Zen Software LinkedIn Zen Software GooglePlus Zen Software Blog Zen Software YouTube

Try MDaemon

Download Free 30-Day-Trial Install the free fully functional 30-day trial version of MDaemon in just a few minutes on any Windows PC.

Download Free 30-Day-Trial

Any questions?

Call us on 0161 660 5738 or send us an email.


MDaemon starts at around £280.00 ex. VAT.

Full price list

School or charity?

20% discount from RRP available for schools and charities!

Contact us for more info


Release notes

MDaemon Connector for Outlook client release notes

MDaemon Server v18.5 Release Notes

MDaemon 18.5.0 - September 25, 2018


[18211] BlackBerry Internet Service feature integration has been deprecated and removed. The BIS service (if it still exists) will now interact with MDaemon as it would any other SMTP/IMAP server.

[20768] WAB functionality has been deprecated and removed from Ctrl+U|Other.


[19813] MDaemon Instant Messaging in Webmail

The WorldClient and LookOut themes now feature a browser-based XMPP client that lets users instant message without needing to run the MDaemon Instant Messenger desktop application or some other XMPP client application. Users can enable it from Webmail's Options | Personalize screen, "Enable MDaemon's Instant Messaging feature in browser". Admins can enable or disable instant messaging per domain using the Domain Manager, per account using the Account Editor, or per group using the Group Manager. It operates on ports 7070 (HTTP) and 7443 (HTTPS).

[19962] Exempt Webmail from Location Screening

Added a user option in Webmail to exempt Two Factor Authentication logins from Location Screening. If a user has BypassLocationScreeningTFA=Yes in the [User] section of their User.ini file, and Two Factor Auth is enabled for the user, Location Screening is bypassed. This allows users to login to Webmail in countries that would normally be blocked by Location Screening.

[20395] Improved AD Integration

Users whose accounts are set to use AD authentication can now change their AD password in Webmail if the "AllowADPasswordChange" setting is enabled in \MDaemon\WorldClient\Domains.ini. It is disabled by default.

[12576] Signature Macros

MDaemon signatures now support macros that insert contact information from the sender's contact in its domain's Public Contacts folder. This allows default and domain signatures to be personalized with the sender's information. $CONTACTFULLNAME$, for example, inserts the sender's full name, and $CONTACTEMAILADDRESS$ inserts the sender's email address. Use Webmail, MDaemon Connector, or ActiveSync to edit the public contacts. Blank values are used if no contact exists for the sender. See the documentation for a full list of supported macros.

The placement of MDaemon signatures can now also be controlled, if the sender wants them somewhere other than the bottom of the message. Use $SYSTEMSIGNATURE$ to place the default/domain signature, and $ACCOUNTSIGNATURE$ to place the account signature.


  • [20550] ActiveSync: Enforcing the EAS spec so that full wipe of clients is only possible if a policy has been applied.
  • [18707] Report Weak Password feature now reports an error if invalid or non-local recipient is entered.
  • [20628] Errant AV definition count removed from UI and auto-generated emails. This information is no longer available/relevant.
  • [20381] Added ActiveSync to the Accounts section in the left pane of the MDaemon GUI.
  • [20587] Low disk space calculations updated for large drives and auto generated warning emails use MB now rather than bytes.
  • (MDPC ONLY) [13955] MDRA - Added ability for domain admins to export users
  • [8856] MDRA - Added mail list views (except List Administrators) for list admins.
  • [20091] Webmail - Added options in the Compose and Options | Compose views to toggle the direction of the editor.
  • [20083] Webmail - Added ability for remembering the collapsed state between sessions for Favorite, Saved Search, Personal, Shared, Public, and My Folders.
  • (MDPC ONLY) [11594] MDRA - Added ability for Domain admins to give users access to MDaemon Connector
  • [20081] MDRA - Added a completed action notification to the bottom of the page when the user saves or takes an action on a page
  • [9286] MDRA - Added the rest of the Event Scheduling dialog for Mail Scheduling
  • [20114] Webmail - Added a plugin to the HTML editor that automatically converts a pasted URL into a link
  • [18829] MDRA - Added options to set custom HTTP response headers for the built in Webserver that WC and RA run on. Main->Webmail Settings->Web Server and Main->Remote Admin Settings->Settings. The option to UseHttpStrictTransport security is migrated when the server starts.
  • [13357] Webmail - Added an option to edit a contact after it is added from the From header in the message preview and external message views
  • [17397] Webmail - Added the Days selection checkboxes to the Options | Autoresponder view
  • [18810] Webmail - Added the ability to import an external calendar via URL on the Calendar Import view. Added External Calendars view to manage added URLs.
  • [14994] MDRA - Added MultiPOP-retrieved messages to all inbound charts
  • [20250] WorldClient theme - Added an "urgent" indicator in front of the subject heading on the compose view when a message is marked urgent
  • [20394] MDaemon can be configured to not create POP lock files, which prevent multiple POP3 clients from accessing the same account at the same time, by editing MDaemon.ini and setting [Special] CreatePOPLockFiles=No.
  • [20516] The Account Manager right-click menu has a new "Move Mail" option which lets you select a new root path for the account folder structure (ie.. this means you can replace the default C:\MDaemon\Users\ with an alternative).  Selected accounts will have their entire folder structure moved to the new location.  This includes all emails, folders, calendars, and really all data for the account.  Although you select the new root folder MDaemon will automatically append "$DOMAIN$\$MAILBOX$\" to it so that the resulting filtered mail folder paths stay properly separated.  Keep the number of characters in the root path as few as possible because there is still a 90 character limit on the total length of the account mail directory field.  The "New Accounts" template's default mail folder path is also updated with this new value. This operation can be used to easily migrate user data from one volume to another either all at once or in blocks of users at different times.  Pay heed to warning screens. This operations moves and deletes your user's critical data and there is always a potential for a mistake or failure to cause the entire loss of it. Therefore make a backup of the user data before migrating. This is easy by copying the existing root mail folder (C:\MDaemon\Users\ by default) somewhere else manually (Windows Explorer).
  • [18444] Webmail - Added the ability to change the categories on a per occurrence basis for calendar events.
  • [20476] Webmail - Added an option that allows a saved search to be cancelled upon selecting a different message folder.
  • [20535] Webmail - Added an HTTP JSON API with full documentation located at \MDaemon\WorldClient\WCAPI\WorldClientAPI.html
  • [18845] Webmail - Signature text in the compose editor now starts out read-only, to prevent users from accidentally typing message text there and having it erased when switching the From address.
  • [20616] MDRA - Frozen accounts are no longer allowed to login.
  • [20446] MDRA - Added Release and Re-Queue buttons to the Quarantine Queue
  • [20275] MDRA - Updated FusionCharts to 3.12.2
  • [20637] MDRA and Webmail - Updated CKEditor to 4.9.2 and added Speech Recognition plugin.
  • [4976] MDRA - Added "Importing Members" status indicator
  • [7889] MDRA - Added "Importing User Accounts" status indicator
  • [5665] MDRA - Added button to restrict MD folder access to Admins, Backup Operators, and SYSTEM accounts at Setup | Preferences | Disk
  • [19619] The ATRN password field was moved from the Settings page to the Dequeue page within the Gateway Editor and the ATRN field will not enable without a password.
  • [20491] MDRA - Added more Recommended Settings buttons to the following views:
    • Security | Screening | Hijack Detection, Location Screening
    • Security | Dynamic Screening | Options / Customize, Dynamic Whitelist, Protocols, Notifications
    • Security | Content Filter | Attachments, Notifications, Recipients, Compression
    • Spam Filter | Spam Filter | Spam Daemon (MDSpamD)
    • Spam Filter | Spam Honeypots
    • Logs | Log Settings | Log Mode, Statistics Log, Windows Event Log, Maintenance, Settings, Remote Admin Log Settings
  • [18846] MDRA - When deleting a message in the Queues the next message is selected in the list
  • [20214] MDRA - When a log is filtered a user can click on a line and it will open a frame to the page where that line is located, scroll to that line in the log, and highlight the line.
  • [19773] MDRA - Added button in the log viewer to turn on AutoRefresh. The setting for the auto refresh interval is located at Logs | Log Settings | Remote Admin Log Settings and the value has a minium of 5 with a maximum of 9999 in seconds.
  • [17841] MDRA - Added sorting to the ActiveSync Devices list under Mobile Devices | ActiveSync | Domains | Manage Devices. Sorting column and direction persist between sessions in the same browser (saved to browser storage).
  • [18414] MDRA - Added ability to monitor, start, and stop SMTP, IMAP, POP3, and MultiPOP services to Main | Status
  • [8782] MDRA - Added the 'Remove contacts which are missing name or phone data' button to Spam Filter | Spam Filter | Whitelist (auto) page
  • [9331] MDRA - Added the Restore Queues page at Setup | Mail Queues/DSN | Restore Queues Settings
  • [9289] MDRA - Added avupdate.log to the log files list at Logs | Log Files.
  • [20763] Changed installer to only overwrite Cyren AV definitions if older or missing
  • [20513] Webmail - Added the ability to remove a contact from the common contacts list when selecting a contact from the autocomplete list by using the "Delete" key (in Windows) on the selected contact.
  • [20261] WorldClient theme - Made MDaemon PGP encryption options more visible to the user
  • [16956] MDRA - Added ability to assign/edit policy settings per account at Mobile Devices | Active Sync | Account Management
  • [16955] MDRA - Added "Revoke All Accounts" button at Mobile Devices | Active Sync | Account Management
  • [16954] MDRA - Added the Client Management page at Mobile Devices | Active Sync | Client Management
  • [16953] MDRA - Added option to "Enable all domains unless explicitly disabled" at Mobile Devices | Active Sync | Domain Management
  • [16952] MDRA - Added "Day of month reset bandwidth statistics" option at Mobile Devices | Active Sync | Client Management | Select a client and click "Client Settings"
  • [16951] MDRA - Added "Enforce protocol restrictions" option at Mobile Devices |  Active Sync | Client Settings | Edit an item in the list to view the client settings.
  • [12309] MDRA - Added more options to the Mobile Devices | Active Sync | Diagnostics page
  • [10850] MDRA - Added the "Create Tasks/Reminders for Flagged Mail Items" option at Mobile Devices | Active Sync | Client Settings | Edit an item in the list to view the client settings.
  • [20837] Updated to MDaemon Connector version 5.6.0
  • [11468] MDRA - Added a session cookie to increase the session security
  • [20849] CalDAV and WebDAV now support the creation and deletion of calendar, task, and contact folders from clients that support the MKCalendar and MKCol commands.
  • [20877] CalDAV server now stores the calendar color property and returns it to other CalDAV clients. At this time CalDAV calendar colors are not synchronized with Webmail.
  • [19472] Added support for the SASL-IR IMAP extension (RFC 4959).
  • [19470] Added IPv6 support to the XMPP server. Requires Vista/Server 2008 or newer.


  • [17185] fix to Webmail - Folder ACL editor corrupts non-ASCII characters in Hiwater.mrk and AclShLookup.dat
  • [16925] fix to MDRA - When you create a new mailing list with a group as a member, a notification is sent to the actual "GROUP" entry
  • [20203] fix to LookOut theme - User Permissions for shared folder not displayed
  • [20228] fix to Mobile theme - Events are not loaded in the calendar view when switching months or years
  • [20542] fix to MDRA - "To address is missing" appears in "send note" content filter rules created by MDRA
  • [20575] fix to Webmail - In certain instances, a recipient's Display Name will be sent in punycode
  • [20618] fix to MDRA - Unable to add Dynamic Screening blacklist entry to an empty list
  • [20643] fix to whitelist@ and blacklist@ message parser ignoring \"From\" data when split to multiple lines
  • [20639] fix to pfdata.dat file not updating when renaming a public folder via the GUI
  • [20574] fix to mail folders are not moved during domain rename operation
  • [20520] fix to errant data in email sent when accounts are frozen by hijack detection
  • [20227] fix to possible crash when closing Mailing List Manager
  • [20661] fix to MDRA - Up/Down arrows don't move content filter rules
  • [20663] fix to MDRA - Domain Admins cannot apply the password options in an account
  • [9842] fix to MDRA - Added the De-list button to the Account Manager page
  • [20662] fix to Webmail - When the Edit IMAP Filters option is disabled, the Add Filter option is available
  • [20524] fix to Webmail - Forwarding mail in the Edge browser causes message body to disappear
  • [19660] fix to MDRA - excess whitespace on DS White and BlackList dialogs in Firefox
  • [19784] fix to MDRA - DS notification address can be saved without entering an email address
  • [19364] fix to MDRA - DS system options visible on Protocols dialog
  • [20678] fix to MDRA - Dynamic Screening Options lists an "Always" log level
  • [15210] fix to MDRA - When moving a user from one domain to another, MDaemon Connector permissions don't migrate
  • [15211] fix to MDRA - IMAP public folder extension is case sensitive
  • [16113] fix to MDRA - Going from ActiveSync Client Settings to Mailing Lists in the pop-out account editor results in mailing lists without a side menu
  • [16988] fix to MDRA - Alias selection does not remain highlighted when moving up/down
  • [18732] fix to MDRA - Cannot select default DKIM selector without selecting another first
  • [18735] fix to MDRA - Have to select No and then Yes to be able to save in Remove Attachments
  • [18738] fix to MDRA - Exit Code condition in Content Filter allows non-number entry, saves as NaN
  • [19781] fix to MDRA - The 'default notification address' field in the Dynamic Screen feature does not support external addresses
  • [20061] fix to MDRA - German account creation error is partial in English
  • [19398] fix to MDRA - the Log Parser is only parsing the Routing log file for English servers
  • [20702] fix to MD_VerifyUserInfo() not returning MDDLLERR_INVALIDFWD when account forwarding address field is not a valid email address
  • [20669] fix to Minger server refusing "noreply@" as invalid address when it shouldn't
  • [20701] fix to Webmail may truncate To header when sending a message to many addresses
  • [20747] fix to Webmail - Opening non-ASCII attachment on the Compose window in IE causes a 404 error
  • [20413] fix to LookOut and WorldClient themes - opening Webmail using MDIM by clicking on a folder other than Inbox, results in the clicked folder missing from the list
  • [20630] fix to Webmail - Pasting print screen image when composing message in Firefox using print screen button displays image twice
  • [8289] fix to MDRA - DomainPOP rules do not show up translated
  • [20762] fix to MDaemon Statistics Database fails to upgrade from version 17 to 18 and causes a hang
  • [20761] fix to possible MDaemon crash when archiving is enabled
  • [20792] fix to MD does not fully evaluate SPF records with deeply nested includes
  • [20808] fix to WorldClient theme - Other Headers prompt is missing the OK button
  • [20800] fix to MDRA - A message forwarded to a local account is routed to Remote queue when released
  • [16974] fix to MDRA - Unable to click the "Client Blacklisted/Whitelisted" boxes
  • [16967] fix to MDRA -"Replicate aliases to LDAP" in Alias settings is not disabled when LDAP is not being used
  • [16819] fix to MDRA - Shared Folders page doesn't refresh after adding new folder from Account Editor page
  • [20836] fix to MDRA - LAN Domains and LAN IPs are not listed
  • [19823] fix to MDRA - Invalid email address allowed at Main->Webmail Settings->RelayFax
  • [20838] fix to MDRA - missing string for Bandwidth chart
  • [19739] fix to MDRA - Alert does not work when Accessing Subscriptions page
  • [13619] fix to MDRA - Creation of user doesn't auto populate in list
  • [20786] fix to Webmail - Meeting request attendee is able to add additional attendees to the event
  • [20840] fix to LookOut and WorldClient themes - Compose attachments screen may not list all documents
  • [20844] fix to several MDaemon whitelists do not support IPv6 addresses
  • [20826] fix to Webmail - Meeting invite attachments that are included in the message instead of the ics file are not added to the meeting when accepted
  • [20841] fix to MDaemon Configuration Session is not updated with changes made in Remote Administration to LAN Domains, LAN IPs, IP Shield, and Domain Sharing
  • [20843] fix to MDRA - The Webmail Settings screen in Remote Admin's Domain Manager doesn't show the default values for most settings
  • [20860] fix to possible WorldClient.exe crash
  • [20874] fix to MDRA - Always allow connections from IP doesn't accept IPv6 address at Setup | Server Settings |  Servers
  • [20873] fix to MDRA - Refuse messages larger than field can be set to negative values at Setup | Server Settings |  Servers
  • [20803] fix to recipient blacklist is not checked when a null reverse path is used
  • [2339] fix to non-ASCII characters in signatures may not appear in received messages
  • [20835] fix to accounts are able to access ActiveSync even though ActiveSync is disabled for the domain if auto-provisioning is enabled. Note: You must also un-authorize any existing users from the domain that have already been granted access.
  • [20905] fix to MDaemon Connector release notes are sent to admins even when it's not licensed

MDaemon Server v18.0 Release Notes

MDaemon 18.0.2 - June 12, 2018


  • [20572] MDaemon Connector has been updated to version 5.5.2.
  • [19480] The MDaemon GUI does not display the toolbar at startup after it has been closed. Select Windows | Reset Toolbar to get it back.
  • [20223] Webmail - Added address validation to the default reply-to address field in Options | Compose


  • [20421] fix to LookOut and WorldClient themes - Cannot use dot (.) in folder names
  • [20415] fix to MDaemon-Statistics database grows boundlessly due to Message Log parsing feature and causes high processor usage in Remote Admin
  • [20440] fix to MDRA - Dropbox - Using this dialog to add the App Key and App Secret saves the data with a different salt each time
  • [20439] fix to Webmail - Dropbox - Cannot save email attachments to Dropbox
  • [20441] fix to MD UI issues with the Start Time column on the Sessions pane
  • [18789] fix to Active Webmail Sessions performance counter is not always updated
  • [18131] fix to truncated DNS response when doing reverse lookup may cause mail to be refused
  • [20435] fix to MDRA - Webmail sessions listed as "WorldClient" instead of "Webmail"
  • [20433] fix to Webmail - "permanently delete" notification not translated
  • [20355] fix to Webmail - Creating an event from a message changes & to &
  • [20289] fix to Webmail - Creating an event from an HTML message results in styles showing up in the notes
  • [20349] fix to MDRA - Unable to edit a mailing list with a name that starts with "Everyone"
  • [20288] fix to LookOut theme - Long subject causes unexpected behavior when forwarding as attachment
  • [20125] fix to LookOut theme - Vertical scroll bar is not reset when switching to the next page of messages
  • [20463] fix to possible Webmail crash
  • [19554] fix to MDRA - Some default list outputs are not translated
  • [20492] fix to MDaemon server may hang while upgrading the statistics database
  • [20494] fix to Webmail - X-Mailer header in sent messages is "WorldClient"
  • [20450] fix to ActiveSync sessions not displaying in MD Configuration Session
  • [20499] fix to Webmail - PIM item attachments are not copied with the PIM item when it is moved or copied to another folder
  • [20504] fix to Webmail - Cannot upload a picture to a contact
  • [20501] fix to MDRA - Multiple submission addresses can be added to the same public folder
  • [20507] fix to Webmail - When common_contacts.json file contains null values, autocomplete stops returning queries
  • [20510] fix to MDPGP --pgpk not always honoring disable checkbox and also fixing a case-sensitivity issue
  • [20512] fix to Webmail - After setting a category on a message, sort order is changed to category
  • [20511] fix to Webmail - Import EML with no subject results in an error message but the message is still imported
  • [20509] fix to MDRA - possible high CPU usage
  • [20521] fix to Webmail - Removing the snooze from a categorized message also removes the category, and adding a category to a message might cause the message to be snoozed.
  • [20538] fix to MDRA - "Limit Simultaneous connections by IP to" can only be set to zero or 1
  • [19790] fix to Dynamic Screening does not honor the setting "Ignore authentication attempts using identical passwords"
  • [20540] fix to Content Filter may duplicate attachments extracted from winmail.dat
  • [20544] fix to missing client information on the ActiveSync wipe confirmation dialog
  • [20545] fix to calendar notes created on iPhone will not sync to server
  • [20547] fix to LookOut and WorldClient themes - the day view does not auto scroll to 7 am in non side by side view
  • [20542] fix to "To address is missing" appears in "send note" content filter rules created by MDRA
  • [20548] fix to meeting requests generated by MDaemon Webmail are not automatically accepted by Exchange servers
  • [20562] fix to MDaemon adding Kaspersky URLs to \MDaemon\SecurityPlus\antivirus.ini on a clean install
  • [20529] fix to Dynamic Screening may re-freeze an unfrozen account after a single authentication failure
  • [20525] fix to ActiveSync changes to tasks are not synced to MDaemon Connector
  • [20569] fix to a user may be able to post to a mailing list when they do not have rights to post
  • [20570] fix to old TarpitConnect.dat entries are not removed
  • [20561] fix to possible crash in MDAirSync.dll
  • [20586] fix to possible CFEngine.exe crash

MDaemon 18.0.1 - May 15, 2018


  • [20483] MDaemon Connector has been updated to version 5.5.1. Please see what changed in MDaemon Connector 5.5.1 here:
  • [20005] The "Registration Information" screens have been removed from the MDaemon installer. The MDaemon GUI now asks for this information when it starts up for the first time and whenever the registration key or major version number changes.


  • [20426] fix to possible Webmail crash when deleting meeting occurrences
  • [20443] fix to AntiVirus error message is logged at MDaemon startup on systems that have never used AV
  • [20445] fix to SMTP MSA port may require STARTTLS even when STARTTLS is disabled
  • [20478] fix to Remote Administration text editor removes the first 3 characters of signatures and administrator notes
  • [20480] fix to some MDaemon Connector features are not disabled when using an expired MDaemon Connector registration key
  • [20508] fix to PGP related vulnerability as described at https://efail.de/

MDaemon 18.0.0 - April 17, 2018


[20008] Alt-N Technologies has changed its name to MDaemon Technologies. WorldClient is now MDaemon Webmail, WorldClient Instant Messenger is now MDaemon Instant Messenger, SecurityPlus is now MDaemon Antivirus, and Outlook Connector is now MDaemon Connector.

[19546] The MDaemon installer now includes MDaemon AntiVirus and MDaemon Connector, which are licensed separately.

[19512] The "From Header Modification" feature has changed. It operates as before however the format of the final modified From data has changed from this format: "Email -- Name" <Email> to this format: "Name (Email)" <Email>. This new format is more readable/usable/sortable etc. If you would rather keep the old format (your users may be used to it already) you can check a box at Ctrl+S|Screening|Hijack Detection|From Header Modification.

[19577] A past installer reset the option "Ctrl+S|Sender Authentication|SMTP Authentication|Authentication is always required when mail is sent from local IPs" to disabled for upgraders.  The installer has been changed to ignore this setting.  You must manually check that this option is set to your desire.  The default is for it to be checked (enabled) but you should check to be sure it is set how you want.

[19703] The following settings have had default values changed.  Existing installations should check to be sure the following settings are as desired: Ctrl+S|Security Settings|SSL & TLS|MDaemon: Enable the dedicated SSL ports... and SMTP server requires STARTTLS... options have had defaults changed from disabled to enabled. Ctrl+S|Security Settings|Sender Authentication|DMARC verification|Honor p=reject... has changed from disabled to enabled. Ctrl+S| Security Settings|Sender Authentication|SPF Verification|User local address in SMTP envelope...has changed from disabled to enabled. Ctrl+S|Security Settings| Screening|IP Screen|Apply IP Screen to MSA connections has changed from disabled to enabled. Ctrl+S|Security Settings|Screening|Host Screen|Drop connection after EHLO has changed from disabled to enabled.

[19612] Catalog functionality has been deprecated and removed from the UI.

[20220] All Virtru related support has been removed from MDaemon Webmail. Old encrypted messages can still be viewed in the Virtru Secure Reader.

[20339] Previously when a message was sent to an alias, MDPGP would encrypt it using the key for the actual email address. Now that same message won't be encrypted. To encrypt it now requires a key for the alias.


[19571] DNSSEC

Ctrl+S|SSL&TLS|DNSSEC allows you to request DNSSEC service from your DNS server(s). When enabled, MDaemon sets the AD bit when making DNS queries and checks for it in the answers. This may not work with all DNS server(s) (not sure) so you'll have to try with yours. DNSSEC service is only applied to messages that meet your selection criteria. DNSSEC service can be "requested" or "required" on a per-message basis. If "required" and DNS results fail to include authenticated data then the message is bounced back to sender. If "requested" then DNSSEC service is attempted but nothing happens if it fails.

Mail session logs will include a line at the top if DNSSEC service was used and "DNSSEC" will appear next to secure data in the logs.

IMPORTANT: MDaemon is a non-validating stub-resolver. This means that it will request authenticated data from DNS server(s) but it has no way to independently verify that the data it gets from them is secure. However, if you know/trust your connection to your DNS server(s) (for example, it runs on localhost or within a secure LAN or workplace) then you should use this as it will boost security.

DNSSEC lookups take more time and resource and I think less then 7% of domains have currently deployed it. That is why this is not configured to apply to every message delivery by default. However, if you want that, you can force every email sent to use DNSSEC by adding one line like "To *" into the configuration file (see Ctrl+S|SSL&TLS|DNSSEC).

[15288] Email Snooze

MDaemon Webmail was updated to allow a user to snooze an email. When a message is snoozed it will be hidden from the user for a designated period of time. To snooze a message, right click on it and choose the "Snooze for..." option in the context menu. Then choose how long you wish to snooze the message for. The "Choose a date and time" option is only available for browsers that support the date and time inputs. Hidden messages can be viewed in LookOut theme by clicking the "View Snoozed Messages" icon in the toolbar and WorldClient theme by choosing "view snoozed" from the view drop down menu in the toolbar. This feature is on by default. To turn off the feature, go to Options | Personalize, and find the Inbox Settings. Uncheck the "Enable Message Snooze" box. There are no snooze controls in Lite and Mobile theme, but snoozed messages are still hidden.

[1520] Public Calendars

In MDaemon Webmail users can publish a calendar to a publicly accessible link. Users have the option to password protect the calendar. To disable this globally, change the value of [Default:Settings] EnablePublicCalendars to No. To disable it on a per user basis, add CanPublishCalendars=No to a user's User.ini file. To publish a calendar, in LookOut or WorldClient theme, go to Options | Folders and click the "Share Folder" button next to the calendar you wish to publish. In the dialog, open the Public Access tab and if desired, fill in the display name or require a password, then click the "Publish Calendar" button. A confirm dialog will show up to tell the user what is about to happen. After clicking OK, an alert will display the new URL where the calendar is available. There will also be a link displayed on the page once the calendar has been published. To unpublish the calendar, click the "Unpublish Calendar" button. To change the password or the display name, click the "Update" button.

[10886] Remember Me

A "Remember Me" option has been added to the logon page of MDaemon Webmail. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Webmail Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Then if they have a bookmark with any of three View URL variables set (View=Main, View=Logon, or View=List) (or no View URL variable set), the user will be automatically logged in. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19865] "Remember Me" was also added to the Remote Administration logon page. This feature is disabled by default. The default expiration is 30 days, and the maximum expiration setting is 365 days. It can be enabled in the MDRA GUI under Main->Remote Admin Settings->Settings. Users can check the "Remember Me" option on the logon page to be remembered on a specific device. Two Factor Authentication (2FA) is separate and will still be required when the 2FA remember me token expires.

[19738] Exempt Known ActiveSync Devices from Location Screening

An option has been added to allow a previously known ActiveSync device to bypass location screening. Administrators can enable this option to allow users to continue to access their account via ActiveSync from a location that is configured to block authentication attempts. In order to exempt the device it must have connected and authenticated using ActiveSync within the time frame configured to remove inactive clients. To exempt a device go to Setup / Mobile Device Management / Clients, select the client and click Settings, then check the box for Exempt from Location Screening.

You can also choose to Whitelist the address the client is connecting from. This can be used to allow other clients that might be connecting from the same IP address to also bypass location screening.


  • [19372] Added ability to specify which protocols use Location Screening.
  • [19507] LookOut and WorldClient themes - Added PIM attachments for Contacts, Tasks, and Notes
  • [19575] IP and Host Screening UI previously shared controls at the bottom of their configuration screens but now the items related to IP Screening will be on the IP Screening screen and the Host Screening on the Host Screening screen (can I say screen one more time).
  • [13359] MD Webmail - Added options to decide how to handle the original message when replying or forwarding on the Options | Compose page under "Replying and Forwarding". The options are as follows: Do not include, Attach, Include, Include and Indent, Prefix. The option "Do not include" is unavailabe when forwarding a message. For plain text messages the user can configure their own prefix up to 4 characters long. A space will be included after the 4 characters.
  • [5652] MD Webmail- Added the ability to customize the attribution of original messages in replies and forwards on the Options | Compose page under "Replying and Forwarding". The options are as follows: None, Include From, Date, To, and Subject lines from original message, Custom format (plain-text only). Custom format has two required macros, %SENTDATEANDTIME% and %SENDER%. If either macro is not used, then MD Webmail will default to the second option.
  • [19558] MD Webmail- increased the length of the private ical feed token found in the Folder Share and Calendar Export views. The token will only increase in length if it has yet to be created, or the user resets it.
  • [19547] MDRA - Made the "No Results" box in Message Search grey so that it does not look like a button
  • [19462] MDRA - Moved the "Edit Mailing List Admins" button to the "Mailing List Subscription Manager Options" section under Main -> Remote Admin Settings
  • [19460] MDRA - Increased the height of the Gateway Manager Settings window
  • [19499] MD Webmail - Added an option to include a Terms of Use acknowledgment on the logon page. When Terms of Use is required, user's will not be able to login without clicking the checkbox.
  • [19568] A new screen exists at Ctrl+W|Terms of Use which allows you to configure a Terms of Use message that will appear to Webmail and Remote Admin users which they must agree to before the services can be used.
  • [19500] MDRA - Added an option to include a Terms of Use acknowledgment on the logon page. When Terms of Use is required, user's will not be able to login without clicking the checkbox.
  • [18868] MDRA - Added button to set the settings on a page to the "Recommended" settings. So far, only some security related pages have this button.
  • [19657] MD Webmail - Added an option to increase/decrease the spacing between lines in the Compose view's HTML editor
  • [19444] MDRA - Added ability for Message Search to return messages that were not accepted after the DATA command by searching the From and/or Recipients fields.
  • [19688] MD Webmail - Added better logging information for session failures when debug level logging is enabled
  • [15557] MD Webmail - Added MDaemon PGP options to the Compose view for WorldClient and LookOut themes
  • [19022] MD Webmail - Added the Country to Login History in Options | Security
  • [19702] MDRA - Added a Last Accessed column under the Main | Accounts settings
  • [19737] MD Webmail - The "UserCategories.js file has malformed data" message will only be displayed when the data returned from the server is not in an array format.
  • [19744] MDRA - Added SSL & HTTPS views for RA and Webmail under Main | Webmail Settings and Main | Remote Admin Settings.
  • [4368] MDRA - Added the SSL & TLS views from the MDaemon GUI under Security | Security Settings | SSL & TLS. STARTTLS White List and STARTTLS List are buttons located under the Security | SSL & TLS | MDaemon link.
  • [12548] MDRA - Added more filtering options to the Account list. Added the Groups column to the filter column options. Display ActiveSync, Outlook Connector, IMAP Access, POP Access, Over Quota, Near Quota, Frozen, Disabled, and/or Active accounts.
  • [14013] MDRA - Improved filter ability. If no wildcards are included by the user, the filter term is treated as though it were surrounded by wildcards. So "test" would be treated as "*test*".
  • [13358] MD Webmail - Added an automatic feature to the auto complete functionality that will display the three most commonly used contacts related to the search string at the top of the list. Auto complete is used in multiple views, and the feature is active wherever auto complete is used.
  • [4636] MDPC/MDRA - Added the Web Services tab for domain administrators when editing user accounts other than their own. The "...edit quota settings" option is disabled for domain administrators.
  • [9361] MDPC/MDRA - Added the Security->Screening->Sender Blacklist and Recipient Blacklist views for domain admins. Additional options, "Check message headers for blacklisted addresses", and "Notify blacklisted senders that their message was refused" on the Sender Blacklist view are not available for domain admins because they are not domain specific options.
  • [19937] MDRA - Users are now prevented from setting the Webmail List Refresh Time to anything less than 1
  • [19943] MD Webmail - Added workaround to a bogus vulnerability detected by PCI compliance scan
  • [19971] MD Webmail - Added an option for signed messages with p7s and p7b attachments to import the S/MIME public certificate to the sender's contact data.
  • [14141] LookOut and WorldClient themes - Added an option to include a custom image/icon with each custom link. After the CustomButtonLink1 entry, add CustomButtonImage1=filename.extension. Place filename.extension in the MDaemon\WorldClient\HTML\All\Images directory in order for it to be used. The expected image size is 32x32. It will be automatically resized, so the original image should also be 32x32 for the sake of aesthetics.
  • [19939] MD Webmail - changed the autocomplete feature to include domain name matches with contact email addresses
  • [19931] MD Webmail - Added autocomplete="off" to the "Verify Pairing" field for the Two Factor Authentication setup
  • [19973] MD Webmail - Updated the Voice Recorder error message for the cases where microphone permission is off or the user is not using HTTPS
  • [20021] LookOut, WorldClient, and Mobile themes - Added speech synthesis to the message views. Users can click the "Read Message" button to listen to the message. Only supported in the latest Chrome and Firefox.
  • [16747] MDRA - Added the options to Allow or Require Two Factor Authentication to the user Web Services page
  • [19867] MD Webmail - Added phone number links to all themes in the contact list view to allow users to click on the phone number to make a call
  • [16806] MDRA - Added Learn Spam and Learn Non-Spam buttons to all Queues. The buttons copy the selected messages into the Bayesian Spam and Non-Spam folders respectively.
  • [14268] MDRA - Added the Max Records field to Reports that are using bar graphs. Maximum is no greater than 100 records for the views in question. Inbound Email->Top Recipients,  Top Recipients by Size; Outbound Email->Top Senders, Top Senders by Size; Anti-Spam->Top Spam Scores, Top Recipients; Anti-Virus->By Name
  • [19268] MDRA - Message Search - Added a message for the case that the user either does not have permission to view the logs or the statistics database is not enabled. If the statistics database is not enabled, a button will be present that will take the user to the Logs->Log Settings->Statistics Log view.
  • [19473] Added a counter to show connections refused by location screening.
  • [19579] Changed dynamic screening notifications to go to global administrators by default instead of the postmaster, to avoid problems when the postmaster alias is not set up.
  • [20085] MDLaunch /stop will try to forcibly terminate the MDaemon.exe process if it has not stopped after two minutes.
  • [4270] The Content Filter can now extract files from inside of winmail.dat and turn them into standard MIME message attachments. Enable this at Security | Content Filter | Compression.
  • [20023] ActiveSync - Selected client Settings over-rides can now be applied to specific device types and security groups. For example, one could ensure that all ActiveSync connections with Outlook for Windows virtully merge their domain's Public Contacts into the user's default contact folder, or enable location screening exemptions for ActiveSync connections from members of a specific group.
  • [19958] ActiveSync does not encode the name in the From header if it contains only ASCII characters.
  • [19513] Ctrl+S|SSL & TLS has a new screen called Let's Encrypt where you can configure automation of a PowerShell script that requests and sets up free TLS certificates from Let's Encrypt.
  • [20216] Updated ClamAV to version 0.99.4, and the 64-bit version of MDaemon now uses 64-bit ClamAV.
  • [20235] LetsEncrypt will now clean up files older than 180 days from the Acme-Challenge and MDaemon\PEM directories. Only .PFX files that have a file name beginning with the FQDN configured in MDaemon are removed. The names of the files that are removed are logged in the LetsEncrypt Log file.
  • [20253] The right click menu commands to white list and black list from the Queues screen have been removed. Also, the Spam Filter White List and Black List screens now open in read only mode until an "Advanced" button is clicked.
  • [20311] Added Antivirus mailbox scanning.  Under Security->AntiVirus select 'Scan all mailboxes every n day(s)'.  This allows for detecting of any infected messages that may have passed through before virus definition updates could be updated to detect them.  Infected messages will be moved to the quarantine folder with 'X-MDBadQueue-Reason' header added so that there will be an explanation when viewed with MDaemon configuration screen. Messages that cannot be scanned will not be quarantined.


  • [19567] fix to host name sometimes missing from SSL related logging
  • [19210] fix to DMARC contact email not accepting aliases to a subaddressed account
  • [19683] fix to MD Webmail Compose page may take a very long time to load when doing reply or forward on a large HTML message
  • [19621] fix to API not saving gateway configuration data in some cases
  • [19662] fix to MDRA - Public Folder Editor has old Alert message
  • [19663] fix to MDRA - Public Folders Access Control alert typo
  • [19747] fix to LookOut and WorldClient themes - PDF Viewer - If there are non-breaking spaces (&nbsp;) in the name of the file, it will not load
  • [19761] fix to WorldClient theme - filters are not saved after being reordered
  • [19877] fix to WorldClient theme - Reply and forward flags are not updated immediately after sending the message
  • [10595] fix to MD Webmail - Documents - Drag and drop of multiple files into Documents folder results in only 1 file uploaded, no error message
  • [15747] fix to MD Webmail - French - When creating a folder called "Courrier" in the root, the Inbox no longer displays messages
  • [16050] fix to MDRA - Active Sessions not showing MDaemon Webmail sessions
  • [18351] fix to CALDAV client may not display the last occurrence of recurring event that occurs until a specific date
  • [17112] fix to if an attendee's email address is an alias, the attendee's response status will not be recorded in the event
  • [19961] fix to potential crash in CalDAV server
  • [15184] fix to LookOut and WorldClient themes - Default Contacts View does not apply to address book opened from the Compose view
  • [19978] fix to LookOut and WorldClient themes - When changing a category in a shared folder, others do not see the change immediately
  • [19928] fix to MD Webmail - A meeting request attached to a message thread displays the meeting information but not the message body
  • [19916] fix to MDRA - Deleting entry from ACL closes the dialog
  • [19946] fix to MDRA - German - When deleting an account, the confirmation box cuts off the buttons
  • [17625] fix to WorldClient theme - Searching between two dates with more recent date first gives results after more recent date
  • [19984] fix to MDRA - the Start / End Time field overlaps the Start / End Date drop-down box on the Autoresponder view
  • [19990] fix to WorldClient theme - Calendar View - The add folder icon is displayed below on languages where the name is too long
  • [19992] Fix to MD Webmail - the message list may show spoofed FROM headers unless View Sender is set to All
  • [19669] fix to Lite and Mobile themes - Carriage returns are missing in the body when viewing a message
  • [19996] fix to MDRA - Invalid forwarding address reported when attempting to set account to forward to multiple addresses
  • [20031] fix to WorldClient theme - The + to add a folder does not show a tooltip when hovered over
  • [20032] fix to WorldClient theme - Some of the background color is not being hidden when printing a calendar
  • [20027] fix to MD Health Check - if you click Analyze again after copying an entry to the clipboard the application crashes
  • [20052] fix to possible MDaemon crash when processing messages from the local queue
  • [20059] fix to Webmail - When downloading a zip of files from a message with multiple files of the same name, only the first file is included
  • [20082] fix to Webmail - Desktop Notifications are received, even though they are disabled
  • [20074] fix to WorldClient and LookOut themes - An extra message may be selected after copying messages
  • [20109] fix to MD Webmail - might incorrectly display a sender is DKIM verified
  • [20136] fix to CalDAV - Unable to change date of single occurrence of recurring event
  • [20137] fix to CalDAV - In Thunderbird/Lightning an all day recurring event where a specific occurrence has been changed to occur on a different date is not displayed correctly.  The event is displayed on both the date the occurrence has been changed to and the original date of the occurrence.
  • [20159] fix to Webmail - Slideshow - if an image is taller than the height of the screen, the width will be set to the screen width
  • [20113] fix to corrupt text in translated Dynamic Screening emails
  • [20000] fix to ActiveSync - various changed occurrence entries cause Outlook to stop syncing the calendar
  • [20128] fix to IPs are still blocked by Dynamic Screening when Enable Authentication Failure Tracking is disabled
  • [20101] fix to possible MDaemon crash when generating a Dynamic Screening notifcation email
  • [20084] fix to possible MDaemon hang during shutdown
  • [19995] fix to ActiveSync - creating top-level folders in Outlook will also create same folder name under Inbox
  • [19981] fix to possible ActiveSync server crash when a client replies to a message
  • [19969] fix to ACL editor GUI may show extra character in Name field for anyone@domain entry
  • [19967] fix to ActiveSync - last occurrence of recurring event may be missing on iOS
  • [19960] fix to possible WorldClient.exe crash related to Dynamic Screening
  • [19941] fix to Chinese ActiveSync policy names are corrupt
  • [20177] fix to DAV server not properly enforcing dynamic and location screening
  • [20178] fix to XMPP server not using location screening
  • [20200] fix to Webmail - Cannot share a folder to a group
  • [20184] fix to Mobile theme - When sending to unknown user, no pop-up is displayed
  • [2032] fix to LookOut theme - message preview does not block remote images except in the Inbox
  • [20240] fix to Mobile theme - French - Unable to delete a calendar appointment
  • [20265] fix to specific messages locking the local queue with high CPU usage
  • [20229] fix to CALDAV: Report command with no date filter may not return all calendar events
  • [20268] fix to List-Unsubscribe header is not automatically added to mailing list messages when "Honor '<List>-subscribe' and '<List>-unsubscribe' addresses" is enabled
  • [20273] fix to Webmail - Advanced Search - Searching for any text string in the message body returns all messages in all folders in the user account in the search results
  • [20271] fix to CALDAV: Specific data in calendar XML database file causes Thunderbird/Lightning to hang when synchronizing calendar
  • [20278] fix to $CALTXT$ macro is not replaced in calendar reminder email messages if the length of the comments/body field of the event exceeds 1000 characters
  • [20270] fix to Dynamic Blacklist GUI may not display all DSBlackList.dat entries
  • [20310] fix to recurring events from specific CalDAV clients are always saved as all day events
  • [20320] fix to ActiveSync: Time of recurring events may shift on Android devices by one hour after the start or end of daylight saving time
  • [20319] fix to MDRA - Any changes made to a global admin's ActiveSync Client Settings are applied globally
  • [20092] fix to meeting responses may be sent from the wrong account
  • [20339] fix to MDPGP not properly using keys assigned to aliases
  • [20360] fix to when a 'GET' command is used with CalDAV, "private details" of private calendar events are not filtered out
  • [20358] fix to possible MDaemon hang when the MDPGP option "Trade public keys during SMTP mail sessions (MDaemon)" is enabled
  • [20352] fix to MDPGP not signing some messages when configured to do so
  • [20378] fix to CalDAV: Free/Busy lookups from Mac iCal calendar application return no results
  • [20387] fix to MDaemon may send messages to the wrong smart host

MDaemon Server v17.5 Release Notes

MDaemon 17.5.3 - March 20, 2018


  • [20265] fix to specific messages locking the local queue with high CPU usage
  • [19996] fix to MDRA - Invalid forwarding address reported when attempting to set account to forward to multiple addresses
  • [19997] fix to Two Factor Authentication data may be stored in the wrong location
  • [19995] fix to ActiveSync - creating top-level folders in Outlook will also create same folder name under Inbox
  • [20000] fix to ActiveSync - various changed occurrence entries cause Outlook to stop syncing the calendar
  • [19961] fix to potential crash in CalDAV server
  • [20052] fix to possible MDaemon crash when processing messages from the local queue
  • [19981] fix to possible ActiveSync server crash when a client replies to a message
  • [20027] fix to MD Health Check - if you click Analyze again after copying an entry to the clipboard the application crashes
  • [20084] fix to possible MDaemon hang during shutdown
  • [20113] fix to corrupt text in translated Dynamic Screening emails

MDaemon 17.5.2 - December 19, 2017


  • [19833] WorldClient - Reconfigured method of storing Dropbox client information
  • [19832] WorldClient - Reconfigured OAuth implementation to make use of AES encryption
  • [19834] WorldClient - Reconfigured Two Factor Authentication to make use of AES encryption for user secret storage


  • [19757] fix to DynamicScreenUpd.sem not working
  • [19816] fix to incorrect IP blocking penalty tool tips on dynamic screening dialog
  • [19811] fix to dynamic screening notifications being incorrectly sent when an IP is expired from the blacklist
  • [19790] fix to the 'Ignore authentication attempts using idential passwords' option not being honored
  • [19785] fix to dynamic screening not being able to send notifications to an alias
  • [19808] fix to dynamic screening notifications being sent using the wrong time zone
  • [19775] fix to possible MDaemon.exe crash when the IMAP server is busy with a very large number of connections
  • [19800] fix to possible WorldClient.exe crash with specifically formatted iCalendar attachment data
  • [19683] fix to WorldClient Compose page may take a very long time to load when doing reply or forward on a large HTML message
  • [19804] fix to LookOut and WorldClient themes - Browser notifications are not received in MDaemon 17.5.1
  • [19805] fix to LookOut theme - WorldClient - After searching for a message, the search field is cleared when switching folders
  • [19803] fix to MDRA - Unable to change the log summary frequency
  • [19795] fix to LookOut theme - IE - Cannot add filter
  • [19819] fix to LookOut theme - When sorting messages by date in right preview pane it will sometimes not sort ascending or descending
  • [19814] fix to MDHealthCheck crash in whitelist regex
  • [19827] fix to WorldClient missing translations
  • [19849] fix to WorldClient theme - When setting View Sender By to Show All, the sender is displayed incorrectly
  • [19845] fix to LookOut and WorldClient themes - Unsubscribed calendars still show up in the calendar list
  • [19787] fix to LookOut - Unable to rename a folder due to the Save And Close button not responding
  • [19856] fix to WorldClient.exe may crash when moving or copying calendar events in WorldClient
  • [17113] fix to when an email response is sent to the meeting planner, the from address is always the user's primary email address even if the request was to an alias
  • [19847] fix to MDRA - Error switching from Settings to another mailing list option in German language
  • [19859] fix to MDRA - Unable To Open File error when clicking White List button under Tarpitting. Button removed.
  • [19883] fix to CardDAV - eM Client - Receiving Failed To Upload Item error when adding a contact
  • [19875] fix to exporting a calendar sub-folder in iCal format results in error or blank file
  • [19876] fix to CFilter.exe where compression file exclusion screen has no 'OK' or 'Cancel' button
  • [19893] fix to importing ICS file removes the "dot" character in the UID
  • [19866] fix to WCIM - chat room name with special characters does not display correctly on chat room search screen and chat room invite screens
  • [19903] fix to specific calendar events may not be synchronized via CalDAV
  • [19920] fix to LookOut and WorldClient themes - Notification sound is not played when a new message is received
  • [19921] fix to LookOut theme - After setting a sound for a new mail notification, the sound is still showing: None
  • [19930] fix to Spam Filter options to not filter mail from local, trusted, or authenticated sources do not work if SMTP scanning is disabled
  • [19821] fix to the ActiveSync client authorization messages sent to administrators appear garbled for some languages
  • [19850] fix to Dynamic Screening notification messages may appear garbled
  • [19925] fix to WCIM crashing issue at start up
  • [19944] fix to iOS ActiveSync clients will not sync calendars that contain a recurring event with multiple attendees
  • [19836] fix to ActiveSync clients may resync repeatedly due to an invalid FolderSync key
  • [19985] fix to Mailsploit address spoofing issues

MDaemon 17.5.1 - October 24, 2017


[19710] The Dynamic Screening option to freeze accounts after a number of authentication failures is now off by default. It will be turned off when updating to version 17.5.1. If you want to turn it back on, go to Security | Dynamic Screening | Auth Failure Tracking.


