations respectively.

  6. imexpire handling of invalid flag and join value (28001930)
    If an expire rule contains an invalid flag or join value, imexpire will set it to AND. Prior to, invalid flag and join attributes are ignored.

  7. HTML filtering configuration (27454597)
    Starting with Messaging Server 8.0.2, the legacy blacklist HTML filter used only by Convergence was disabled by default. To get correct HTML filtering, it was necessary to set http.convergencefilterenabled in Messaging Server and mail.htmlsanitizer.enable in Convergence. This change should result in better behavior when the system is misconfigured, and allows newer versions of Convergence to tell mshttpd the value of mail.htmlsanitizer.enable so the http.convergencefilterenabled option will eventually become unnecessary.

  8. SMTP/LMTP client over quota status handling
    Over quota user status is no longer considered to be an error when alias expansion is engaged during SMTP/LMTP client reenqueue operations. This allows things like "wrong mailhost" conditions to be resolved without first resolving the over quota condition.

  9. The ims-ms channel now supports the MAILBOX_BUSY_FAST_RETRY channel-specific option. The semantics are the same as for the LMTP client.

  10. The MTA now feeds unwrapped/untruncated message content - which may include lines of arbitrary length - to spam filters, including milters. Note that the DEFER_MESSAGE_TRANSFER milter option has to be set to zero (the default) for this to work - deferred transfer uses stored message content, which will have been wrapped/truncated.

  11. Two additional private Sieve environment items have been added. returns the number of accessible MIME levels in the current message, i.e. the MIME "depth" of the message. returns the maximum number of MIME parts found in any multipart in the message.

  12. The Sun-Java-System-SMTP-Warning: header field that's added when a message contains overly long lines was done in a way that made it invisible to Sieve. This has now been changed to make the field visible.

  13. A new DNS mapping callout, dns_get_first_mx, has been added. As the name implies, this callout does an MX lookup and returns the result. This callout is intended to be used to implement a limited form of MX rollup.

  14. Additional bits have been defined in the include_spares2 MTA option to provide access to recipient address attributes in FORWARD mappings. The documentation switch from the obsolete include_spares MTA option to the current include_spares1 MTA option has also been completed.

  15. Substitutions from the vacationStartDate and vacationEndDate are now available in LDAP autoreply text, internal text, and subject attributes. These substitutions take the form $<attribute><part> where $<attribute> is "B" for the start (beginning) date or "E" for the end date, and <part> is one of the date parts defined in RFC 5260 section 4.2. So for example, the string $EDATE would substitute in the end date in YYYY-MM-DD format. These substitution strings are treated as regular text if the corresponding attribute is not defined or is set to an invalid value.

  16. Setting $R in a mapping causes the entire mapping to restart with the first entry. Setting $+1R now causes the mapping to repeat the current entry.

  17. As part of ongoing EAI support work, the MTA will no longer accept non-UTF-8 8bit material in envelope originator (MAIL FROM) or recipient (RCPT TO) fields. Valid UTF-8 will only be accepted if the SMTPUTF8 extension is engaged.
  18. The iscimmediate, iscdeferred, and iscunknown channel keywords are no longer used and have been removed.
  19. The rewrite rule metacharacter sequence $nS, where n=1,18, can now be used to access any of the sender spare attributes. The rewrite rule fails if the specified attribute has not been loaded with a value.
  20. Setting the $+& flag in the FROM_ACCESS mapping causes a additional value to be read from the mapping result. This value is then interpreted as a sequence of comma-separated integer-string pairs; each integer specifies a sender spare attribute index (from 1-18) and the string is a value to load into the specified attribute.
  21. The channel options spareN, N=1-18, have been added. These options specify values to be placed in the corresponding sender spare attribute slot when the channel is used as the source channel.
  22. Milters operating with IMMEDIATE_HEADER_MODIFICATIONS set to 1 implemented different semantics for header deletion (CHGHEADER with no replacement value). These semantics have now been adjusted to match those obtained when IMMEDIATE_HEADER_MODIFICATIONS is set to 0, specifically, the indices for such operations now remain constant, allows multiple deletions of the same field to be done in any order.
  23. A $J in the AUTH_ACCESS mapping can now be used to specify an override source IP address for the SMTP/LMTP client to use.
  24. Bit 11, value 2048, of the include_conversiontag MTA option, if set, will now cause conversion tag information to be included in the AUTH_ACCESS mapping.