  • [19538] LetsEncrypt logging will now include additional details that will make it easier to troubleshoot. The log will include a URL to LetsEncrypt.com that will help explain why challenges fail.
  • [19654] Defaults for the Dynamic Screening settings have been changed. Account freeze is off by default and fewer notifications are enabled. If you have the defaults from 17.5.0, please review your settings and adjust them to your liking.
  • [19432] In WCIM more info is shown about chat room participants, to help expose/prevent spoofing.
  • [18831] LookOut and WorldClient themes - Added a Saved Searches folder to the folder list under Favorites and before Personal folders. This is off by default. To enable it go to Options | Folders and check the box next to Show Saved Search Folders. To search a saved search, click on the folder in the Saved Search list. To open the advanced search dialog and create a new search click the "New Saved Search" folder at the bottom of the Saved Search folder list.
  • [19391] WorldClient - Added minimum and maximum password length information when strong passwords are not required.
  • [17551] The XMPP server log is now displayed in the MDaemon GUI on the WorldClient tab.
  • [19509] MDRA - Updated the MimeTypes.cfg file.
  • [19508] WorldClient - Updated the MimeTypes.cfg file.
  • [19550] MDaemon no longer reports CRAM-MD5 authentication failures for accounts using AD authentication or non-reversible passwords to the Dynamic Screening system.
  • [19607] The number of characters allowed in the Mailing List AD Search Filter setting has been doubled.
  • [19719] The Location Screening option to only block authentication for SMTP connections is now enabled by default, and the wording of the option has been clarified.


  • [19079] fix to MDRA - IMAP Filters do not support multiple conditions
  • [19555] LetsEncrypt: fix to arguments being passed to CertUtil not allowing a space in the path and a fix to the error handling not detecting when this occurs.
  • [19633] LetsEncrypt: fix to the script trying to start MDaemon Remote Administration when it is disabled.
  • [19488] fix to WCIM crash
  • [19520] fix to MDaemon may allow active connections to attempt logins after their IPs have been blacklisted by Dynamic Screening
  • [19524] fix to minor syntax error in generated Authentication-Results headers
  • [18751] fix to WorldClient - Adding calendar entries to public calendar in Lookout theme with the private calendar disabled causes entry to be added to private calendar
  • [19528] fix to WorldClient theme - When "Folder" column is included for wide screens the message list is displayed with columns on top of each other
  • [19525] fix to WorldClient theme - Cannot reverse the sort order in Contacts, Tasks, Notes, and Documents
  • [19502] fix to WorldClient theme - Send/Save buttons in Compose view are ugly in FireFox
  • [18930] fix to LookOut and WorldClient themes - Month View - If adding more than 18 events in a day, the 19th event replaces the first event
  • [19456] fix to MDRA - Time picker drop down button in Autoresponder screen breaks to the next line
  • [19457] fix to MDRA - Domain Manager has wrong Header text
  • [19458] fix to MDRA - strings not being translated
  • [19461] fix to MDRA - Gateway Manager "Delete" button does not work
  • [19548] fix to MDRA - No alert for blank New Black List Entry
  • [19549] fix to MDRA - AS Client Wipe buttons not giving alert
  • [19551] fix to MDRA - Buttons not working on New Catalog dialog
  • [19553] fix to MDRA - Stray closing bracket at top of Copy to Folder dialog
  • [19561] fix to WorldClient - Reminder causing WorldClient to crash
  • [19564] fix to Content Filter "Add to Windows event log" action does not work properly
  • [19563] fix to specific CalDAV request may cause the WorldClient process to terminate
  • [19565] fix to a recurring calendar event without "Start" element in the "Recurrence" node of the calendar.mrk crashes the Mac iCal application when synchronizing via CalDAV
  • [19557] fix to MDRA - Jump to rule dropdown shows rules before the one you are creating
  • [19576] fix to RKEY 5xx error handling incorrect in some cases
  • [19497] fix to WorldClient - WC shows message is both signed & encrypted with one key instead of two
  • [15286] fix to Content filter PGP screen showing incorrectly parsed key ID
  • [19597] fix to possible MDaemon hang during shutdown
  • [19605] fix to LookOut and WorldClient themes - Users cannot change passwords when Password Recovery is disabled
  • [19617] fix to LookOut and WorldClient themes - error message occurs whenever attempting to attach a document to a calendar event when using http
  • [19624] fix to LookOut and WorldClient themes - No search results when searching for non-English characters
  • [19623] fix to WorldClient - Compose - attachments section hides when you add CC or BCC fields
  • [19515] fix to WorldClient - Missing spaces between recipients in To and CC fields
  • [19634] fix to MDRA - Bayesian Learn button is not working
  • [19632] fix to MDRA - Mailing List Notification alerts prompts are incorrect
  • [19631] fix to MDRA - Unable to click OK on IP Cache alert for Max entries exceeded
  • [19630] fix to MDRA - Alert for importing member does not prompt
  • [19629] fix to MDRA - Unable to delete members of a Mailing Lists
  • [19627] fix to MDRA - Mailing List Headers allows blank email address
  • [19626] fix to MDRA - Gateway Manager Creating new Gateway Alerts are mixed up
  • [19620] fix to MDRA - Gateway Manager Options appears to turn off even when it doesn't
  • [19614] fix to possible ActiveSync server crash when setting out of office message
  • [19635] fix to possible ActiveSync server crash during a FolderSync operation
  • [19639] fix to non-ASCII country names are corrupted in MDaemon's Location Screening logging
  • [19640] fix to LookOut and WorldClient themes - When marking a message as read using a 5-second delay, it will revert to unread
  • [19649] fix to LookOut and WorldClient themes - ampersand (&) is encoded as &amp; in the contact list
  • [19644] fix to MDRA - Unable to save an entry to the dynamic screening white list or black list
  • [19650] fix to LookOut theme - Voice icon does not have tooltip
  • [19651] fix to MDRA - "Return to Defaults" button does not work in Server Settings->Ports Screen
  • [19613] fix to Bayesian items on the MD queue window right-click menu are enabled when Bayesian is disabled
  • [19653] fix to RCPT sometimes accepting odd or incomplete domain form
  • [19658] fix to WorldClient - Display Name is received encoded in Reply-To when entered in the Default Reply-To Address
  • [19648] fix to CardDAV server may not synchronize all contacts
  • [19664] fix to LookOut and WorldClient themes - when using German WC and two Drafts folders exist on the server, one named "Drafts" and one named "Entwürfe", only the German named folder shows up
  • [19672] fix to LookOut and WorldClient themes - If the ListRefreshTime is set to 0, the theme will lock up, because it is constantly refreshing the message list upon login
  • [19690] fix to WorldClient session cookie check fails if the browser sends cookie data that is too long
  • [19687] fix to tentative placeholder events are created for meeting requests in messages that are flagged as spam
  • [19696] fix to LookOut theme - Public Documents folder not showing contents when given only Lookup and Read rights
  • [19708] fix to disabling Dynamic Screening IP aggregation results in global /0 or /1 IP blocking
  • [19697] fix to Dynamic Screening notification emails may have corrupted text for some languages
  • [19724] fix to LookOut and WorldClient themes - IE does not handle opening attachments in a way that is easy for users
  • [19734] fix to WCIM user rejoins chat room with wrong nickname after XMPP server restart
  • [19751] fix to possible MDaemon.exe crash if using bandwidth throttling
  • [19765] fix to IMAP server account access issue

MDaemon 17.5.0 - September 26, 2017


[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.

[18481] BlackBerry Enterprise Server (BES) for MDaemon is not compatible with MDaemon 17.5 or newer. There will not be a new version of BES for MDaemon that is compatible. MDaemon's installer will disable BES if it is detected. Uninstall BES to not be prompted about it. Screens about BES have been removed from the MDaemon UI.

[10327] Added quarantine exclusion lists to allow password-protected files from or to configured senders and recipients. At Security | AntiVirus, enable "Allow password-protected files in exclusion list..." and click the "Configure Exclusions" button. Note that as of SecurityPlus 5.1.0, the ClamAV Plugin may quarantine password-protected files before the main AV engine can scan them. An option is to disable the ClamAV Plugin.



A geographically based blocking system has been developed which allows you to block incoming SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger connections being attempted from unauthorized regions of the world. A new screen has been added at Ctrl+S|Screening|Location Screening to configure this.

When the connecting IP is from a blocked country an entry can be logged in the Dyanmic Screening Log.


MDaemon's dynamic screening has been expanded to operate with SMTP, POP, IMAP, WorldClient, ActiveSync, AutoDiscovery, XML API, Remote Administration, CalDAV/CardDAV, XMPP, and Minger. Authentication failures are tracked across all of these services and IPs can be blocked for all of them. Settings are in the UI at Security | Dynamic Screening. The log is on the Plug-ins | Dynamic Screen tab. WorldClient's separate Dynamic Screening system has been removed.


PIM (calendar, contact, tasks, notes) items now support attachments.  Attachments may be added to a PIM item via WorldClient, Outlook Connector, or CalDAV/CardDAV.  When scheduling a meeting, any attachments will be sent to the meeting attendees.

LookOut and WorldClient themes - Implemented PIM attachments for Calendars. A new tab was added in the Calendar Edit view that allows users to add file attachments to an event/meeting. As long as a user has read access to an event, the attached files can be downloaded by the user. Only users with edit access can upload or remove attachments from a given event/meeting. Other themes will not be able to edit the attachments, but the attachments will not be lost when an event/meeting is edited.


A new checkbox on the MDPGP GUI enables/disables automatic transaction of public keys as part of the SMTP message delivery process. If enabled, MDaemon's SMTP server will honor an SMTP command called RKEY.

When sending an email to a server that supports RKEY MDaemon will offer to transmit the sender's then current and preferred public-key to the other host. That host will respond indicating that it either already has that key and thus no further work need be done ("250 2.7.0 Key already known") or that it needs that key in which case the key is immediately transferred in ASCII armored form right then and there ("354 Enter key, end with CRLF.CRLF") just like an email message. Keys that are expired or revoked are never transmitted. If MDaemon has multiple keys for the sender it will always offer up the key that is currently marked as preferred. If no key is preferred then the first one found is offered. If no valid keys are available then no work is done. Only public-keys that belong to local users are offered.

Public-key transfers take place as part of the SMTP mail session that delivers the message from the user. In order for the public-keys transmitted in this way to be accepted the public-key must arrive along with a message that has been DKIM signed by the domain of the key owner with the i= set to the address of the key owner which also must exactly match the From: header address of which there can be only one. The "key owner" is taken from within the key itself. Also, the message must arrive from a host in the sender's SPF path. Finally, the key owner (or his entire domain via use of wildcards) must be authorized for RKEY by adding an appropriate entry to the MDPGP rules file (instructions are in the rules file for this) indicating that the domain can be trusted for key exchange. All this checking is done automatically for you but you must have DKIM and SPF verification enabled or no work can be done.

The MDPGP log will show the results and details of all keys imported or deleted and the SMTP session log will also track this activity. When it works right your SMTP session logs will show details of key transactions and the MDPGP log file will fill with details.

This process tracks the deletion of existing keys and the selection of new preferred keys and updates all participating servers it sends mail to when these things change.


  • [18877] Added a new option to Ctrl+S|Sender Authentication|SPF Verification which allows you to apply SPF processing to the HELO/EHLO value. This option is enabled by default.
  • [19080] The \MDaemon\Data\ folder is now included in the config file backup system.
  • [18881] The LetsEncrypt script no longer needs to shut down MDaemon and its associated programs prior to writing content out to INI files. This reduces the potential down time, but you are still required to restart MDaemon in order for the changes to be recognized.
  • [18862] The LetsEncrypt script no longer writes out the certificate information to the INI files and restarts MDaemon even if nothing has been changed.
  • [19067] As part of the new Dynamic Screening work, the option "Limit simultaneous connections by IP to (0 = no limit)" has been moved from Ctrl+S|Screening| SMTP Screen to F2|Server Settings|Sessions. Also, the SMTP Screening UI has been adjusted. The settings here apply only to SMTP screening and use the Dynamic Screening system so some explanatory text was added.
  • [8274] LookOut and WorldClient themes - Added the option to export and import Groups/Distribution Lists from and to a contact folder in WorldClient. The format is WorldClient specific, since Outlook does not support exporting and importing Groups. The format is as follows:
        columns - Group GUID, Group Name, GUID, Full Name, Email
        Each line that contains either a Group Name or a Group GUID is considered the beginning of a new group. Any GUID, Full Name or Email on that line is considered the first member of the group/list. An Example from Excel follows:
    Group GUID Group Name GUID Full Name Email
    The Jedis Anakin Skywalker ani@jedi.mail
    Leia Organa leia.organa@jedi.mail
    Luke Skywalker luke.skywalker@jedi.mail
    Yoda yoda@jedi.mail
    The Siths Darth Maul darth.maul@sith.mail
    Darth Vader darth.vader@sith.mail
    Emperor Palpatine emperor.palpatine@sith.mail

    When importing, the Group GUID is replaced with a freshly generated GUID. If no Group Name is included, the name will be displayed without translation as "ImportedFromCSV_%GUID%", where %GUID% is replaced with the first five characters of the GUID. Leaving the cells to the right of a group name empty will result in the next line being the first member of the group/list. The Email field is required for a member to be added.
  • [15783] LookOut and WorldClient themes - Added Voice Recording feature. This feature requires a microphone and is only available in certain browsers. It can be disabled by the admin on a per user basis by adding EnableVoiceRecorder=No to the User.ini. Users are limited to five tracks of five minutes each. Attempting to record more than 5 tracks will result in either the selected track, or the first track, being replaced by the new recording (the user will be prompted). After recording is stopped (either automatically or by the user), the track is converted to an mp3 and uploaded to the server. Users have four options regarding each track:
    • Save to the desktop
    • Save to default WorldClient documents folder
    • Send in an email using a quick dialog that only includes To, CC, BCC, Subject, and a plain/text Message Body
      • Only the To is required. There are canned Subject and Message Body phrases used when no Subject or Message Body is input by the user.
    • Open a new Compose view with the track attached
    Users can only act on one track at a time. For example, only one track can be attached to a message. If a user wants to attach multiple tracks to a message, the user will need to save each track to the default documents, and do the attaching from there.
  • [13361] LookOut and WorldClient themes - Users can now reorder favorite folders by dragging and dropping them in the favorites list.
  • [14784] LookOut and WorldClient themes - New folder management features in the Options | Folders view and in the main folder list view.
    In the folder list view (left pane):
    • Users can drag and drop to move folders from one parent to another
    • Users can rename folders and give favorites nicknames by clicking on them a second time (shortly after folder selection)
    • Show Folders by Type is now available in the LookOut theme
    • If there is already at least one favorite folder (because favorites are hidden until one is added), users can drag and drop a folder to favorites in order to add it (dragging a folder out of the favorites does nothing).
    • The new folder and rename folder dialogs were added to the LookOut theme
    In the Options | Folders view, the folder tree is now collapsible, and the New Folder dialog has been moved to an external window like in the WorldClient theme.
  • [8360] Lite, LookOut and WorldClient themes - Added an option to choose the font size for plain text Compose under Options | Compose. The option (Compose Font Size) is always visible in Lite theme, and only visible in LookOut and WorldClient themes when HTML Compose is turned off.
  • [8937] WorldClient - The paperclip is no longer displayed in the message list for new messages that only include inline images, unless the "List All Attachments" option is turned on under Options | Personalize.  This only affects new messages, so old messages will continue to show the paperclip in the case that only inline images are attached to the message.
  • [18526] LookOut and WorldClient themes - Users can now open file attachments in the browser (if the browser supports it) by clicking on the name of the file in the message preview or external message window. To download the attachment, click the download icon next to the name.
  • [5494] LookOut and WorldClient themes - Added options to Export a contact in vCard 4.0 format. The "Export vCard" button will download the vCard. The "Send vCard" will open a new Compose window with the vCard(s) attached.
  • [18345] LookOut and WorldClient themes - Added a "None" option in the Compose view Signatures select dropdown
  • [18397] LookOut and WorldClient themes - Added a setting in Options | Personalize to close the message window when the user deletes the message (external window only), which also preempts the opening of the next message in the list.
  • [18312] WorldClient theme - Updated the look of Notes, and added an option to change the color of the note by clicking on the note icon in the top left corner of the note.
  • [18728] LookOut and WorldClient themes - Added settings in the Options | Compose view to allow users to choose a signature for replying and forwarding respectively.
  • [17255] LookOut and WorldClient themes - Added an option to not include signatures in replies or forwards. Under the same settings for 18728 the user can choose "No Signature" for replies and/or forwards.
  • [18179] All Themes - the User cookie is now set to the current value of the User field on login form submission
  • [9343] LookOut and WorldClient themes - Added the ability to search for attachment names in the advanced search
  • [18479] All Themes - Added indexed data search for message bodies and attachment names
  • [12349] All Themes - WorldClient now includes the ability to choose between downloading the 32 bit and 64 bit OC Plugin Installers.
  • [9644] Removed MSXML 4 from the installer.
  • [18768] Added support for password protected chat rooms to XMPP server.
  • [18769] Added support for password-protected chat rooms to WCIM client.
  • [18805] WorldClient theme - Simplified the look of the Compose view. Advanced options can be displayed by clicking one button. Save (without closing) option added. Clicking the X in the top right corner will discard a draft, instead of just closing the window. The subject is displayed in the header as the user types it. Moved the Send, Save, and Save and Close options to the footer. The entire attachments section is the drag and drop area.  Moved the paragraph justification buttons down to the second level in the HTML editor options.
  • [8769] LookOut and WorldClient themes - Added message list context menu options to "Whitelist Sender" and "Blacklist Sender". If clicked, the sender of the selected message(s) will be added to the Whitelist or Blacklist contact folder. These options can be hidden by adding HideEmailAddressHoverMenus=Yes in the Domains.ini under [Default:UserDefaults], or adding the same to a user's User.ini file.  When using these options, users can select multiple messages to Whitelist/Blacklist.
  • [18696] LookOut and WorldClient themes - Added an option under Options | Compose to allow users to use the Dropbox Preview Link. The default is the Dropbox Direct Link.
  • [18209] Turned off EditBISInboxMapping in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults]. This hides the "Push to Blackberry" column in WorldClient's Options | Folders view. This can be enabled for all by changing it back to Yes in the MDaemon\WorldClient\Domains.ini or per user by adding it to the [User] section of a user's User.ini file.
  • [16847] Increased the number of custom buttons allowed in WorldClient to eight.
  • [18194] WorldClient theme - Date now displayed when printing a calendar in Calendar View mode.
  • [18861] A new screen at Setup | Outlook Connector | OC Client Settings | Add-ins lets the admin configure Outlook add-ins for Outlook Connector to disable. Requires Outlook Connector 5.0 or newer. Select a default action, Allow or Disable, which applies to new or unlisted add-ins. Individual add-ins and their actions (whether to Allow, Disable, or use the default action), are displayed in a list box. OC clients will populate the list, or admins can add them from the UI.
  • [13179] WorldClient - Added ability for users to view their last ten successful logins on the Options | Security page. This is enabled by default. To disable this option, set DisplayLoginHistory to No in MDaemon\WorldClient\Domains.ini under [Default:UserDefaults].
  • [3548] WorldClient - Added Internationalized Domain Name support, so that IDNs will not be displayed in punycode, but instead in UTF-8.
  • [18897] LookOut and WorldClient themes - under Options | Compose, the Compose Height and Compose Width options have been removed when HTML Compose is unchecked, because the height and width of the text area in the compose view is auto resized to fit the window.
  • [12412] LookOut theme - Added a delete button to the appointment editor that works like the one in the WorldClient theme.
  • [18936] Added ability to disable SSL in XMPP Server by adding in \MDaemon\XMPPServer\settings.ini...
  • [9987] Added support for account IMAP filters with multiple conditions that can be combined using AND or OR. The filter rule creation UI has links that let you edit each part of the rule. Click the "[+]" link to add a condition and the "[x]" link to remove a condition.
  • [15967] When MDaemon 17.5+ first starts up, if MDaemon has never been configured to use SSL it will automatically generate a default self-signed certificate and enable SSL for MDaemon, WorldClient, and Remote Administration.
  • [19042] POP3, IMAP, and SMTP server authentication changes to make them more consistent, improve logging, and not give as much information about failures to clients. When a username is sent to MDaemon in an encoded form, MDaemon logs it in plain text. When authentication is successful MDaemon logs the account's email address. When authentication fails MDaemon logs the reason but the error message sent to the client is generic. Authentication failures due to invalid username or password are reported to Dynamic Screening, but not those due to the account being frozen, set to do not disturb, expired password, etc.
  • [17773] MDRA - Added a "Message Search" page under "Messages & Queues" for Global Admins. This view allows the admin to search a single user's message folders. The maximum number of messages returned is 10,000. After getting a list of messages, the admin can view the message, and related log entries from the Routing, SMTP(in and out), DomainPOP, and MultiPOP logs. Logs will only be displayed if the Statistics Database is enabled under Setup | Server Settings | Logging | Statistics Log.
  • [10679] Content Filter - Added ability to block attachments in nested ZIP files up to 5 levels deep.
  • [19226] WorldClient theme - Increased the email address input length to 76 characters, which is the maximum length of an MDaemon email address.
  • [19212] The files NoTarpit.dat, DynamicScreen.dat, and AuthErrors.dat in the \MDaemon\App directory are no longer used.
  • [19078] Added complex Filters to WorldClient. Unsupported themes will not be able to save changes to existing filters.
  • [19160] WorldClient theme - Deferred Delivery - Added an alert that tells the user when the message will be sent
  • [19316] MDaemon creates registry entries for Windows Error Reporting to save memory dumps if MDaemon.exe, CFengine.exe, WorldClient.exe, WebAdmin.exe, or WCXMPPServer.exe crash. This functionality requires Windows Server 2008/Windows Vista or later. Dump files will be saved to the \MDaemon\Dumps folder. This location may be changed by editing \MDaemon\App\MDaemon.ini and setting [Directories] CrashDumps.
  • [17570] Added performance counters for the number of connections refused by IP Screen, Dynamic Screen, Host Screen, and Location Screen.
  • [18939] Added performance counters for whether a new version of a product is available and the number of days left in the license for each product.
  • [9989] WCIM - Added buddy grouping.  The default group is "Buddies".
  • [13293] Added an account settings option (enabled by default) to automatically place new meeting requests on the receiving user's default calendar, marked Tentative.
  • [19340] MDRA - Added Location Screening view
  • [19247] WorldClient - Improved the error message when entering an invalid password on the change password page (when forced to change password by admin).
  • [19359] WorldClient - Improved the error message when a user uses an old password.
  • [19385] WorldClient and MDRA - Updated CKEditor to version 4.7.1


  • [18882] fix to LetsEncrypt generating a new certificate each time the script runs.
  • [1995] fix to WorldClient - HTML messages with embedded CSS render poorly
  • [10334] fix to WorldClient - Message Preview - Malformed messages may have malformed signatures
  • [10449] fix to WorldClient - extra space is shown between lines in an HTML message that was composed using Outlook
  • [18746] fix to Mobile theme - Going back or using the refresh button in the list view results in a mostly blank page
  • [18136] fix to MDPGP GUI showing aliases with macros in dropdown when creating keys for specific users
  • [18745] fix to MSA connections not honoring local sources spam filter exemption
  • [10273] fix to WorldClient - Alert.sem file not currently working
  • [15343] fix to CalDAV: response is not sent to meeting organizer when accepting a meeting request in Thunderbird/Lightning
  • [18639] fix to WebDAV log file created with name of ".log" if MDaemon logging is disabled
  • [18706] fix to Remote Administration not forcing the recipient of the Weak Password Report to be a local user
  • [18739] fix to able to enter non-numbers for max users per domain in Remote Administration
  • [18740] fix to Remote Administration does not force entry of a Smart Host when needed in Domain Manager
  • [18741] fix to some options not enabled on Remote Administration's Domain Manager | Calendar screen
  • [18761] fix to Remote Administration needlessly forcing a policy description in ActiveSync Policy Editor
  • [18788] fix to Remote Administration forcing entry of a Dequeue String when it should be optional
  • [18791] fix to Remote Administration not checking for a positive integer for time to live in IP Cache
  • [18797] fix to Remote Administration missing some of the necessary new mailbox name validation
  • [18759] fix to Remote Administration not hiding "WC Documents Folder" as an option when editing Account Templates
  • [18821] fix to LookOut and WorldClient themes - Cannot see new category added on the Options | Categories view when adding by right clicking message | Categories
  • [18811] fix to LookOut and WorldClient themes - Current folder on server changing if you right click and perform action on a non-selected folder
  • [18808] fix to LookOut and WorldClient themes - Applying changes to a signature with more than one font-size results in all fonts changing back to the default
  • [18866] fix to WorldClient theme - After a search, if you click the X on the search bar, only the message subjects are displayed
  • [18898] fix to Lookout theme Add button is not grayed out when editing a single occurrence of a recurring event
  • [18907] fix to encoding issue when AV warning message text is added to HTML messages
  • [18908] fix to MDRA - When Free/Busy service for a domain has a password, the field appears blank
  • [18911] fix to MDRA - Passwords available in plain text on various pages
  • [18933] fix to LookOut and WorldClient themes - WorldClient does not display the email address in the "Recipient unknown" error message
  • [19091] fix to WCIM client stripping CR/LF when sending multi-line messages
  • [19092] fix to WCIM client not sending status changes to server for 5 minutes
  • [19110] fix to remote IP not included in Received headers in some configurations
  • [18874] fix to DNSBL lookups on Received header IPs not honoring white list
  • [18902] fix to Mail List sending copy to sender errantly in some configurations
  • [19138] fix to invalid regular expression in bad passwords file causes problems for the MDaemon GUI and Remote Administration
  • [19019] fix to MDRA - Content Filter shows "Process Exit Code" instead of "SpamAssasin Score" popup when selecting a SpamAssasin Score entry
  • [19131] fix to MDRA - Subfolders are not always created correctly
  • [19175] fix to WorldClient - When composing a signature, then when using an underline, it is not saved
  • [19188] fix to LookOut and WorldClient themes - Deferred Delivery sets year to 1601 when sent from the Spell-Check view
  • [18820] Fix to LetsEncrypt script not restarting MDaemon when WorldClient or MDaemon Remote Administration are running under IIS and the WebScripting tools are not installed
  • [18702] fix to various problems with the Group Editor in Remote Administration
  • [18800] fix to JavaScript error on ActiveSync Clients page in Remote Administration
  • [18701] fix to various excessive whitespace on certain popup windows in Remote Administration
  • [18712] fix to some text not being translated on Remote Administration's DomainPOP page, User's Forwarding page, and Dropbox page
  • [18724] fix to incorrect prompt in Content Filter "Event Log" actions in Remote Administration
  • [18792] fix to IP Shielding screen in Remote Administration not forcing entry of an IP address
  • [18819] fix to Event Logging screen in Remote Administration not disabling some options when it should
  • [17689] fix to From Header Modification not always handling parsing correctly
  • [19114] fix Mobile theme - Calendar months and days are displayed in English when any other language is selected
  • [19300] WCIM client - fix to account not added to drop list on 'Add Contact' screen
  • [19149] WCIM client - fix to "Invisible" status change not working.  It will act as "Do not disturb" to other XMPP client.
  • [19302] fix to MDRA - Cannot edit or create new domain
  • [19303] fix to WorldClient theme - not able to sort messages by ascending date when changing the sort order on the Options | Personalize page
  • [19304] fix to WorldClient - error message popup goes away too quickly before it can be read
  • [18693] fix to LookOut and WorldClient themes - Unable to send faxes with no attachments
  • [19265] fix to IPF.IMAP type folders being created when moving folders from an IMAP PST to an Outlook Connector account
  • [19351] fix to LookOut theme - when switching messages the scroll bar is not reset in the message preview
  • [19367] fix to Possible memory leak in the Thread Pool if Message Log Parser fails
  • [18844] fix to WCIM - if user changes status with multiple XMPP clients, WCIM should only report offline if all instances go offline
  • [19113] fix to Mobile theme - First Day of week setting is not applied to the calendar
  • [19151] fix to WCIM - when global status is set to "Online" WCIM should log account back in
  • [19002] fix to contact notes changed on an ActiveSync client are not saved to the server
  • [18927] fix to ACL entry in an account's root Hiwater.mrk is not added to AclShLookup.dat during the ACL cleanup event
  • [19173] fix to a single instance of a recurring appointment deleted using an ActiveSync client is not deleted on the server
  • [19321] fix to messages sent using ActiveSync may display incorrect date in ActiveSync clients
  • [18932] fix to Sent Items copy of message sent using ActiveSync is unread
  • [19452] fix to MD GUI crashes immediately when selecting the Use Small Display Font option

MDaemon Server v17.0 Release Notes

MDaemon 17.0.3 - August 29, 2017


  • [18804] fix to data corruption when moving an event from one calendar to another using ActiveSync
  • [18826] fix to possible XMPP server crash when using TLS
  • [18931] fix to LookOut and WorldClient themes - Cannot reach the second page for non-default Tasks, Notes, and Documents folders
  • [18441] fix to XMPP server crash
  • [18806] fix to non-ASCII characters not showing correctly in WCIM buddy list
  • [19187] fix to possible WCIM crash when adding buddies from buddy search screen
  • [18872] fix to WCIM buddy search results columns are mislabeled

MDaemon 17.0.2 - May 19, 2017


  • [18848] fix to MultiPOP and DomainPOP when configured to leave mail on the server will download new messages repeatedly

MDaemon 17.0.1 - May 16, 2017


  • [4378] Added the Delete Selector button to Remote Administration's DKIM Signing page
  • [15397] Added the edit box to Account Editor | Settings in Remote Administration to specify a list of email addresses for automatic processing of meeting requests
  • [18245] Added Central Management of OC Local Cache and Attachment Folder to Remote Administration
  • [18476] Added text to the Remote Administration logon page to indicate when a new version of MDaemon is available. To disable the text, change UpdateCheck=Yes to UpdateCheck=No in the [Special] section of \MDaemon\WebAdmin\Webadmin.ini
  • [16608] Added Mail Archive access to the Queue/Stats Manager
  • [18398] Added WorldClient logging information to help identify which message was deleted
  • [18559] Added instruction on how to add accounts immediately after creating a domain in Domain Manager
  • [18563] WorldClient - browser native alert, confirm, and prompt dialogs have been replaced with non-native dialogs in most cases. If the browser has an issue supporting the new dialogs, the browser dialogs will be displayed.
  • [18475] Added text to the WorldClient logon page to indicate when a new version of MDaemon is available. To disable the text, change UpdateCheck=Yes to UpdateCheck=No in MDaemon\WorldClient\Domains.ini
  • [18558] Worked around WorldClient being unable to authenticate SMTP connections to MDaemon when both "Enable APOP & CRAM-MD5" and "Allow plain text passwords" are disabled by making an exception for local machine SMTP connections. This can be disabled by setting MDaemon.ini [Special] AllowPlainTextOnLocalhost=No (default is Yes).
  • [18506] Renamed the HealthCheck log folder and file from SecurityAnalyzer to MDHealthCheck and changed from GMT to local time.
  • [18515] Health Check - Set Recommended now triggers MDaemon to reload settings after the operation is completed.
  • [18519] Health Check - No longer displays errors for settings that are not found.
  • [18640] Health Check - User is now warned to back up settings prior to setting recommended settings when the Set To Recommended button is clicked.
  • [18584] Health Check - Added a warning when IP shield is enabled, but no Domain/IP pairs are listed
  • [18580] WorldClient theme - darkened the plus button/icon in the folders view to heighten its contrast with the background
  • [18675] WorldClient - Added HTTP log for OAuth setup when there is an authorization failure caused by an HTTP error
  • [18510] LookOut and WorldClient themes - Dropbox - changed the Dropbox link in the Compose view to the direct download instead of the Dropbox preview
  • [18564] Remote Administration - browser native alert, confirm, and prompt dialogs have been replaced with non-native dialogs in most cases.


  • [16996] fix to Spam Filter Updates page not always allowing a "Save" in Remote Administration
  • [18429] fix to various problems with saving a List Description in Remote Administration
  • [18511] fix to LookOut and WorldClient themes - Adding or removing folders to or from the favorites does not reload the folder list
  • [14126] fix to Outlook .msg files attached in WorldClient may be corrupted
  • [18434] fix to message is not archived when it is re-queued from the quarantine after setting up an AV exclusion
  • [18502] fix to WorldClient theme - the left pane and bottom preview pane sizes change between logins
  • [18513] fix to WorldClient - When switching to the LookOut theme from Options | Personalize, the folder list is blank
  • [18518] fix to LookOut and WorldClient themes - search term is removed when switching between folders of the same type
  • [18463] fix to WorldClient theme - In Side by Side view, calendar looks corrupt when enabling additional calendars in Week view
  • [18523] fix to MDHealthCheck crash when analyzing if there are many domains
  • [17862] fix to IMAP server incorrectly parsing messages with header lines that are too long
  • [17151] fix to WorldClient - email address autocomplete - hitting tab twice too quickly results in the address being added twice
  • [18466] fix to WorldClient - When downloading files named with Japanese characters they are corrupt when saved using MS Edge
  • [18527] fix to WCIM XMPP Client Non-ASCII characters are not encoded correctly
  • [18536] fix to WorldClient - some languages that use apostrophes (') - Unable to choose or enter any addresses when sharing a folder
  • [18493] fix to garbage characters on MD UI's Browse for Folder dialog
  • [18267] fix to attachments may be corrupted in the archive copy of a message
  • [18038] fix to bad archive folders are created when incoming emails do not have an address in the From header
  • [18532] fix to possible ActiveSync server crash
  • [18525] fix to ActiveSync GetAttachment command not being allowed
  • [18507] fix to times of messages received using ActiveSync may be off by 1 hour
  • [18546] fix to PROPFIND request for CalDAV or CardDAV using .well-known path fails if the path ends with a slash
  • [17965] fix to aliases that point to a subaddress folder for an account do not show up under account's aliases
  • [18337] fix to account export options including disabled accounts in the export operation
  • [18548] fix to AD monitoring creating welcome messages when importing disabled accounts
  • [18395] fix to AD monitoring not freezing disabled accounts when so configured (just disabling them)
  • [18282] fix to max msg sent per day & spambot detection not recognizing aliases properly
  • [18427] fix to list reminders not recognizing aliases properly
  • [18557] fix to all groups are unchecked on the MD UI's account templates Groups screen and Account Editor's Mail Folder & Groups screen
  • [18456] fix to Account Editor may not have the correct domain selected when opening it from the Domain Manager
  • [18561] fix to WorldClient theme - Searches in non-ASCII languages fail to return the expected results
  • [18078] fix to MD UI may suggest Dropbox Redirect URI that does not use HTTPS
  • [17797] fix to groups from the New Accounts template are not assigned to new accounts imported from a CSV file that does not have a Groups field
  • [18566] fix to WorldClient theme - When clicking a favorite folder, no messages are displayed when Collapse Nested Folders is enabled
  • [18579] fix to WCIM client not being able to connect when specifying a different XMPP port than the default
  • [17236] fix to corrupted Japanese characters in attachment linking filenames
  • [17591] fix to all recipients of a message may not be sent in the same outbound session to a smart host
  • [16063] fix to mailing list footer may be added to text file attachments
  • [15681] fix to WorldClient's Lite and Mobile themes do not display past the first page of contacts in folders whose name contains non-ASCII characters
  • [15445] fix to WCIM chat window may strip the character following an emoticon
  • [18037] fix to the Aliases screen on the MD UI's Account Editor is not updated after changing the account's email address
  • [16228] fix to $USERFIRSTINITIALLC$ macro is not translated when creating a new account in Remote Administration
  • [14731] fix to $USERFIRSTNAMELC$ and $USERLASTNAMELC$ macros are not translated when creating accounts using ImportNT
  • [18641] fix to the MDaemon service may take too long to stop, causing the service control manager to report an error
  • [18642] fix to restarting MDaemon from a Configuration Session UI restarts the MDaemon service but not the UI
  • [18587] fix to a variety of Health Check issues
  • [18458] fix to XMPP server and WCIM client not correctly handling when chat room nick name already exists
  • [18437] fix to "Enable instant messaging" does not work for XMPP
  • [18630] fix to LookOut and WorldClient themes - Message body removed when replying to email once alias is changed
  • [17956] fix to the dynamic screening "...but not when they use the same password every time" option does not work for SMTP sessions
  • [18578] fix to LookOut and WorldClient themes - When HTML Compose is disabled changes are not saved to the signature
  • [18671] fix to content filter "Match case" option for regex header and body search and replace does not work
  • [18674] fix to ActiveSync GAL search may not work for iOS devices
  • [18661] fix to "Authorize all accounts upon first access via ActiveSync protocol" option not working properly
  • [18628] fix to two acceptance notifications are generated when a meeting is accepted using an ActiveSync client
  • [18492] fix to ActiveSync client resyncs due to "Setting Status Collection 16 Retry"
  • [18684] fix to outdated country list on MD UI's Create SSL Certificate dialog
  • [18694] fix to MDPGP-Results header may contain non-ASCII characters
  • [18623] fix to changing the color of a CalDAV calendar in BusyCal prevents further synchronization
  • [18699] fix to WorldClient - HTML is not working in Login failure help text field
  • [18682] fix to unresolved macros in ActiveSync-generated read receipts
  • [18672] fix to ActiveSync Client Settings dialog does not correctly preview inherited Domain level settings when editing User or Client
  • [18711] fix to MDaemon does not set a subjectAltName value in self-signed certificates that it generates when given a single host name

MDaemon 17.0.0 - March 21, 2017


[17978] The option "Enable APOP & CRAM-MD5" found at F2|Server Settings|Servers has changed to disabled by default for security and technical reasons. Using TLS is the preferred way to avoid transmission of passwords in the clear.

[17977] The "Global AUTH Password" setting at Ctrl+S|Sender Authentication|SMTP Authentication has been deprecated and removed.

[18067] All settings related to ADSP found at Ctrl+S|Sender Authentication|DKIM Verification and a single option related to the use of the RS= tag found at Ctrl+S|Sender Authentication|DKIM Settings have been deprecated and removed.

[17337] In-browser WorldClient Instant Messenger (WCIM) has been removed from the LookOut and WorldClient themes due to incompatibility with the new XMPP WCIM server.

[8314] The option "Store mailbox passwords using non-reversible encryption" (see below) is disabled by default for existing installs to avoid breaking anything for anyone who depends on incompatible features, but for security reasons we recommend enabling it if you can.

[17122] WorldClient Instant Messenger (WCIM) now uses the XMPP protocol for instant messaging, which is not compatible with the old chat protocol. Users who do not update to the new version will not be able to instant message with users who have updated. Address book synchronization with Outlook has been removed from WCIM.


[17122] XMPP support for WorldClient Instant Messenger (WCIM)

WCIM now uses the XMPP protocol for instant messaging instead of WorldClient's proprietary protocol. This allows the WCIM desktop client to communicate not only with other WCIM clients, but any third-party XMPP clients (including mobile clients) connected to your MDaemon's XMPP server.

WCIM now has two types of connections, "WCMailCheck" which connects to WorldClient for new mail notifications and message counts, and "WCIMXMPP" which connects to the XMPP server for instant messaging. When updating to version 17, WCIM will automatically migrate IM contacts from the old system to XMPP and create a WCIMXMPP account.


A new screen has been added to Ctrl+W|WorldClient (web mail)|Dropbox. Here you will find controls where you can enter your Dropbox "app key", "app secret", and privacy policy text. All are needed in order to enable the integrated service and they are all obtained when you register your WorldClientas a Dropbox "app" by visiting the Dropbox website. We cannot do this for you but it only needsdoing once. Please see Knowledge Base article 1166 for complete instructions on how to register your WorldClient as an app with Dropbox.

Once the "app key" and "app secret" are configured WorldClient will be able to connect their accounts to a Dropbox account. The first time a user logs into WorldClient theme or LookOut theme, the user will be presented with a dropdown at the top of the page. The user has three options, view the dropdown on next login, never show it again, or go to the new Options | Cloud Apps view. On the Options | Cloud Apps view, the user can click the Setup Dropbox button. Doing so will open an OAuth 2.0 popup. The popup details what the user is connecting to, and what authorizations WorldClient is requesting. There is also a link to the privacy policy, and "Connect to Dropbox" button. Once the user clicks the "Connect to Dropbox" button, the page will navigate to Dropbox. If the user is not logged into Dropbox, Dropbox will present a site for them to either login or create an account. Once this step is completed, the user will be presented with another Dropbox page that asks if the user would like to allow WorldClient to have full access to his/her account. Clicking "Allow", will take the user back to WorldClient and tell the user whether or not the authorization was a success. This authorization is good for one week after which time the same screen is presented again and another access token is obtained and used for a subsequent week. Once authorization is completed, the user will be presented with a Dropbox icon next to each message attachment. Clicking the icon will result in the attachment being saved to the user's Dropbox account under the /WorldClient_Attachments folder.

In the Compose view for WorldClient and LookOut themes, users will be able to choose files from their Dropbox accounts by clicking the Dropbox icon in the HTML editor's toolbar (top left). This feature does not require the users to setup access to their accounts via the Options | Cloud Apps view and OAuth 2.0. It only requires the "app key" and "app secret".

Dropbox integration is disabled by default. The "Enable Dropbox Integration" checkbox will enable it for all users, or the admin can enable access on a per-user basis by adding "DropboxAccessEnabled=Yes" to the User.ini.


  • [8314] Option to store mailbox passwords using non-reversible encryption

    Added a checkbox at Ctrl+U|Other|Passwords to store mailbox passwords using non- reversible encryption. This protects the passwords from being decrypted by MDaemon, the admin, or a possible attacker. When enabled, MDaemon uses the bcrypt password hashing function. It allows for longer passwords (up to 72 characters), and for passwords to be preserved yet not revealed when exporting and importing accounts. Some features such as APOP & CRAM-MD5 authentication and weak password detection depend on MDaemon being able to decrypt passwords, so they are not compatible.

    This option is enabled by default for new installs and disabled by default for existing installs.

    As part of this change, the Account Editor's "Mailbox password" fields are no longer populated when editing an account in the UI. Enter a new password (twice) to change the password or leave them blank to keep the current password.
  • [17875] Integration with Let's Encrypt via PowerShell script

    Let's Encrypt is a certificate authority that provides free certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. 

    A PowerShell script that supports LetsEncrypt is now installed to the MDaemon\LetsEncrypt directory.  A dependency of the script, the ACMESharp module, requires PowerShell 3.0 . This means this script will not work on Windows 2003.

    WorldClient must be listening on port 80 or the HTTP challenge cannot be completed and the script will not work. You will need to correctly set the execution policy for PowerShell before it will allow you to run this script. Running the script will set everything up for LetsEncrypt, including putting the necessary files in the WorldClient HTTP directory to complete the http-01 challenge. It uses the SMTP host name of the default domain as the domain for the certificate, retrieves the certificate, imports it into Windows, and configures MDaemon to use the certificate.

    The script creates a log file in the MDaemon\Logs\ directory called LetsEncrypt.log. This log file is removed and recreated each time the script runs. The log includes the starting date/time of the script but it does not include a date/time stamp for each action. Notification emails can be sent when an error occurs. This is done using the $error variable which is automatically created and set by PowerShell.

    If you have an FQDN setup for your default domain that does not point to the MDaemon server, this script will not work. If you want to setup alternate host names in the certificate you can do so. You need to pass the alternate host names on the command line.

    Example usage: ..\LetsEncrypt.ps1 -AlternateHostNames mail.domain.com,imap.domain.com,wc.domain.com -IISSiteName MySite -To "admin@yourdomain.com"

    You do not need to include the FQDN for the default domain in the AlternateHostNames list. For example, our default domain, altn.com, is configured with an FQDN of mail1.altn.com. We use an alternate host name of mail.altn.com. When I run the script, I only pass mail.altn.com as an alternate host name. If you pass alternate host names, an HTTP challenge will need to be completed for each them. If the challenges are not all completed the process will not complete correctly.

    If you do not need to pass in alternate host names then do not include the –AlternateHostNames parameter in the command line. If you do not want to have email notifications sent when an error occurs do not include the –To parameter in the command line.

    If you are running WorldClient via IIS, you will need to pass this script the name of your site using the -IISSiteName parameter. You must have Microsoft's Web Scripting tools installed in order for the certificate to be automatically setup in IIS.
  • [18218] Added a new troubleshooting utility called MDaemon Health Check located at MDaemon\App\MDHealthCheck.exe. Running it will check MDaemon security related settings (AV, SPAM, SSL, etc.) for settings that are not recommended. It allows the user to change any settings that are not recommended to the recommended setting. It also creates a log file of the process in MDaemon\Logs which also includes any errors (errors about missing settings are not a concern) or warnings found. The user can open the most recent log from the utility. It can be launched from the MDaemon UI using the new toolbar button or menu item in the Help menu.
  • [11002] Added Content Filter option to quarantine the entire message when it contains a restricted attachment.
  • [16587] Added means to "authorize/approve" new devices that are allowed to use ActiveSync.
    To require approval of any new client that connects, simply set the checkbox in the client settings dialog for the level at which you wish to enforce it, either global, domain or user.
    A new Filter combobox is preset on the client list dialog, which allows the admin to look at all clients or clients awaiting approval.
    To Authorize a client that requires approval... one can right click on the client in the list of clients and choose "Authorize client..."
  • [14383] LookOut and WorldClient themes - Added Desktop Notifications for event reminders and task reminders.
  • [17982] Ctrl+Q|Mail Queues|Retry Queue has a new checkbox which enables sending of a "successful delivery" DSN any time a message is delivered which has previously been delayed and placed in the retry queue for whatever reason.
  • [17990] Ctrl+S|Preferences|Headers option to create optional "For" clause in Received headers has been deprecated and removed. MDaemon no longer generates this optional clause when creating Received headers.
  • [17552] First time access to SMTP/IMAP/POP server from any IP having previously provided incorrect credentials will result in a warning added to the Screening log along the lines of "<Protocol> access granted to <IP> using <email address>'s credentials after having FAILED previous on <Date>" or similar.
  • [5861] WorldClient - Added an option under Options | Personalize to allow inline images in messages from Whitelisted senders and contacts from the user's default contacts folder
  • [3253] LookOut and WorldClient themes - Added an option next to attachments in the attachment list to remove attachments from a message
  • [2069] LookOut and WorldClient themes - Added the ability to create multiple signatures, and assign them on a per email address basis.  Users can create, edit, and delete signatures in the Options | Compose view.  In the Compose view, changing the from address will change the signature, and there is also a list of signatures to choose from in the advanced options.  Each time a user opens a Compose view, all the signatures are loaded.  The number of signatures per user is limited to 30 in order to prevent slow load times.
  • [7152] LookOut and WorldClient themes - Added ability to import vCards (.vcf files) into WorldClient default contacts folder.  There will be an icon next to any vcf file in the message attachment list.
  • [9646] LookOut and WorldClient themes - Added an option in the compose view for users to send a message at a future date and time.  Users can set the date and time fields which will set the Deferred-Delivery message header for the email when saved as a draft or when sent. Deferred Delivery must be enabled in MDaemon at F2|Server Settings|Message Recall.
  • [17747] Dynamic Authentication was renamed to Active Directory or AD Authentication which is what is it and I'm trying to use the correct terms. This caused a change to UI verbiage at Account Settings|Account Details screen and Ctrl+U|Active Directory|Monitoring. As part of this work the Account Settings|Account Details screen was also changed to remove the "Optional sync password" field (UI change only) and add a field to specifying an optional AD account name to be used with authentication (UI change only).
  • [17423] Several problems were fixed related to mail folder relocation when an account changes email address or mail folder. The option at Ctrl+O|Preferences|System which controlled whether mail folders were relocated has been deprecated and removed. MDaemon will always attempt to move mail folders when necessary.
  • [17993] A new checkbox was added to Ctrl+O|Preferences|Headers which toggles whether host names & IPs are included when "Received:" and potentially other message headers are constructed.  This option is disabled by default.
  • [17713] A new checkbox was added to Ctrl+P|DNS-BL|Settings which allows you to ignore DNS-BL results that are outside the range of to  This option is disabled by default.
  • [14144] Remote Administration can now edit per-user or global permissions for the WorldClient Documents folder.
  • [16866] Added missing Domain Manager screens to Remote Administration.
  • [3110] Remote Administration now allows certain edits to more than one list member at a time.
  • [17926] The UI status bar up-time indicator has a changed layout for easier reading.
  • [17948] MDPGP: improved logging of certain error conditions
  • [15279] SMTP Mailbox Invalid error response will now include the value that was determined to be invalid
  • [18027] Reworked the Global Mailing List Subscriptions Options in Remote Administration. These settings are now in the Remote Admin settings rather than on their own page under "My Mailing Lists."
  • [6391] LookOut and WorldClient themes - Added ability to search all folders or sub folders of the selected folder. To use this feature open the Advanced Search options and select the Search All Folders or Search Sub Folders radio button. If a message in the search results is from a folder with limited permissions, the message will have a redish-orange color to it, and most actions a user would normally be able to perform on the message will not be permitted. If a user has very large folders, Search All is NOT recommended due to the long wait for the request. However, canceling a search no longer leaves the user waiting, but instead cancels any search on the server and returns the client to a normal folder view without search results.
  • [17995] WorldClient theme - increased the effective area for clicking a checkbox in the list views (Email, Contacts, Tasks, Notes, Documents)
  • [17928] WorldClient will no longer display DKIM validated icon after 7 days from the Date header value of a message
  • [13288] LookOut and WorldClient themes - Added the ability for users to import to the Inbox or download (instead of only view) a .eml message attachment.
  • [18026] LookOut and WorldClient themes - added ability to quick search for a folder when moving/copying messages
  • [17963] LookOut theme - Changed the calendar events in LookOut to use the calendar color for the entire border instead of only the left border
  • [18090] WorldClient - Compose view - Updated the HTML editor to CKEditor version 4.6.1.  The new version now includes a Copy Formatting feature.
  • [17150] LookOut and WorldClient themes - Added an option to Edit a meeting after accepting an invitation in the Invitation Dialog. After the user clicks the "Accept" or "Accept Tentatively" box, the Invitation Dialog opens.  If the user wishes to edit the meeting after accepting the invite, the user can click the "Edit the meeting" checkbox.  After the user clicks OK, the Calendar Event editor will open to the meeting in question.  If the user chose to edit the response, the Calendar Event editor will open after the response is sent.
  • [18096] LookOut and WorldClient themes - Added an option under Options | Personalize to Display New Messages Count in the page title. This setting is enabled by default.
  • [14230] WorldClient theme - Added the message count to the hover title/tooltip for mail folders
  • [4279] WorldClient - Added city and state to fields searched when searching contacts
  • [18032] Ctrl+Q|Mail Queues|Retry Queue has a new option to toggle sending of delivery delay DSNs.
  • [17842] The ActiveSync log level can now be set at a per user/domain basis.
  • [17933] The GetVersionInfo XMLAPI command now reports PRO/Cloud information.
  • [17787] Added the ability to alter/control log entries that use a 0x######## status code in ActiveSync, AutoDiscover, XMLAPI modules.
    Log Entry modification flags include:
    • [Logs:IgnoreSession] Aborts the logging if the Session ID specified is to be ignored... (ie. 00000012=1)
    • [Logs:InfoToWarning] Elevates an Info level log entry to a warning level (ie. 0x########=1)
    • [Logs:DebugToWarning] Elevates a Debug level log entry to a warning level (ie. 0x########=1)
    • [Logs:WarningToInfo] Deprecates an Error or Warning level level log entry to an Info level (ie. 0x########=1)
    • [Logs:IgnoreEntry] Aborts logging that event id (ie. 0x########=1)
  • [18277] ActiveSync Sync Rollback Notifications
    The ActiveSync Service can now notify the administrators if a client is repeatedly/frequently sending expired Sync Keys in Sync operations.

    These merely inform the admin that the server issued a rollback for a given collection because a client made a sync request with the most recently expired Sync Key. The subject states "ActiveSync Client Using expired Sync Key". This could occur because of a network issue or something about the content previously sent to the client in that collection. In some cases, the item id will be there, it merely depends upon whether or not the previous sync on that collection sent any items.

    Rollback warnings do not mean the client is out of Sync, it means that the client has the potential to go out of Sync and our internal system detected it. Rollback warnings are issued for a collection no more than once per 24 hour period.

    • [System] SendRollbackNotifications=[0|1|Yes|No|True|False]
    • [System] RollbackNotificationThreshhold=[1-254] : The number of rollbacks that must occur on a given collection prior to a notification being sent to the admin. We recommend a value of at least 5 here, since Network hiccups play a part in this.
    • [System] RollbackNotificationCCUser=[0|1|Yes|No|True|False] : Whether or not to CC the user whose client sent that expired Sync Key.
  • [18141] ActiveSync Corrupt Message Notifications

    The ActiveSync Service can now notify the administrators if a particular message cannot be processed. These are sent in real time to inform the admin of a mail item that could not be parsed and that further action on this item is not possible. The subject states "Corrupt message notification". These items, in previous versions, could lead to a crash. In most cases, the content of the msg file will not be MIME data, however, if it is MIME data, it is likely corrupt. You can choose to CC the affected user of these notifications with the CMNCCUser key so that they are aware that an email has arrived in their mailbox that is un-readable. The appropriate action for these is to move the designated msg file from the user's mailbox and analyze it to determine both why it is not able to be parsed and how it came to exist in the state that it is in.

    • [System] CMNCCUser==[0|1|Yes|No|True|False]
  • [14244] An option to allow file transfers in WCIM has been added at Ctrl+W|WorldClient (web mail)|WCIM.
  • [18187] The ActiveSync Service now cleans up old archived Xml and WbXml archives during its nightly maintenance processing. The number of days for retention can be specified from the Service Diagnostics Page. This assists you in maintaining a fixed window of archival data for diagnostic purposes without having to monitor and remove them manually. Also, ActiveSync Xml and WbXml archives can be configured to go to the Logs\AirSync directory has it has done historically, or to go to a Debug directory under the User's _ActiveSync/Client directory.
  • [17784] Updated MDSpamD to include Encode module for charset conversion and normalization.
  • [18206] Screens about BlackBerry Enterprise Server (BES) have been removed from the 64-bit MDaemon's UI, since BES is only compatible with the 32-bit MDaemon.
  • [18203] The ActiveSync Client Information dialog now displays complete IP address history.
  • [3469] Added a simple searching function to Remote Administration's Queue Management. The "*" wildcard can be used when the exact search text is not known.
  • [18120] Remote Administration will now validate email addresses added as List or Domain Administrators.
  • [18258] Added 32-bit/64-bit info to MDaemon.ini and MDStats Configuration Report.
  • [17458] Added XMPP configuration screen to Remote Administration.
  • [9735] Added the Weak Password Report functionality to Remote Administration
  • [14216] Added button to Remote Administration's Password Options that goes through all accounts and flags any of them with a weak password to require a password change.  Note that this could result in accounts being locked out, so there are warnings in place.  Passwords can be changed using the UI, WorldClient or MDaemon Remote Administration.
  • [18226] Added the ability to disable logging of messages in XMPP Server logs
  • [16664] Added missing Gateway Verification options to Remote Administration
  • [18279] Added case-insensitive search option to ActiveSync Log Viewer
  • [11969] Added the ability to download a read-only copy of a calendar in iCalendar/webcal format. This allows for a calendar to be viewed and subscribed to in Outlook, Google Calendar, Mac iCal, and other applications. A read-only private URL, which contains a unique access token, allows for access without requiring an account’s login details. To view or reset the private URL for a calendar, select "Share Folder" from the calendar's context menu in WorldClient using the WorldClient or Lookout theme. Viewing or resetting the private URL requires "Administer / Full Control" access.
  • [15529] Added support for Outlook 2007 and later's "Publish your calendar on a WebDAV server" feature.  Only the "Limited details" and "Full details" options are supported, as WorldClient does not support events without a subject.  The URL must be the CalDAV path of a existing WorldClient calendar.  The CalDAV path for a folder can be found from the "Share Folder" dialog for the calendar in WorldClient.  The calendar's CalDAV path is its "private iCalendar feed URL" before "calendar.ics", i.e. https://company.test:3000/webdav/calendars/company.test/user1/. Please note that any existing events in the WorldClient calendar will not be deleted, however these will not be visible in Outlook.
  • [15397] An edit box was added to Account Editor|Account Settings|Settings which lets you enter a short list of email addresses for use with the automatic processing of calendar requests.
  • [18290] ASMC logging has been improved and is more readable for diagnostic purposes.
  • [18245] Added options to the Outlook Connector centralized management for local cache filename and attachments directory. By default they are not pushed to OC clients. Enable the option to tell OC clients to move their data to the default or custom locations. Requires OC plugin version 4.5.0 or newer. An example custom local cache filename is "%APPDATA%\Alt-N\Outlook Connector 2.0\Accounts\%OUTLOOKPROFILE%\%OUTLOOKEMAIL%\LocalCache.db".
  • [18410] Management Service (XMLAPI) now supports SetQueueState operation.
  • [18099] ASMC: Added the ability to select which folder types to migrate. Run ASMC /? to see new /FolderTypes flags.
  • [18424] MDaemon starts warning about impending license deactivation 7 days in advance (up from 5 days).
  • [18430] Removed obsolete settings from Ctrl+W|WorldClient (web mail)|WCIM.


  • [18102] XMLAPI: UpdateDomain/Parameters/Details/Disabled does not work. FIXED.
  • [18093] XMLAPI: UpdateUser operation does not enforce strong password requirement. FIXED.
  • [15016] fix to incorrect tab order when adding a new List Member in Remote Administration
  • [16861] fix to options missing from Remote Administration's MultiPOP settings
  • [17689] fix to from header modification not happening when from header data split to multiple lines
  • [16939] fix to Remote Administration defaults for Greylisting don't match MDaemon's
  • [16938] fix to Remote Administration defaults for DMARC Settings don't match MDaemon's
  • [16937] fix to Remote Administration defaults for IPv6 don't match MDaemon's
  • [17772] fix to Remote Administration's ActiveSync Device Details dialog will not show details for anything but first listed device
  • [17505] fix to Remote Administration's Content Filter "rule jump" action not showing all available rules
  • [17757] fix to incorrect wording of Strong Passwords error in Remote Administration
  • [17903] fix to Remote Administration allowing admin to attempt to modify several accounts at once
  • [17949] fix to MDPGP decrypt/verify operations too strict with auth credentials
  • [17819] fix to inconsistent application of SMTP and queue-based spam scans in some configurations
  • [17945] fix to Mailing Lists Administrators and Outlook Connector Authorized Users not being saved properly in Remote Administration
  • [17957] fix to mailing list editor allowing lists called "noreply" to be created
  • [17823] fix to F3 not auto-selecting the full name field for typing once the dialog created
  • [17838] fix to tab order not working properly in MDPGP UI, Domain Manager UI, and Mailing List Manager UI
  • [17588] fix to disabled/frozen accounts sometimes improperly re-enabled in the UI
  • [17970] fix to Remote Administration's mailbox size reports tooltip not showing correct value for very large mailboxes with quotas
  • [17961] fix to Unknown Error when attempting to re-use an old password in Remote Administration
  • [17742] fix to slight error with IP Validating function in Remote Administration
  • [16299] fix to adding inline images to an email message breaks Domain Signatures with image
  • [18017] fix to LookOut theme - "Remote images were blocked" not being translated in external message window
  • [18025] fix to WorldClient theme - When printing a calendar, the print dialog window does not launch
  • [18027] fix to Remote Administration's Mailing List Subscription Manager not usable for non-local users
  • [17993] fix to IPv6 addresses not processed properly when computing Received headers
  • [17960] fix to LookOut theme - some languages - When selecting categories, the last option is cut off at the bottom
  • [17950] fix to Mobile theme - no scroll bars on HTML emails
  • [17910] fix to WorldClient - When removing an attachment, browser ask if you want to leave the page
  • [17904] fix to WorldClient theme - Search retains settings between switching folders in Contacts but does not show search term
  • [17964] fix to WorldClient theme - Subject header text is truncated when viewed with a right preview pane
  • [18091] fix to LookOut theme - Unable to create Contacts, Calendar, Tasks, or Notes sub-folders in succession
  • [18092] fix to WorldClient - Japanese - When clicking Group By Company uncategorized contacts are not displayed
  • [17932] fix to LookOut and WorldClient themes - Slideshow feature not working in IE11 when message preview is enabled
  • [15184] fix to LookOut and WorldClient themes - The Default Contacts View setting is not applied when clicking "To" in a composed message
  • [18016] fix to Remote Administration allowed non-local addresses to be added as List or Domain Administrators
  • [17858] fix to XMPP Server sending Task/Calendar reminders with missing CR/LF
  • [18124] fix to MDPGP logging message init errors even when debug logging disabled
  • [18125] fix to confusing text in two MDPGP debug log strings
  • [18128] fix to unable to enable an account in Remote Admin that has an existing weak password
  • [18121] fix to certain changes to DKIM Signing Settings in Remote Admin not seen by MDaemon until server restart
  • [18035] fix to Account Editor items in Remote Admin out of order
  • [17735] fix to ActiveSync crash in mdmbsrch.dll when a search reads a corrupt .msg file
  • [18028] fix to Winsock errors when using Outlook 2013 with ActiveSync
  • [18063] fix to possible MDASMgmt.dll crash when corrupt data is present in AirSync.ini files
  • [18064] fix to non-ASCII characters are corrupt in read receipts generated by the ActiveSync server
  • [17905] fix to no results when doing an ActiveSync DeepTraversal search on a virtual shared folder
  • [18159] fix to CalDAV/CardDAV GET responses do not contain a required ETag HTTP header.  This results in errors when attempting to synchronize a single item with the "DAVdroid" client.
  • [18145] fix to incorrect label on the IPv6 screen in Remote Administration
  • [18171] fix to ActiveSync "Virtually merge public contacts into default contacts" option not working
  • [17898] fix to LookOut theme - IE8 - the 'Delete' button on the button bar above the message list does not delete messages when they contain attachments
  • [18106] fix to WorldClient - When exporting a calendar, the first Required Attendee is duplicated
  • [18228] fix to possible WorldClient server crash
  • [18195] fix to possible CFEngine.exe crash
  • [18286] fix to CalDAV-Sync Android client unable to synchronize annual recurring events
  • [17645] fix to LookOut and WorldClient themes - archive instances of recurring tasks should include recurrence information
  • [18305] fix to iOS clients may not be sent all mail when doing an initial sync after changing the filter type to "All"
  • [18301] fix to incorrect error response when an ActiveSync client requests to search using an invalid collection ID
  • [18300] fix to invalid folder ID in Ping request may cause BlackBerry ActiveSync client to resync
  • [18327] fix to MDaemon may hang for 10-30 seconds while attempting to validate a remote SSL certificate if it cannot download certificate or revocation data from the internet. Set MDaemon.ini [SSL] OfflineCertificateValidation=Yes to prevent MDaemon from trying to download such data.
  • [18329] fix to Remote Administration allowing non-numeric characters on the Ports configuration screen
  • [18332] fix for Outlook Connector, if the first instance of a recurring appointment is changed outside of Outlook, the occurrence may no longer appear in Outlook
  • [18341] fix to ActiveSync recipient cache not retaining as many objects as it should
  • [18352] fix to LookOut and WorldClient themes - unread counts do not get updated after deleting messages in a folder
  • [18085] fix to plugins log not archiving, not rolling-over by size, not updating file name, etc.
  • [18359] fix to WorldClient - Safari 10 - LookOut and WC themes do not always load
  • [18386] fix to absolute paths in some localized configuration files
  • [7176] fix to incorrect minger query results in some cases
  • [18322] fix to AccountPrune.log and ListPrune.log do not have file size limits
  • [18180] fix to Domain Sharing buttons disabled in Remote Administration
  • [17583] fix to minor formatting issue on Accounts page in Remote Administration
  • [18387] fix to meeting request notes are not read from iCalendar COMMENT field
  • [18389] fix to Outlook may crash after downloading an event with a start or end date before 1900 using ActiveSync
  • [18416] fix to rare but potential crash when opening the Updates screen in Remote Administration
  • [18291] fix to memory leak in MDaemon UI while displaying ActiveSync sessions
  • [18396] fix to WorldClient memory leak
  • [18477] fix to possible memory corruption when sending DMARC aggregate reports

MDaemon 16.5.2 - November 29, 2016


[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.


  • [17827] If AccountPrune is taking too long to delete old messages since [4884] was implemented in 16.5.0 to determine a message's age from its Date: header, edit \MDaemon\App\MDaemon.ini and set [AccountPrune] UseDateHeader=No to return to the previous behavior of using the message file's last modified timestamp.
  • [17861] MDaemon may report the version of the OS version that it is running on when it requests an updated license file from Alt-N. This information is helpful as we make decisions about which OSes to support. To not report such information, edit \MDaemon\App\MDaemon.ini and set [Special] ReportOptionalData=No.


  • [17793] fix to long SPF DNS records are not processed correctly
  • [17772] fix to Remote Administration's ActiveSync Device Details dialog will not show details for anything but first listed device
  • [17795] fix to LookOut theme - calendar tooltips do not show up
  • [17804] fix to WorldClient theme - Tasks list does not show up in IE11 on Windows 8.1
  • [17505] fix to Remote Administration's Content Filter "rule jump" action not showing all available rules
  • [17770] fix to meeting attendees are corrupted if an attendee's name contains an accented character and a comma
  • [17817] fix to a message larger than the SMTP spam filter scan limit may cause the scans of subsequent messages in the SMTP session to be skipped
  • [17811] fix to CFEngine crash due to system rule conflict with rule hit counter
  • [17824] fix to 64-bit installer does not register MDAutoDiscover.dll
  • [17828] fix to WorldClient - Translated categories are converted to English after saving the calendar event
  • [17835] fix to Minger authentication fails if sender's email address contains "d="
  • [17847] fix to not being able to set up a CalDAV or CardDAV account on an iOS device. Existing CalDAV or CardDAV accounts on iOS devices may also stop synchronizing.
  • [17851] fix to Active Directory Monitoring "Page size" and "Verbose AD logging" settings are broken in the MD GUI
  • [17853] fix to a "<template_undefined>" alias is created when Active Directory Monitoring creates an account
  • [17826] fix to malformed Trusted IPs and Trusted Hosts when editing with Remote Administration
  • [17859] fix to WorldClient theme - The Sort Messages By option does not save
  • [17833] fix to ActiveSync Ping requests from iOS devices do not work since 16.5
  • [17852] fix to ActiveSync FolderSync response may be missing Delete elements for shared folders that no longer exist
  • [17821] fix to CalDAV unable to edit the notes/comments for a single occurrence of a recurring calendar event or task
  • [17902] fix to MD GUI's Mobile Device Management | ActiveSync | Accounts screen does not save changes
  • [17864] fix to possible ActiveSync server hang
  • [17913] fix to CIDR notation not working in SMTP AUTH Credentials Matching White List
  • [17919] fix to possible XMPP server crash

MDaemon 16.5.1 - October 11, 2016


[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.


  • [16981] Updated Remote Administration's Host and IP Screening pages to match updates in MDaemon.
  • [16853] Updated Remote Administration's RA Options page.
  • [16638] MDPGP: Changed overall system default to disabled.
  • [16698] Ctrl+S|Sender Authentication|SMTP Authentication now has a white list for the 'Credentials mustmatch...' options found there. A button was added to edit the white list.
  • [17712] Ctrl+S|Screening|HiJack Detection|From Header Modification now has a white list button.
  • [13077] Added proxy server support for license requests. If the installer is unable to download a license file it now prompts for a proxy server address and credentials which it will use to retry the HTTPS request.
  • [17721] Urgent Update system has been deprecated and removed (redundant these days).


  • [17055] fix to defaults for Outbreak Protection inconsistent between MDaemon and Remote Administration
  • [16840] fix to Mail List Member Edit screen remaining open after user clicks Cancel in Remote Administration
  • [17592] fix to Outlook Connector Client Settings pages remain open after user clicks Cancel in Remote Administration
  • [16997] fix to small GUI inconsistency on DNS-BL Settings page in Remote Administration
  • [16995] fix to small GUI issue on Spam Filter Updates tab in Remote Administration
  • [16972] fix to ActiveSync MaxPublicFolders setting not saving correctly in Remote Administration
  • [16982] fix to DKIM option on the wrong dialog in Remote Administration
  • [17635] fix to encoded body text of calendar items created by Outlook 2016 with OC is not decoded
  • [17665] fix to WorldClient may crash when importing an .ics attachment
  • [17671] fix to WorldClient's Lite theme - Issue changing password
  • [17679] fix to non-ASCII characters in a calendar item created by Outlook 2016 with Outlook Connector are corrupted after editing the item in WorldClient
  • [17682] fix to WorldClient and LookOut themes - if Virtru is disabled on the Domain level, the Compose view does not finish loading
  • [17684] fix to potential crash processing certain oddly formed messages
  • [17685] fix to disabled XMPP server starts back up when Windows is restarted
  • [17673] fix to account editor preventing disabling an account with a weak password
  • [17478] fix to MD GUI log windows needlessly display internal color code for each line
  • [17634] fix to incorrect verbiage describing an option at Ctrl+S|SSL&TLS
  • [17693] fix to Outlook 2016 using ActiveSync may crash when marking a recurring task as complete
  • [17710] fix to LookOut theme - IE8 - cannot send emails when Warn On Missing Attachments is enabled
  • [17719] fix to LookOut and WorldClient theme - When right-clicking to perform copy or move to another calendar nothing happens
  • [17666] fix to possible MDaemon hang when MultiPOP downloads put an account over quota
  • [16374] fix to one more issue with Public Folder rights not matching up between MDaemon and Remote Administration
  • [16465] fix to session timeout not always redirecting properly in Remote Administration
  • [16804] fix to Mailbox Reports view in Remote Administration not handling a session timeout properly
  • [17741] fix to some pages not redirecting properly upon session timeout in Remote Administration
  • [17728] fix to unable to use Group Membership as Content Filter Rule criteria in Remote Administration
  • [17744] fix to accepting a TNEF (Winmail.dat) formatted meeting cancellation in WorldClient for a single occurrence of a recurring meeting will remove all occurrences of the meeting
  • [17701] fix to formatting problem in an error when saving an account in Remote Administration with a weak password
  • [17642] fix to WorldClient's web server directs all "/.well-known" requests to MDWebDAV
  • [17667] fix to ActiveSync policies set at the account level are not applied

MDaemon 16.5.0 - September 13, 2016


[16456] Hosted email options with MDaemon Private Cloud are now available. To learn more, please visit: http://www.altn.com/Products/MDaemon-Private-Cloud/.

[17268] F2|Server Settings|IPv6 has changed default to "off" (unchecked) for the option to use IPv6 with outbound hosts for new installs.  This option can cause delivery issues for those who are not prepared for IPv6.

[11436] F2|Logging|Log Mode option to "log by day of the week" (ie, Monday.log, Tuesday.log, etc) has been deprecated and removed. If you were using this option you are now using "log by date" (ie, MDaemon-2016-02-22-X.log, etc). As a result, the F2|Logging|Maintenance checkbox to overwrite log files is no longer necessary and has been removed. Also, there is a new setting added to F2|Logging|Maintenance which lets you set the number of .OLD backups that are created once the max log file size is reached (previously only one was possible). These backups are numbered (the number is part of the file name) with the newest data always first (for example, SMTP(out).log.01.old has newer data than SMTP(out).log.02.old, etc. Finally, added hyphens into the file name to make the date easier to read.

[17076] Ctrl+S|Sender Authentication|SMTP Authentication has a new checkbox which requires all incoming messages arriving from local IPs to use authentication and be rejected if lacking. Trusted IPs are exempt. This setting is enabled by default for first time new installs. However, it is disabled by default for upgraders to avoid delivery issues from clients or other services that don't authenticate and aren't currently listed as a trusted IP. Please enable this option if you can as it is a good security practice.

[16797] In previous versions, gateway address verification never verified senders (only recipients).  A new checkbox at Ctrl+G|Gateway Manager|Global Gateway Settings can toggle this behavior.  It is enabled by default which means this is a change from previous behavior.  It is now possible that messages sent from addresses which can not be verified will be refused whereas they may have been accepted before.  If this is not to your liking disable this option.

[4884] The logic behind the AccountPrune tool's message pruning operation has been changed. This tool is called when MDaemon needs to delete old messages from user and public mail folders. In the past this tool used the "last modified" date from the message file on disk. MDaemon now looks first at the Date: header within the message itself. If the Date: header is present and complies with standards then that date is used to determine message age instead of the file's "last modified" date. This represents a change from previous behavior.

[17099] F2|Logging|Maintenance has a new setting which governs the maximum number of days the SecurityPlus update log will keep data (MDaemon\SecurityPlus\avupdate.log). The new default setting is to keep data going back 30 days. At midnight each night, and the first time MDaemon starts up after upgrading, MDaemon will delete older data from this file.

[16924] As part of the work related to task 16924 (see below) some bugs preventing the immediate sending of "urgent" priority remote mail were found and fixed. Urgent priority messages are defined as message files who's name matches the pattern: "<root>\Queues\Remote\p?10*.msg".  Messages found with that file name pattern will now be properly detected and will trigger a remote queue processing event within 5 seconds regardless of scheduled remote queue processing timers (this was broken).  Also, RAW messages were always expanded out to queue as MD_PRECEDENCE_LOW (the lowest priority value) even when created with higher values.  As a reminder, "urgent" priority messages will trigger a queue run where "high" priority messages merely sort to the top of the queue and wait for the next scheduled queue run.  As a reminder, you can use F2|Server Settings|Priority Mail to define your own criteria for important mail that should trigger immediate queue runs. Finally, IMAP logon failures due to bad credentials were not being written to the event log when so configured (only SMTP and POP failures were). This has been fixed.

[11777] Mailing list digest messages are supposed to be UTF-8 but several bugs were preventing this from working. As a result of fixing these problems it is no longer possible to trigger digest delivery based on the number of lines in the digest data file. So the option to do so has been removed from Alt+G|<list-name>|Digest. Also, the API function MD_ListMaxLineCount has been changed to always return ZERO (meaning disabled). Next, the need for the DIGEST.MBF file is no longer present and so that file has been removed. The MD_ListInfo structure and API functions related to its DigestMBF member have been left in place however changes made to this member are not saved and always contain DIGEST as the value. Finally, the $BODY-DIGEST$ macro is no longer needed and has been removed.

[16664] LDAP: added checkbox to Ctrl+G|Verification and Ctrl+U|Active Directory|LDAP screens which lets you elect to chase referrals.  MDaemon now explicitly disables referrals for every LDAP connection it makes unless this checkbox is set. This represents a change from previous behavior which defaulted to always enabling referrals. That seemed to cause issues for people so it is now disabled always UNLESS you set these options to enable it.

[16698] Ctrl+S|Sender Authentication|SMTP Authentication has a new setting which requires the credentials used for AUTH to match those of the address in the FROM header.  This prevents cases in which one person authenticates as user X while claiming to be user Y within the message.  This is similar to the existing setting we've always had which compares against the return-path value. The wording of that option was also slightly changed. This switch is enabled by default and handles aliases as if they were the real account email.

[17465] Ctrl+S|Sender Authentication|SMTP Authentication screen has two options related to forcing authentication credentials to match something else about the message (either the return-path or the From: header address). Both of these options can potentially cause issues for gateway mail storage/forwarding. Therefore a third option has been added to Ctrl+G|Gateway Manager|Global Gateway Settings which exempts gateway mail from them both. This option is enabled by default.

[16638] MDPGP: Several default settings related to MDPGP use have been changed. If you are installing for the first time or have never accessed the UI to view these settings then these are your settings now so please check them carefully. If you are updating a previous installation and have accessed the MDPGP UI in the past then your existing settings are untouched however you may wish to check and change your settings as follows:

  • "Enable MDPGP" (enabled by default)
  • "Authorize all local MDaemon users for all services" (enabled by default) (previously called: "All MDaemon users on this server can use MDPGP")
  • "Sign mail automatically when sender private-key is known" (disabled by default)
  • "Encrypt/Sign mail sent to self" (enabled by default)
  • "Email public-key when requests are made (--pgpk command)" (enabled by default)
  • "Email details of encryption failures (--pgpe command)" (enabled by default)
  • "Expires in 0 days" (changed to 365 by default)
All these options can be found within the MDPGP GUI which is accessible from the Security top-level menu.  Even though several of these settings are now enabled by default (including the entire MDPGP server itself) no work will be or can be done until keys are known and have been added to the key-ring. With this version of MDaemon there are a lot more ways to automate getting that done. Yet this may not be desired in all cases. Please check and change settings to meet your needs.

[17263] When MX record lookups during message delivery result in a DNS server failure result then the message will be left in the queue for attempted delivery during the next processing cycle. This change is in conformity with RFC guidelines. Previously, MDaemon would attempt direct delivery and, failing that, immediately bounce the message in some configurations.

[17522] This version of MDaemon is not compatible with old versions of BlackBerry Enterprise Server (BES) for MDaemon. BES will be disabled when MDaemon is installed. To continue running BES, update to BES for MDaemon version 2.0.3.



WorldClient: WorldClient has been taught to be a very basic public-key server. A new checkbox on the MDPGP GUI enables/disables this. If enabled, WorldClient will honor requests for your users' public-keys. The format of the URL to make the request looks like this: "http://<WorldClient-URL>/WorldClient.dll?View=MDPGP&k=<Key-ID>". Where <WorldClient-URL> is the path to your WorldClient server (for example, "http://wc.altn.com") and <Key-ID> is the sixteen character key-id of the key you want (for example, "0A1B3C4D5E6F7G8H").  The key-id is constructed from the last 8 bytes of the key fingerprint - 16 characters in total.

DNS (PKA1): MDPGP now supports collection of public-keys over DNS using PKA1. A new checkbox on the MDPGP GUI enables/disables this. If enabled, PKA1 queries are made and any key URI found is immediately collected, validated, and  added to the key-ring. To publish your own public-keys to your domain's DNS you must create special TXT records.  An example of how to do this is as follows:  Suppose user arvel@altn.com has key-id 0A2B3C4D5E6F7G8H.  Then, in the DNS for domain "altn.com" create a TXT record at "arvel._pka.altn.com" (replace the @ in the email address with the string "._pka.").  The data for the TXT record would look something like this: "v=pka1; fpr=<key's full fingerprint>; uri=<WorldClient-URL>/WorldClient.dll?view=mdpgp&k=0A2B3C4D5E6F7G8H" where <key's full fingerprint> is the full fingerprint of the key (40 characters long representing the full 20 byte fingerprint value).  You can see a key's full fingerprint value by double clicking on the key in the MDPGP GUI. Keys successfully collected and imported to the key-ring using this method are tracked in a new file called fetchedkeys.txt. Keys will auto-expire and be forgotten according to the TTL value of the PKA1 record which referred them -or- when X hours have passed (a value which you can configure using a new control on the MDPGP GUI) - whichever is GREATER.  So, this means that the value you configure here can be thought of as a minimum length of time (in hours) that a key will be cached. The default value is 12 hours and the lowest acceptable value is 1 hour.