Release Notes for (released 2018-01)

  1. NSS 3.34 upgrade
    Messaging Server uses the open-source Mozilla Network Security Services library to provide SSL/TLS functionality. This release updates to Version 3.34.

  2. Pre-SSL way to restrict connection to POP / IMAP (26772939)
    Added new sslconnlimit base option (local.sslconnlimit in legacy config). Applies to MMP, POP, IMAP, mshttpd.

  3. Example Linux systemd unit file (27187168)
    The init-config/configure utility will now create an example systemd unit file in data-root/install/messaging.service.

  4. Workaround for broken IMAP clients (26966970)
    MS 8.0 started sending IMAP notifications between commands; which is better 'IMAP' behavior based on the IMAP specification. However, there are reports of clients having problems with this so this option simulates MS 7.x behavior by deferring notifications between commands. See broken_client_defer_exists option.

  5. Machine readable logging of MMP connections (26886443, 27185701)
    When messagetrace.activate is used to enable Store Transaction Logging, the MMP will now log details about why a connection is rejected. See the Store Transaction Log Format section for details.

  6. Block IP addresses to MMP IMAP & POP based on RBL (18977306)
    A new dnsrbl MMP option has been added. This can be used to block incoming MMP POP and IMAP connections based on a DNS Real-time Blackhole List.

  7. Option for MMP to use Service Administrators group (24765061)
    A new adminpolicy MMP option has been added.

  8. MTA capture/journal facilities
    A number of enhancements have been made to the capture/journal facilities:

    1. The reject_disables_capture MTA option now accepts an additional value 2, which provide the ability to disable capture on a recipient-by-recipient basis.
    2. A new discard_disables_capture MTA option provides the ability to disable capture/journal actions when a message is discarded. This is always done on a recipient by recipient basis.
    3. The flag indicating that a message is the result of a capture/journal action now carries over to operations done when the message is reprocessed or a DSN is generated. This was necessary to implement the next item; it also may help prevent capture loops.
    4. The $:C flag is now set in the FORWARD and recipient access mapping tables when the message being processed is the result of a capture/journal action.
  9. MTA Message Save Copy Flags
    Bit 4, value 16 of the message_save_copy_flags MTA option includes the transaction log action code value for the first recipient in the mapping table probe, immediately after the MT-PRIORITY field (if the fields is enabled). This single character will normally be a "D" when delivery was successful.

  10. Milter SSL options (25574793, 25897043)
    Three new options have been implemented for the milter plugin: USE_SSL, IGNORE_BAD_CERT, and TCP_NODELAY. The first two of these provide for the use of SSL-secured milter connections, the third controls the setting of the NODELAY bit on the underlying TCP connection.

  11. Pipe Channel User (26417209)
    Pipe channel addresses with a local part not containing a "%" or "+" will now be handled as if they had a local part of the form: "PIPE-USER%PIPE-CHANNEL_default", where "PIPE-USER" is the value of the pipeuser restricted.cnf option and "PIPE-CHANNEL" is the name of the pipe channel (normally "pipe").

  12. SMTP CLIENT_STACK_SIZE channel-specific option (26558867)
    A CLIENT_STACK_SIZE channel-specific option has been added to the SMTP client.

  13. MTA Prefix and Suffix text (26562864)
    Two new MTA options, prefix_text_attr and suffix_text_attr, can be used to control the appearance of prefix and suffix text, respectively, that is inserted into HTML parts. If specified, these options cause a <div> element to be generated that surrounds the inserted prefix or suffix text. The option's value provides the list of attributes for this element.

  14. MTA disable FORWARD mapping through subsequent alias expansion
    A $J flag has been added to the FORWARD mapping. $J is the same as $H - it disables subsequent FORWARD mapping and database actions, but unlike $H the effect of $J carries through to all inner alias expansion levels rather than just affecting the current level.