For more discussion and examples on using the pka1 method do a google search for "pka1 keys in dns" and you will find it.

Tracking Keys: As part of this work some internal changes were made such that MDPGP tracks keys by their primary key-ids always and everywhere now rather than a combination of sometimes the key-id and other times the sub-key-id which was messy. The UI was cleaned up to remove two unnecessary columns in the list box related to superfluous (for display purposes anyways) key-ids. Also, this work required me to more strictly control the content of MDPGP's "exports" folder. As a result you will always find exported copies of local user keys there.  Please use OS tools to protect this folder (and indeed the entire PEM folder structure) from unauthorized access because, although they are themselves encrypted, the private keys of users are stored here.

Preferred Keys: Some problems arose as part of this work when multiple different keys for the same email address are on the key-ring.  In past versions MDPGP would simply use the first one that it found. You can now right-click on any key and set it as preferred. When a preferred key is found then that key will be used whenever there are more than one to choose from. When there is only one key for an email address then that key is preferred automatically even if not selected as preferred (but you can still select it as preferred if you want). When multiple keys for the same address are present and none are selected as preferred then the first one found is used. When a key is selected as preferred an asterisk is set in the first column of the UI. Preferred.txt stores the preferred key selections.

Disabled Keys: As part of this work it was necessary to change how disabled keys are tracked. Previous versions tracked disabled keys by placing their key-ids into the plugins.dat file. This version migrates those settings out of plugins.dat and into a new file called oldkeys.txt. Deleted keys are now tracked there.


An XMPP server is now included that allows MDaemon users to instant message using third-party XMPP clients. Clients are available for most OSes and mobile devices. For a complete list please refer to http://xmpp.org/xmpp-software/clients/. XMPP instant messaging is completely independent of MDaemon's current chat system (WorldClient Instant Messenger).

The server is installed as a Windows service and a configuration screen for it can be found in the MDaemon UI at Ctrl+W|XMPP. The default XMPP server ports are 5222 (SSL via STARTTLS) and 5223 (dedicated SSL). The XMPP server will use MDaemon's SSL configuration if enabled in MDaemon.

For multi-user chat service, when asked the default is "conference.(your-domain)". For user search service, if asked the default is "search.(your-domain)". Often this will be pre-filled in or assumed by clients. The search fields are 'Name' and 'Email'. The % symbol may be used as a wildcard. Some XMPP clients use DNS SRV record for auto-discover of host names. Please refer to http://wiki.xmpp.org/web/SRV_Records. For more info on XMPP please refer to http://xmpp.org.


The purists out there are going to hate this but users who have been tricked in the past will love it. Sometimes users are fooled into thinking an email comes from one person when it is actually from an attacker. This happens because email clients often display only the sender's name and not his email address. This new option defeats such an attack at the cost of altering the From: header value. If enabled, the From: header is modified. For example: From: "Spartacus" <crixus@capua.com> would become From: "crixus@capua.com -- Spartacus" <crixus@capua.com>. This only happens to messages arriving for local users. This option is disabled by default and can be found at Ctrl+S|Screening|Hijack Detection screen.  Enable with care as users are not expecting the From: header to be altered in this way even in order to help recognize an attacker.


MDaemon has been taught how to push client settings to Outlook Connector users. Setup|Outlook Connector (or Alt+O|OC Client Settings) opens up a set of screens where you can configure default client settings for all OC users of all domains. On the MDaemon Private Cloud version, the same screens appear within the Domain Manager for each of your individual domains. All these screens mirror those found within the OC client and are intended to allow you to create a set of values which are pushed out to OC users the next time they connect. This feature is disabled by default. Settings are only sent when they are new or have changed since the last time the OC client connected and received them.

Obviously, several of these client settings (like "Your Name" for example) can not be configured with a single value that works for all OC users.  Therefore macros are used such as $USERNAME$ which expands to the correct value for the individual user when the settings are sent to the OC client.  Take care not to place hard-coded values (like "Arvel Hathcock") in the "Your Name" field or every OC client will get "Arvel Hathcock" after the settings are received and applied.  The UI will help police this but it is a point you should keep in mind. A button in the UI will remind and serve as a reference for MDaemon's macro system. A checkbox on the OC Client Settings screen controls whether OC users are allowed to override these settings or not. If you don't want them to be able to change these settings then set the checkbox accordingly and the controls within their OC client will be disabled.

None of this works unless the OC user is using Outlook Connector v4.0.0 or higher.

As part of this work the Outlook Connector screens were moved from Accounts|Account Settings to Setup|Outlook Connector.


Ctrl+S|Screening|IP Screen has a new Import button. MDaemon has been partially taught how to import APF (typically used by firewalls) and .htaccess format files (typically used by web servers). MDaemon understands only a sub-set of this file format (for now). For example, "deny from" and "allow from" are understood but other verbs may not be. Only IP values are imported (not domain names). CIDR notation is OK but partial IP addresses are not. Each line can contain any number of space (or comma) separated IPs. For example, "deny from" is OK. So is ",,". These files are designed to control access to services so they are really IP deny/allow lists. You can find these files online to download and can (for example) block all IPs from a certain region or nation and there are even files online that contain lists of compromised IPs. For example, google search for "List of all IPs from <country>". Lines starting with # are ignored.  Lines can contain things other than IP addresses and that should not stop the IP addresses from importing properly. I hope to improve this in future versions so if you have a specific example of a file that you need MDaemon to import properly (but it won't) you can send it to me and I will look into it (arvel@altn.com).


Ctrl+O|Preferences|Updates is a new screen with several controls that allow you to configure whether and when unattended installation of automatically downloaded product updates will be performed (or not). When enabled, MDaemon can automatically update itself, SecurityPlus (if you have it), and Outlook Connector (if you have it). The Outlook Connector update covers just the server piece. Updating Outlook Connector client plugins is covered elsewhere.

When MDaemon detects new versions of these products it will download and queue the update for installation at an hour configured by you (2 AM is the default). Queued updates are remembered across server restarts so they will be performed eventually (even if the server is periodically switched off for whatever reason). Queued updates are listed in a new file called "QueuedUpdates.dat" so you can always delete all pending updates by deleting this file.  The update installers themselves are kept in a new folder called "Updates" off the MDaemon root. If there are multiple products to update they are done one at a time and each one absolutely requires a system reboot when it finishes. If you don't like that then do not enable these settings (they are all disabled by default).

When automatic updates are performed the email to postmaster/admins about an update that they can go and download manually is not generated. Instead, these people receive the post-installation "Special Considerations" email normally sent as well as a separate email stating that the update was performed. Also, the System log tracks all installation activity. For example: "Installing update: <path to installer>" and "MDaemon will be stopped by the installation process" and "Server will be rebooted after installation completes" etc can all be seen there. Lastly, the process can take a long time (many minutes) so the time between the start of the update and the unavoidable server reboot is to be expected. Did I mention that there will be a server reboot?  Get over yourself - its gonna happen :)

As part of this work "MDLaunch /stop" no longer causes MDaemon to prompt for confirmation.

As part of this work the option to inform the postmaster about updates has been moved from Ctrl+O|Preferences|Miscellaneous to the new screen mentioned above.


[7937] WorldClient now supports categories for email in the LookOut and WorldClient themes. Users can add the Categories column to the message list by going to Options | Columns and checking "Categories" in the Message List section.  To select categories for one or multiple messages, select the message(s) in question and right click on one of the messages.  In the context menu there is a "Categories >" option.  Click the option and a list of all the available categories will be displayed.  If there are more than 27 category options, an up arrow and a down arrow will be displayed at either end of the list.  To view more options click the down arrow, and to go back up the list click the up arrow. If a user has permissions to edit categories, the user can choose the "Edit Categories" option in the toolbar in the LookOut theme or the "more" drop down menu in the WorldClient theme. If a single message is selected in the list, any saved changes will be applied to the message in question. Users can also use the Set Categories option in the external message view to choose/edit categories. Users can also sort and search by Categories. 

[15829] WorldClient now allows admins to create custom categories. There are two files for this purpose;  DomainCategories.json and PersonalCategories.json. Domain Categories are enabled globally by default.  To disable it, change the value of DomainCategoriesEnabled in MDaemon\WorldClient\Domains.ini [Default:Settings] to "No".  Users are able to add and edit their own categories by default.  To disable this either per user (in the user's User.ini under [User]) or globally (in MDaemon\WorldClient\Domains.ini [Default:UserDefaults]) change the value of CanEditPersonalCategories to "No".  If Domain Categories is enabled, and a user is not allowed to edit personal categories, the user will only see the categories listed in DomainCategories.json.  However, if Domain Categories is disabled, and a user is not allwed to edit personal categories, the user will see the categories listed in PersonalCategories.json.  Users that already have a UserCategories.js file will not lose any changes they have made upon upgrade to MD 16.5, but with Domain Categories enabled, any category in their UserCategories.js file that matches the DomainCategories.json categories will become read only.  There are also two translation files that have been added in order to attempt to handle multi-lingual users on the same server; DefaultCategoriesTranslations.js and CustomCategoriesTranslations.json. The DefaultCategoriesTranslations.js file will be overridden each time MDaemon is upgraded, but the CustomCategoriesTranslations.json file will not be, so add any necessary custom category translations to the CustomCategoriesTranslations.json file.  These files make it possible for WorldClient to recognize a category saved to an event/note/task in one WC supported language as the equivalent category in any other WC supported language.  For more detailed information relating to the files mentioned here, see the MDaemon\WorldClient\CustomCategories.txt file.

[16497] LookOut and WorldClient themes - Added option to check a composed message for attachments prior to sending, when attachments are mentioned in the subject or body of the message

[5304] Admins can now hide the WhiteList and BlackList folders for WorldClient users. To do so, HideWhiteListFolder=Yes and/or HideBlackListFolder=Yes in the MDaemon\WorldClient\Domains.ini file under the [Default:UserDefaults] section. Individual users can continue to see the WhiteList and/or BlackList folders if the their User.ini has HideWhiteListFolder=No and/or HideBlackListFolder=No in the [User] section.

[16545] [16729] [16728] Account Editor|Web Services and Ctrl+T|Template Manager|New Accounts|Web Services have each had two new checkboxes added which control whether an account is allowed or required to use WorldClient's Two-Factor Authentication (2FA) system. When the checkbox to allow 2FA is enabled then users decide whether to use 2FA or not (see users manual for details on setting up 2FA). However, if both the allow and require 2FA checkboxes are enabled then users who have not setup 2FA will be given a session and redirected to a page to setup 2FA the next time they login to WorldClient. To force 2FA use immediately you must restart the WorldClient server to force all users to login anew. Once a user's authentication application's pairing has been verified with WorldClient, the user will be redirected to the normal WorldClient view. When 2FA is required then it cannot be disabled from within WorldClient's Options|Security page. However, the same users can still use the Get A New Shared Secret and Show My Shared Secret buttons.


MDPGP can now verify embedded signatures found within messages. Previously it was not able to do this unless the message was also encrypted and signed. With this change signatures appearing without encryption can now be verified. You will see appropriate logging in the MDPGP log when this happens along with new icon and/or text which WorldClient will show when it displays a verified message. As a result of this change a new check-box has been added to the MDPGP GUI which enables signature verification for all non-local users (enabled by default) or you can specify exactly which email addresses can and can not use the service if you need (click the "Configure exactly who can and can not use MDPGP services" button for that).


  • [17372] MDaemon will refuse MAIL and RCPT parms that are missing their "@domain.com" component. In the past, MDaemon tried to "fix" things by making assumptions and appending any missing pieces. MDaemon now insists these parms comply with RFC specifications which require the "@domain.com" part.  The only exception to this allowed by MDaemon and RFC rules is the reserved mailbox "postmaster" which must be accepted as a valid RCPT parm even when no "@domain.com" is given.
  • [16884] MDaemon's SMTP and POP clients now validate SSL certificates presented to them by remote hosts. However, no action other than a line added to the log is taken at this time pending further work in the IETF regarding the various competing STS-like proposals. So for now you will only see a line in the log indicating whether the remote host's name is a match for the certificate it presents (or not) and whether that certificate chains to a valid certificate authority recognized by Windows (or not). Don't panic if you see a lot of "invalid" SSL certificates presented. Such certificates are perfectly fine for encrypting data transmission. They are "invalid" because they are either self-signed or do not match the host name expected (or both). In such cases you can be sure encryption is happening. Various weaknesses in TLS (of which its opportunistic nature and acceptance of nearly all certificates are major examples) are being worked on by industry experts and will make their way into products and services once that work has completed.
  • [16585] MDaemon UI changes: Items have been added to the Servers list on the Stats pane for Auto-Discovery Service and XML API Service. The right click menu for the ActiveSync server has additional commands. "Enable ActiveSync Server" has been removed from the File menu. The ActiveSync server log is now a sub-tab of Plug-ins instead of WorldClient, and logs for the Auto-Discovery Service and XML API Service are there as well.
  • [16924] F2|Logging|Windows Event Log has several new checkboxes added and an edit control. These allow you to specify the email address to your phone carrier's email-to-SMS (text message) gateway. For example, with Verizon, the address is PhoneNumber@vtext.com (ex: 8175551212@vtext.com). When a value is specified here you can then enable individual checkboxes next to the various events. When these events occur a message will be sent to the SMS gateway address you specify. I was not able at this time to have shutdown notifications sent immediately because MDaemon needs to do it and it has shut down. Until I can figure this out shutdown notifications are not sent. Also, any event which triggers this feature will cause instant remote queue processing (notifications are treated as "urgent" mail).
  • [17049] Ctrl+S|Sender Authentication|SPF Verification now allows domains in the white list file to be included in SPF lookups. See descriptive text on that screen for how it works.  Often you need to white list your backup MX provider(s) from SPF lookups but you do not know or can not configure all of their IPs.  To safely solve this problem you can now specify your backup MX provider(s) by using a new "spf" tag to white list them and MDaemon will do the required lookups in real-time. MDaemon does this by adding its own "wlinclude:" tag to the actual SPF results for a queried domain. Although this "wlinclude" data is logged it is important to realize that "wlinclude" tags are your white-listed entries and are not actually part of the queried domain's SPF data taken from DNS.
  • [12377] Ctrl+P|DNS-BL|White List now permits white-listing FROM values.  See descriptive text on that screen for how it works.
  • [16517] Ctrl+S|Screening|Dynamic Screening has a new option which omits accounts from being frozen due to multiple authentication failures when the same password is used every time. This option is useful to prevent lockouts when users change passwords legitimately. This option is enabled by default.
  • [16518] Authentications over POP, IMAP, or SMTP servers will add a line to the Screening log showing the IP that was granted access if that IP has never been seen before. This aids in debugging access problem.
  • [16567] Ctrl+S|Screening|Hijack Detection has a new setting that includes LAN IPs when limiting Local IPs.  This setting is enabled by default.
  • [16563] Ctrl+S|Screening|Hijack Detection has a new setting that controls whether connections are refused with a 5XX or a 4XX reply code.
  • [15869] Ctrl+U|Other|Quotas - slightly changed wording on first checkbox option to make more clear what it does.
  • [10055] Content Filter will track and log the total number of times a rule was used.  This is tracked as HitCount=XX in CFRules.dat for each rule.
  • [16595] MDPGP: The results header better calculates the FQDN value used within the header data.
  • [16474] When deleting a domain the confirmation dialog will only mention deleting public folders if the option to delete public folders is enabled at F2|Server Settings|Public & Shared Folders.
  • [16634] Several screens had bad tab-order or no tab-order at all and you could never tab from the left-hand tree-view through to the selected right-hand dialog box nor to the OK/Cancel/Help buttons. These matters have been fixed. As part of this work the controls on the F2|Logging|Log Mode had to be reorganized.
  • [13601] Ctrl+A, Ctrl+C, Ctrl+V should now work where appropriate throughout the UI.
  • [16644] The top-level Windows|Composite Log View and the "Activate Composite Log" button within the logging UI will now activate and bring to the top any existing composite log window or create a new one if there isn't one.
  • [16645] Changed composite log window caption to include the names of the items being included in the log.  Note: if you change the items you wish to include in the composite log you will need to close and restart any already running composite log to update the window caption.
  • [16649] Added some descriptive text to New List Member dialog to explain how to use path to arbitrary addrbook.mrk file as list member.
  • [16647] LDAP: ldapcache.dat was caching the sender value needlessly for LDAP lookups. Since this value is ignored when checking the cache during LDAP processing its presence there served no purpose. Future items added to cache will not include this piece and existing items will eventually expire out that currently include it.
  • [16648] LDAP: added checkbox to enable/disable LDAP cache to LDAP options screen and also moved this screen and the LDaemon settings screen out of F2|Server Settings and into Ctrl+U|Active Directory. This is where I want LDAP related settings to live.
  • [16654] LDAP: logging was improved and fixed in a few places. First, the system log gets nothing now.  All goes to the LDAP log tab like it should. Errors are simplified and properly logged. The composite log was not being used properly. Now it is.
  • [16653] LDAP: exporting speed improved and just general improvement to address several things that would just bore you and are internal to my programming style.  Anyway, its better trust me.
  • [16652] LDAP: added checkbox to Ctrl+U|Active Directory|LDAP which lets you use protocol version 3 servers correctly.
  • [16655] LDAP: added checkbox to Ctrl+G|Verification which lets you use protocol version 3 servers correctly.
  • [16661] The SyncML log tab has been removed and replaced with a WebDAV log tab. SyncML functionality has not been removed and its log file can be viewed from disk with Notepad.
  • [16679] ActiveSync log file contains data on day-of-week and milliseconds already but GUI was not showing it. Now it does.
  • [5000] LDAP: Normally when MDaemon exports aliases to an LDAP address book it puts the accounts' actual email address in the CN field (not ideal but a long standing practice).  However, non-alias exports place the accounts' full name value there (more correct). A new checkbox was added to Ctrl+U|Active Directory|LDAP which causes the export process to always put the accounts' full name value in CN (if known). This option is disabled by default to preserve existing behavior.
  • [16705] SMTP server responds with "500 5.0.0 Unrecognized command" (correct) rather than "501 5.0.1 Missing or errant parameters" (technically incorrect) when encountering an unrecognized command.
  • [16732] Moved call to AV update function from MDaemon to SecurityPlus code-base.
  • [16704] Added link and text reminding about free support to "Help|Register your Alt-N products".
  • [16790] Archiving tool uses MDaemon's temp folder now rather then Windows temp folder to solve some access permissions problems.
  • [16795] Work was done to prevent the UI from needlessly refreshing itself when nothing was changed. This was visible as a "flashing" of the tool window pane (especially noticible over remote connections). The items in this window will now only update if something has actually changed.
  • [16579] Added "apply to all accounts" button to New Accounts template Quotas page.
  • [3267] Alt+F2|Domain Manager|Settings has a new control that allows you to specify the maximum number of messages per hour that a domain can send (zero means no limit). Once this limit is reached further messages are left in queue and a line is logged about it to the System log. All counts are reset hourly or on a server restart. This option is only available in MDaemon Private Cloud version.
  • [15148] Alt+F2|Domain Manager|Settings has a new control that allows you to specify the maximum disk space quota for a domain's accounts. This option is only available in MDaemon Private Cloud version.
  • [4442] Alt+F2|Domain Manager|Host Name & IP has a new control that allows you to enable/disable a domain.  When domains are disabled users can no longer send or retrieve their mail and all new messages sent to the domain are rejected with "User Unknown".  This option is only available in MDaemon Private Cloud version.
  • [16814] MDaemon no longer accepts MAIL <forward-path> or RCPT <reverse-path> values which are enclosed in tick marks ( ' chars) or quote marks ( " chars). These forms are not in accord with the standards and although MDaemon accepted and tried to "fix" them in the past they end up causing problems for down-stream modules so they are now refused during the SMTP session.
  • [16833] WorldClient - Added "Verified with key-id <key-id>" information to the message header in the message previews and external message views when the message contained a verified PGP signature.
  • [16836] The version node on the status bar at bottom of UI will show 32-bit or 64-bit.
  • [17086] UI nodes in toolwnd text changed from using "active/inactive" to using "enabled/disabled"
  • [3279] WorldClient - Added support for recurring tasks in the LookOut and WorldClient themes.  The behavior matches that of Outlook.
  • [17100] Added icons for messages with valid DKIM signatures, messages decrypted by MDPGP, and messages signed with an MDPGP key
  • [16297] LookOut and WorldClient themes - Added the ability to accept, accept tentatively, or decline a meeting from the event editor
  • [17125] MDPGP: libraries and binaries updated to latest versions.
  • [17130] Moved cleanup event strings to resources for translations.
  • [6011] WorldClient - Added option to turn off display of the "Share Folder" button in the Options | Folders view and in the folders context menu.  Use HideShareFolderOption=Yes in Domains.ini [Defaults:UserDefaults] to hide for all users.  Setting HideShareFolderOption in the User.ini will override the setting from the Domains.ini
  • [6795] LookOut and WorldClient themes - Added context menu and shortcut key options to delete messages permanently without sending them to the Deleted Items folder.  In the message list context menu (right click menu) choose "Delete Permanently" from the drop down or use "Shift + Del" to permanently delete selected messages.
  • [17203] WorldClient theme - Removed the "Click to add to contacts" in the message preview and external message window, because the user can simply hover and get the "Add to Contacts" option.
  • [17106] LookOut and WorldClient themes - Added an Options | Categories view for editing user categories.  View is available as long as the user setting CanEditPersonalCategories equals Yes
  • [17295] Reversed order of operations to now check IP Screen before Dynamic Screen in order to reduce needless waste of CPU and logging.
  • [17293] Ctrl+U|Autoresponders has a new screen called Attachments. Only paths listed here are eligible to be used within autoresponder scripts.
  • [9291] WorldClient - Added option to turn off display of email address hover context menus in the message preview frame and the external message view.  Use HideEmailAddressHoverMenus=Yes in Domains.ini [Defaults:UserDefaults] to hide for all users.  Setting HideEmailAddressHoverMenus in the User.ini will override the setting from the Domains.ini
  • [17361] Changed message queue right-click menu text from "White List 'To'" to "White List Recipient", "White List 'From'" to "White List Sender" etc. Also message queue tab column header labels were changed from "From" and "To" to "Sender" and "Recipient".
  • [17363] Ctrl+P|Spam Filter|Settings had an option to configure spam score on a DNS-BL match.  This option was removed as it's a duplicate of the same option which appears just a few tabs down on the same screen at Ctrl+P|DNS-BL|Settings.  It also did not store state correctly at times.
  • [17192] MDPGP no longer logs data about messages when MDPGP is completely disabled (this was just wasting disk space).
  • [12944] LookOut theme - added ability to select multiple contacts from the Contacts folder and then send a message to all of them
  • [13360] WorldClient theme - changed the X that saves notes to a floppy disk (save icon)
  • [7722] Added the ability in WorldClient to modify the notes field of a single occurrence of a recurring appointment
  • [17374] Updated to new version of the HTML editor used by WorldClient and Remote Admin (CKEditor 4.5.10).
  • [17504] MDaemon will email the Outlook Connector release notes to the postmaster and global admins when a new version (4.0.0 or newer) is installed on the server.
  • [16807] An ActiveSync client setting has been added that allows iOS clients to be able to send mail using an alias, by returning the logon alias as the user's primary SMTP address.


  • [16520] fix to log file archives sometimes having incorrect files included
  • [16536] fix to MDPGP minor issues and processing bottle-necks
  • [16577] fix to spam filter "no filtering" white list not working for some queue based scans
  • [11768] fix to spam filter "no filtering" white list (and others) not always working properly with encoded header data
  • [15461] fix to MDPGP not reloading domain settings when they change
  • [16634] fix to left-hand tree-view in UI dialogs not accessible via tab key
  • [15223] fix to main menu not immediately available for key-board focus on startup
  • [16639] fix to MDPGP GUI options related to encrypting mail not disabled when services disabled
  • [13217] fix to encoded From and Subject header data lost by CF "copy to" action when destination is a mailing list
  • [16675] fix to X-MDArchive-Copy: header not inserted into messages archived to folder
  • [4926] fix to CF failing to detect and extract attachments in certain emails; also fixed lack of logging of these facts on success or failure
  • [11777] UTF-8: fix to list digests not in proper charset and thus unreadable for some; also simplified and updated logging of results
  • [14380] fix to X-MDAV-Infected header not always listing file names correctly
  • [14382] UTF-8: fix to calendar reminder data not encoding properly
  • [14755] fix to install process errors when moving from older 32-bit versions (< 13.5) to newer 64-bit versions
  • [4503] LDAP: fix to ldap export not automatically happening when enabling/disabling options to do so on Alt+G|Mailing List Settings; also the wording of this option was slightly improved
  • [14855] fix to content filter compressing inbound attachments when not configured to do so; also simplified logging related to compression
  • [16690] UTF-8: fix to incorrect full name sometimes added to contacts when forwarding mails to the special "add to whitelist/blacklist" address
  • [16689] fix to WorldClient - 2FA if a user cancels a new secret request the old secret is deleted, but 2FA remains enabled
  • [16759] fix to Screening log not getting "----------" lines added; wasteful but without this the search function fails to work correctly
  • [16789] fix to LookOut theme - Disable New Email Sound does not stay checked after saving
  • [16779] fix to config session needlessly writing/updating counts within the UI
  • [16796] Minger: fix to gateway "test" button returning "Success - these settings don't work" ROFL (should be "Success - look like it's working")
  • [7176] Minger: fix to minger not properly honoring options to allow over-quota accounts to send mail
  • [16835] fix to status bar at bottom of UI not showing IPv6 address in config session
  • [16785] fix to WorldClient - When setting up 2FA with long user names and long domain names, the bar code will not display
  • [16831] fix to WorldClient theme - When the Company field in a contact contains an apostrophe, the Edit button no loger works
  • [16715] fix to WorldClient theme - Comment field called Note when viewing contact
  • [16714] fix to WorldClient theme - Tab order off/confusing when creating new contact
  • [16856] fix to SPF processing not showing any error text when SPF records setup as errantly recursive
  • [16858] fix to DMARC white list not honoring DKIM/SPF Approved domains list
  • [16869] fix to WorldClient theme - Hitting enter in the text input of the New Folder dialog does nothing
  • [16868] fix to LookOut theme - Options | Folders - Notify checkbox is displayed for non-email type folders
  • [16090] fix to LookOut and WorldClient themes - the date on the day view and week view is incorrect for the Print a list view of calendar events printing format
  • [16668] fix to LookOut theme - Categories - In the Calendary Day View, all day events with a dark gray have the wrong font color
  • [16880] fix to LookOut and WorldClient themes - shortcut key to send email results in the "Are you sure you want to leave this page" alert
  • [16887] fix to LookOut theme - FF 45.0.2 German version forces refresh when clicking on Calendar in folder list
  • [16994] fix to Remote Administration not allowing enough digits for Bayesian Database Tokens field
  • [16971] fix to unable to toggle "Always log to screen" in Remote Administration
  • [16959] fix to unable to select IPv6 addresses for Host or IP Screening in Remote Administration
  • [17039] fix to "Undefined IPs should be..." value always blank on IP Screening page in Remote Administration
  • [17046] fix to forwarded messages not processing by CF rules when configured to do so
  • [17036] fix to creation of mail folders with trailing spaces being allowed
  • [16432] fix to queue status not written to system log when toggled via tool window controls
  • [16912] AD: fix to problems processing user data fields with a single % char in them
  • [17093] fix to errant "save changes first" box when canceling out of public folder manager with no changes made
  • [16849] fix to unable to set "Hide List from Global Address Book" in Remote Administration
  • [16854] fix to Domain Admin gets blank Attachments page in User Editor in Remote Administration
  • [16850] fix to Gateway Editor in Remote Administration not always showing the right value for certain options
  • [16855] fix to labeling error for a page in User Editor for Domain Admins in Remote Administration
  • [17134] fix to LookOut and WorldClient themes - Unable to edit an appointment in Day View due to the inability to select it
  • [16339] fix to LookOut and WorldClient themes - When setting the default contacts view to an alternate folder and then saving it twice, it changes to All Contacts
  • [16998] fix to Remote Administration allows non-local addresses to be added as Spam Honeypots
  • [17198] fix to Remote Administration unable to edit domains with certain special characters in them
  • [17056] fix to some windows display in the wrong size in Remote Administration
  • [17275] fix to LookOut theme - When there are several addresses in the CC field, the CC field will not wrap in the window frame
  • [17349] fix to LookOut and WorldClient themes - If a pdf attachment has spaces before .pdf in the filename the pdf viewer does not work
  • [17312] fix to WorldClient - AutoComplete - When an ampersand is used in a contact that is added as a recipient it shows the HTML encoding
  • [16605] fix to WorldClient theme - Unread view shows read messages after resizing window
  • [17319] fix to various spelling errors found within the product
  • [17316] fix to contacts with mobile numbers being removed incorrectly when UI button used in Account Editor|White List
  • [17180] fix to MDaemon alias sometimes lost or unchanged when primary domain changed (also fixes potential extra MDaemon account created)
  • [17413] fix to Content Filter GUI checkbox for "If the X-MDaemon-Deliver-To HEADER contains" is not checked when editing a rule using that condition
  • [17438] fix to MDaemon account not properly handling some multipart messages sent for learning/addressbook
  • [17442] fix to IP Syntax checker in Remote Administration not accounting for IPv6 addresses
  • [17439] fix to Remote Administration not saving the new default Host Screen entries properly
  • [17453] fix to Remote Administration not saving authorized Outlook Connector accounts properly
  • [17471] fix to CalDAV server does not honor SCHEDULE-AGENT=CLIENT ATTENDEE parameter
  • [17489] fix to possible crash when MDaemon is configured to send mail to a smart host and the smart host address is invalid
  • [17484] fix to unable to save changes to certain actions in the CF Rules in Remote Administration
  • [10012] fix to WorldClient tasks - In the Estimated Work and Actual Work fields, an entered decimal point is not saved
  • [16197] fix to WorldClient - Cannot replace signature image with new image of same name
  • [17461] fix to inconsistencies in MaxPingFolders configuration between MDaemon and Remote Administration
  • [17515] fix to ActiveSync may remove the flag on a message when it is replied to or forwarded
  • [17425] fix to domain specific smart hosts not being used in some situations
  • [17558] fix to accountprune sometimes making empty ZIP archive files; when this happens file will be deleted
  • [17563] fix to when removing a start date from a task in WorldClient the change may not be saved
  • [17540] fix to certain strings not showing up translated in Remote Administration
  • [17292] fix to "Access Denied" error when viewing certain MDAS pages in Remote Administration as a Domain Admin
  • [17586] fix to Remote Administration not showing the correct per-device AS Client Settings values
  • [17468] fix to Cancel button on Support Files Editor in Remote Administration does not close window
  • [17581] fix to Cancel button on Outlook Connector Users page in Remote Administration does not close window
  • [17585] fix to Ctrl+S|Other|BATV two checkboxes in UI not always working properly
  • [16267] fix to ActiveSync clients are sent attachments even when their device policy does not allow attachments if they request message bodies in MIME format
  • [17313] fix to accented characters in the From header of messages sent using iOS ActiveSync clients may be converted to ASCII
  • [17613] fix to hijack detection not always working correctly (allowing too many connections sometimes)
  • [17620] fix to DMARC report recipients may mistakenly be discarded
  • [17619] fix to MDaemon Account Editor truncates an account's smart host password to 15 characters
  • [17627] fix to Help links not working on some pages in Remote Administration
  • [17616] fix to calendar event recurrence end dates are not synced to ActiveSync clients

MDaemon 16.0.4 - July 6, 2016


  • [17293] fix to potential security vulnerability
  • [17285] fix to possible ActiveSync server crash when handling SmartReply request

MDaemon 16.0.3 - June 21, 2016


  • [17065] fix to corrupt attachments when using the 64-bit ActiveSync server
  • [17105] fix to CalDAV/CardDAV parsing error that prevents folders with certain names from being opened
  • [17107] fix to unable to save CF rule in Remote Administration when adding a new search term to an existing rule
  • [17031] fix to Remote Administration hiding Quarantine from Queue Management if SecurityPlus was not installed
  • [17120] fix to max size tag for DMARC RUF report URIs is not removed from receipient email address, which results in a delivery failure
  • [17140] fix to CalDAV service not honoring end date filter in calendar-query request
  • [17018] fix to CalDAV: Meeting invite may not be sent for attendee added to an existing event
  • [16984] fix to LookOut and WorldClient themes - conditions exist to prevent desktop notifications for new email
  • [16851] fix to MD GUI does not allow the "Authorize all accounts upon first access via ActiveSync protocol" option to be turned off
  • [17019] fix to XML API does not save change to user forwarding enabled/disabled
  • [17141] fix to MDMgmtWS.dll fails to load on Windows XP/Server 2003
  • [17090] fix to XML API fails to add user if name contains non-ASCII characters
  • [17178] fix to possible Forward.dat file truncation
  • [16523] fix to smart host port value (if provided) being ignored at times
  • [16476] fix to subfolders of Inbox may show up incorrectly on ActiveSync clients
  • [17073] fix to ACL cleanup routine may erroneously remove group permissions if a group name contains non-ASCII characters
  • [17197] fix to possible ActiveSync server crash when syncing a meeting
  • [17156] fix to Remote Administration not showing the right value for "leave copy on server" in MultiPOP settings
  • [17238] fix to non-ASCII characters in a meeting event are corrupted when it is accepted using an ActiveSync client
  • [16894] fix to non-ASCII characters in meeting attendee names appear corrupt on ActiveSync clients

MDaemon 16.0.2 - May 3, 2016


  • [16479] WorldClient - Added a "Remember Me" option to Two Factor Authentication that remembers the user on the device, so that the user does not have to enter a verification code again for an admin designated period of time on that device.  Admins can designate the time till "Remember Me" expiration in the Domains.ini file under TwoFactorAuthRememberUserExpiration.  The default value is 30 days.
  • [16273] Added "Requeue" button to the Spam Trap Queue in Remote Administration
  • [6781] Global Administrators may now set the Mail Archive path in Remote Administration.
  • [16144] Added some text to UI to explain how to use addrbook.mrk as list member.  This appears when you click the ADD button to add a new list member.
  • [16615] Autoresponder/DND schedules require a start and end date in order to function yet the UI allowed otherwise in previous versions. This UI bug has been fixed. To configure a schedule you have to set these dates. In future perhaps this will be redesigned such that no start date is required (which would mean "the remote past") and no end date is required (which would mean "forever into future") but such changes can not be made at present.
  • [8044] Remote Administration's Group editor now supports Do Not Disturb scheduling.
  • [15566] Remote Administration now hides ActiveSync options from the Domain Manager if AS is globally disabled.
  • [16356] Added ability to sort the Active Sessions list in Remote Administration.
  • [16302] Remote Administration now warns if a local domain is added to Trusted Hosts.
  • [16367] Global Administrators may now disable Two-Factor Authentication for users in Remote Administration.
  • [16805] The ActiveSync server no longer creates duplicate messages when a message is sent to duplicate recipients


  • [16495] fix to WorldClient theme - in IE filter edit can only be used once, after that the user cannot enter text into the input field
  • [16482] fix to LookOut and WorldClient themes - the beginning/end time for All Day Multi-Day events are being shown
  • [16501] fix to All themes - IE9 - nothing happens when you try to upload a document
  • [16510] fix to WorldClient theme - the flagged count is sometimes missing in the message list "view" drop down
  • [16552] fix to CalDAV: Meeting organizer may also receive meeting invite/update message
  • [16555] fix to meeting invitation/update message sent to attendees when a "non-substantial" change is made to an occurrence of a recurring event
  • [16144] fix to CONTACTS:<path>addrbook.mrk not working when space in file path
  • [16617] fix to small GUI issues with Remote Administration's Event Scheduling window
  • [16640] fix to LookOut theme - When adding an invitee by clicking Add From Contacts, the address is displayed incorrectly
  • [16670] fix to LookOut and WorldClient themes - When adding address to Contacts, BlackList or WhiteList an error is generated
  • [16673] fix to unable to add outbound user restrictions in Remote Administration
  • [16680] fix to All Themes - When printing an event, the print preview shows the month value increased by one
  • [16598] fix to defaults and text in Remote Administration's Host and IP Screen pages did not match MDaemon
  • [16709] fix to unable to create Account Templates in Remote Administration
  • [16686] fix to unable to add an image to a signature in Remote Administration
  • [16635] fix to text mismatch between MDaemon and Remote Administration on the AS Clients page
  • [16753] fix to Trusted IPs page always appears to be blank in Remote Administration
  • [16755] fix to Remote Administration throwing an incorrect error after saving a new account
  • [16757] fix to Remote Administration incorrect label on DKIM Settings page
  • [16355] fix to Remote Administration: Sorting by file name is not accurate from Logs | Config Files view
  • [16772] fix to Remote Administration: incorrect ordering of buttons on Copy/Move window in Queue Management
  • [16784] fix to WorldClient - 2FA - Password recovery loop when trying to recover password when 2FA is enabled
  • [16756] fix to MDPGP not reading back into memory rules file changes made via the UI button
  • [16744] fix to subaddressing system not working for folders with _ chars in the folder name
  • [16706] fix to Non-ASCII characters entered in tasks synced via CalDAV are encoded incorrectly
  • [16671] fix to missing dynamic toolbar buttons on Remote Administration's Mailing List Members page
  • [16820] fix to unable to create or edit Shared Folders in Remote Admin
  • [16821] fix to unable to edit "IP Shield Honors Aliases" option in Alias Settings in Remote Admin
  • [16802] fix to LookOut and WorldClient themes - When using the Catalan language, the Personalize settings default to English and Lite
  • [16773] fix to some minor issues with DMARC report generation
  • [14770] fix to MDaemon starts multiple MDSpamD.exe processes on Server 2012 when running as a service with network access credentials entered
  • [16823] fix to WorldClient cross-site scripting vulnerability
  • [16828] fix to possible WorldClient crash when using Two Factor Authentication
  • [16741] fix to certain groups not being recognized as list members
  • [16829] fix to errors with real names of list members who are groups
  • [16838] fix to minor issues on Remote Administration's WC Settings page
  • [16841] fix to Remote Admin unable to add Groups to list membership when Group name includes a space
  • [16867] fix to LookOut theme - Creating a new folder in the Options | Folders view causes an error when Desktop Notifications uses selected folders
  • [16848] fix to unable to add users to groups in Remote Administration
  • [16882] fix to unable to save changes to ACLs in Remote Administration
  • [16883] fix to some Remote Administration options' default values don't match MDaemon
  • [16885] fix to some Remote Administration dequeue settings not matching up with MDaemon
  • [16886] fix to newly created accounts may have the "must change password" option enabled even though it is disabled in the New Accounts template
  • [16890] fix to possible WorldClient.exe crash when a client syncs using CardDAV
  • [16895] fix to unable to remove ActiveSync policies in Remote Administration
  • [16892] fix to possible crash when viewing ActiveSync policies in Remote Administration
  • [16908] fix to crash in MDWebDav.dll when using certain log rotation settings
  • [16909] fix to possible CalDAV server crash when a meeting is changed
  • [16931] fix to unable to synchronize a domain's public calendar or contacts folder via CalDAV/CardDAV with a non-English version of MDaemon

MDaemon 16.0.1 - March 23, 2016

[6781] Instructions below regarding item [6781] advise you to remove the Mail Archive public folder to improve server performance. Doing so however can cause Outlook users who previously had access to the Mail Archive public folder to start sending "Not Read" notifications errantly. To avoid this problem Outlook users with access to the Mail Archive public folder must disable creation of these notifications FIRST - before the Mail Archive public folder is removed - and keep it disabled until AFTER the Mail Archive public folder is removed and Outlook is restarted and/or re-syncs the mail folders. How to disable these notifications probably depends on the version of Outlook being used. For example, in Outlook 2013 the setting is at "Tools|Options|Preferences|E-Mail Options|Tracking Options - Never send a response". So, the process is (1) disable the notifications in Outlook for those users who had access to the Mail Archive public folder then (2) delete (or move) the old Mail Archive public folder structure as you like then (3) restart Outlook or cause Outlook to re-check for new mail (4) reenable the notification settings in Outlook as you desire. This only need be done for Outlook users with access to the Mail Archive public folder. Moving forward, MDaemon will detect and strip out the header(s) which trigger Outlook to behave this way (but only from archived copies of messages).


  • [16621] fix to Content Filter - Attachment Settings page not saving properly in Remote Administration
  • [16643] fix to DMARC "only log when data is found" option being ignored
  • [16646] fix to LDAP/Minger cache file not always returning correct results
  • [16659] fix to archive system not stripping out problematic headers
  • [16660] fix to unable to export accounts or mailing list members via Remote Administration
  • [16662] fix to MDaemon hangs at startup when using an ODBC-connected Access account database
  • [16681] fix to CardDAV server may incorrectly parse telephone and address data submitted by clients
  • [16693] fix to contacts edited by WC or OC since installing MD 16.0.0 are not sent to CardDAV clients
  • [16694] fix to Special Considerations email subject text is not encoded properly
  • [16695] fix to CardDAV is unable to synchronize contacts with line breaks in the FileAs property

MDaemon 16.0.0 - March 8, 2016

[6781] The "Archive to Public Folders" feature has been reworked as it was the cause of a lot of slow performance. No real functionality has been lost but it has been re-designed. You can no longer archive to public folders. Instead, you can now archive to an arbitrary folder of your choice anywhere (as long as MDaemon can access it).  To browse the archive folder use one of your mail accounts (or create a new one) and point its mail folder to the same folder used for the archive (C:\MDaemon\Archives\Email\ is the default). If multiple people need access to the archive then either log into the account and share them with other users or just give the other users the logon/password to the account you used.  All the old archive settings still work but have been simplified. The "Inbound to" and "Outbound from" sub-folders have been shortened to "In" and "Out". MDaemon only archives messages sent /to/ your local users or sent /from/ your local users (or both). Messages just relaying through are not archived by this simple system. Virus and mailing list messages are not archived. The messages that are archived are the ones going into a local user's mail folder and the ones sent by local users but not until each message is in "ready to be delivered" condition.  Note that this means what appears in the archive is what the users see and not necessarily the message as it was when it first arrived at the server.  For example, if a content filter rule adds a header to the message then the archived version has the header.  The old "Mail Archive" public folder is now no longer updated. However, it was left in place so that you can decide what to do with that folder. For example, copy it somewhere else and then delete it - get it OUT of MDaemon's Public Folders directory (please do this as it greatly improves performance of the server for all users). The installation and update process will not do this for you because (a) it would cause the installation process to take too long and (b) it would lead to a wave of "WHERE'S MY ARCHIVE!!  I'M GONNA KILL ARVEL!" heart-attacks for lots of people.  Some changes to the UI at F2|Server Settings|Archiving were required.

[15733] MDPGP: There are numerous draw-backs and much confusion when sharing the same encryption keys across one or more aliases. Aliases should have their own set of keys so that various identities are safely kept separate. Therefore, the option to use or not use aliases has been removed from the UI. If you have special circumstances where you need to preserve previous behavior please add "Aliases=Yes" (without the quotes) to the [MDPGP] section of \App\Plugins.dat and restart MDaemon. Use of aliases creates many problems so this is NOT recommended.

[16324] MDaemon no longer leaves Everyone@, MasterEveryone@, and DomainAdmins@ mailing list .GRP files in the APP folder when the options to use those features are disabled.  Previously, these list files were left in the APP folder even when the features were disabled. This can cause issues because the API assumes the lists are valid if the file exists. So, with this version these files are removed if the features associated with their use are disabled. If you (for some unknown reason) do NOT want these files updated or deleted you can ATTRIB them read-only from the Windows command shell (not recommended). A better approach in such cases would be to create your own lists which can use the same "Send to everyone" macros that these system maintained lists can.

[5044] MDaemon was not honoring the mailing list setting which hides the mailing list from the domain's public contacts folder.  This has been fixed.  When this version of MDaemon starts for the first time any errors in the contact folders related to mailing lists will be corrected.  If a contact is found when it should not be the contact is removed and any missing mailing list contacts are created.  This will trigger re-sync of the contact folder for all devices that are linked to it.

[2524] A fix to a long standing content filter parsing bug could potentially (rarely) lead to the following issue:  In the past, content filter rules which compare the value of a message header would fail to work if the test string being looked for started with a space character.  For example, testing whether a header contained the string ' test ' (note the spaces) would sometimes fail.  This problem has been fixed but it could mean that rules which previously did not match, now might.  Just FYI.

[16214] The "Account can modify the public address book" setting has been removed from Account Editor|Settings and Template Manager|Settings.  Access to any public address book is now managed only through the ACL editor for the specific address book folder in question (including any defaults which will apply to newly created accounts).  As a result of these changes the MD_SetCanModifyGAB() function in the API has been deprecated and changed to do no work (but left in place for backward compatibility).  Also, the CanModifyGAB member of MD_UserInfo structure is now read-only.  Any changes you make to this member will not be saved.  Changes to ACLs are strictly a function of the ACL editor from here forward.

[16230] MDaemon's list engine no longer uses the message-id value of the original list message at all.  Each list message will get the same, single, newly generated message-id.  The mailing list engine makes many changes to the original list message.  Thus it must take ownership and issue a new message-id.  However, the old option to generate a unique message-id per recipient still works but has been disabled by default for new lists and should not be used unless special circumstances require.

[16044] Experimentation has revealed several host screen values which are effective in blocking unwanted connections.  These have been added as defaults to HostScreen.dat for new installs.  Existing installations can rename or remove HostScreen.dat and restart MDaemon (I don't want to overwrite your file myself) to get this new version.

[16274] The default "low disk space value" (the value below which MDaemon believes the disk is running low and starts complaining about it) was changed from 100MB to 1000MB.  Likewise, the "auto-shutoff value" (the value below which MDaemon will disable mail services due to critically low disk space) was changed from 10MB to 100MB.  Please check and change the values at Ctrl+O|Preferences|Disk if they present a problem for you. 

[16404] Minger queries now include the email address (sender) making the request. This allows personal blacklists to be checked. If the sender is on the minger recipient' s personal blacklist then a result of "user unknown" will be returned to the minger client. This change is backward compatible with older minger servers. As a result of this change the LDAPCache.dat file format had to be changed. Your old LDAPCache.dat file has been renamed LDAPCache.dat.old.


[15918] MDaemon Remote Administration (MDRA) GUI Update

The GUI for MDRA no longer uses frames and has been updated to use a mobile first responsive design.  Browser supported is limited to IE10+, the latest Chrome, the latest Firefox, and the latest Safari on Mac and iOS.  Android stock browsers have been known to have issues with scrolling, but Chrome on Android devices works well.

This design is based entirely on the size of the window being used.  Whether the user is on a phone, tablet, or PC, the appearance is the same for the same window size.  The most important change here is the menu.  From 1024 pixels width on down the menu is hidden on the left side of the browser.  There are two methods that can be used to display the menu.  If a touch device is in use, swiping to the right will show the secondary menu.  Whether or not the device is in use, there is also a "menu" button in the top left corner that will display the secondary menu.  Tapping or clicking the menu title with the left arrow next to it at the top of the menu will display the primary menu.  The help, about, and sign out menu in the top right corner changes based on the width of the screen as well.  From 768 pixels up shows the words Help, About, and Sign Out, from 481 pixels to 767 pixels only displays the icons, and 480 pixels or less displays a "gear" icon which when clicked or tapped will display a drop down menu with the Help, About, Sign Out options.  List views with more than one column have column on/off buttons that are accessed by clicking or tapping the gray right arrow button on the far right of the toolbar container.  The settings pages are no longer designed to be exact copies of the MDaemon GUI, but are instead designed to reposition and resize based on the width/height of the browser.

[16095] SPAMBOT DETECTION (MDaemon PRO only)

A new feature called Spambot Detection has been added to Ctrl+S|Screening. This feature tracks the IP addresses that every SMTP MAIL (return-path) value uses over a given period of time. The idea is that if the same return-path is used by multiple IP addresses (more than can be expected from typical user device switching) and all within a short time frame this may indicate a spambot network at play. Of course, it may also indicate totally legitimate use of the mail system (there are no rules against what this feature detects). Nevertheless, experimentation has shown that this can be effective in limited cases at detecting a distributed spambot network as long as the same return-path is utilized throughout.  If a spambot is detected the current connection talking to it is immediately dropped and the return-path value is optionally blacklisted for a length of time you specify.  You can also optionally blacklist all the spambot IPs then known for a user-defined period.  This feature can be enabled at Ctrl+S|Screening.

[10729] CARDDAV (MDaemon PRO only)

Support for synchronizing contacts via the CardDAV protocol has been added.  Notable CardDAV clients are Apple Contacts (included with Mac OS X), Apple iOS (iPhone), and Mozilla Thunderbird via the SOGO plugin.

Note: As of OS X 10.11 (EL Capitan), the Apple Contacts application only supports a single collection/folder.  When the CardDAV server detects the Apple Contacts application, it will only return the authenticated user's default contacts folder.  In addition, OS X 10.11 (EL Capitan) has a known issue that prevents a CardDAV account from being added using the "Advanced" view of the dialog.

To configure clients that support RFC 6764 (Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV)), only the server address, username, and password should be required.  Apple Address Book and iOS support this standard.  DNS records can be setup that point to the client to the correct URL.  When a DNS record has not been configured, clients query a "well-known URL", which in the case of CardDAV is /.well-known/carddav.  WorldClient's built-in web server has been updated to support this well-known URL.

Clients that do not support automatically locating the CardDAV service will require a full URL.

  • A user can access any of their own addressbooks.
    • The "addressbook" directory is a shortcut to the user's own default addressbook.
      • http://{server host name}/webdav/addressbook - logged in user's default contacts folder
      • http://{server host name}/webdav/addressbook/friends - the logged in user's "friends" contacts folder
      • http://{server host name}/webdav/addressbook/folder/personal - the logged in user's "personal" contacts folder that's in a "folder" subfolder
  • A user can access shared folders of another user which they have access to.
    • The "contacts" path is a shortcut to shared contact folders.
      • http://{server host name}/webdav/contacts/company.test/user2 - user2@company.test's default contact folder
      • http://{server host name}/webdav/contacts/company.test/user2/test - user2@company.test's "test" contact folder
  • A user can access public folders, that they have access to.
    • The "public-contacts" path is a shortcut to public contact folders.
      • http://{server host name}/webdav/public-contacts/company.test - domain's default contact folder
      • http://{server host name}/webdav/public-contacts/test - "test" contact folder in the root of the public folder hierarchy

Note: When an item is submitted from a CardDAV client, the full vCard data submitted is saved.  The data is saved as .vcf files in a "_DAV" subfolder.  When the item is later sent to an CardDAV client, this data is merged in with the data that the server generates.  This allows the server to persist unsupported and custom properties.  A new "PersistentData\DAVDataFile" node was added to the addressbook.mrk file.  The API has been updated to delete these files when an item is deleted.

Before reporting issues, please enable debug logging and the option to log HTTP messages and reproduce the issue.  This can be done via the configuration dialog, or by adding the following to the WorldClient.ini file.


Warning: Special care should be taken if testing the OutlookDAV client. OutlookDAV only supports the default MAPI profile. If multiple MAPI profiles exist, the client may issue delete commands to the server for all of the items that were returned by the server. 


WorldClient users who enable Two Factor Authentication will be required to enter a verification code before they can log into WorldClient or Remote Administration. This feature is designed for any client that supports Google Authenticator.


MDaemon now ships with an XML over http(s) based API. The result of this is that MDaemon Management clients can be written using any language on any platform that can make http(s):// post requests to the server. In MDaemon Pro, this is only available to authenticated Global Admins, while in MDaemon Private Cloud, a subset of the available operations are accessible to authenticated domain admins as well. The API also produces a website with documentation on the API specification. The installation default is to have it installed at http://servername:RemoteAdminPort/MdMgmtWS/, however, this can be set to any url for the sake of additional security.

The available operations include ...
  • Help
  • CreateDomain
  • DeleteDomain
  • GetDomainInfo
  • UpdateDomain
  • CreateUser
  • DeleteUser
  • GetUserInfo
  • UpdateUser
  • CreateList
  • DeleteList
  • GetListInfo
  • UpdateList
  • AddDomainAdministrator
  • DeleteDomainUsers
  • GetDomainList
  • GetVersionInfo
  • GetQueueState
  • GetServiceState
  • SetAddressRestriction
  • GetAddressRestriction
At this time, command line management clients have been written/tested in Javascript, Powershell, VBScript, C, C++ and Visual Basic. A simple HTML and Javascript test site has been used as a proof of concept for a web based management console that operates within several popular browsers. While not tested yet, it is fully expected that this API should work fine from web servers using PHP, Perl, and other development platforms.


MDaemon now ships with an ActiveSync protocol based Migration Client (ASMC.exe). It supports migrating mail, calendars, tasks, notes, and contacts from ActiveSync servers that support protocol version 14.1. Documentation for it can be found in \MDaemon\Docs.


  • [16135] Installer will default country field to United States [US].
  • [16236] UI will strip leading and trailing white-space when entering registration keys.
  • [13099] F2|Server Settings|DNS has a new option that reloads DNS settings hourly.
  • [14046] All references to "company.mail" have been changed to "company.test" to comply with RFC 6761
  • [16172] If Ctrl+U|Active Directory|Authentication has the Verbose AD Logging switch enabled MDaemon will now log any AD error messages to the Active Directory tab/log.
  • [16191] Ctrl+S|Sender Authentication|SMTP Authentication screen has been slightly reworked.  The option to exempt authenticated sessions from the IP Shield was a duplicate of the same option found on the IP Shield screen and this duplication was causing a UI bug so it was removed (it is still present on the IP Shield screen).  Also, some warning text around certain options was added to this screen. 
  • [15582] The New Accounts template within the Template Manager has an "Account must change password" option which is disabled by default. You can enable this behavior using a new checkbox in the Template Manager.
  • [16166] The Account Manager has a filter to show only accounts with autoresponders enabled.  This filter's logic has been changed to show only accounts with (a) ACTIVE autoresponders working right now and (b) autoresponders scheduled to become active some time in the future (autoresponders scheduled to END in the past are not shown).
  • [16158] The Authentication failure notification had its Subject shortened to "Authentication Failures: ..." and now includes a column showing the actual logon value used (which may be different from the account's email address) and also a Notes column which shows (a) any comment about the IP from Trusted IPs list (b) EHLO, PTR, and MAIL lookup results as they would appear in Authentication-Results (if any - sometimes these features are turned off or bypassed).
  • [16144] Mailing lists may now include the public contacts of any of your domains (or any addrbook.mrk anywhere really) as members.  When you use the UI to add a member you will be shown a dialog box with the syntax to use.  Basically, this type of member looks likes this in the list's .grp file: CONTACTS:altn.com. This example means that when someone sends a message to the list then all members of altn.com's public contacts will receive a copy (unless CONTACTS:altn.com is flagged READ-ONLY of course). Also, contacts which are themselves mailing lists are ignored.
  • [15952] Added a new condition to the content filter which does a comparison of the "return-path" email address to the email address within the "from" header and returns TRUE if they are the same.  NULL return-paths and messages with List-ID headers always return FALSE. Take care with any action you take based on this test because there is no requirement that these values match and they very often will not match.
  • [7611] Increased the length allowed for mailing list names when creating or renaming them.
  • [5472] CF conditions which search text files for words or match against headers etc will log the matching (or missing) items.
  • [15620] Ctrl+F|Content Filter|Recipients has a new checkbox which restricts ALL notifications sent by the CF to local domains only.
  • [10843] Ctrl+T|Template Manager|New Accounts|Mail Services has a button to apply settings to all accounts (such a button is needed lots of other places too but isn't there yet). Also, this screen was slightly rearranged to work and look better.
  • [16143] Alt+G|Mailing List Settings has a new checkbox which controls whether the 'Everyone' lists are included in the Accounts|Exporting operations.
  • [16139] F2|Server Settings|Sessions has a checkbox for smart spooling (its not new, just this checkbox is) and a white list for smart spooling.
  • [16129] Improved internal startup procedure (should startup safer).
  • [16122] The over quota SMTP response strings now includes the email address in question.
  • [16134] Ctrl+S|Sender Authentication|DMARC Reporting has a new edit control where you can specify additional email addresses to which copies of all DMARC aggregate and DMARC failure reports are sent (fo=0 or fo=1 only).
  • [16059] MDPGP: numerous strings were set up for translation.
  • [16152] MDPGP: you can now specify keysize and expiration for keys which MDPGP generates using controls added to the MDPGP UI.  Keysize is either 1024, 2048, or 4096 and expiration is given in number of days from creation date (0 = never expires).  Defaults are 2048 bit keys that never expire.
  • [16107] MDPGP: text/calendar messages will have MDPGP commands (--pgps for example) stripped from the SUMMARY field within the message body. But, this can't be done until after MDPGP is able to process the message. This leads to a sort of chicken-and-egg issue resulting in the following: It is not possible to remove the commands from YOUR (the requesters) calendar because this is put on your calendar out-of-band. However, your invitees will not see it on their calendars. I hope this isn't a problem.
  • [16153] Within DELUSER.SEM, if you end the line with a ^ char the account's mail directory will NOT be removed (so arvel@altn.com^ for example).
  • [16114] Some changes were made to speed up the Mailing List Manager load times.
  • [9551] Added whitelist to F2|Server Settings|Archiving so you can exempt certain senders and receivers from being archived.
  • [16043] The IP Screen statistics node in the UI was previously the sum of IP Screen and Host Screen refusals. Host Screen now has its own statistics node.
  • [16066] Content filter logging now shows any actions taken by the rule.
  • [15993] WorldClient will display some results of MDPGP operations. This required slight changes to MDPGP-Results header.
  • [16026] Added warning when trying to add local domains to Trusted Hosts as this potentially circumvents authentication requirements.
  • [11499] Updated FileList.dat (for Remote Admin) with several new data file entries (RcptBlackList.dat, SenderBlackList.dat, HostScreen.dat, and PFData.dat).  Also removed RFC822.MBF from FileList.dat. Users are not able to change that file.
  • [14779] Changed DMARC UI reference of "Junk E-Mail" to "spam" folders to be consistent with other places in UI.
  • [15691] Alt+G|Mailing List Settings has new option to not send copy of list posts to the original poster.
  • [10613] Ctrl+U|Other|Quotas has two new controls that let you configure the subject header text used in over and near quota email warnings sent to users.
  • [15712] Improved readability of MDPGP error/exception details.
  • [5291] BIS, Free/Busy, and WCIM services all require WorldClient so UI will attempt to start WorldClient if appropriate.
  • [15201] Added "-p <portnumber>" to MDSpamD startup process for reliability (the port used is the one configured in MDSpamD settings)
  • [7208] Added Groups to the Account Templates.  Please do not add a group to a template when the group has itself specified a template.
  • [15731] MDPGP: updated to latest encryption library version which incorporated many small under-the-hood type fixes
  • [15735] MDPGP: dll now uses MDaemon's version rather than its own
  • [15833] Remote Administration - updated the charts to use the latest FusionCharts version.
  • [15832] Remote Administration - updated the login page to a responsive design
  • [15898] LookOut and WorldClient themes - Increased the clickable area to expand and collapse the attachments list to include the %Number% Attachment(s)
  • [15907] MDPGP: added option to allow foreign users to request public-keys via email.  If enabled, others can send an email to your "MDaemon@<mydomain.com>" with the usual "--pgpk<email address>" as the subject.  If a public-key for <email address> exists it will be emailed back to the requester.  This option is disabled by default.
  • [15736] MDPGP: Library version will be logged to the plugins log on startup
  • [15991] Improved status indication when renaming a domain
  • [10674] Added the ability to import ics files to the default calendar in WorldClient and LookOut themes
  • [15900] Quota reports are now processed by the content filter if the option to send system messages through the content filter is enabled.
  • [16093] Ctrl+O|Preferences|Miscellaneous has new option (disabled by default) to send forwarded messages through the content filter (or not).
  • [16047] Ctrl+S|Screening|HiJack Detection has a new option which limits the number of devices (unique IP addresses) that can connect within X minutes.
  • [16094] Frozen accounts are no longer needlessly added to dynamic screen due to failed AUTH attempts.
  • [15990] Domain sharing host names are treated as host names for delivery purposes (no MX lookups).
  • [15690] Wildcards and CIDR notation are now allowed in DynamicScreen.dat entries.
  • [3676] MDaemon will no longer ignore list subscription requests which arrive while MDaemon is waiting for confirmation from a previous subscription request.
  • [15993] Added MDPGP-Results header string to Lite, LookOut, and WC themes. Expanded header only for LookOut and WC themes.
  • [15746] F2|Server Settings|Binding had an option called "Enable outbound IP binding for domains using inbound IP binding". It has been renamed to simply "Enable outbound IP binding" to reflect how it's used.  If outbound IP binding is enabled, outbound connections are bound to the domain's inbound binding IP if inbound binding is enabled, otherwise they are bound to the default outbound IP if it has been set.
  • [16200] Added HTTP Strict Transport Security (HSTS) support to WDaemon.  In order to enable it add UseHttpStrictTransportSecurity=Yes in the [SSL] section of WorldClient.ini and/or WebAdmin.ini.
  • [16220] RAW system increased header line length to RFC max (1000 chars).
  • [16231] Added warning text when enabling the DMARC failure reporting option as a reminder that headers are included in the reports that option generates.
  • [16268] Changed logging of details when CF signs a message with DKIM to make consistent with rest of MDaemon.
  • [16289] and [15603] IP/Host/Dynamic screening log entries will now include some additional information for debugging purposes.
  • [16290] Several additional SMTP strings were updated to include more information for debugging purposes.
  • [16296] MDPGP: replaced "Hide local" checkbox with two checkboxes that show keys for local and/or remote users.
  • [16269] Reworked virtually all Shared Folder code in Remote Administration to improve support for nested folders and ACL management
  • [15933] MDPGP: When using the --pgpe to send encrypted mail and encryption fails for some reason (for eample, no encryption key found) then a notice of this can be emailed back to the sender.  This behavior is disabled by default but can be enabled using a new checkbox in the MDPGP UI.
  • [16357] Added X-Frame-Options: SAMEORIGIN header to MDaemon's built-in web server
  • [15450] Reduced the height of WorldClient theme list view items for window widths of 1024px and greater
  • [16109] Added message for user when user attempts to go to the password recovery page without entering their user name
  • [16217] LookOut and WorldClient themes - AddressBook - Added green color to any previously selected email or fax, so that the user does not have to remember which emails or faxes they have already chosen
  • [15709] LookOut and WorldClient themes - desktop notifications - added the ability to choose which folders to receive new email notifications about, as well as an option to disable the sound, and the ability to choose a sound from a list of options.
  • [10782] Minger: server better validates input email address form and returns invalid result for invalid email address forms
  • [16406] Minger: better logging will now detail outbound requests as well as inbound requests
  • [12440] WorldClient - Added the ability to download an attachment that has been attached to a message in the Compose or Compose Attach view.  Simply click the file name.
  • [16287] LookOut and WorldClient themes - Added context menu options to Import/Export Contacts/Events for users' contact and calendar folders in the folder menu.
  • [6758] WorldClient - Added additional fields to be searched for the contacts view, Business Phone, Home Phone, Mobile Phone, Department, and Title.
  • [16422] Added X-XSS-Protection: 1 header to MDaemon's built-in web server
  • [15441] The name of the WorldClient compose page button that saves a draft is now "Save" instead of "Send Later".
  • [16286] WorldClient's calendar import page is able to import iCalendar (ICS) files in addition to CSV files.
  • [15834] LookOut theme - moved Empty Trash, Delete All, and Mark All Read to the bottom of the folder context menu to match up with WorldClient theme.
  • [6009] LookOut and WorldClient themes - added a "leave this page" confirmation for the compose view
  • [5972] Lite and LookOut themes - added an icon to indicate that an event is a recurring event in the Event Details view (CalendarAdd view)
  • [5632] LookOut and WorldClient themes - added display of start and end time for multi-day events in Day, Week, and Month views.
  • [9701] Lite, LookOut, and WorldClient themes - added the ability to cancel an attachment upload in the Compose and Compose-Attach views
  • [15827] LookOut and WorldClient themes - added the contact picker for use with the email forwarding field under Options | Personalize
  • [7669] LookOut theme - added onhover indicators for the buttons
  • [15494] LookOut and WorldClient themes - added an 'Add to Contacts' option to the contact hover popup menu in the message preview pane and the external message window. Clicking this will add the contact to a user's default contacts folder.
  • [15612] LookOut and WorldClient themes - added ability to collapse and expand folders in the Copy/Move dialog
  • [16401] After installation, MDaemon will send an email to the postmaster and all global admins which contains the Special Considerations sections from the release notes file (for all versions present in that file).
  • [16457] Updated to the latest version of the HTML editor used by WorldClient.
  • [8780] Added Mailing List Support Files editor to Remote Administration


  • The background maintenance for MDAS is now fully encapsulated into MDASMgmt and the code is no longer in MDaemon.exe. It runs once daily at midnight local time. If you are not running ActiveSync and wish to disable all ActiveSync Mgmt Module code in the MDaemon UI, you can run "regsvr32 /u MDASMgmt.dll" from the MDaemon App directory.
  • Enforce Protocol Restrictions is now an inheritable setting (Global/Domain/User/Client). This is so particular problem clients can be restricted without restricting an entire class of clients. [*]::EnforceProtocolRestrictions
  • Bandwidth Reset Day is now an inheritable setting. This is so it can be set to coincide with a user/client's Wireless Carrier billing reset date. [*]::BandwidthResetDOM
  • The global setting to enable ActiveSync on all domains by default is migrated to AirSync.ini as [System]::EnableDomainsByDefault
  • The flag to automatically provision ActiveSync users has been migrated to AirSync.ini as [System]::AutoProvisionUsers
  • The specific setting to archive WbXml now prompts with a message box to make the admin aware that it is not needed unless specifically requested by ALT-N, since any wbxml that cannot be decoded is automatically archived if Auto-diagnostics is enabled (the default).
  • The Domain Mgmt and Client Mgmt dialogs now support resizing so that if you wish to view list data with more available space, it can be viewed more completely
  • Help has been implemented in all ActiveSync dialogs.
  • [11852] ActiveSync clients can now send mail to WorldClient-based Personal Distribution Lists. The list must be maintained in WorldClient and cannot be edited on the client. Upon sending mail to the PDL, the ActiveSync server will automatically re-address the mail to the list members prior to queue submission.


  • [2122] fix to ODBC list error when member lacks '@domain' in email address
  • [16224] fix to $MAILBOXFIRSTCHARS(x)$ only expanding to x-1 characters
  • [16148] fix to UI crash when pressing ESC key in various places
  • [16155] fix to bug allowing disabled users to receive list posts if list used macro to expand members
  • [11960] fix to groups not being honored by mailing lists if underscore character used in group name
  • [2324] fix to CF not seeing all addresses in TO header for certain conditional tests
  • [14731] fix to AD monitoring system computing improper mailbox values for newly imported accounts at times
  • [15572] fix to disk space checking system not working for drives over 2TB
  • [15722] fix to inconsistent key-id logging during encrypting/decrypting operations in rare cases
  • [16142] fix to MDPGP emailing wrong key after key creation when user has multiple keys on keyring
  • [16141] fix to MDPGP results header not having consistently correct values for key-id
  • [15972] fix to MDPGP errant exception logged when sending mail to self for signing
  • [16010] fix to subject for changed occurrence read from iCalendar data may be blank
  • [15935] fix to WorldClient theme - when clicking "Add to Blacklist" without the header expanded, the address is not added to the blacklist correctly
  • [16039] fix to empty root mail folder left behind on domain rename at times
  • [16037] fix to domain rename + apply not updating listbox with correct domain name
  • [15847] fix to "New Accounts" errantly written to accounttemplates.dat file for non-English installers
  • [15886] fix to some account settings not immediately being saved when accounts created via the UI
  • [16116] fix to MDPGP key expiration date in UI not correctly displayed in some cases
  • [16140] fix to MDPGP fails to decrypt certain oddly formed GnuPG messages
  • [16136] fix to account settings not returning to New Account Defaults template settings when removed from group control
  • [16175] fix to potential crash issue in API
  • [16097] fix to several places where domain names were not updated when changing domain names
  • [16208] fix to LookOut and WorldClient themes - wrong email address being placed in address field from address book
  • [16227] fix to LookOut and WorldClient themes - PDF browser preview link missing for pdf files that do not have a content-type of "application/pdf"
  • [14593] fix to CF action that assigns a DKIM selector not working properly in all cases
  • [16265] fix to main window caption not updated with new IP value when it is changed in UI
  • [16254] fix to CFEngine hang when processing multi-part RAR files
  • [16292] fix to MDPGP UI saying key creation for specific user failed when it didn't
  • [12274] fix to System log not showing results of stats DB compact at times
  • [16306] fix to enabling "Everyone" mailing lists not always working properly from config session
  • [16350] fix to CardDAV: Unable to upload new contact from Android using "CardDAV-Sync" client
  • [16168] fix to LookOut theme - the Japanese word for "Documents" is displayed vertically on the add attachment view
  • [16211] fix to "ComAgent" written to startup group rather than "WorldClient Instant Messenger"
  • [16187] fix to LookOut and WorldClient themes - email format is not preserved when creating a task from an email message
  • [10306] fix to Domain Sharing not sending mail to other domain sharing host if that same host value configured as the domain's smart host in some configurations
  • [16426] fix to meeting attendee names may be corrupted in Outlook Connector after MDaemon processes a meeting response
  • [16448] fix to Remote Admin - Cannot enter CIDR notation with 16 characters in IP Shield
  • [16387] fix to non-ASCII text in UTF-8 messages may not display correctly in ActiveSync clients
  • [16312] fix to attachments of certain messages may not appear in ActiveSync clients
  • [16394] fix to recurring appointments created in WorldClient may appear to have an extra occurrence in ActiveSync clients
  • [16272] fix to calendar items created on Windows Phone may not be synced to the server if the ActiveSync account is not set to use push
  • [16480] fix to possible high CPU usage MDaemon hang when processing local queue
  • [16493] fix to Remote Admin not using HTTPS for Google Analytics when it was loaded using HTTPS
  • [16374] fix to Remote Admin not showing correct default Public Folder rights in all cases
  • [16502] fix to end users shouldn't be able to set their own account state in Remote Administration
  • [16485] fix to WorldClient Instant Messenger's installer might start it up at the wrong time, possibly causing a prompt to reboot after an auto-update.
  • [16288] fix to CalDAV: Unable to create meeting requests in Mac OS X Calendar application
  • [16499] fix to ActiveSync error when attempting to open an attachment on a message that has an HTML body but no plain text body
  • [16507] fix to ActiveSync server does not honor the setting to refuse messages sent from over quota accounts
  • [16508] fix to certain message attachments might be missing on Android ActiveSync clients
  • [16477] fix to subfolders of Inbox created on an ActiveSync client may not sync to the server
  • [16466] fix to ActiveSync menu options are checked on but do not work after install
  • [16527] fix to possible ActiveSync server crash when a client tries to create a subfolder of a public folder without having permission
  • [16534] fix to WorldClient log tab in config session UI does not refresh without clicking away and back

MDaemon 15.5.3 - December 15, 2015


[16132] Ctrl+S|Sender Authentication|DMARC Reporting GUI allowed invalid/incomplete email address values for the Contact Email field.  You must use a complete email address here.  If you currently do not have a valid full email address then no DMARC reports will be generated until you fix it.


  • [3408] The content filter can now check for restricted files inside of RAR attachments in addition to ZIP attachments.


  • [16048] fix to WorldClient and LookOut themes - Calendar - When clicking Move without selecting a folder, the event is removed
  • [16049] fix to JavaScript error in Remote Administration's Mailing List Editor
  • [16054] fix to Lite theme -  Unable to add a contact to the To, CC, or BCC fields when composing a message
  • [16058] fix to Virtru - WorldClient and LookOut themes - files that are dragged and dropped in the compose view are corrupted if Virtru is enabled
  • [16065] fix to Mobile and Lite themes - Messages with Invalid HTML break the Message view
  • [16064] fix to Content-Type of message attachments uploaded to WorldClient may be truncated
  • [16057] fix to STARTTLS Required List does not work for incoming connections
  • [16012] fix to LookOut and WorldClient themes - advanced search for unread messages with "All" selected as date range returns no results
  • [15381] fix to formatting inconsistency when displaying disk usage in Remote Administration
  • [16073] fix to WorldClient login failure message when Do Not Disturb is active
  • [16028] fix to LookOut and WorldClient themes - When you re-order columns from within the message list, the change reverts back to the previous setting
  • [15750] fix to LookOut and WorldClient themes - issue with displaying details section within an event created in OL 2013
  • [15953] fix to possible error when accepting meeting request using ActiveSync
  • [16018] fix to messages sent via ActiveSync from an alias may have From address changed to account's actual email address
  • [16076] fix to BlackBerry 10 ActiveSync client may stop syncing Inbox
  • [16083] fix to possible cause of Outlook using ActiveSync needing to re-sync
  • [16013] fix to Outlook using ActiveSync may not be able to open PDF attachment
  • [14929] fix to rights inconsistency between IMAP Rules and Edit Forward permissions in Remote Administration
  • [16089] fix to LookOut theme - MS Edge does not support showModalDialog, so dialogs do not load
  • [16038] fix to option that centers MDaemon UI dialogs not working
  • [16105] fix to LookOut theme - inline message preview unable to delete more than one message
  • [16092] fix to categories on PIM items are not removed from ActiveSync clients when all are removed using WorldClient
  • [14372] fix to notes created in WorldClient have blank subjects on iOS ActiveSync clients
  • [15157] fix to Remote Administration allowed ACLs to be set up for accounts that did not exist
  • [16056] fix to problems when certain special characters are used in Public Folder names in Remote Administration
  • [16118] fix to confusing behavior of "New" button in Remote Administration's Shared Folder view
  • [16126] fix to DMARC envelope_from not being domain only (was whole email address)
  • [16127] fix to DMARC aggregate report having wrong start/end dates
  • [16133] fix to wrong SPF domain reported in some cases within DMARC reports, logs, and header
  • [16137] fix to WorldClient SSL dialog in the MDaemon GUI does not open with the correct certificate selected
  • [16124] fix to error sending message using ActiveSync if a recipient's name contains Japanese characters
  • [16173] fix to ActiveSync server unable to perform a full wipe on an iOS device
  • [13058] fix to Remote Administration misreporting free space on disks larger than 10TB
  • [16202] fix to enabling/disabling ActiveSync for a domain may not take effect until the web server is restarted

MDaemon 15.5.2 - November 3, 2015


[15968] The ActiveSync server now denies access to accounts whose mail directory is inside of the public folder directory.


  • [15761] MDPGP: --pgpx mode will now bounce if no key on key-ring found for encryption and log a failure message if encryption cannot be performed.
  • [15895] Info about ActiveSync port requirements has been moved from a popup to the ActiveSync server configuration dialog.


  • [14407] fix to WorldClient and LookOut themes - not displaying message with attachment of Content-Type: \"application/pdf\"
  • [15856] fix to WorldClient theme - creating a folder with the "plus" button always results in an email folder
  • [15878] fix to All Themes - if an admin has language selection turned off, the "Forgot Password" link on the logon page does not work
  • [15887] fix to error message pops up when creating the first WorldClient SSL certificate in the MDaemon GUI
  • [15896] fix to update checker may not tell users of beta versions that an update is available once it has been publicly released
  • [15906] fix to CalDAV: private calendar event details are not hidden when a shared calendar is viewed
  • [15870] fix to MDPGP affixing signature to encrypted messages needlessly
  • [15689] fix to unable to access certain Active Sync pages in Remote Administration as a Domain Administrator
  • [15909] fix to broken link for Active Sync page for end users in Remote Administration
  • [15868] fix to MDPGP not decoding subject text before checking it for commands
  • [15720] fix to [trash] macro not working with advanced forwarding options
  • [15876] fix to contact categories are not synced to ActiveSync clients
  • [15894] fix to ActiveSync server crash when parsing certain recipient addresses
  • [15901] fix to ActiveSync server does not support UNC paths
  • [15902] fix to ActiveSync client may not be able to download message attachments
  • [15905] fix to non-ASCII characters in the subjects of messages downloaded via ActiveSync may display as question marks
  • [15914] fix to invalid Birthday or Anniversary dates may cause issues with certain ActiveSync clients
  • [15955] fix to Outlook 2013 may hang after downloading a message that does not contain a Date header using ActiveSync
  • [15942] fix to Outlook 2013 may hang after downloading TNEF meeting requests using ActiveSync
  • [15957] fix ActiveSync message Preview element may not contain proper UTF-8
  • [15944] fix to possible ActiveSync server crash
  • [15930] fix to non-ASCII characters in messages sent using ActiveSync may be replaced by question marks
  • [15926] fix to meeting attendees that do not have valid email addresses are not synced to ActiveSync clients
  • [15922] fix to ActiveSync PIM searches may return incorrect results
  • [15903] fix to ActiveSync performance issue on extremely busy servers
  • [15953] fix to possible error sending meeting response using ActiveSync
  • [15977] fix to calendar items may be created without start or end times using ActiveSync
  • [15962] fix to meeting planner does not receive a response for a meeting created in WorldClient after the invitation is accepted in Outlook
  • [16027] fix to message attachment filename containing non-ASCII characters may cause Outlook 2013 to hang when downloaded using ActiveSync

MDaemon 15.5.1 - October 6, 2015


  • [15771] The LookOut theme's Advanced Search date option "All" is enabled by default, to match the WorldClient theme.
  • [15786] Moved CalDAV configuration menu item to root on the Web & IM Services dialog.


  • [15623] fix to some task properties are lost when a task created in WC is edited via CalDAV
  • [15730] fix to PIM items created on certain ActiveSync devices may be duplicated on the device
  • [15598] fix to LookOut and WorldClient themes - IE - When copying a message it is slow to load the destination folder list
  • [15664] fix to LookOut theme - advanced search may fail after doing a quick search that returns no results
  • [15613] fix to LookOut and WorldClient themes - Long folder names are not wrapped properly in the copy/move folder selection window
  • [15740] fix to LookOut theme - IE8 - Unable to use the Send Now button in the compose view
  • [15708] fix to Mobile theme - Windows Phone 8.1 requesting attachments results in invalid session cookie
  • [15744] fix to Minger lookups in SMTP sessions from WorldClient may fail if outbound socket binding option is enabled
  • [15160] fix to LookOut and WorldClient themes - filters containing non-ASCII characters do not appear correctly
  • [15748] fix to ActiveSync server crash when public folder syncing is enabled but public folders are not enabled in MDaemon
  • [15749] fix to possible ActiveSync server crash when client sends invalid data in sync request
  • [15724] fix to sign out link missing in MDaemon Remote Administration web UI when using the Microsoft Edge browser included in Windows 10
  • [15725] fix to reports are not displayed in MDaemon Remote Administration web UI when using the Microsoft Edge browser included in Windows 10
  • [15757] fix to CalDAV: Timezone names in iCalendar data are not properly UTF-8 encoded.  This may cause events from the server to not appear on the client.
  • [15758] fix to CalDAV server does not honor "Enable Public Folder" and "Enable Shared Folder" switches
  • [15764] fix to LookOut and WorldClient themes - Searching based on same beginning and end date results in end date being ignored
  • [15762] fix to high memory and CPU usage when large messages are downloaded via ActiveSync
  • [15774] fix to LookOut and WorldClient themes - When creating new task, note, or event from a message, accented characters are displayed incorrectly
  • [15778] fix to MD GUI does not save CalDAV log level setting correctly
  • [15781] fix to ActiveSync Last Logon Time not being read properly
  • [15785] fix to enabling XML archiving in the ActiveSync Log Viewer not working
  • [15790] fix to CalDAV: MDaemon account full name that contains non-ASCII characters is not properly UTF-8 encoded.  This may prevent the account from being able to synchronize.
  • [14996] fix to Remote Administration's IP Syntax checker not allowing for CIDR notation on screens like IP Screening
  • [15801] fix to iCalUID for calendar event exported from an Outlook Connector TNEF message file may contain invalid data in the calendar.mrk file.  This may prevent the event from syncronizing with a CalDAV client.
  • [15810] fix to CalDAV: multiget report performance is poor as it loads the calendar.mrk file too often.  If a client issues multiple multiget requests, an error may occur because the calendar database file cannot be locked.  Thunderbird/Lightning request items via the multiget report.
  • [15773] fix to non-ASCII characters in particular HTML messages may not display correctly in WorldClient
  • [15751] fix to ActiveSync server may fail to start up on Windows Server 2008/Vista
  • [15756] fix to ActiveSync device list may contain duplicates
  • [15759] fix to ActiveSync Archive WBXML setting at user level is broken
  • [15782] fix to possible crash during midnight processing when removing inactive ActiveSync devices
  • [15793] fix to possible crash when processing ActiveSync search requests
  • [15799] fix to ActiveSync policy editor saves "Minutes of inactivity before device locks" setting incorrectly
  • [15803] fix to certain HTML messages may cause sync errors when an ActiveSync client requests the body in plain text
  • [15813] fix to mailing list members may be removed when adding members with the account picker
  • [15816] fix to MDaemon GUI dialogs may not be centered on screen properly
  • [15808] fix to attachments of messages forwarded to a mailing list may be corrupted
  • [15768] fix to Content Filter not computing correct DKIM signature for signed or encrypted messages
  • [15814] fix to ActiveSync server not always detecting meeting invitations as such when emitting message properties
  • [15818] fix to possible ActiveSync server crash when a client deletes a folder
  • [15830] fix to possible crash when an existing gateway is used as a pattern for automatic gateway creation

MDaemon 15.5.0 - September 15, 2015


[14502] The daily quota report now includes a column showing the last date and time the account was accessed (via IMAP, POP, WorldClient, etc). This required a change to the QuotaReport.dat template file. Your old file was saved as QuotaReport.dat.old in case you have customized it. If so, you may want to similarly customize the new template file.

[15058] The default setting for using color logs has been changed from disabled to enabled.  If you don't like this you can change the setting at Ctrl+O|Preferences|UI.


[2399] CALDAV (MDaemon PRO only)

Support for synchronizing calendars and task lists via the CalDAV protocol has been added.  Notable CalDAV clients are Apple iCal (Included with Mac OS X), Apple iOS (iPhone), Mozilla Thunderbird via the Lightning calendar plugin.  A configuration dialog has been added under Setup | Web & IM Services | WorldClient (web mail) | CalDAV.

To configure clients that support RFC 6764 (Locating Services for Calendaring Extensions to WebDAV (CalDAV)), only the server address, username, and password should be required.  Apple iCal and iOS support this standard.  DNS records can be setup that point to the client to the correct URL.  When a DNS record has not been configured, clients query a "well-known URL", which in the case of CalDAV is /.well-known/caldav.  WorldClient's built-in web server has been updated to support this well-known URL.

Clients that do not support automatically locating the CalDAV service, such as Mozilla Thunderbird via the Lightning plugin will require a full URL.