  15. LMTP transaction logging
    The size and delivery flags fields are now filled in by the LMTP server.

  16. MTA disable opt-in for spam filter
    New alias and MTA options alias_optoutN and ldap_outoutN, N=1-8, have been added. These options can be used to disable opting in to the corresponding spam filter at the current level of alias expansion. The alias_optoutN options are for use in alias entries; the ldap_optoutN options specify attributes which can be used in LDAP user and group entries.

  17. SMTP multiline response from mappings (26711857)
    ~ separators may now be used in PORT_ACCESS mappings as delimiters in multiline responses.

  18. Restricted option: MTA treat internal DNS errors as temporary (26696915)
    A restricted option has been added to tell the MTA to treat all DNS errors as temporary errors. The dnsforcetemporary option is only intended for use on internal connections where any error has to be the result of misconfiguration. A nodnsforcetemporary option has also been added, and is the default.

  19. Recipe Language: delete_optlist
    The delete_optlist recipe function now accepts a two element list specifying both a name and a value.

  20. Sieve :count with other match-types
    The MTA sieve implementation now allows :count to be combined with other match-types in header and address tests. When this is done the test performs the non-count match first, counting the number of matches. The resulting count is then compared with a third argument. An "i;ascii-numeric" comparator is always used for this second match.

    For example, the following test checks to see if the domain "" appears in more than five Received: fields and holds the message if it does:

           if header :count "gt" :contains "received" "" "5" {hold;}

    Note that the address test counts addresses, not fields. For example, the following test checks to see if there are less than 10 addresses that have a subdomain of as their domain in a recipient field:

           if address :count "lt" :matches
                      :domain ["to", "cc", "bcc"] "*" "10" {...}
  21. MTA Pipe channel ADDRESS_TYPES
    A new pipe channel-specific option  ADDRESS_TYPES has been added. This bit-encoded option provides selective control over what sorts of address types the pipe channel allows:

    ADDRESS_TYPES bit fields
    Bit Value Form
    0 1 a%b
    1 2 a+b
    2 4 default programs

    The default value is 7, meaning all of these mechanisms are enabled.

  22. msconfig now hides empty groups
    The msconfig utility now suppresses output of empty groups in xpass.xml when -password is not specified. In particular, this prevents

          role (suppressed)

    from being output when there's an empty role in the file.

  23. MTA deliver-disabled mailUserStatus
    Support added for new mailUserStatus value deliver-disabled. If set this allows access via IMAP and POP but attempts to deliver mail via SMTP/LMTP will be rejected with a permanent error.

  24. MTA hash function
    The open symbol tables used by the MTA have been switched from using the OpenVMS logical name hash function to siphash - a widely-used noncryptographic hash function, with a random initializer.

  25. MTA new message_save_copy_flags flag
    Bit 5, value 32 of the message_save_copy_flags MTA option can now be used to include the destination host in MESSAGE-SAVE-COPY mapping probes.

  26. MTA authhost and noauthhost source channel options
    A new pair of source channel options, authhost and noauthhost, can now be used to instruct the MTA to use (or not use) the domain from the authenticated sender's primary email address as a default for completing incomplete addresses. These options override any remotehost/noremotehost setting and authhost takes priority over any defaulthost/nodefaulthost setting.

  27. MTA test rewrite -channel switch
    The -channel switch for imsimta test -rewrite now accepts an argument specifying which of the various selected channels should selected for information display. The choices are forward, backward, source, and destination. forward is the default.

  28. MTA imsimta send -channel switch
    A -channel=source-channel switch has been added to imsimta send. It does the obvious thing: It sets the source channel to the specified value.

  29. MTA improved Message-ID handling
    The heuristics surrounding the handling of Message-Id: fields have been altered to address various observed issues. In particular:

    1. Blank Message-ID: and Resent-Message-Id: fields are removed in submit mode. (Note that this then triggers (2).)
    2. Missing Message-Id: fields are supplied in non-passthrough modes.
    3. If other Resent-* fields are present but not Resent-Message-Id: one will be added in non-passthrough modes.
    4. Logging will use any Message-Id that's added.
  30. Recipe language get_default function
    A get_default function has been added to the recipe language. It takes a single string argument specifying an option name and returns the option's built-in default. An empty string is returned if the option has no default value.