  • A user can access any of their own calendar or tasks folders.
    • The "calendar" directory is a shortcut to the user's own default calendar folder.
      • http://{server host name}/webdav/calendar - logged in user's default calendar
      • http://{server host name}/webdav/calendar/releases - the logged in user's "releases" calendar
      • http://{server host name}/webdav/calendar/folder/personal - the logged in user's "personal" calendar that's in a "folder" subfolder
    • The "tasklist" path is a shortcut to the user's own default tasks folder.
      • http://{server host name}/webdav/tasklist - logged in user's default task list
      • http://{server host name}/webdav/tasklist/todo - the logged in user's "todo" tasklist
      • http://{server host name}/webdav/tasklist/folder/personal - the logged in user's "personal" tasklist that's in a "folder" subfolder
  • A user can access shared folders of another user which they have access to.
    • The "calendars" path is a shortcut to shared calendar folders.
      • http://{server host name}/webdav/calendars/company.mail/user2 - user2@company.mail's default calendar folder
      • http://{server host name}/webdav/calendars/company.mail/user2/test - user2@company.mail's "test" calendar folder
    • The "tasks" path is a shortcut to shared task folders.
      • http://{server host name}/webdav/tasks/company.mail/user2 - user2@company.mail's default tasks folder
      • http://{server host name}/webdav/tasks/company.mail/user2/test - user2@company.mail's "test" tasks folder
  • A user can access public folders, that they have access to.
    • The "public-calendars" path is a shortcut to public calendar folders.
      • http://{server host name}/webdav/public-calendars/company.mail - domain's default calendar folder
      • http://{server host name}/webdav/public-calendars/test - "test" calendar folder in the root of the public folder hierarchy
    • The "public-tasks" path is a shortcut to public task folders.
      • http://{server host name}/webdav/public-tasks/company.mail - domain's default task folder
      • http://{server host name}/webdav/public-tasks/test - "test" task folder in the root of the public folder hierarchy

Free-busy availability queries are supported, however at the time of this writing the latest version of Lightning (4.0.2) has a defect where it won't query a CalDAV server for free-busy information.  Please use version, available for download from https://addons.mozilla.org/en-US/thunderbird/addon/lightning/versions/", until this issue has been resolved.

Note: When an item is submitted from a CalDAV client, the full iCalendar data submitted is saved.  The data is saved as .ics files in a "_DAV" subfolder.  When the item is later sent to an iCalendar client, this data is merged in with the data that the server generates.  This allows the server to persist unsupported and custom properties.  A new "PersistentData\iCalendarFile" node was added to the calendar.mrk file.  The API has been updated to delete these files when an item is deleted.

Before reporting issues, please enable debug logging and the option to log HTTP messages and reproduce the issue.  This can be done via the configuration dialog, or by adding the following to the WorldClient.ini file.


Warning: Special care should be taken if testing the OutlookDAV client.  If multiple MAPI profiles exist we've seen the client issue delete commands to the server for all of the calendar items returned by the server.  OutlookDAV only supports the default MAPI profile.

[9651] OPENPGP SUPPORT (MDaemon PRO only)

Support for running MDPGP has been integrated. MDPGP provides OpenPGP support for MDaemon by providing encryption, decryption, and basic key management capabilites. It is a great introduction to secure encrypted email. A new tab called "MDPGP" was added to the Security root tab.  Here you will see all MDPGP processing activity.  You can also configure MDPGP by accessing a new option within the Security top-level menu.  The Content Filter now contains actions to encrypt and decrypt messages. See MDPGP-Quick-Start.html in the DOCS folder for more information on how to setup and configure MDPGP.  Due to licensing restrictions beyond our control this functionality is not available (or even included) in builds of MDaemon intended for the Russian market.


The Ctrl+T Group Manager now supports a Do Not Disturb feature that lets you set a time frame during which an account may not be accessed by its user(s). Access during a Do Not Disturb time period is not allowed and returns an appropriate error response to IMAP, POP, SMTP, ActiveSync, and WorldClient access requests. Accounts in this state may receive incoming mail but may not originate mail or be accessed by mail clients. To apply Do Not Disturb to one or more accounts first create a group with the Do Not Disturb settings you desire. Next, use the Account Editor and add the group to the account(s) as you wish.


  • [14507] The ActiveSync for MDaemon configuration screens in Mobile Device Management, Domain Manager, and Account Editor have been redesigned.
  • [15243] Added an Accounts page to the Domain Manager with access to common account functions.
  • [15244] Added right-click menu to Account Manager/Domain Manager with common account functions.
  • [14330] The tool window now has counter nodes for connections blocked by IP and Dynamic Screening.
  • [14479] Added "Start Time" column to Session pane in the main UI.
  • [14374] Added Up and Down buttons to the Host and IP Screen editors.
  • [14557] F2 | Server Settings | DNS has been redesigned.
  • [14745] Added option to Ctrl+O|Preferences|UI which causes UI dialogs to be centered rather than overlapped in style.
  • [15087] Sort arrows were added to columns within the UI's session windows.
  • [15057] Added option to Ctrl+O|Preferences|UI which lets you split the session window to its own pane in the main UI window.  Changing this setting requires a restart and when active the option to swap panes will not work.
  • [14780] Moved setting which adds to spam score from Ctrl+S|Sender Authentication|DKIM Verification to Ctrl+S|Sender Authentication|DKIM Settings.
  • [14106] Improved usability of account picker when selecting members for a mailing list.
  • [14484] UI was updated in connection with generation of self signed certificates using SHA2.
  • [15281] Added option to Ctrl+O|Preferencs|UI to include system generated lists (like Everyone@ and MasterEveryone@) when using the List Manager. System generated lists have limited items available for user configuration.
  • [15293] Config session will immediately load relevant log data upon startup without an initial pause.
  • [14099] MDaemon Remote Administration now displays the various public folder views in a tree-style list rather than a flat list.


  • [12598] WorldClient supports adding inline images to a user's signature.
  • [15170] SpamAssassin has been updated to version 3.4.1 and built with a newer, more stable version of Perl.
  • [14774] The ActiveSync server has an option to include a user's public contacts with their default contacts. This allows users of clients such as Outlook 2013, which does not support multiple contacts folders or global address list searching, to access public contacts. The public contacts are read-only and tagged with "Public" and "Read-Only" categories.
  • [15279] SMTP "Recipient Unknown" response will include the unknown address.
  • [15241] When an account is deleted the autoresponder script that account used will also be deleted from disk if it is named the same as the accounts email address. For example, arvel@altn.com.rsp will be removed if it is the script that arvel@altn.com is using at the time his account is deleted.
  • [2240] Added "X-MDaemon-Deliver-To" as a default header to search when creating rules in the content filter.
  • [15231] Changed color of DMARC logging from red to something else since elsewhere red color indicates possible processing errors.
  • [14481] Changed shades of green and red used in DMARCReporter for better readability.
  • [14630] Added option to Ctrl+Q | Mail Queues | Holding Queue which sends the postmaster a summary of quarantine queue content.
  • [12831] The Quarantine and Holding queue tabs in the UI have been changed to be like the Bad queue tab and show the reason a message is in the queue. The information for this column is taken from the X-MDBad-Queue header.  MDaemon now inserts this header for messages destined for these queues. The column that displays this data has been renamed from "Bad queue reason" to "Explanation."
  • [14111] The Quarantine queue now supports the right-click Release and Re-Queue options.  Also as part of this change the Quarantine queue now appears in the list of queues when using the copy/move functions.
  • [14497] Attachment Linking now makes better use of long file names pulled from MIME headers. These file names are no longer truncated at 50 characters. However, the file name will still be truncated should its use result in a total file path length greater than the OS allows. File names displayed within Attachment Linking emails show the first 70 characters of the file name + "..." to indicate if the file name has been shortened for display purposes. If you would like to include the full file name in the emails set the following in MDaemon.ini with notepad: [AttachmentLinking] FileNameDisplayLength=0 then restart MDaemon.
  • [14420] Configuration Session UI will detect if the underlying MDaemon service has crashed or been task killed and inform the user according.
  • [14639] MDaemon no longer sets/deletes the MDisRunning key in MDaemon.ini.  This is not a reliable way to tell if MDaemon is running.  To check that, look to the Task Manager or Windows services control panel.
  • [14505] DMARC query domains which do not exist or which do not publish DMARC data will be negatively cached for (by default) one day.  This is to avoid needless processing overhead.  If you wish to change the number of days cached set the following in MDaemon.ini: [DMARC] NoAnswersTTL=1440 (number of minutes in a day, 2880 is two days, etc).
  • [5998] WorldClient - Added ability for users to sort distribution lists in all themes.
  • [13479] WorldClient - Merged Categories and Labels into just Categories. Users can now add, edit, and delete categories from a predefined list based on the old labels and categories. Each category has a color associated with it. More than one category can be associated with a given color, but only one category with a specific name may exist. There are 26 colors to choose from (including white) which match Outlook category color options. If an event, task, note, or contact already has categories associated with it, but they don't match the predefined categories, their colors will be white until the user adds them to the predefined list of categories. If there is already a label associated with an event, the user can choose to remove the label and add a category, or leave the label. Old labels are not lost on upgrade.
  • [5570] WorldClient and LookOut themes - Desktop notifications are now available.  When LookOut or WorldClient loads, the browser will prompt the user on whether or not they wish to allow desktop notifications.  If the user chooses to allow them, then the user will receive notifications of new email messages, new instant messages (in the case that the corresponding chat is not in focus), and any change in status of a chat buddy. Desktop notifications are not supported by Internet Explorer.
  • [14876] WorldClient and LookOut themes - Added ability to view pdf files in the browser (not supported in IE8).  This is available in any document folder and any message that has a pdf file.
  • [8095] The Help link on WorldClient's logon page now opens in a new tab/window.
  • [8311] Added password recovery feature to WorldClient. If enabled, users who have permission to edit their password will be able to enter an alternate email address that will be sent a link to reset their password in case they forget it. The password recovery email address is configured on the Options | Personalize page. Users must enter their current password in order to change it. Once set, if the user attempts to log in with an incorrect password a "forgot password?" link will appear. This link takes them to a page that asks them to confirm their password recovery email address. If entered correctly, a message containing a link to a page that allows them to change their password is sent. This feature is disabled by default. To enable it, edit \MDaemon\WorldClient\Domains.ini and set [Default:UserDefaults] EnablePasswordRecovery=Yes. It can be enabled or disabled on a per-user basis by editing a user's User.ini file.
  • [13799] WorldClient theme - added message preview buttons for Next/Previous instead of them being in the "more" dropdown menu.
  • [14614] Removed Cache related options from Ctrl+S|Sender Authentication|DKIM Verification.  They applied to DomainKeys, which was removed in version 14.5.0.
  • [8927] LookOut and WorldClient themes - added buttons and context menu items for users to create a new event, task, or note using an email. In both themes there are three places where these functions can be found:  1. The message list context menu.  2. The message preview buttons (LookOut) or "more" dropdown menu (WorldClient). 3. The external message view buttons (LookOut) or "more" dropdown menu (WorldClient).
  • [14976] The mailing list Description field was moved from the Settings page to the Moderation page.  This field is used in the List-ID header so it is not a private description of the list.  A new field was added to the Settings page which allows you to enter a short description of the mailing list for private use.
  • [14889] Several SMTP response strings have been changed to not disclose information that might help an attacker work around a refusal.
  • [15050] LookOut and WorldClient themes - when there is only one attachment with a message, the attachments container auto-expands when the message is opened.
  • [4691] The connection failure cache now stores IP:PORT combinations to avoid potential false positives.
  • [12654] LookOut and WorldClient themes - external windows open in the center of the screen instead of the top left if they fit
  • [14170] Lite, LookOut, and WorldClient themes - Logon page attempts to detect and use the browser language being used before using the domain default for new users.
  • [11680] LookOut and WorldClient themes - users can now use the browser's back and forward buttons to navigate in the main window
  • [14702] LookOut and WorldClient themes - Virtru can now be disabled by the admin on a per user basis by adding VirtruDisabled=Yes to the [User] section of the user's WC\User.ini file.
  • [7668] LookOut theme - Inline Message Preview - Next/Previous buttons are now disabled when the extremities of the message list are reached by the user
  • [15060] WorldClient theme - added a "Today" button to the calendar view buttons which has the same behavior as the "Today" button in the LookOut theme
  • [14280] LookOut and WorldClient themes - added ability for users to sort by the Description, Location, Start, and End columns in the Calendar List view
  • [14487] Lite, LookOut, and WorldClient themes - Added <ROOT> as top most option when creating or editing a folder. Creating a folder from the "plus" icon in the WC theme folder list defaults to <ROOT>.
  • [9958] LookOut and WorldClient themes - added button to send a message to all attendees of a meeting in the event editor
  • [10163] Lite theme - Mark Unread/Read option now available in the Message view. Clicking it will mark the message unread and take the user back to the List view.
  • [14484] MDaemon can generate self-signed certificates using SHA2. Requires Vista / Server 2008 or newer.
  • [6019] Lite, LookOut, and WorldClient themes - added the ability to print the details of a single event.  Users can do so from the Event Editor or, in the case of LookOut and WorldClient themes, by right clicking on an event and clicking "Print"
  • [15203] LookOut and WorldClient themes - added a link to the Virtru Dashboard in the the help/logout dropdown context menu
  • [15214] LookOut and WorldClient themes - added the "custom intro" feature to the compose window for Virtru encrypted messages
  • [14995] LookOut theme - Updated the theme appearance.  Added a new style (Gray) and changed the default style to a blue (similar to pastel_blue).  Added a drop down menu for the main navigation menu when the navigation buttons will no longer fit in the space provided.  Moved the "New" button, to where the user's email address was previously located.  Moved the user's email address to the top navigation bar, and moved the help and signout options to a drop down on the user's name (like the WorldClient theme).  Moved the options dropdown button to the far right in the navigation bar.
  • [15267] LookOut and WorldClient themes - the message header expansion setting in the external message view is now independent of the message header expansion setting in the message preview frame.
  • [15310] The LookOut theme's "pastel_blue" style has been removed.
  • [15243] [14848] Settings found at Ctrl+W|WorldClient|Dynamic Screening have been copied to Ctrl+S|Screening|Dynamic Screening. The settings can be accessed from either place.
  • [14740] F2|Server Settings|Delivery and Alt+F2|Smart Host screens have a new setting that let you tell MDaemon to lookup MX records for smart host values.
  • [15481] Added additional logging when connections refused during SMTP session
  • [10421] Added Shared Folder ACL Management via Remote Administration. Global administrators may manage ACLs for all users. Users may administer their own ACLs for shared folders.
  • [14490] Added Virtru Pro options to the LookOut and WorldClient themes. In the Compose view a drop down button was added that gives users the ability to set an expiration for access to their encrypted message and/or prevent the receiver from forwarding the encrypted message. In the message preview and the external message window any encrypted message that a user has sent may be "revoked" in real time. Revoking the message will prevent the recipients from continuing to access the message. The user may also retroactively disable forwarding of a message or set an expiration for the message. The Virtru Pro options are available for a two week trial period to all new Virtru users and to users that have set up a "Pro" account with Virtru. The options are always visible, but are disabled after the trial period if the user has not set up a "Pro" account with Virtru.


  • [13807] fix to errant batv header added to some messages
  • [14593] fix to d= and i= tags passed to DKIM signer not always being honored
  • [14613] fix to SPF logging empty results when configured not to do so
  • [14472] fix to bad queue messages remaining in queue for up to one day longer than configured
  • [14647] fix to attachment extraction process not properly handling PGP armored attachments
  • [14722] fix to MDMigrator migration from Microsoft Exchange may fail if multiple "Exchange Adminstrator Groups" exist in Active Directory
  • [14788] fix to WorldClient theme - Using "+" plus symbol for public IMAP folder prefix string causes login to hang with "Loading..." message
  • [14925] fix to WorldClient - if a user has a filter that forwards or redirects a message and the admin removes forwarding permissions the filter may become corrupted
  • [15011] fix to incoming DMARC aggregate reports triggering errant outbound aggregate report
  • [14592] fix to WorldClient and LookOut themes - when in the "Sent Items" folder, the option exists to sort by the sender instead of by the recipient
  • [14686] fix to LookOut and Lite themes - Additional Phone Numbers drop down menu is grayed out if user does not have LRWICD ACL Access Rights
  • [4382] fix to WorldClient - Problem sending message to too many contacts
  • [14908] fix to errant text on some mailing list related UI popup dialogs
  • [14934] fix to new domain name UI entry box not enforcing size limits
  • [15042] fix to inconsistent router logging related to message forwarding
  • [15039] fix to account editor not properly showing account name in window caption
  • [14939] fix to domain rename operation permitting improper values
  • [15061] fix to LookOut and WorldClient themes - Ampersand in friendly name breaks "Compose Email" feature
  • [15071] fix to LookOut and WorldClient themes - column widths not preserved on per theme basis
  • [15019] fix to LookOut and WorldClient themes - When you have 15-minute events occurring at the same time as another, they are not displayed correctly
  • [14723] fix to session window not staying in sorted order when viewed over time
  • [15092] fix to LookOut and WorldClient themes - Addresses are not visible in distribution lists whose names have an apostrophe
  • [13935] fix to LookOut and WorldClient themes - In Day View, All day events are not visible unless you scroll up to 12 am
  • [15132] fix to Lite and WorldClient themes - In a shared calendar, the "<private appointment>" text is not displayed correctly in certain views
  • [15133] fix to Mobile theme - When viewing a shared calendar without the "write" permission, the calendar never loads
  • [15150] fix to Account Editor not remembering previously selected domain
  • [15183] fix to WorldClient theme - Default Contact View setting is not honored - Contacts folder is always displayed
  • [15184] fix to All themes - Default Contact View setting is not applied to the address book lookup view which is accessed through the compose view when clicking on 'To'
  • [14989] fix to WorldClient Style setting is reset when switching to the Mobile theme and back
  • [15247] fix to progress bar visual indication not working in various parts of UI
  • [15245] fix to WorldClient theme - In messages sent at 12:00am, the folder list shows the message is sent at 12:00pm
  • [15306] fix to LookOut theme - Unable to autocomplete contacts when composing a message in IE8
  • [15373] fix to account template autoresponder scheduled days not saving
  • [15377] fix to LookOut and WorldClient themes - incorrect dates displayed when printing calendar
  • [15338] fix to All themes - When typing a letter in the "To" field and then backspacing, autocomplete no longer works
  • [7851] fix to WorldClient Reply does not support multiple addresses in the Reply-To or From headers
  • [15400] fix to Virtru-encrypted messages created by WorldClient may contain lines that exceed the Internet Message Format line length limit
  • [15221] fix to new gateway button disabled improperly
  • [15117] fix to anon-usage data button disabled improperly
  • [15389] fix to FQDN of primary domain not being used when other domains fail to specify their own FQDN
  • [15447] fix to certain messages with large header blocks not forwarding to list properly
  • [15449] fix to crash caused by recursively called list members in some cases
  • [15502] fix to LookOut and WorldClient themes - AddrLookup may have trouble displaying contacts under right conditions
  • [15541] fix to the ACL cleanup routine may remove AclShLookup.dat entries due to case sensitivity
  • [15542] fix to CSV file produced when exporting accounts to CSV has the "ExemptFromAuthMatch" and "ApplyDomainSignature" values swapped
  • [15232] fix to some list settings not being honored after changes made (enable/disable LIST)
  • [15077] fix to DNS-BL spam filter score not being honored after changes made
  • [15550] fix to OP screen in Remote Administration not enabling Save and Cancel buttons on change
  • [15656] fix to accented characters in attendee names may be corrupted when creating meeting invitations via ActiveSync

MDaemon 15.0.3 - June 19, 2015


  • [15229] fix to security vulnerability in content filter

MDaemon 15.0.2 - June 16, 2015


  • [15135] MDaemon passes " -r spamd.pid" on the command line when starting MDSpamD.
  • [7220] Added a "Save in Sent Items" option to WorldClient's compose page.
  • [15101] Ctrl+W|WorldClient|Web Server and Ctrl+W|WebAdmin|Web Server now have options to enable/disable anonymous usage data.
  • [15081] Remote Administration now has options to enable/disable anonymous usage data.


  • [14924] fix to Remote Administration lacking a default location for the Quarantine queue if it doesn't exist in the Cfilter.ini file
  • [14493] fix to Remote Administration is unable to edit mailing lists with a "#" in their name
  • [14829] fix to Remote Administration allowing illegal characters in list names and giving a misleading error message
  • [14899] fix to Remote Administration missing the 'CC' header in Content Filter's search and replace actions
  • [14954] fix to possible MDaemon.exe crash in the "AclShlFx.dll_unloaded" module
  • [14961] fix to possible MDAirSync.dll crash when public folders are enabled in ActiveSync
  • [14988] fix to ActiveSync contact sync issue with iOS
  • [15067] fix to MDaemon nightly maintenance leaves accounts' "Inbox.IMAP" folders open, preventing them from being able to be deleted
  • [14849] fix to WorldClient may not include all image attachments when forwarding a message
  • [15038] fix to ACL editor GUI may not apply permissions to child folders correctly
  • [14998] fix to plugin preprocess function may be called repeatedly when message recall is enabled
  • [14814] fix to WorldClient and LookOut themes - When clicking "Reply" or "Forward", the compose view shows the previous message info
  • [14966] fix to MDaemon may detect duplicate DNS server addresses from Windows
  • [14226] fix to Resend in WorldClient may open the compose page with the wrong From alias selected
  • [14466] fix to Mobile theme - Adding event to public calendar will add the event to private calendar
  • [14953] fix to SMTP RSET not resetting inline spam scan state
  • [14056] fix to contacts saved in Outlook Connector may have their birthday and anniversary dates removed on the server
  • [15046] fix to Lite and Mobile themes - Messages with spelling errors are not saved to designated Sent folder when "spell check before sending" is enabled
  • [14940] fix to messages forwarded to unknown local users not honoring the advanced settings at F2|Server Settings|Unknown Mail
  • [14638] fix to list digest archive option not sticking
  • [14624] fix to undeliverable archive message triggering DSN; such messages now go to bad queue
  • [14495] fix to outbound attachment linking not working with aliases properly
  • [15036] fix to Remote Administration not always showing the proper value for Spam Filter Bayesian Learning Schedule
  • [15044] fix to Remote Administration not saving public folder "type" value properly for certain values
  • [15090] fix to MDaemon may crash or stop processing the local queue after releasing a message from the holding queue
  • [15074] fix to SPF White list on a fresh install of MD 15 is missing IPv4 addresses
  • [15075] fix to Mailing List Manager does not allow wildcard addresses such as "*@domain.com" to be added as a list member
  • [14949] fix to tooltips needed in Remote Administration's left-hand menu
  • [13103] fix to WorldClient adds garbage to the User.ini files of LookOut theme users running IE8, which may eventually cause high CPU usage on the server
  • [14963] fix to WorldClient does not list any contacts when clicking "To" while composing a message using the LookOut theme with IE8
  • [12557] fix to LookOut and WorldClient themes round appointment start and end times to the nearest quarter hour
  • [15105] fix to LookOut theme - Calendar toolbar is not loading in IE8
  • [14960] fix to WorldClient theme - Cancel search takes multiple attempts to cancel
  • [15161] fix to iOS device may stop syncing calendar via ActiveSync when an event it's trying to delete has already been deleted from the server
  • [15168] fix to original mailing list may be recreated after adding members to a mailing list that has been renamed
  • [15166] fix to some ActiveSync clients cannot unflag messages

MDaemon 15.0.1 - April 21, 2015


  • [13733] Added enhanced hijack detection options from MDaemon to Remote Administration
  • [14196] Added option to delete autoresponders that are undeliverable to Remote Administration
  • [14350] Added Quota Settings | Whitelist to Remote Administration
  • [14378] Added "Insert Bulk Header" option from DMARC settings to Remote Administration
  • [14390] Added "Refuse Multiple From" option from DMARC settings to Remote Administration
  • [14324] Added option to send DSN messages through Spam/Content Filtering to Remote Administration
  • [14501] WorldClient theme - changed multi-day event background color to be the same as the type of event instead of the same as the related calendar
  • [14488] WorldClient and LookOut themes - a successful password change hides the "strong password requirements" text after an unsuccessful attempt
  • [14673] WorldClient - Virtru - when replying to or forwarding an encrypted message the compose view turns Virtru on.
  • [14205] Remote Administration Domain and Global Admins can now edit users that are using an insecure password without being forced to change that password on the user's behalf.
  • [14200] Added a couple SecurityPlus options that were missing in Remote Administration
  • [14312] Changed Remote Administration's left-hand menu to be acted on by clicking rather than hovering
  • [14685] Updated Remote Administration's IP Syntax checking function to support IPv6 addresses
  • [14653] Updated SPF results header per best current practice
  • [14662] MDaemon trial keys are now sent via email and must be entered into the installer to continue. The trial period is 30 days.
  • [14747] Newer versions of the ActiveSync protocol may now be used with Windows Phone devices. Remove any existing protocol restrictions for them, then recreate the accounts on the devices.
  • [5999] LookOut and WorldClient themes - added group by company option in the address lookup view that can be accessed from the Compose view by clicking on To, CC, or BCC
  • [10859] LookOut and WorldClient themes - changed the contact picker and address lookup views to show all contact email addresses instead of just the primary email address


  • [14700] fix to localized versions of the folder ACL editor are unable to add ACL entries
  • [14500] fix to WorldClient and LookOut themes - sidebar calendar not selecting correct month
  • [11171] fix to LookOut theme - calendar event details dialog may be clipped for events near the bottom of the window
  • [14602] fix to Remote Administration not saving hiwater.mrk properly under certain circumstances
  • [13846] fix to WorldClient - going from a mobile device back to a PC causes the user to go to the Mobile theme automatically instead of the previous theme they were using on the desktop
  • [14641] fix to List Digest page not linked anywhere in Remote Admin navigation structure
  • [14695] fix to WorldClient LookOut theme - IMAP filters not displaying in IE8
  • [14064] fix to inconsistency in links on Remote Administration's registration page
  • [14703] fix to Russian, Japanese, and Chinese versions of MDStats and other GUI programs possibly displaying wrong characters
  • [14712] fix to MD GUI does not allow wildcard IP Shield entries to be added
  • [14711] fix to host screen entries not always being immediately honored after being added
  • [13976] fix to incorrect ActiveSync max window size allowable range listed in UI
  • [14715] fix to IP Shield conversion for IPv6 leading to connection problems in some configurations
  • [14709] fix to WorldClient theme - unreadable white text for multi-day all day events in month view
  • [14724] fix to smart host being used when gateway forwarded mail specified other host
  • [14708] fix to broken gateway option "ETRN dequeuing requires authentication"
  • [14743] fix to bracket characters missing from Received headers around IPs
  • [14741] fix to MD GUI does not open the autoresponder editor when double clicking an account at Accounts | Account Settings | Autoresponders
  • [14737] fix to ActiveDS page in list editor not always saving settings properly
  • [14192] fix to MDaemon Remote Administration report graph labels that contain non-ASCII characters are corrupted after choosing to update/view the report after changing a report option
  • [14744] fix to LookOut theme - 'Add Address to contacts' button doesn't work in the external message view
  • [14748] fix to LookOut theme - When viewing notes for an appointment via the popup <BR>s are shown
  • [14756] fix to group members GUI does not check the checkboxes of existing members when opening
  • [14764] fix to WorldClient theme - Message headers not being translated in the external message view
  • [14728] fix to WorldClient - Unable to view any filters when one rule contains a field with over 76 characters
  • [14393] Fix to message body possibly being stripped if content-type was "text" instead of "text/html" or "text/plain".
  • [14790] fix to Remote Administration allowing selection of multiple sessions in the Active Sessions dialog
  • [14808] fix to UI permitting improper characters when list is renamed or created
  • [14816] fix to Auth-results header sometimes having incorrect data for SPF section (wrong smtp.mailfrom=)
  • [14817] fix to SPF approved domains not always being honored (broken by include directives)
  • [14801] fix to newly created or renamed mailing lists not honored until a restart or grplist.sem file created
  • [14799] fix to old list name referenced in grp file when list renamed

MDaemon 15.0.0 - March 10, 2015


[14366] Account hijack detection is now enabled by default. You can change hijack detection settings at Ctrl+S | Screening | Hijack Detection.

[14431] The options at Ctrl+S | Screening | Dynamic Screening have been changed. First, the "Watch accounts" checkbox was redundant and has been removed. The option to "freeze accounts" has been made into its own separate checkbox. Similarly the option to "Email postmaster" has been made into a separate checkbox and you now have some control over what's included in the email.  As in previous versions, this email is not sent when the account in question is already frozen.  Dynamic screening settings have been reverted to installation defaults which could change the existing behavior you are expecting.  Please check and configure these settings how you want them.  Lastly, the options related to WorldClient have been removed and placed at Ctrl+W | WorldClient (web mail) | Dynamic Screen.


[4758] IPV6 SUPPORT (MDaemon PRO only)

Support for IPv6 has been added.  MDaemon will detect the level of IPv6 capability that your OS supports and dual-stack where possible; otherwise, MDaemon will monitor both networks independently.  Outbound SMTP, POP, and IMAP connections will prefer IPv6 over IPv4 whenever possible.

When MDaemon connects to an IPv6 host it must use an IPv6 local address of its own. Therefore the Alt+F2 | Domain Manager | Host Name & IP screen now contains a separate edit control where you can specify an IPv6 address for the domain to use.  If this IPv6 address is missing MDaemon will try to automatically detect a suitable address for use but please check it.  Buttons to manually detect IP addresses have been added to the same screen.

A few options related to use of IPv6 can be found at F2 | Server Settings | IPv6.  Also, $PRIMARYIP6$ and $DOMAINIP6$ macros can be used to retrieve IPv6 addresses.  These macros can be used anywhere that the $PRIMARYIP$ and $DOMAINIP$ macros can and they retrieve IPv6 addresses.

SPF processing now supports the "IP6" mechanism and expands the "a", "mx", and "ptr" mechanisms to include AAAA records.

Several configuration files that store reserved IP address ranges will be updated to include their IPv6 network equivalents.

[6319] 64-BIT VERSION

A 64-bit version of MDaemon is now available. The 64-bit version can handle a higher number of active sessions before running out of memory. Please note that the 64-bit MDaemon is not compatible with 32-bit plugins. When switching to the 64-bit MDaemon, you must also switch to 64-bit versions of all software that uses the MDaemon API. A 64-bit version of SecurityPlus is available. We do not have a 64-bit version of BES, so stay on the 32-bit MDaemon if you need it. If you run WorldClient, Remote Administration, or ActiveSync in IIS, you will need to configure or recreate the application pools to be 64-bit. The server side component of Outlook Connector is built in to MDaemon so we do not have or need separate 32/64-bit server side Outlook Connector installers.


The user interface was improved in several ways including:

[14052] The UI has an updated ACL editor.

[14284] Changed the root page in multi-page dialogs to summarize the section rather than duplicate all the controls from the first page

Moved Ctrl+S | Security Settings | IP Shield to Ctrl+S | Sender Authentication | IP Shield

Numerous minor changes including:  (a) the Gateways and Event Scheduling UIs have been slightly reorganized (b) Domain and List Managers auto-expand sub-nodes when accessed via double-click (c) updated warnings displayed when enabling ActiveSync for the first time (d) some places throughout UI used "Settings" while others used "Options"; I picked "Settings" and updated the UI everywhere (e) all occurrences of "don't" within UI control labels have been changed to "do not" (in English version) (e) several tiny memory leaks related to gateway use cleaned up (f) The button to set default values was removed from the LAN IP editor as part of IPv6 work (g) Updated the Alt+M | ActiveSync | Domains  screen.

The "WorldClient IM" page found at Ctrl+W and within the Domain Manager has been re-organized slightly and re-labeled as "WCIM"

The F2 | Server Settings | Servers screen was re-orged somewhat and the option to require missing Date headers was removed.  It can be changed at MDaemon.ini [Special] DateComplianceCheck=Yes (default No).

Removed the "Lists" top-level menu.  All mailing list configuration is done with the new Mailing List Manager found at Setup | Mailing List Manager. This change required reorganizing controls on several list editor screens.  By default the left-hand tree does not auto-expand the nodes but if you want to change that you can with a checkbox at Ctrl+O | Preferences | UI. 

Removed the "Gateways" top-level menu.  All gateway domain configuration is done with the new Gateway Domain Manager found at Setup | Gateway Manager.  This change required reorganizing controls on several of the gateway editor screens.  The "Accounts" screen has been deprecated and removed.  The controls there allowed you to create an account through which you could access the gateway domain's mailbox via POP.  This is easily done by configuring any of your existing accounts (or the gateway itself) to share the same mailbox folder.

[13806] All the mailing list related options found at Ctrl+O | Preferences | Miscellaneous have been moved to the new mailing list manager.  The option related to spam in mailing list public folders was removed from the UI.

The "...sends 552 when account is over quota" option was removed from F2 | Server Settings | Servers because its a duplicate of the same option found at Ctrl+U | Other | Quotas.

Several options related to inbound and outbound socket binding were removed from Ctrl+O | Preferences | System and placed on a new screen at F2 | Server Settings | Binding. The new screen also contains separate edit controls for IPv4 and IPv6 addresses.

The option to add a Sender: header to all mailing list messages and the option to add a custom header+value to all mailing list messages have been removed from Ctrl+O | Preferences | Headers and placed within the new Mailing List Manager at Alt+G | Mailing List Settings.  Also, the options to configure the digest message subject and to screen incoming list mail for non-list content were removed from Ctrl+O | Preferences | System and moved to Alt+G | Mailing List Settings.

[14266] Some visual oddities with the red/green background color of password fields within the Account Editor were fixed

[13746] Added some new conditions to the account manager including showing only accounts which are forwarding, which are over-quota, or which have autoresponders configured.

The IP Screen editor has been reorganized.

[12475] The Subject column is displayed when viewing the Bad Queue.


Added several new options to Ctrl+S | Screening | Hijack Detection which let you set different message and timing thresholds depending on the source IP of the incoming connection. You can set separate limits for connections from reserved IPs, local domain IPs, and all other IPs.

MDaemon's reserved IPs are mostly as defined by RFCs (127.0.0.*, 192.168.*.*, 10.*.*.*,, ::1, FD00::/8, FEC0::/10, and FE80::/64).  Local domain IPs are all the IPs configured for any MDaemon domain. To preserve existing behavior, the defaults treat all types the same.


  • [12639] Updated to SpamAssassin version 3.4.0. The Bayesian database will be migrated to its new format during install.
  • [14174] By default, the Attachment Linking feature currently places the text "MDaemon replaced the following files with these links:" into certain emails. If you want to change that text add the following key to your MDaemon.ini then restart MDaemon: [AttachmentLinking] HeaderText=This Is My Text.
  • [14196] Added option to Ctrl+U | Autoresponders | Settings which lets you configure MDaemon to simply delete autoresponse emails that remain undeliverable after their time in the remote queue has expired. This switch is disabled by default to preserve existing behavior.
  • [13735] Added option to Ctrl+S | Screening | Dynamic Screen which lets you prevent IPs from being blocked due to multiple POP or IMAP authentication failures if each of the failures uses the same password.  This prevents a situation in which unattended devices get their IPs blocked due to not yet being configured with the new password.
  • [14205] If you (a) require secure passwords (b) press OK when editing an account with an insecure password (c) have the option enabled requiring the account to change the password then (d) you will get a popup box saying "are you sure you want to temporarily store an insecure password yes/no".  In the past you were not allowed to even temporarily store insecure passwords.
  • [14216] Added button to Ctrl+U | Passwords that goes through all accounts and flags any of them with a weak password to require a password change.  Note that this could result in accounts being locked out so there are warnings in place.  Passwords can be changed using the UI, WorldClient or MDaemon Remote Administration.
  • [6016] Added the ability to print individual contacts in Lite, LookOut, and WorldClient themes.
  • [14262] Changed the distribution list editor in the LookOut theme to be like that of the WorldClient theme.
  • [4806] Added more column options for the contact list in the LookOut theme
  • [14064] Added a Registration dialog to Remote Administration that will allow Global Administrators to view their keys, the time remaining, and extend trial keys (if applicable).
  • [12382] Added options to disable and set the timer for the contact info preview in the LookOut theme contact list view
  • [14292] MDaemon responds with a 4xx temporary error to delivery attempts to disabled or frozen accounts (see [14010]).  If you would prefer to have a 5xx response instead you can add this setting in MDaemon.ini [Special] DisabledAccountsSend550=Yes (default is No).
  • [14229] Remote Administration now includes the Bad Queue Reason column when viewing Bad Message Queue
  • [14321] Removed loading of hashcash module from Spam Filter (MDaemon.pre file)
  • [14332] The daily ActiveSync device cleanup event now runs in its own background thread.
  • [14296] Mail routing was made more consistent between the various types (direct, smart host, or direct->smart host).  When sending to smart host MDaemon always expects this to be a host (not a domain) name value.  No MX lookups are performed on the smart host value.  In the past, sometimes MDaemon would do MX lookups of the smart host, and other times not.  Now it always will not.  Also fixed a routing problem where direct+smart host configurations were not sending DSNs out in some cases.
  • [13743] Optimized shut-down routine generally and fixed errant prompt when doing some shut-downs.
  • [14350] Added white list button to Ctrl+U | Other | Quotas which lets you white list accounts which should not be disabled even if inactive
  • [14351] The "human-readable" portion of a delivery delay or failure DSN message can now be customized as follows:  Create a file in the \MDaemon\App\ folder called DSNDelay.dat and/or DSNFail.dat.  Edit those files with notepad and enter the text you want to use.  The following macros can be used in your custom text:
    • $SESSIONID$ - expands to the delivery session's ID string
    • $QUEUEID$ - expands to the message's mail queue ID string
    • $MESSAGEID$ - expands to the message-id header value
    • $RETRYDAYS$ - length of time allowed in queue (in days)
    • $RETRYHOURS$ - length of time allowed in queue (in hours)
    MDaemon must be restarted before changes to these files are loaded.
  • [14378] Added option to Ctrl+S | Sender Authentication | DMARC Settings that toggles inserting the bulk mail header into DMARC report emails.  This setting is enabled by default.
  • [9735] Ctrl+U | Other | Passwords now has a button which will generate and email a weak password report.
  • [13881] Added the Categories column to the Contact list in the LookOut theme
  • [13968] Contact edit question for saving a contact without an email address has changed to "This Contact has no email address, save it anyway?" so that the "OK" and "Cancel" options make more sense.
  • [14271] Added a link to open Tasks and Notes in a new window in the WorldClient theme
  • [14390] Added option to Ctrl+S | Sender Authentication | DMARC Settings which tells the SMTP server to refuse messages that are incompatible with DMARC requirements regarding 'From' header construction.  These are messages with (a) multiple 'From' headers (b) multiple email addresses in a single 'From' header.  Such messages are currently exempt from DMARC processing.  Messages with multiple 'From' headers are illegal anyway and should not be accepted.  However, multiple addresses in a single 'From' header are technically legal and may be in legitimate use.  This setting is disabled by default for that reason.  However, to maximize DMARC protection, this setting should be enabled.  This setting is only applied when DMARC verification is enabled.
  • [10736] A list of active sessions may now be viewed via Remote Administration (Global Admins only). A session can be selected and disconnected. The page will automatically refresh if a session is not selected.
  • [14324] Added new option to Ctrl+Q | Mail Queues | DSN Settings which lets you control whether DSNs are sent through the spam and content filters or not (default is No). The same setting also appears at Ctrl+M | Preferences | Miscellaneous.
  • [9711] Added option to F2 | Server Settings | Servers which allows you to temporarily white list host IPs which encounter an SSL error during an outbound SMTP session.  The white list is reset every hour.
  • [13348] WorldClient's WAP WML theme has been deprecated and removed.
  • WorldClient theme - added end to end email and attachment encryption using Virtru. To use this functionality a user must "Enable Virtru" on the Options | Compose page.  To prevent users from using Virtru encryption add VirtruDisabled=Yes to \MDaemon\WorldClient\Domains.ini.
  • [13862] MDaemon Remote Administration now utilizes Google Analytics to help identify usage statistics. This data will be used to improve future versions of MDaemon Remote Administration. We do not receive any company or user-specific data. This feature may be disabled by setting the following key in the WebAdmin.ini:
  • [14475] The RPost option in WorldClient is now disabled and hidden by default.
  • [14489] Added maximum password length requirement to list of strong password requirements in WorldClient password change dialog.
  • [14552] MDMigrator now supports Exchange 2010.


  • [14165] fix to DSN message using FQDN rather than domain value in postmaster email address
  • [14166] fix to using 550 rather than 530 in SMTP response when missing required authentication
  • [14156] fix to ill-formed mail looking odd in UI and queue summary emails; now uses "N/A" when data missing
  • [14186] fix to certain types of sorting not working properly in some of Remote Administration's queue views
  • [14194] fix to LookOut and Lite themes - some contact fields in Contact Edit view go out of the box in some languages
  • [14213] fix to public folder manager allowing ACL changes to be made when root folder selected in tree
  • [12347] fix to DSN messages sometimes lacking useful logging data (reverses previous change)
  • [11344] fix to LookOut theme - External preview pane and internal preview panes get out of sync
  • [9740] fix to LookOut theme - when deleting a message from a search list the next message in the search is not opened
  • [14306] fix to WorldClient theme - Cannot display any filters if any rule has a folder name containing a plus sign
  • [14297] fix to incoming messages sent to an MDaemon system alias being rejected as unknown user
  • [14285] fix to gateway AUTH password being field too large
  • [14336] fix to list welcome file being sent to errant group related address and ending up in bad queue
  • [14342] fix to ActiveSync policy dropdown containing actual assigned policy names rather than just policy template names
  • [14319] fix to LookOut theme - new appointment window not opening in IE 8 with multiple calendars selected
  • [14303] fix to WorldClient theme - In some languages, fields in the "New Folder" dialogue are pushed below the footer
  • [14294] fix to WorldClient theme - when selecting a calendar during appointment creation, the shared folders do not show the owner's name
  • [14215] fix to All Themes - Compose HTML Editor - carriage return sends cursor to beginning of existing line instead of new line in Safari 8
  • [11897] fix to LookOut theme - Contact search results may not be displayed when business web address is entered
  • [14245] fix to LookOut theme - When viewing the calendar in Italian, the tool bar disappears while in 1024x768
  • [14129] fix to text in some system generated messages is not properly encoded
  • [14435] fix to blank note subjects in iOS for notes created by WC or OC
  • [14579] fix to display problem with certain SMTP Auth settings in Remote Administration
  • [14572] fix to particular message recall emails are not processed immediately
  • [14495] fix to outbound attachment linking not working with aliases properly
  • [14624] fix to undeliverable archive message triggering DSN; such messages now go to bad queue

MDaemon 14.5.3 - January 20, 2015


  • [6319] A 64-bit version of MDaemon is now available. The 64-bit version can handle a higher number of active sessions before running out of memory. Please note that the 64-bit MDaemon is not compatible with 32-bit plugins. When switching to the 64-bit MDaemon, you must also switch to 64-bit versions of all software that uses the MDaemon API. A 64-bit version of SecurityPlus is available. We do not have a 64-bit version of BES, so stay on the 32-bit MDaemon if you need it. If you run WorldClient, Remote Administration, or ActiveSync in IIS, you will need to configure or recreate the application pools to be 64-bit.
  • [14292] MDaemon responds with a 4xx temporary error to delivery attempts to disabled or frozen accounts (see [14010]).  If you would prefer to have a 5xx response instead you can add this setting in MDaemon.ini [Special] DisabledAccountsSend550=Yes (default is No).


  • [14286] fix to javascript error on Remote Admin's account editor page
  • [14264] fix to Save and Cancel buttons not enabled for certain options on Spam Filter in Remote Admin
  • [14281] fix to incorrect logic when setting an account to Frozen via Remote Administration
  • [14225] fix to ActiveSync provision issue with newer iOS versions
  • [14278] fix to ActiveSync error searching the global address list
  • [14279] fix to ActiveSync device protocol version may be reported as 0.0
  • [14168] fix to iOS 8 ActiveSync Automatic Reply end date not syncing properly
  • [14322] fix to DMARC sometimes reporting "too many recipients" errantly and ignoring them
  • [14289] fix to MDaemon is unresponsive during the daily ACL cleanup processing
  • [14343] fix to SPF record macros might not be expanded properly
  • [14285] fix to long Gateway AUTH passwords are truncated to 14 characters
  • [14325] fix to ActiveSync policies may not be enforced correctly
  • [14306] fix to WorldClient does not display any filters if a filter rule has a folder name containing a plus sign
  • [13971] fix to iOS 8 Settings app crashes when trying to set an ActiveSync Automatic Reply end date
  • [14338] fix to ActiveSync policy templates are removed when updating from MD 14.0 to 14.5
  • [14342] fix to ActiveSync policy dropdown errantly containing auto-generated policy names
  • [14162] fix to display problems in Content Filter Rule Editor in Remote Administration when using certain actions
  • [13786] fix to corrupt data in SPFCache.dat file, requiring the cache file to be deleted
  • [14358] fix to WorldClient Lookout theme: Cannot delete attendee from new or existing event
  • [14368] fix to MDRA help does not open if MDRA is running under IIS as a sub-directory
  • [12527] fix to reminder emails are not generated for tasks created in public folders

MDaemon 14.5.2 - November 20, 2014


  • [14261] fix to certain shared folder permissions may be inadvertently removed by MDaemon's daily maintenance processing
  • [14222] fix to autocomplete in WorldClient does not work with IE 11
  • [14250] fix to invitations may not be sent to meeting attendees added using WorldClient's LookOut theme
  • [14241] fix to not being able to save ActiveSync 14.1 and 12.1 restrictions for a device

MDaemon 14.5.1 - November 11, 2014


  • [13776] DMARCReporter now supports a /o= option where you can specify the output folder where DMARCReport.html will be created.  When this option is used a date-stamp will be appended to the output report file name something like this:  DMARCReport_2014-10-24_16-10-28.html.
  • [13963] The following headers are not included in DKIM signatures in order to conform with current best practice: 1) any header starting with "X-", 2) Authentication-Results 3) Return-Path 4) DKIM-Signature 5) Received 6) Bcc & Resent-Bcc 7) Comments and Keywords. In previous versions only the first three were excluded.
  • [13772] Added a new setting to Ctrl+S|IP Screen which lets you apply IP Screening to connections made to the server's MSA port. Normally this is not necessary. This setting is disabled by default.
  • [13830] Added a new setting to Ctrl+S|Host Screen which lets you apply Host Screening to connections made to the server's MSA port. Normally this is not necessary. This setting is disabled by default.
  • [13415] Added a new setting to Ctrl+S|Host Screen which lets you drop offending connections immediately following EHLO/HELO. Normally you would wait for authentication. This setting is disabled by default.
  • [10245] Added a new setting to the mailing list editor which allows you to temporarily disable a mailing list.  When a mailing list is disabled any message arriving via SMTP either from or to that list will generate a 451 temporary error and be refused.
  • [14010] When an account is disabled or frozen the SMTP server will respond with a 450 temporary error now rather than a 550 error as in previous versions.
  • [13972] The $WORLDCLIENTURL$ macro now expands to include "http://" or "https://" depending on whether you have WorldClient configured to use SSL or not.
  • [14031] DSNs now include the X-MDaemon-Deliver-To header for consistency in delivery.
  • [14032] When DSNs are created some logging about that will be added to the SMTP session log.
  • [13789] The option to force STARTTLS for all incoming SMTP connections has been removed from Ctrl+S | SSL & TLS | MDaemon.
  • [13829] Added option to Ctrl+S | SSL & TLS | MDaemon which lets you require SSL on MSA port connections.
  • [14005] Changed the WorldClient theme IMAP filters sentence structure to use "If $HEADER$ $CONDITION$ $MATCHTEXT$ then $ACTION$"
  • [14037] Changed the color of the TO, CC, and BCC links in the Compose view so that they stand out as links.
  • [6717] Lite theme - Tasks - User is warned when attempting to set the due date before the start date of a Task
  • [13813] WorldClient theme - added option to "Add Filter" in message preview "more" drop down menu
  • [14074] WorldClient theme - added back the ability for users to reorder their message list columns
  • [13790] The option to require auth for all SMTP sessions has been removed from the UI. To enable it, edit MDaemon.ini and set [Special] ForceAUTHFromAll=Yes.


  • [13969] fix to DMARC "Send Reports Now" button not behaving properly in some cases
  • [14002] fix to no days selected by default when configuring an autoresponder via Remote Administration
  • [13807] fix to batv header being included errantly in some cases
  • [13978] fix to subject column in bad message summary email not decoded
  • [14039] fix to list subscribe confirmations not working when subject data encoded
  • [14038] fix to list subscribe command sometimes parsed errantly from message body
  • [12431] fix to MDaemon crash triggered by delivery error in some configurations
  • [14042] fix to time left not sorting properly when minutes left  > 99
  • [13983] fix to inconsistent naming of some options in Account menu in Remote Administration
  • [8809] fix to LookOut theme - Summary - Calendar view does not show dates of events, only time
  • [11581] fix to LookOut theme - with pastel blue style selected, the autocomplete background color is the same as the highlight color
  • [14058] fix to LookOut and WorldClient themes - If you add line breaks (hit enter) in the notes of an event they will show up as <BR> on the event in the week and day views
  • [14072] fix to WorldClient theme - When deleting a single instance of an event from the event editor view all instances of the event are deleted
  • [13845] fix to Mobile theme - When the folders list is opened, the options list will appear behind the folder list when opened
  • [13844] fix to Mobile theme - message view cannot be scrolled right to left, so some messages cannot be fully viewed
  • [12494] fix to LookOut and WorldClient themes - cannot use arrow keys to change selection in message list after changing focus to the message preview in Firefox
  • [14085] fix to Remote Administration's "DNS Servers" field too short
  • [14109] fix to UI referencing AS devices after account is deleted
  • [14127] fix to WorldClient theme - the new event view breaks the theme when using the French language
  • [14133] fix to Mobile theme - If a user account cannot edit forwarding the Options | Personalize page breaks for that user
  • [14118] fix to Remote Administration unable to save changes to Spam Filter Whitelist and Blacklist files
  • [13749] fix to XML error when viewing certain messages in Remote Administration's Queue Management
  • [14139] fix to wildcard & CIDR notation not working in Trusted IP UI
  • [14100] fix to DMARC filter option sometimes creating duplicate filter rules
  • [14079] fix to ActiveSync blacklist/whitelist entries reappear after deleting them in the MD GUI
  • [14142] fix to messages duplicate when moving them to another folder using OL 2013 with ActiveSync
  • [14153] fix to MDAirSync high CPU usage
  • [14128] fix to public and shared folder prefixes may be quoted in ActiveSync clients
  • [7421] fix to WorldClient IM may errantly detect that away users have returned
  • [14093] fix to Remote Administration not assigning correct message prefix when moving messages out of the Quarantine queue
  • [14152] fix to possible MDaemon server crash after sending to an invalid address using ActiveSync
  • [14160] fix to MD GUI mailing list member import from CSV file does not work
  • [14162] fix to Remote Administration GUI issue with Content Filter actions
  • [14166] fix to SMTP server returns 550 error instead of 530 when authentication is required

MDaemon 14.5.0 - October 21, 2014


[13265] The two options to hide local IP addresses and local LAN IP addresses when processing message headers have been deprecated and removed from Ctrl+O | Preferences | Headers. They have now been replaced by a single option which hides reserved IP addresses. That was always the intent of the older two options anyway. This new option is enabled by default and prevents use of reserved IPs from appearing in certain MDaemon created message headers. Reserved IPs are as defined by various RFCs and include: (a) 127.0.0.* (b) 192.168.*.* (c) 10.*.*.* and (d)  If you want or need to do the same for your domain IPs (including LAN domains) then you can set this switch in MDaemon.ini manually: [Special] HideMyIPs=Yes (default is No).

[13332] The option "POP3, IMAP, and WorldClient passwords are case sensitive" has been deprecated and removed from Ctrl+O | Preferences | Miscellaneous.  Passwords are now always case-sensitive.  Allowing otherwise breaks security best practices and is incompatible with hash-based authentication mechanisms (APOP, CRAM-MD5) and secure (hash-based) password storage. As a result of this some of your users may need to update their password in their mail client.

[13786] The SPF cache file now caches a domain's actual SPF policy record taken from DNS rather than the final result of SPF processing. Your old SPFCache.dat file can not be migrated and so was renamed SPFCache.dat.old in case there are settings in there you need to refer to. You can delete SPFCache.dat.old at any time.

[13121] DomainKeys has been deprecated (see below). As a result the content filter action to sign messages with DomainKeys will be ignored. If you were using this action in any of your rules you may want to either change them to sign with DKIM instead or delete them if they are no longer needed.


[11196] DMARC (Requires MDaemon PRO)

Support for DMARC (Domain-based Message Authentication, Reporting, and Conformance) has been added. DMARC defines a scalable mechanism by which a mail sending organization can express, using the Domain Name System, domain level policies and preferences for message validation, disposition, and reporting, and a mail receiving organization can use those policies and preferences to improve mail handling. The DMARC specification and full details about what it does and how it works can be found here: http://www.dmarc.org/.

DMARC allows domain owners to express their wishes concerning the handling of messages purporting to be from their domain(s) but which were not sent by them.  Possible message handling policy options are "none" in which case MDaemon takes no action, "reject" in which case MDaemon refuses to accept the message during the SMTP session itself, and "quarantine" in which case MDaemon places the following header into each message for easy filtering into your user's Junk E-mail folder:  "X-MDDMARC-Fail-policy: quarantine".  This header is only added when the result of the DMARC check is "fail" and the resulting DMARC policy is something other than "none."  It is possible to configure MDaemon to accept messages even though DMARC requests that they be rejected.  In fact, this is the default operational mode.  In these cases MDaemon will place an "X-MDDMARC-Fail-policy: reject" header into the message in case you want to filter more seriously on that.

DMARC supersedes ADSP and the message disposition features of SPF.  However, you can still use all of them together with DMARC.   ADSP and SPF message rejection now takes place after DMARC processing if DMARC verification is enabled.

DMARC depends in part upon the use of a "Public Suffix List." A "Public Suffix" is one under which Internet users can directly register names. Some examples of public suffixes are .com, .co.uk and pvt.k12.ma.us. A "Public Suffix List" is a list of all known public suffixes. MDaemon uses the one maintained for the community by the Mozilla Foundation that is found here: https://publicsuffix.org/. A copy of this list is installed into your \App\ folder as effective_tld_names.dat. There is currently no comprehensive or single authoritative source for such a list which is an issue the Internet community should address. Over time this file will grow obsolete and must be replaced by downloading it afresh from https://publicsuffix.org/list/effective_tld_names.dat and saving it to your \App\ folder. MDaemon will periodically and automatically download and install this file as part of the daily maintenance event approximately once every two weeks.  Various controls to govern this can be found on the new DMARC configuration screens.  The DMARC log and the new DMARC window within the Security tab inside the main UI will contain the results of the update and all other DMARC processing operations.  You can set a different file download URL if needed but the data downloaded must conform to the format specified by Mozilla for their file. You can read about this at the URL mentioned above.  MDaemon strictly follows the parsing algorithm specified by Mozilla. Create a (possibly empty) file called "PUBLICSUFFIX.SEM" and place it in MDaemon's \App\ folder if you replace or edit the effective_tld_names.dat file yourself and need MDaemon to reload it without a reboot.

To use DMARC as a mail sender you must publish a DMARC TXT record within your domain's DNS setup.  Information on how this record is defined and structured can be found at http://www.dmarc.org. When you publish a DMARC record to your DNS you may begin receiving DMARC reports from many different sources via email. These reports are provided as a compressed XML file whose format is governed by the DMARC specification. Consuming these reports is outside the scope of MDaemon's DMARC implementation. However, the data within these reports can provide important insight into a domain's mail flow, improper domain use, DKIM signing integrity, and SPF message path accuracy/completeness. The addresses to which these reports are sent is configured by you when you create your DMARC record.

When setting up a DMARC record for one or more of your domains take care with use of p=reject.  Take particular care if your domain provides email accounts for general use by human users.  If such users have signed up for any mailing lists, make use of a mail forwarding service, or expect to use common things like "share this article with a friend" you should know now that a DMARC p=reject policy could make those things entirely impossible and if so you'll hear about it.  DMARC p=reject is perfectly appropriate and useful but only when it is applied to domains that control how their email accounts are used (for example, transactional mail, automated (i.e. non-human) accounts, or to enforce corporate policies against use of the account outside organizational boundaries).

DMARC p=reject is especially bad for mailing lists and if careful steps are not taken this can result in list members being automatically removed from your mailing lists.  To mitigate this, the following steps should be taken:  (I) For mail receivers: (a) do not allow anyone to post to any of your mailing lists if they are from a domain that publishes restrictive DMARC policy (ie.. any policy other than "none") or (b) failing that, configure all your lists to alter the From: header within messages from such posters.  MDaemon 14.5 has new configuration options within the Mailing List Editor that can do all that work for you.  If you don't want to do either of those things then at least make sure you disable the mailing list feature that automatically removes members who refuse to accept mailing list traffic.  Otherwise, a message sent through your list by (for example) user@yahoo.com will result in the instant removal of every aol.com list member along with any and all other list members whose mail systems are DMARC compliant.  MDaemon 14.5 automatically configures all your lists to be DMARC safe so that none of your list members will be removed by enabling the From: header mitigation described above for all your lists.  (II) For mail senders:  by all means publish a DMARC record for your domains and specify an email address to receive reports but take care not to use p=reject unless you are sure its appropriate (which it very well may be).   

In order to support DMARC aggregate reporting MDaemon will store data which it will need later in order to generate aggregate reports according to the DMARC specification. MDaemon ignores the DMARC "ri="; tag and only produces DMARC aggregate reports that cover from 00:00:00 UTC to 23:59:59 UTC for a given day. At midnight UTC (which is not necessarily midnight local time) MDaemon consumes this stored data to generate the reports. MDaemon needs to be running at this time or the stored data could grow and grow and never be consumed. Therefore, if you do not run your MDaemon 24/7 you should not enable DMARC aggregate reporting.  DMARC aggregate reporting is disabled by default.

In order to support DMARC failure reporting RFC 5965 "An Extensible Format for Email Feedback Reports", RFC 6591 "Authentication Failure Reporting Using the Abuse Reporting Format", RFC 6652 "Sender Policy Framework (SPF) Authentication Failure Reporting Using the Abuse Reporting Format", RFC 6651 "Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting", and RFC 6692 "Source Ports in Abuse Reporting Format (ARF) Reports" have been fully implemented.  Failure reports are created in real-time as the incidents which trigger them occur.  MDaemon implements DMARC AFRF type failure reports and not IODEF type reports.  Therefore, only values of "afrf" in the DMARC "rf=" tag are honored.  See the DMARC specification for complete details.  Multiple failure reports can be generated from a single message depending upon the number of recipients in the DMARC record's "ruf=" tag and upon the value of the "fo=" tag times the number of independent authentication failures which were encountered by the message during processing.  When the DMARC "fo=" tag requests reporting of SPF related failures MDaemon sends SPF failure reports according to RFC 6522.  Therefore, that specification's extensions must be present in the domain's SPF record.  SPF failure reports are not sent independent of DMARC processing or in the absence of RFC 6522 extensions.  When the DMARC "fo=" tag requests reporting of DKIM related failures MDaemon sends DKIM and ADSP failure reports according to RFC 6651.  Therefore, that specification's extensions must be present in the DKIM-Signature header field and the domain must publish a valid DKIM reporting TXT record in DNS and/or valid ADSP extensions in the ADSP TXT record.  DKIM and ADSP failure reports are not sent independent of DMARC processing or in the absence of RFC 6651 extensions.  See the various specifications referenced herein for complete details.  DMARC failure reporting is disabled by default.

Important Note:  A DMARC record can specify that reports should be sent to an intermediary operating on behalf of the domain owner. This is done when the domain owner contracts with an entity to monitor mail streams for abuse and performance issues. Receipt by third parties of such data may or may not be permitted by your privacy policy, terms of use, or other similar governing document.  You should review and understand if your own internal policies constrain the use and transmission of DMARC reporting and if so you should disable DMARC reporting as appropriate.

DMARC requires use of STARTTLS whenever it is offered by report receivers however there's no way to predict or police this.  However, you should enable STARTTLS if you haven't already (see Ctrl+S | SSL & TLS | MDaemon).

There is a white list for use with DMARC verification.  This white list is for IPs only.  A match to this white list causes DMARC processing to be skipped.  DMARC also interacts with the SPF and DKIM white lists. If they cause SPF or DKIM processing to be skipped then DMARC processing will also be skipped. Naturally, when both SPF and DKIM are entirely disabled then DMARC processing will be skipped.

DMARC also honors the Approved List which can white list based on verified DKIM identifiers and/or SPF paths from sources you trust.  So, for example, if a message arrives that fails the DMARC check but has a valid DKIM signature from a domain on the Approved List the message is not subject to punitive DMARC policy (i.e..the message is treated as if the policy were p=none).  The same happens if SPF path verification matches a domain on the Approved List.  So, take note that your existing Approved List is now also a DMARC white list.  Finally, DMARC has been integrated with MDaemon's VBR system and a new option has been added to Ctrl+S | Sender Authentication | VBR Certification which allows you to ignore punitive DMARC policy on messages that fail a DMARC check but otherwise have a verified identify vouched for by at least one of your trusted VBR service providers.  This option is enabled by default.  For more information on VBR see https://www.altn.com/email-certification/.  Congratulations on VBR (RFC 5518) achieving Standards-Track status!

The Authentication-Results header has been extended to include DMARC processing results. Note that Authentication-Results includes some data in comments for debugging purposes including the DMARC policy requested by the domain owner which is not necessarily the action taken on the message. For example, when the result of a DMARC check is "pass" it does not matter what the DMARC policy states as policy is only applied to DMARC checks which "fail". Similarly, when the result of a DMARC check is "fail" and the policy is "reject" the message may be accepted anyway for local policy reasons. Use of this header for filtering should take all this into account.  Alternatively, filter for "X-MDDMARC-Fail-policy: quarantine" or "X-MDDMARC-Fail-policy: reject" to filter these messages into spam folders or whatever you want to do.  MDaemon strips out the "X-MDDMARC-Fail-policy:" header from every incoming message.

Messages must conform to DMARC section 15.1 with respect to the RFC 5322 From header or they are not processed which basically means that the absence of a single (one and only one) properly formed (according to RFC specifications) RFC5322 From field renders the message invalid generally and therefore invalid for DMARC processing.

Several new screens have been added at Ctrl+S | Sender Authentication where you can set various options related to DMARC use. 

DMARC requires SPF and/or DKIM verification to be enabled as it is based upon the verified identities that those two mechanisms provide.  You can't make productive use of DMARC for inbound mail without one or both of those technologies enabled. The UI will try to enforce this. 

DMARCReporter is a tool that reads DMARC XML reports and transforms them into easier to read HTML.  This tool has been installed into your \MDaemon\App\ folder.  See DMARCReporterReadMe.txt for instructions on use.


Massive updates were done to the Remote Administration interface. "Mobile Device Management" is now a top-level menu item for easier access. Some other menus were relocated to align Remote Administration more closely with MDaemon's layout.  Accordingly, menus have been utilized where appropriate. Context-sensitive help has also been added.

[10279] ACTIVESYNC SERVER NOW SUPPORTS SERVER-SIDE MAIL SEARCHING (Requires MDaemon PRO and active ActiveSync Software License Renewal Coverage)

MDaemon's ActiveSync server now supports searching messages on the server. Please refer to your ActiveSync client's documentation to find out if it supports this feature and how to use it. The search indexes are stored on the server in the folders being searched in files named SrchData.mrk and SrchIndex.mrk.


The mailing list engine has had several improvements.

[13196] The mailing list editor has been slightly reworked.  All the header manipulation related settings have been removed from the Settings page and put on their own new Headers page.  Also, the option to set the list's precedence value has been deprecated and removed.  Similarly the option to insert the list's name into the 'To:' header 'Display Name' has been removed as an unnecessary duplicate of the radio button option on the same screen that does the same thing.

[13198] Added a new option to the mail list editor which will allow you to reject messages sent to the list from authors whose domain publishes a restrictive DMARC policy ("p=reject" or "p=quarantine").  This option is enabled by default.  By publishing restrictive policy these domain owners are effectively making it impossible for their users to participate in any mailing list or forwarding service or "mail this article" type of service.  That may well be what they intend.  However, allowing the mailing list engine to accept such messages can lead to unrelated members being automatically unsubscribed.  You wouldn't need to enable this option if you use the new From: header alteration option but better safe than sorry (see [13160]).  Also, you wouldn't need to do this as long as your list does NOTHING to invalidate a valid DKIM signature (if there is one) but lists do that all the time and for perfectly good reasons (like adding a label to the Subject:, adding footers to the message body, etc).

[13160] Added a new option to the Mailing List Editor Headers screen which allows you to alter the From: header value on incoming posts from authors whose domain publishes restrictive DMARC policy. This option is enabled by default and should stay enabled. As much of the previous From: header data is preserved as possible. This should help with the recent issues mailing list administrators have experienced due to the DMARC "p=reject" policies at Yahoo, AOL, and some others.  FYI, as it depends on DMARC data being available this option doesn't really do anything when DMARC processing is disabled.  Any time the From: header is changed by this feature the original From: header data will be moved into the Reply-To: header but only if (1) the message has no Reply-To: header to begin with and (2) only if the mailing list configuration itself does not specify a custom Reply-To: for all list messages.

[5102] Support for List-ID (RFC 2919) has been added.  List-ID allows you to enter a short description for your mailing list which is included in the List-ID message header. This description is optional and if not provided the List-ID header will contain just the list identifier by itself.  An example header with a description looks like this:  List-ID: "Discussion of the current MDaemon Beta" <md-beta.altn.com>. An example without a description looks like this:  List-ID: <md-beta.altn.com>.  The email address of the mailing list itself is used as the list's unique identifier (note that the "@" is changed to a "." character to safely comply with the specification).  The List-ID header is stripped from incoming messages sent to local mailing lists but not from incoming messages sent to local users from outside mailing lists.

[13201] Support for List-Post, List-Subscribe, List-Unsubscribe, List-Help, List-Owner, and List-Archive mailing list headers (RFC 2369) has been added.  These headers are added to list messages if URLs for each are specified in the new controls found within the mailing list editor on the Moderation tab (because that's where there was room for them).  These must be URLs as specified in RFC 2369 (for example: mailto:arvel@altn.com).  See that document for examples.  Whatever you put into these controls will be inserted into all mailing list messages.  If the data is improperly formed it won't achieve any results.  When a List-Unsubscribe value is provided MDaemon will use it rather than other possible auto-generated values.

[13230] Support for sending mailing list monthly subscription reminders has been added. When enabled, MDaemon will send the text of a reminder message to each list member on the first day of each month. You can control the content of the reminder message using some new controls on the Mailing List editor Reminders page. The following macros are available for use within the reminder message:

  • $LISTADDRESS$ which expands to the mailing list's email address
  • $LISTNAME$ which expands to the local-part of the mailing list's email address
  • $UNSUBADDRESS$ which expands the list's unsubscribe address (the MDaemon system address basically)
  • $MEMBERADDRESS$ which expands to the email address of the list member receiving the reminder

You can copy and paste whatever HTML you want from your favorite HTML editor into the control. If you'd rather send the reminders on a different day of the month, change it by editing MDaemon.ini and setting [Special] ListReminderDay=X (default is 1).

[13242] The option to configure a list's Reply-To value has been enhanced in the UI with radio buttons to allow you to more easily select (1) Leave any Reply-To unchanged (2) Put list's name in Reply-To (3) Put arbitrary email address in Reply-To.


MDaemon's SMTP server has had some improvements

[13243] Support for RFC 3463 (Enhanced Mail System Status Codes) has been added. These codes allow for much finer grained reporting and automation. As a result of this, nearly all of MDaemon's SMTP server protocol strings have been changed to include the enhanced codes. Also, support for RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes) has been added. The ESMTP capability ENHANCEDSTATUSCODES will be advertised to other servers during the SMTP transaction.

[13264] Support for RFC 3464 (An Extensible Message Format for Delivery Status Notifications) and RFC 6522 (The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages) has been added. This completely overhauls MDaemon's DSN reporting. All of the old code and behavior related to this has been removed and replaced. With these changes, MDaemon's DSN system now fully complies with industry standards and will properly interoperate with automation tools and other MTAs. The format of the DSN has radically changed and now rigidly complies with the specifications. This means that delivery warning messages and delivery failure messages now fall under the control of these RFCs and are no longer accessible to administrators for customization. They can be localized but not customized.  The "Subject" data for these messages can still be changed but this is not recommended. The data contained in these DSNs is now in MIME multipart/report format and no longer includes the original message as an attachment.  Instead, only the headers of the original message are included in a text/rfc822-headers MIME section of the multipart/report message as the specifications recommend. Nearly all the optional components of these reports have been implemented including taking advantage of enhanced status codes if the receiving MTA supports them. DeliveryWarning.dat and DeliveryError.dat have been deprecated and removed. Ctrl+Q | DSN Options screen has been updated to remove the edit buttons and also the old option "Don't generate DSN for undeliverable list mail." This option is also deprecated and removed. MDaemon never generates DSNs for undeliverable list posts.  Please review the RFCs if you want the full details on what the meaning of the various elements within these mails mean.  MDaemon adds a Session-ID and a Queue-ID to each DSN.  The Session-ID is a functionally unique value that identifies the actual mail session or transaction event that attempted delivery (this is not new; it has just never been used for anything until now).  The Queue-ID is a functionally unique value that identifies the message file inside the queue (it's the file's name).  "Functionally unique" means unique enough to identify the data it points to for all practical purposes but not guaranteed to never repeat over the long term.

[13475] Support for RFC 3848 (SMTP and LMTP Transmission Type Registration) has been added.  This governs the value of the "WITH" clause in Received headers.  This means you'll see "ESMTP" for unauthenticated non-SSL sessions, "ESMTPA" for authenticated sessions, "ESMTPS" for SSL sessions, or "ESMTPSA" for authenticated & SSL sessions.  Values of "MULTIPOP" and "DOMAINPOP" are MDaemon specific and will continue to be used even though they don't appear in the IANA registry.


[13292] Updated MDaemon's SPF implementation to the latest specification (RFC 7208):

Section 4.6.4: Imposed a limit on the number of SPF terms that cause DNS queries. The following terms cause DNS queries: the "include", "a", "mx", "ptr", and "exists" mechanisms and the "redirect" modifier. The total allowed for such terms is now fixed at 10 and cannot be changed as per the specification. Also, each 'A' record lookup performed while processing an "mx" mechanism count toward the 10 term limit.  When the 10 term limit is reached further SPF processing stops, any SPF results are dropped, and a permanent error is recorded as the result as per the specification. Section 4.6.4: "ptr" resource records count toward the 10 term limit as well however any extras over and above 10 are simply ignored and no permanent error is generated as per the specification.

Section 4.6.4: Imposed a limit on the number of "void" lookups.  These are defined in the specification as lookups that result in either (a) domain does not exist or (b) no answers exist.  When this limit is reached SPF processing generates a permanent error as per the specification.  You can configure the number of allowable void lookups via a new control in Ctrl+S | Sender Authentication | SPF Verification.  It cannot be less than 2. 

Section 9.1: The ABNF was updated for the Received-SPF header so it required a few changes. Also, I added the "mechanism" key so you can see which mechanism matched. Note that the spec calls for using the string "default" when no mechanism matches so that may appear from time-to-time. Also, 9.2 provides guidance on the use of the Authentication-Results header (RFC 7001) so this resulted in a few updates to that header as well.

As a result of the improvements made to Authentication-Results, MDaemon no longer creates the X-MDPtrLookup-Result, X-MDMailLookup-Result, or X-MDHeloLookup-Result headers.  These headers will continue to be stripped from incoming messages but they are no longer created or used by MDaemon itself.

[13313] Updated MDaemon's implementation of "Message Header Field for Indicating Message Authentication Status (RFC 7001)." This is the latest specification governing the Authentication-Results header. This caused several changes to the format of the Authentication-Results header and it looks much different now.  PTR, HELO, and MAIL reverse lookups now use the ABNF from RFC 7001 (i.e.. iprev and policy.iprev for PTR, HELO, and MAIL with comment text as the differentiator).  Also, corrected improper use of ptypes and their values in several places.  Also, found and fixed some bugs in the inconsistent text put out in this header and in what happens if a DNS failure occurs during a lookup.

[13314] Implemented "Authentication-Results Registration for Vouch By Reference Results (RFC 6212)." I (Arvel) am one of the authors of VBR but didn't notice that my friend Murray had created RFC 6212 to document VBR results in an industry standard way using his Authentication-Results header.  That's what I get for falling into a corporate black hole for 3 years :)  MDaemon will now follow this RFC and when multiple VBR hosts are used there will be multiple VBR sections in Authentication-Results.

[13316] Implemented "Authentication-Results Registration for Differentiating among Cryptographic Results (RFC 6008)." This included documenting the results of each DKIM signature in an industry standard way. Previously, MDaemon did not document all signature results and what it did document was not in industry standard form.  MDaemon will now follow this RFC and when multiple DKIM signatures are used there will be multiple DKIM sections in Authentication-Results.

[13315] Added new option to Ctrl+S | Sender Authentication | VBR Certification which will force VBR checks even for incoming messages that lack the VBR-Info header.  Normally this header is necessary but VBR works fine without it.  When the header is missing MDaemon will query your trusted VBR certifiers using the "all" mail type.  This option existed in the previous version but was not exposed in the UI.  Also, in previous versions it was enabled by default but I changed that to be disabled by default to save on queries.  You can enable it if you want.  Also, in previous versions only the default certifier was used in this situation (which is Alt-N's service - vbr.emailcertification.org) but now MDaemon will query each of your trusted VBR certifiers.  Note that spamhaus has adopted VBR now with their DWL list.  See http://www.spamhauswhitelist.com/en/usage.html for information and usage.  To use this list within MDaemon just add it to the list of trusted certifiers at Ctrl+S | Sender Authentication | VBR Certification after checking with Spamhaus for any compliance requirements they may have.

[13139] Updated MDaemon's DKIM implementation to the latest specification (RFC 6376).  Also, added separate storage of header and body canonicalized data for optional use with DMARC failure reporting.  Also, the Authentication-Results header now includes the results of ADSP processing where relevant as per RFC 5617.  Finally, RFC 6651 required updates to libdkim.  Added a new option to Ctrl+S | Sender Authentication | DKIM Options which adds RFC 6651 "r=y" tag to outbound signatures.  This enables DKIM failure reporting should outside verifiers choose to honor it.  You must also configure a DKIM reporting TXT record in your domain's DNS and/or update your ADSP TXT record if you want to receive these reports.  See RFC 6651 for syntax and instructions on how to do that.  When set up correctly you may begin receiving AFRF failure reports from external sources when they encounter messages purporting to be from your domain which fail DKIM verification.  Since it requires DNS setup this option is disabled by default.  Also, I added another option to Ctrl+S | Sender Authentication | DKIM Options which toggles whether the RFC 6651 "rs=" tag is honored.  This tag allows outside domain owners to customize the SMTP rejection string that your MDaemon will display when DKIM processing results in a rejection related to their domain.  These strings cannot start with a space or number or include \r, \n, or \t. If they do, MDaemon ignores them.  Otherwise, they're fine.  This switch is enabled by default.  You can disable it if you are uncomfortable with outsiders determining what your MDaemon says in a DKIM related SMTP rejection.  Normally, this is just "550 5.7.0 Message rejected per DKIM policy".  The "550 5.7.0" bit will be prepended to whatever custom string is used (if any).


  • [12535] MDaemon now supports TLS 1.1 and 1.2. Requires Windows 7 / Server 2008 R2 or newer.
  • [13040] Ctrl+U | Passwords now has a new control which lets you configure the minimum password length when requiring strong passwords. The absolute minimum is 6 characters but higher values are strongly recommended. Changing this setting does not automatically trigger a required password change for those with passwords shorter than the new minimum however when those users next change their password this setting will be enforced.
  • [13197] Message Recall improved slightly with a better indication of success in the Subject: text of result notification email.  Also, you can specify the full header+value in the recall request now so "RECALL Message-ID: <message-id>" will work which makes it slightly easier to cut-and-paste.
  • [12308] You can now enable logging of ActiveSync WBXML and XML data globally with new checkboxes at Alt+M | ActiveSync | Options, for specific domains at Alt+F2 | Options, and for individual devices used by individual users from within the Account Editor | ActiveSync Devices page.  It is also possible to turn on logging for all devices for a particular user but I didn't expose this as there's no room anywhere and you can enable/disable the user's device(s) which does the same thing.  Each of these controls has the standard Yes, No, or Inherit options.  Inherit means do whatever the next level up says to do - so user's devices do whatever the domain's setting is which will default to whatever the global setting is.  This logging is switched off by default but is useful for debugging purposes.
  • [12762] You can now set the maximum number of ActiveSync devices allowed per user globally with a new control at Alt+M | ActiveSync | Options, for specific domains at Alt+F2 | Options, and for individual users from within the Account Editor | ActiveSync Devices page.  Setting the global value to zero means no limit.  Setting the domain value to zero means use the global setting.  Setting the user-level value to zero means use the domain default.  All values are set to zero by default.
  • [12982] The ActiveSync white and black lists can trigger off of Device ID, Device Type, and User Agent strings but not Device OS.  This was a UI mislabel only and has been corrected.
  • [12981] The "Size" column header in the message queue pane within the main UI was changed to read "Size (Bytes)".
  • [12454] Ctrl+Q | Holding Queue has been reorganized such that the bad queue summary email can be sent even if the holding queue is disabled.  It was a mistake to make these options which are unrelated dependent on each other in the UI.
  • [12374] Moved option to configure the daily quota report subject text from Ctrl+O | System to Ctrl+U | Quotas.  Also this configuration was being ignored in some cases.  That was fixed.
  • [13108] Improved SMTP error message upon authentication failure when using MSA port.
  • [9642] Updated UI to display fact that a Documents folder may also be created for domains/users when configured to do so.
  • [8619] Added the following new account template macros which return lower case versions of the data they represent:  $USERFIRSTNAMELC$, $USERLASTNAMELC$, $USERFIRSTINITIALLC$, and $USERLASTINITIALLC$. Also the installation default for the new account mailbox template was changed to use these new macros.  This may or may not change your configuration depending upon whether you are still using installation defaults or not.  To double check and use the macros you want see Ctrl+T | Template Manager | New Accounts and you will see the macros used to create a new account's value.
  • [6172] The way window positions and layouts for the UI are saved has been changed.  First, the config session and main UI no longer share or overwrite each other's window positions, item selections, or layouts.  Second, if you are running on one of the newer versions of Windows which does not permit any service interaction then MDaemon will no longer bother keeping up with window positions or layouts at all (who cares?).  This saves time reading and writing values to disk for something that nobody can ever even look at.
  • [13121] All support for the original DomainKeys message authentication system has been removed.  DomainKeys is obsolete and has been replaced by the acceptance and adoption of DKIM which MDaemon continues to support.  Some UI dialogs related to DomainKeys and DKIM found within Ctrl+S | Sender Authentication have been reorganized as a result and options related to DomainKeys removed and the remaining options better consolidated.  Some .DAT files may continue to refer to DomainKeys in their various comment text but this will not be the case for fresh new installs nor does it hurt to leave this comment text in place.  The install process will remove DomainKeys.dll and update the MDaemon spam filter scores file.
  • [13124] All support for HashCash has been removed.  This technology never caught on.  The install process will remove HashCash.dll and HCMint.dat and clean things up.
  • [13125] All support for Sender-ID has been removed.  This technology never caught on and is obsolete. 
  • [9728] MDaemon Remote Administration now has reports showing the top message senders by message count and total size.
  • [9546] Users are now prompted to decide whether or not to upload a file to their documents list that has the same name as another file in their list in the WorldClient and LookOut themes.
  • [9696] Added a checkbox next to the filename in the LookOut theme so that selection is easier for the user.
  • [13110] The Settings views have been updated in the WorldClient theme to better match the simplicity of the theme.  From the Settings view there is now a "Return to Inbox" button in order to leave the settings view.  The filters list has been altered to display the information for what each filter does in a more user friendly manner.  The process for creating and editing filters has been removed from the main page to a modal window.  Each time a user moves a filter the server will update the order of the filters.  New folder creation has also been removed from the main page to a modal window.  The share folder dialog has been changed to only allow email addresses to be added and removed, but not edited. The access level is now editable only after the user has been added. All other views look different but continue to function in the same fashion.
  • [9675] In the LookOut theme, only the type of folder that an item is being copied/moved from is displayed in the destination dialog.
  • [9673] In the WorldClient and LookOut themes, users now have the ability to drag and drop a file from a documents folder to their local machine.  However, only Chrome supports this functionality.  Other browsers will either do nothing, or create a shortcut to the desktop.
  • [9693] In the WorldClient and LookOut themes, when users compose an email and click the "attach" button users are now able to attach documents from a sortable and searchable list of all documents that user has access to through WorldClient.
  • [12352] SPF processing will no longer abort due to IP6 mechanisms.
  • [13192] In the WorldClient theme the folder pane now maintains the width set by the user in the previous session.
  • [7222] In all themes there is now a button or link that saves the source of the selected message as an .eml file to the user's local machine
  • [10607] EXPN and LIST commands (do people still use these?) now return results in alphabetical order.  EXPN no longer attempts to send the real name or "n/a".
  • [13199] Sub-addressing should work with aliases for the mailbox part now.
  • [9854] Some MDaemon Remote Administration reports are hidden from view if the specified feature isn't being used
  • [12291] The routing log now displays the actual complete header values for To: and From: (within reason)
  • [10366] It is now possible to save searches for the message list in the LookOut and WorldClient themes by going to the Advanced Search.
  • [5825] Added new control at Ctrl+O | Preferences | UI which allows you to configure the text editor you like rather than always having the UI use notepad.exe.  However, notepad.exe is the default and will always be used if you don't specify something different.
  • [13161] When the bad queue is processed messages to remote recipients will be moved back into the remote queue for delivery.  Also, the routing log will now show LOCAL or BAD QUEUE when processing each type of message and bad queue will have its own color.  Also, messages released from the bad queue will honor any newly created aliases to local users that might have been created since the message was placed in the bad queue.
  • [12488] The checkbox to delete files from the bad queue as part of daily maintenance was removed from Ctrl+O | Preferences | Disk and has been replaced by an edit control that allows you to set the number of days old a file has to be before it gets deleted.  So now rather than delete all files it deletes files older than X days.  The default is 0 (zero) which means to never delete any files.  If you previously had the old option enabled then the new option has been set to 1 day to preserve previous behavior.
  • [13188] Raised length of forwarding address fields from 256 to 512 characters.
  • [13273] Updated several places in MDaemon which create auto-generated emails to use a proper and consistent From: and Reply-To:.  Also updated several internal references to sales@ and support@ addresses that were out of date.
  • [5142] Added new setting to Ctrl+O | Preferences | Miscellaneous which will instruct MDaemon to skip the sending of forwarded messages to the smart host if there was an error delivering the forwarded mail to a specifically configured external host.  When enabled, such messages will be placed in the retry queue.  When disabled, such messages are sent to the bad queue. This switch is disabled by default to preserve previous behavior.
  • [9407] Added a new setting to Ctrl+O | Preferences | Miscellaneous which will cause MDaemon to delete messages from senders who are in the recipient's personal black list (assuming the options to use black lists are enabled).  Previously these messages went into the bad queue.  Now you can enable this switch to just delete them.  This option is disabled by default to preserve previous behavior.
  • [13219] The Quota.msg file will now be updated if MultiPOP tries to pull a messages which would exceed the accounts quota limitations.
  • [12862] MDaemon will try to detect and use the correct FQDN domain value far more often now than it used to.
  • [7270] Due to frequent requests :)  Added a new setting to Ctrl+O | Preferences | Miscellaneous which will cause MDaemon to remove duplicate recipients when a single message is submitted to multiple mailing lists.  It only removes duplicate list members when a single message is delivered to multiple lists which contain that same member.  For example, if list-a@domain.com and list-b@domain.com both have arvel@altn.com as a member then a single message delivered in the same SMTP session would result in one message (not two) being delivered to arvel@altn.com.  The problem with this (and why YOU SHOULD NEVER USE IT or any similar de-duplication schemes) is that there is no way to know which copy from which list the individual member prefers to receive and you CANNOT safely assume that it makes no difference.  Lists vary widely in their configuration and use by end users.  Therefore, by enabling this option you are certain to break something for somebody.  There is also no relationship what-so-ever between two different mailing lists except the fact that they happen to be (completely by happenstance) managed by the same MDaemon instance - but so what?  That means nothing.  This "feature" does not operate upon list messages with identical content that are delivered multiple individual times.  This "feature" does not operate upon RCPT values that are not mailing lists.  So, if a single message arrives in the same SMTP session for list-a@domain.com and list-b@domain.com and arvel@altn.com then arvel@altn.com would receive two copies if he's a member of list-a and/or list-b.
  • [13290] The Account Editor and Template Manager have been updated as follows:  a new tab called "White List" has been added and the white list related options have been moved from the Options tab and placed onto this new tab.  This gives me more UI space to work with.  Also, the options moved to the new White List tab are still subject to over-riding spam filter and autoresponder settings as the revised help text on the tab explains however they are no longer greyed out as a result of those settings.  This lets you configure them without having to worry about the state of other options on other screens.
  • [10816] Added right-click menu option to the bad queue which adds the deliver-to address to the spam honeypot. The address must be to a local domain and if it belongs to an existing account a warning popup will occur.
  • [3432] Autoresponder scheduling has been improved with the addition of checkboxes for each day of the week.  When you set an autoresponder start and end time you can now select one or more days of the week that the autoresponder will operate on.   All existing autoresponders will operate on every day of the week to preserve existing behavior, however they can be changed as needed.
  • [13294] Mobile theme - Mail Forwarding options have been added
  • [13297] Alt+M | ActiveSync | Devices will now present data by domain and then sorted by email address within each domain.  Also a "please wait" popup box was added so that you know the data is being processed and the server hasn't locked up.
  • [12950] In the LookOut and WorldClient themes "Documents" has been added as a default view option.
  • [12528] In WorldClient it is now possible to set shared permissions to a folder and all of its sub folders by checking the box "Apply to sub folders" in the FolderShare view.
  • [12842] Added support for displaying custom buttons in the WorldClient UI. Edit \MDaemon\WorldClient\Domains.ini and set [Default:Settings] CustomButtonText1=the text to display on the button (up to 12 characters) and CustomButtonLink1=the URL to open when the button is clicked. Up to 5 buttons may be added.
  • [13006] Mailing list messages sent to disabled local accounts are simply ignored rather than moved to bad queue.
  • [9697] Added ability to restrict the size of individual files that can be uploaded to WorldClient's documents folders. Edit \MDaemon\WorldClient\Domains.ini and set [Default:Settings] MaxAttachmentSize=<value in KB>. The default is 0 which means there is no limit.
  • [9695] Added ability to restrict the types of files that can be uploaded to WorldClient's documents folders. In \MDaemon\WorldClient\Domains.ini enter (for example) "BlockFileTypes=exe dll js", or "AllowFileTypes=jpg png doc docx xls xlsx".  The priority is BlockFileTypes. In other words if an extension is in both lists, the content will be blocked. If a list is empty, there is no check. The extensions can be separated by spaces or commas. Leading "."s on the extensions are optional.
  • [2095] Added size limit for attachments that can be uploaded to WorldClient's Compose view. Edit \MDaemon\WorldClient\Domains.ini and set MaxComposeAttachSize=<value in KB>.
  • [2687] WorldClient displays the size of the attachments in the Compose window. The value is in KB.
  • [13441] LookOut and WorldClient themes - Added ability to drag and drop attachments from a message to the desktop. Only supported by Chrome.
  • [11345] WorldClient - Added ability to set a default Reply-To address in the Options | Compose view. Once set, the Compose view will default to show the advanced options in Lite, Mobile, and LookOut, and will display the Reply-To input in the WorldClient theme.
  • [12886] WorldClient - Added option in Options | Personalize to print message attachments "Always", "Never", or "Decide on print"
  • [4758] The trusted hosts and trusted IPs editor have been split apart and placed on two separate screens at Ctrl+S | Security Settings and the ability to add comment text to each entry has been added.  First time installation of 14.50 will process the old Relay.dat file into TrustedHosts.dat and TrustedIPs.dat.  Relay.dat file is deprecated and will be removed.  This change and several others like it have been made to allow for longer IP addresses within the UI necessary to support IPv6 address forms in future.
  • [9075] WorldClient's time zone option now defaults to the server's time zone rather than a blank value when no time zone has been set.
  • [6004] WorldClient now includes the names of distribution groups in the Compose view's recipient field autocomplete choices.
  • [6445] WorldClient's autoresponder editor now adjusts the start and end times to be in the user's time zone instead of the server's time zone.
  • [12335] LookOut and WorldClient themes - added a calendar view which shows events in a list format
  • [8204] WorldClient - added a default reminder option under Options | Calendar
  • [12162] LookOut theme - Added ability to collapse and expand the favorite folder list
  • [6724] WorldClient - Added drop down list of strong password requirements.  Viewable by clicking on the icon next to the "Password" information, and shows up when a user's password change does not meet the requirements.
  • [13528] WorldClient - Added autocomplete with distribution lists to the add attendee controls for event creation/editing in all themes but Mobile.
  • [13520] Added ACL file cleanup routine to daily maintenance event.  Also you can create ACLFIX.SEM in the \App\ folder to trigger just this cleanup routine.
  • [13544] Account exports (Accounts.csv file) no longer includes passwords by default.  If this is not to your liking you can set the following key in MDaemon.ini using Notepad, but this is not recommended: [Special] ExportPasswords=Yes.
  • [13283] WorldClient - Added option to set a default event length for new calendar events
  • [13594] The date/time stamp within logs now include a millisecond value (from 000 to 999) for added precision.
  • [13604] The Authentication-Results and X-Authenticated-Sender headers that MDaemon sometimes inserts into messages will now use the actual email address passed to the SMTP server for authentication (which could be an alias to an actual account) rather than always exposing the actual email address.  This protects against potential address harvesting.
  • [12298] The message that WorldClient sends to the postmaster when dynamic screening bans an IP now mentions the username attempted.
  • [13367] WorldClient supports sending secure/private encrypted messages via RPost. Enable this feature on the Compose options page.
  • [13618] Mobile theme - Added ability to attach documents to messages in the compose view
  • [13655] MDaemon's active sessions list now displays SSL/TLS use.
  • [6022] WorldClient - Added contact pictures for Lite, LookOut, and WorldClient themes.
  • [13533] WorldClient theme - Copy/Move dialog only displays folders of the correct type.
  • [12435] The disk space values found at Ctrl+O | Preferences | Disk have been converted and migrated from KB to MB.  New defaults are 100MB for the warning email and 10MB for the auto-shutdown.  Your migrated values could be less than that which is fine and will preserve previous behavior.
  • [5592] Over-quota message refusals will no longer happen after DATA when multiple RCPTs were provided.  Instead, the message is delivered possibly placing an account into a slightly over quota state.  However, any subsequent delivery attempts to the over quota account will be refused.  This change was necessary in order to (a) maximize the use of an accounts quota value (b) avoid a problem wherein a single message delivered to multiple recipients is refused for all recipients if accepting the message would put even one of the recipients over quota.  Also, the quota check has been moved up the processing chain so that it is the first thing which happens after DATA is completed rather than last in the list.
  • [13780] Double clicking a list member in the List Editor will load the member's settings into the edit controls so you can change a specific entry without having to remove it.  This process converts the "Remove" button into a "Replace" button which will save your edits.  Clicking any other button on the screen switches back to "Replace" mode.
  • [13775] "Post only/nomail" label was changed to "Toggle post only" on Mailing List editor button.
  • [13790] Added a new option to Ctrl+S | Sender Authentication | SMTP Authentication which forces AUTH for all SMTP sessions.  This is useful in certain configurations in which all incoming connections can be expected to conform.  When enabled, MDaemon will respond to DATA with a 5xx error-code unless the session has been previously authenticated.  This option honors the "requires authentication to match the message sender" checkbox.  Connections from trusted IPs and local loopback are not subject to this option. This option is disabled by default. 
  • [13789] Added a new option to Ctrl+S | SSL & TLS | MDaemon which forces all incoming connections to use STARTTLS.  This is useful in certain configurations in which all incoming connections can be expected to conform.  When enabled, MDaemon will respond to MAIL with an error-code unless STARTTLS has succeeded.  Connections from trusted IPs and local loopback are not subject to this option.  This option is disabled by default.
  • [13796] When MDaemon detects a semaphore file that it does not recognize it will state so in the system log.
  • [13245] The ActiveSync server will not send reminders for events in a shared calendar folder to users who do not have write access to the folder.
  • [13821] The SPF white list now also applies to the SMTP envelope email address.
  • [13483] An ActiveSync log viewer application is now bundled with MDaemon. Run \MDaemon\ASLogViewer\ASLogView.exe.
  • [14025] The Ctrl+Q | "Include original message when informing sender" option has been deprecated and removed.  MDaemon's DSN system includes the headers of the original message but never the whole thing.
  • [14026] The Ctrl+Q | "Inform the sender when message is placed in retry queue" option has been deprecated and removed.  MDaemon always sends DSNs when required in order to comply with Internet standards.
  • [14027] The "Place undeliverable DSN messages into the bad message queue" option was moved from the Ctrl+Q | Retry Queue tab to the Ctrl+Q | DSN Options tab.


  • [12434] fix to missing listadmins.dat file preventing manual editing button from opening the file for edits
  • [13185] fix to WorldClient theme Choose File button truncated in some languages
  • [13152] fix to WorldClient theme Instant Messenger some strings not translated
  • [13149] fix to WorldClient theme advanced search strings overlapping checkboxes in some languages
  • [13187] fix to some settings in Remote Administration do not show the same default values that MDaemon does
  • [13130] fix to WorldClient and LookOut themes lists do not scroll to the top after changing pages
  • [13184] fix to quota.msg losing data due to not being thread-safe; also the Date: header gets updated now when this file changes
  • [9616] fix to X-Spam-Flag header being removed errantly when the option to strip X- headers enabled
  • [13206] fix to LookOut theme menu bar is truncated in some languages when right- clicking and selecting the Share Folder option
  • [13319] fix to WorldClient theme when you right-click a message, the Add Contact feature does not add the contact
  • [12988] fix to WorldClient theme unable to utilize preview pane on an iOS device
  • [12755] fix to WorldClient Signature editor does not save changes in Source view
  • [13452] fix to unable to forward/redirect to more than one address with User IMAP filters in Remote Administration
  • [13459] fix to apply button not working in MD GUI's mailing list editor
  • [13463] fix to spam filter exclude file not working right when specifying header/value combinations
  • [12452] fix to C:\MDaemon directory is created when doing a fresh install to a different location
  • [5016] fix to LookOut and WorldClient themes - New appointment button does not use selected date in Week view
  • [10337] fix to WorldClient - When printing an email with a large attached image the image is truncated in the printout
  • [13467] fix to Remote Administration's Domain Manager Host fields not matching up with MDaemon
  • [13073] fix to browser prompts to install a plugin when receiving instant messages in the WorldClient theme by adding an option to disable the new message sound.
  • [13499] fix to errant event log entries about holding queue when messages in bad queue
  • [13650] fix to main screen splitter position not being saved across re-starts
  • [12347] Messages are now checked for queue expiration at the start of message processing rather than at the end of a delivery attempt.  This solves a bug in which at times some messages were left in retry queue too long.
  • [12712] fix to RECALL feature not working with message directory hashing option enabled
  • [9251] The check-box within the Domain Manager to skip message size checking for authenticated sessions has been replaced with an edit control where you can enter a separate max message size for authenticated sessions.  This way authenticated senders an have one max message size set for them which is different from the one applied to non-authenticated senders.
  • [13208] Ctrl+P | DNS-BL | Hosts now includes a test button which will test the "DNS-BL host" value by looking up 
  • [13628] fix to WorldClient & LookOut themes - When printing a sent message, the BCC header is not included in the printout
  • [12042] fix to LookOut theme - when creating a signature, it does not use the default font size that is currently selected
  • [12943] fix to LookOut and WorldClient themes - when zooming out with two calendars shown side-by-side, the calendar pane on the right goes blank
  • [13742] fix to quarantine queue visible in MDRA if SecurityPlus is not installed
  • [12525] fix to LookOut and WorldClient themes - BlackBerry Wired Activation gets stuck on "Loading device(s)" when using IE 11
  • [13745] fix to Account Manager not keeping selected item in focus across an account edit operation
  • [5631] fix to WorldClient - blank contacts can be created
  • [8576] fix to LookOut theme - Message Preview - Unable to transition from inline message preview to hide message preview and vice versa
  • [13754] fix to potential message loop when postmaster forwards mail
  • [10486] fix to MDaemon sends duplicate copies of mailing list messages to recipients who are members of multiple groups that are members of the mailing list
  • [4360] fix to shared folder ACLs are not updated when changing an account's email address
  • [11566] fix to blank lines are added to the message body when composing plain text messages in WorldClient using IE 10
  • [13432] fix to Remote Administration not saving changes to WorldClient's Dynamic Screening properly
  • [13186] fix to Remote Administration not displaying Daily Cleanup times correctly
  • [13324] fix to ActiveSync outbound byte statistics not always being updated in MDaemon GUI
  • [13526] fix to WorldClient may insert extra lines in exported calendar CSV files
  • [13920] fix to quota sent-per-day not always working when aliases were used

MDaemon 14.0.3 - July 15, 2014


  • [13310] Added Korean language to MDaemon Remote Administration and WorldClient Instant Messenger


  • [13090] fix to meeting invitation shows that the invitee is the organizer whenever request is synced to iPhone via ActiveSync
  • [13234] fix to changes to account ActiveSync Public Folders setting not being saved in Remote Administration
  • [13200] fix to "554 Sorry, message looks like spam to me" sent twice in SMTP session in some configurations
  • [13079] fix to domain specific smart host not being used in some configurations
  • [13015] fix to authentication not taking place when sending to smart host(s) in some configurations
  • [13145] fix to smart host being ignored upon A record lookup failures in some configurations
  • [8397] fix to messages bouncing back errantly in some configurations
  • [13153] fix to queue-based spam filter scan not being performed if errors happened during SMTP session spam filter scan
  • [13142] fix to WorldClient theme may open the previously selected message when attempting to print a different message
  • [12693] fix to some calendar views in the WorldClient and LookOut themes may incorrectly include events from the previous or next day
  • [12648] fix to Mobile theme unable to edit public calendar entries
  • [13204] fix to Content Filter may modify messages in a way that breaks DKIM signatures when AV is enabled
  • [13076] fix to new WorldClient IM windows open without a place to type a response
  • [13151] fix to WorldClient theme left column too narrow for some languages
  • [12299] fix to script error when editing a contact's name in the LookOut theme using IE 8
  • [13284] fix to memory leak when the "Use recursive aliasing" option is enabled
  • [13302] fix to the From header in generated autoresponder messages may not be encoded properly
  • [13381] fix to a duplicate event is created when viewing a meeting invite in Outlook with Outlook Connector after it has been accepted using WorldClient or ActiveSync
  • [13386] fix to MDaemon Remote Administration assigning a template when editing or creating a group
  • [13421] fix to PIM items may get out of sync if they are changed on both the server and ActiveSync device between syncs
  • [12415] fix to WorldClient's Standard theme Compose page not working with MDaemon 14 by installing an update from KBA-02597

MDaemon 14.0.2 - May 14, 2014


  • [13156] fix to mailing list messages getting stuck in the inbound queue

MDaemon 14.0.1 - May 13, 2014


  • [12974] WebAdmin has been renamed to MDaemon Remote Administration.
  • [12975] ComAgent has been renamed to WorldClient Instant Messenger.


  • [9932] Added Manual Learn button to MDaemon Remote Administration's Spam Filter Bayesian Classification section.
  • [11288] MDaemon Remote Administration now allows log files to be viewed in a new window.
  • [12846] MDaemon Remote Administration logos and color scheme updated.
  • [10907] ActiveSync WhiteList and BlackList support wildcards.
  • [9949] Added MDaemon Remote Administration mailbox reports for quotas for mailbox size and message count.
  • [12948] WorldClient theme selection behavior changed to not select the checkbox unless the checkbox is clicked.
  • [12672] Added the ability to nick name favorite folders from the context menu in the LookOut and WorldClient themes.
  • [10957] Added the ability to select a default From address on WorldClient's Options | Compose page.
  • [13037] Changed the date formatting in the WorldClient theme's message list to match the simpler look.
  • [12973] The trial installation process has been streamlined. The installer asks for less customer information and retrieves a trial key automatically. The initial trial period is 14 days but can be extended to the full 30 days by clicking on the link on the Help | Register Your Alt-N Products dialog and following the instructions on our web site.


  • [13122] fix to WorldClient vulnerability that may allow remote code execution
  • [12910] fix to error 5 when compacting the statistics database
  • [12289] fix to MDaemon Remote Administration showing inactive quota data in Mailbox Summary Report
  • [12930] fix to unable to copy/move messages to public folders via MDaemon Remote Administration
  • [12921] fix to quota settings appear over the "New Email" button in the WorldClient theme
  • [12925] fix to unable to log in to WorldClient theme using Russian language
  • [12926] fix to opened email message windows appear blank in the WorldClient theme using Italian language
  • [12903] fix to incorrect default cursor location when using Advanced Compose in the WorldClient theme
  • [12834] fix to ActiveSync does not hide PIM items marked private in shared folders
  • [12887] fix to "Prevent this page from creating additional dialogs" prompt when printing in WorldClient theme using FireFox
  • [12841] fix to ActiveSync may not list all shared folders that a user has access to
  • [12966] fix to Copy/Move dialog in MDaemon Remote Administration not sized properly to accomodate large Public Folder paths
  • [12883] fix to WorldClient theme mark all read and delete all options dot not work in the folder list for the Catalan language
  • [12911] fix to the WorldClient theme favorites section missing until you log back in when message list threading is toggled
  • [12756] fix to WorldClient theme view unread messages filter lost when message list is resized
  • [12979] fix to WorldClient and LookOut themes deleting messages from the external message view does not always show that the message is deleted in the list
  • [12890] fix to LookOut theme message header color changes in external message view when toggling the expand button
  • [11854] fix to LookOut theme two line header output in message list hides replied and forwarded flags
  • [12769] fix to LookOut and WorldClient themes Message preview pane does not refresh when all messages are moved out of a folder
  • [12877] fix to WorldClient theme when using a transparent png as custom banner, the transparency does not work on the Logon page
  • [12777] fix to WorldClient theme after reading a message in the preview pane it remains scrolled down when switching to the next message
  • [9858] fix to Lite theme cannot switch between themes in Options | Personalize using iPad
  • [12955] fix to WorldClient theme advanced search date selection does not work
  • [12924] fix to WorldClient theme not very clear which messages are unread
  • [12902] fix to LookOut and WorldClient themes - certain User.ini values cause the Options | Personalize page to get stuck in a refresh
  • [13012] fix to able to enable Instant Messaging in MDaemon Remote Administration without having WorldClient Instant Messaging enabled
  • [12076] fix to LookOut and WorldClient themes - when clicking Options>Outlook Connector the screen is reloaded to the first screen that is displayed after login
  • [12715] fix to WorldClient theme - Advanced search beginning date picker not opening in IE
  • [13036] fix to JavaScript error on MDaemon Remote Administration's User ActiveSync Devices page
  • [13038] fix to WorldClient theme - Folder context menu contains option to delete "default" folders
  • [12899] fix to Remote Administration's autoresponse saving logic to differentiate between shared and personal autoresponse files
  • [12952] fix to WorldClient theme cannot resize the folder list frame
  • [13101] fix to potential crash when editing an account in Remote Administration
  • [12588] fix to filenames of attachments downloaded from WorldClient using IE 11 may be corrupted
  • [12701] fix to WorldClient does not detect inline images in certain messages as being inline
  • [13090] fix to meeting invitation shows that the invitee is the organizer whenever request is synced to iPhone via ActiveSync
  • [12272] fix to embedded images in HTML messages are not displayed on Android devices
  • [12680] fix to BlackBerry 10 devices show HTML messages as plain text after updating to MD 14

MDaemon 14.0.0 - March 25, 2014


  • [10732] Product registration system has been updated to utilize a digitally signed XML based license file. This approach allows for greater flexibility, and will enable ALT-N to offer new innovative purchasing and renewal options. The installation process will automatically download the license file. Product activation has been replaced by a scheduled mechanism that will update the license file on a periodic basis. The system is able to accommodate temporary connectivity outages, however communication with the licensing service is required for continued use of the product.
  • [12415] WorldClient's Simple theme has been renamed to Lite. MDaemon Lite's WorldClient will use this theme. The Standard theme is no longer included with MDaemon. It will be available as a separate download.


[12504] NEW WORLDCLIENT THEME (Requires MDaemon PRO)

A new theme, WorldClient, has been introduced in response to customer requests for a more modern, browser-based email client. This new theme incorporates numerous design elements from popular consumer and business browser-based email clients and was designed with input from professional UI/UX development teams.

This new WorldClient theme is now the default WorldClient theme for new installs. When updating, the installer will ask if you want to change your default to this new theme.

[12091] ACTIVESYNC SERVER NOW SUPPORTS SHARED FOLDERS (Requires MDaemon PRO and active ActiveSync Software License Renewal)

MDaemon's ActiveSync server now supports other users' shared folders in addition to personal and public folders. The behavior of any client accessing shared folders via the ActiveSync protocol can vary. While MDaemon's ActiveSync implementation supports Email, Events, Contacts, Tasks and Notes, not all device clients are capable of handling this data.

[12723] The MDaemon GUI has controls to turn ActiveSync shared folders on or off at the global level (at F2 | Server Settings | Public & Shared Folders and Alt+M | ActiveSync | Options), at the domain level (at Alt+F2 | Domain Settings | Options), or account level (at Account Editor | Mail Services). "Inherit" means the domain or account will use the value that was configured at the global or domain level.


  • [12432] The Dynamic Screening "Account failed authentication" emails to the postmaster now list the date, time, IP, and protocol for the failed attempts.
  • [6250] MDaemon now logs "Failed $PROTOCOL$ authentication attempt from $IP$ for "$EMAIL$"" to make it easier to find and troubleshoot authentication failures.
  • [4715] Added support for inline images in domain signatures.  An image may be added...
    • From WebAdmin...
      • In the HTML editor click the "Image" toolbar button and select the upload tab
      • In the HTML editor click the "Add image" toolbar button
      • Drag and drop an image into the HTML editor with Chrome, FireFox, Safari, or MSIE 10+
      • Copy and paste image from the clipboard into the HTML editor with Chrome, FireFox, MSIE 11+
    • By using the " $ATTACH_INLINE:path_to_image_file$" macro in the signature HTML.  For example, <IMG border=0 hspace=0 alt="" align=baseline src="$ATTACH_INLINE:c:\images\mr_t_and_arnold.jpg$">
  • [8031] WorldClient supports adding inline images to composed HTML messages. Users can upload images using the same methods mentioned above for WebAdmin in [4715].
  • [9703] WorldClient's LookOut theme now features a side by side calendar view.
  • [12388] WorldClient's HTML compose editor has been updated to a newer version that is compatible with IE 11.
  • [12669] WorldClient's English and English-UK spell check dictionaries have been updated.
  • [12364] WebAdmin now allows Global Administrators to Freeze/Unfreeze mail queues.
  • [9332] WebAdmin now includes Queue Management functionality for Global Administrators.
  • [12087] WebAdmin's Account Manager now displays icons for OC and AS users.
  • [3920] Added "Return port settings to defaults" to WebAdmin.
  • [11287] WebAdmin now allows Global Admins to configure Outbreak Protection settings.
  • [11311] WebAdmin now allows Global Admins to configure server-wide Autoresponder settings.
  • [4381] It is now possible to administer the WorldClient server settings via WebAdmin.
  • [2222] Added HTML support in CF "Append a corporate signature" action.  Updated WebAdmin to use an HTML editor to edit the signature.  Inline images are supported and may be uploaded using WebAdmin or the $ATTACH_INLINE:path_to_image_file$" macro.
  • [12554] ActiveSync User Agent protocol restrictions can now be set using the entire value, not just the portion preceding the forward slash.
  • [12767] ActiveSync protocol restrictions now support * and ? wildcards.


  • [12500] fix to issues releasing certain messages from Spam Trap or Holding Queue using WebAdmin
  • [12470] fix to problems releasing or requeuing messages from the Holding Queue using WebAdmin
  • [12515] fix to The "Automatically decline requests that conflict with an existing event" option does not account for events with a busy status of "Free"
  • [12509] fix to Save button not always enabled for Domain Admins on User Editor | Mail Services tab in WebAdmin
  • [12529] fix to in WebAdmin certain content filter rule conditions are not correctly synched with MDaemon
  • [12425] fix to ActiveSync server does not support the "Limit .old file roll overs to one per day" logging option
  • [12457] fix to IMAP folder subscriptions are not updated when creating, renaming, or deleting folders using ActiveSync
  • [12615] fix to invalid message subject characters may cause an error when attempting to view the Spam Trap folder in WebAdmin
  • [12066] fix to vague error when changing user password in WebAdmin to an invalid value
  • [2205] fix to mailing list thread numbers do not work properly when the subject line is encoded
  • [12270] fix to messages sent from Outlook 2013 using ActiveSync may display incorrect characters when received by an Outlook IMAP or Outlook Connector account
  • [12447] fix to the From header in generated autoresponder messages does not have the full name encoded
  • [12635] fix to contact birthday and anniversary not being synced to ActiveSync devices
  • [12650] fix to being unable to unfreeze or re-enable account in WebAdmin under certain circumstances
  • [12587] fix to WorldClient Options | Filters page may not list rules when the search text or folder name contain certain characters
  • [12565] fix to the "Has Attachment", "Is Unread", and "Is Flagged" Advanced Search options do not work in WorldClient's LookOut theme
  • [12663] fix to bad queue summary emails may not list all messages in the bad queue
  • [12448] fix to MDaemon does not remove old config backups if the config backup directory has been changed
  • [12376] fix to MD GUI's IP Shield list box does not have a scroll bar
  • [12271] fix to WebAdmin reports contain no results for custom date range where start and end dates are the same
  • [12584] fix to WorldClient crashes when viewing All Contacts if RelayFax integration is enabled
  • [11720] fix to WorldClient lists inline images as attachments when composing
  • [12701] fix to WorldClient does not detect inline images in certain messages as being inline
  • [9690] fix to WorldClient's LookOut theme may not show the note's contents on the Advanced Edit view
  • [12662] fix to WorldClient's LookOut theme may show incorrect colors for notes
  • [12641] fix to WorldClient LookOut theme's message list doesn't refresh when a new message arrives in an empty folder
  • [12359] fix to dynamic screening does not block other active connections from an IP that is blocked due to repeated authentication failures
  • [12727] fix to WorldClient's LookOut theme only marks the first message as read when using the delay before marking read option
  • [12783] fix to not enough room in WebAdmin's Holding Queue settings for Summary Email frequency
  • [11668] fix to ComAgent does not handle mailto URLs on Windows 7
  • [4631] fix to Comagent's tooltip never refreshes message count
  • [12077] fix to attachments of PIM items saved by Outlook Connector are corrupted when the items are edited in WorldClient
  • [12745] fix to Account Editor may move an account's mail to a different directory after the mailbox name is changed

MDaemon 13.6.2 - January 22, 2014


  • [12403] The MDaemon GUI log search feature that was removed in 13.6.1 has been restored.


  • [12389] fix to MDaemon may generate invalid Received headers when the option to hide software version identification is enabled
  • [12401] fix to PIM changes made on ActiveSync clients are not synced to Outlook Connector
  • [12410] fix to ActiveSync option to hide unsubscribed folders does not hide all of the unsubscribed folders
  • [12371] fix to WorldClient LookOut theme resets which calendar folders are displayed when opening the Calendar view
  • [12254] fix to Account Editor's ActiveSync "... include public folders" defaults to No
  • [12430] fix to not being able to update MDaemon if installed in a drive's root directory
  • [12457] fix to IMAP subscriptions are not updated when performing folder operations on ActiveSync clients
  • [12341] fix to ActiveSync connections may hang when attempting to sync a PIM folder that is locked
  • [12463] fix to WorldClient message recall does not work if the MDaemon account alias has been changed
  • [12500] fix to issues releasing certain messages from Spam Trap or Holding Queue using WebAdmin

MDaemon 13.6.1 - December 11, 2013


  • [12105] The default settings for two SMTP authentication related values have changed. The option to require SMTP authentication when mail is from local accounts and the option to require authentication credentials to match that of the email sender are both now enabled by default. If this is not to your liking you can disable both options at Ctrl+S|Sender Authentication|SMTP Authentication.
  • [11579] The "STARTTLS Required" list found at Ctrl+S|SSL & TLS|STARTTLS Required List is now also applied to the MAIL FROM value during an SMTP session (in addition to the EHLO and IP).  If MDaemon receives a MAIL command followed by an email address which is on the "STARTTLS Required" list during a session which has not been secured then the MAIL command gets a "454 STARTTLS Required."  What happens after that is anyone's guess.  Most clients will just drop the connection and that's the end of it.



A new page has been added to F2|Server Settings which will allow you to configure MDaemon's simple message recall system. It works like this: an incoming message from an authenticated local user can be delayed for 1 to 15 minutes (you can decide how long). During this delay period the message is simply left in the inbound mail queue. The idea is to provide a grace period for your users to realize they need to recall a message. Once the delay period expires the message is delivered like normal. However, if during the delay period, the same authenticated account which created the message to be recalled should also send a RECALL email to the MDaemon@ system account which specifies the Message-ID of the message(s) to be recalled then those recalled messages are deleted from the inbound queue as if they never arrived and the recalled message will not be delivered to anybody. This is the only way to guarantee that none of the recipients of the recalled message will ever see the message. MDaemon will notify the sender of the RECALL message as to the success (or failure) of the attempt. The RECALL must be performed while the message is still present in the inbound queue. After that, its likely too late to guarantee that the recipients have not already seen it. Accounts can not recall messages sent by other accounts and SMTP authentication is required for each step of the process.  Only messages from authenticated local accounts are subject to the recall delay. All recall processing is logged to the Routing and Mail|MDaemon UI/log files.

Here's how to send a RECALL message (pick one): 1) From your mail client's Sent folder right-click (or whatever your mail client requires) and Forward As Attachment the email(s) that you want to recall, put RECALL as the message subject and send that to the MDaemon@ system account. 2) From your mail client's Sent folder view the headers of the message you want to recall. Copy the Message-ID header value (the part to the RIGHT of the Message-ID: string) to the clipboard. Create a new message to the MDaemon@ system account and place RECALL plus the message ID value on the subject. It should look something like this: RECALL <5268DC1A.1020608@example.com>. Either of these methods work but only the second is used if both are performed within the same RECALL message. This feature is disabled by default. The default delay interval is 1 minute.

WorldClient may also be used to recall messages. WorldClient will display a "Recall" button when viewing recent messages in the Sent Items folder. If clicked before the recall time limit expires, WorldClient will send a RECALL message to MDaemon. MDaemon will send an email back to the user saying whether the recall was successful.


  • [11123] Back by popular demand.  An option was added to Ctrl+O|Preferences|Headers which hides MDaemon software version and other identifying information when creating Received headers or responding to various protocol requests.  The option is disabled by default.
  • [12038] All system generated messages will now honor the Ctrl+O|Preferences|Miscellaneous option to go through the content filter (or not). Previously, several such messages ignored this setting.
  • [12058] Changed error text during account creation from "Mailbox and/or real name already in use" to "Mailbox already in use"
  • [12034] Alt+Q now launches the queue and stats manager (MDStats) app
  • [12011] Added ActiveSync for MDaemon product information link to Alt+M|ActiveSync|Server UI and reorganized the top level HELP menu to include several Alt-N product information, purchasing, and renewal/upgrade links.
  • [12096] Added size of statistics DB to F2|Logging|Statistics Log
  • [11923] Added more information to the MDStats configuration report.
  • [11096] DomainPOP and MultiPOP will move on to the next message when they get an -ERR response to a RETR command rather than terminating the session.
  • [12116] The option at F2|Server Settings|Servers "...refuses duplicate RCPT values within the same session" (see [10322]) was changed to "...ignores duplicate RCPT values within the same session."  MDaemon will accept and then discard the duplicate recipients rather than refuse them during the SMTP session.
  • [9071] Added new option to Ctrl+O|Preferences|Disk that lets you set the number of days to retain daily config file backups.  The default is set to ZERO which means never delete old backups.  Any deleting takes places as part of the midnight cleanup event.
  • [11947] The UI right-click log search option was removed.  It was very crude and could not be substantially improved.  It may be replaced in future by a stand alone app.  Until then any freely available text file tool can be used to search the log files.
  • [12119] Software update notifications are now sent to all global admins and not just the postmaster alias.
  • [11984] A new option was added to Ctrl+O|Preferences|System where you can customize the subject used when MDaemon sends mailing list digest messages.  The default is "$LISTNAME$ message digest $TIMESTAMP$ $ISSUE$."  These macros expand to the name of the mailing list, the time-stamp of the digest message creation, and the issue number.  MDaemon no longer inserts the text "special issue" into digest subjects.
  • [12085] An internal limit to the size of messages sent through the inline SMTP spam scanning feature has been removed.  The size setting at Ctrl+P|Spam Filter|Options will now govern whether inline SMTP scanning is performed on the message or not.
  • [11824] Even though addresses of this form are technically legal: "Arvel Hathcock"@example.com - MDaemon can't currently handle them properly so it will now refuse them during the SMTP session rather than accept the address and parse it wrong later.
  • [11671] The daily quota report email is now customizable and able to be translated.  See QuotaReport.dat in your MDaemon APP folder for information. You can also alter the subject of these report emails using a new option at Ctrl+O|Preferences|System.
  • [11503] MDaemon will better handle improperly formed (non-RFC compliant) message bodies.
  • [12157] Added Last Access column to Account Manager showing the last time the account was accessed.
  • [12151] The "...edit mail folder location" web access right has been completely removed. 
  • [10242] In the Account Editor the two password fields will light up red if the password does not match or violates policy.  Otherwise, green.
  • [11552] Added option to Account Editor|Account Details which allows you to configure an account to be exempt from the automatic password expiration feature.
  • [11474] Added a last access time to the bottom of List Editor|Settings so you can see whether lists are being used or not.
  • [12158] The ActiveSync device list at Alt+M|ActiveSync|Devices no longer includes policy nodes when there is no policy in force.  This saves UI processing time.
  • [10818] DomainPOP can now use the Spam Honeypot feature.  If DomainPOP parses out a Spam Honeypot address then it doesn't matter how many other addresses are also parsed because they are all ignored.  These messages go to the bayesian learning folder.  Also, DomainPOP can not use the Spam Honeypot sub-feature to submit the sending IP to the dynamic screening system.  DomainPOP does not know the connecting IP and doesn't need to even care.
  • [11447] Added new options to Ctrl+S|Screening|Dynamic Screen which let MDaemon watch accounts that receive more than X failed authentication attempts in a single day.  The default is 10 and the option is disabled by default.  Once the maximum number of authentication attempts have been reached in a given day the account can be frozen or the postmaster can be warned (or both).  If the account is frozen an email is always sent to the postmaster.  Replying to that email will re-enable the account.  The database of authentication failures is maintained in memory and gets reset on a restart and at midnight each night.
  • [10794] Added a new option to Account Editor|Attachments which lets you specify whether to extract attachments from inbound messages.  This defaults to true to maintain previous behavior.
  • [11545] Added a new option to Ctrl+U|Passwords which allows you to specify a number of passwords to remember.  When users change their password they will not be allowed to reuse old passwords.  The option is set to 0 (off) by default.  Since this is new, the current account passwords are not remembered. It won't be until passwords are changed that they start getting remembered. Salted hashes of previous passwords are stored - not the actual passwords themselves.
  • [10035] Added an "Edit File" button to Ctrl+U|Aliases which opens the Alias.dat file in a text editor.  This allows you to more easily edit and search around in the file.  Make whatever changes you want, exit the text editor, and MDaemon will reload the file.
  • [10677] Greatly improved Domain Manager loading time for sites with hundreds of domains.
  • [11724] Added a new option to Ctrl+U|Quotas which lets you disable accounts that have been inactive for more than X days.  The default is 0 (disabled).  Once the maximum number of inactive days has been reached, the account is disabled and an email is sent to the postmaster.  Replying to the email will reenable the account.  Processing is done as part of the midnight cleanup event each night.
  • [9222] Added a QUEUE.SEM file which you can create in the APP folder to enable/disable the mail queues.  This file can contain any number of lines but each one has to contain one of the following strings (one per line):  ENABLE INBOUND, ENABLE REMOTE, ENABLE LOCAL, or DISABLE INBOUND, DISABLE REMOTE, DISABLE LOCAL.
  • [9658] Added a new setting to Account Editor|Options which will let you configure whether the account should have the domain signature added to emails they send.  The default is yes, add the domain signature (if there is one).
  • [12174] The behavior of the Ctrl+T Groups and Templates editor has changed slightly.  All the settings on the Options page are now available for use with any template.  The only exception is that the settings to make an account a global or domain administrator can not be used with the New Accounts template.  This is to prevent the accidental case in which somebody might enable these options by mistake in the New Accounts template thereby making all new accounts into admins.  We don't want that to happen.  As a result of this work the global and domain administrator settings have been removed from the Account Editor/Template Editor|Options page and placed on their own Administration page. 
  • [3947] Added new option to Account Editor | Options which lets you exempt an account from the "Authentication credentials must match those of the email sender" global option.  This is disabled by default.
  • [11775] Active Directory monitoring will now honor the full last day for expired accounts before disabling them.
  • [5240] Added button to Ctrl+W|WebAdmin|Web Server which lets you edit WebAdmin's mailing list admins file.
  • [10122] Added option to Ctrl+Q|Mail Queues|Holding Queue to send a summary email of bad queue content.  This takes place at the same time as the holding queue summary email is sent and is in the same format.
  • [6214] Added two new scripting macros: $AR_START$ returns the autoresponder start date/time.  $AR_END$ returns the autoresponder end date/time.  Also, all user related macros previously unavailable for use are now eligible for use in autoresponder scripts.
  • [12191] The Hijack Detection settings were moved from Ctrl+S|Screening|Dynamic Screen to their own screen at Ctrl+S|Screening|HiJack Detection.
  • [9822] Manual activation page now allows you to select and copy & paste the relevant activation data.
  • [9825] You can now set the spam score for DNSBL hits from Ctrl+P|DNS-BL|Options.
  • [12088] Added WebAdmin.ini to the list of configuration files viewable via WebAdmin.
  • [12218] Added Catalan language to WorldClient.
  • [9841] Added Administrator, Frozen and Partial status icons to WebAdmin's Account Manager.
  • [12244] Added a "None" option to the WorldClient keyboard shortcut layouts.
  • [12275] the WorldClient Compose options now let you disable the check for the subject field being empty
  • [12174] WebAdmin now warns when elevating a user to administrator
  • [11408] WebAdmin now checks the Account Template and Group names for the presence of a comma
  • [11686] WebAdmin shows the name of the domain(s) that you are deleting in a confirmation prompt
  • [8860] The ActiveSync server will hide unsubscribed folders from clients if the user has "Hide unsubscribed folders" enabled in WorldClient.


  • [12094] fix to WorldClient may set a contact date field to the day prior when using a time zone different than the default
  • [12120] fix to installer allowing installation into root directory
  • [11617] fix to mailing list .grp files not updating settings and members when domain name changed
  • [12044] fix to some new account template settings not always being applied to accounts properly
  • [12089] fix to Whitelist@ and BlackList@ addresses not working when sending from an alias
  • [11653] fix to potential bogus error message when creating or renaming mailing lists
  • [11381] fix to VRFY command not honoring subaddressing system
  • [12148] fix to some text on Retry Queue page not being translated properly in WebAdmin
  • [11590] fix to Mail Folder Location option greyed out in WebAdmin (it is now able to be edited by Global Admins)
  • [11802] fix to LDAP query to a remote Active Directory root may fail with error 9
  • [12163] fix to unable to save Autoresponder in WebAdmin in certain circumstances
  • [12155] fix to non-admin Account menu permissions quirk in WebAdmin
  • [12164] fix to MDaemon GUI's Domain Manager lists upper case domain names before lower case ones
  • [12132] fix to virus name is not displayed in WebAdmin's "Viruses by Name" report
  • [12166] fix to the LookOut theme conflicting with the German keyboard shortcuts on the Mac when the user presses ALT+L to generate the @ symbol
  • [12175] fix to files attached to meeting invitations are not displayed on ActiveSync devices
  • [4258] fix to several places where a Winsock error might lead to orphaned .msg and .ctl files
  • [7067] fix to errant ACL setup in Mail Archive public folder structure if it was manually moved or deleted
  • [12183] fix to scripting error in WebAdmin's user editor when ActiveSync is not installed or active
  • [12185] fix to holding queue summary email not sent to CF Admins as configured
  • [2126] fix to removing a secondary domain does not remove all the accounts from ODBC storage
  • [7009] fix to forwarded message addressing problem at times when using SPF option to forward using local address
  • [12173] fix to WebAdmin pop-up dialogs display a "Sign Out" link. For pop-up dialogs this should be replaced by a "Close" link.
  • [12214] fix to minor sorting issues on WebAdmin's Holding Queue page
  • [12144] fix to two response messages are sent after accepting or declining a meeting invitation on an ActiveSync device
  • [12216] fix to the contact tooltips not disappearing in every case when a user hovers or clicks on a contact
  • [11465] fix to the LookOut theme not busting the cache for the external compose window
  • [12217] fix to unable to remove user account in WebAdmin if mailbox name contains "+"
  • [12195] fix to possible POP3 server crash after a Winsock error occurs
  • [12177] fix to MDaemon GUI ActiveSync sessions refresh issue
  • [12227] fix to the LookOut theme in IE11 where various context menus don't work
  • [12004] fix to WorldClient compose window closes without warning when saving a draft message fails
  • [12072] fix to reduced number of active connections possible when running as a service on Windows Server 2012
  • [12266] fix to Account Editor not selecting the correct domain when editing an account whose domain name is not lower case
  • [10308] fix to MDStats issues parsing IMAP logs
  • [11432] fix to Content Filter header search and replace corrupts From and To headers that contain encoded text
  • [11988] fix to Account Editor may corrupt the mailbox path when using a multibyte character in the full name
  • [11511] fix to ComAgent truncates file transfer filenames at 63 characters
  • [11633] fix to WorldClient InstantMessaging.log character encoding issue
  • [5761] fix to postmaster alias may not work in folder ACLs
  • [12310] fix to unable to save MultiPOP settings in WebAdmin
  • [12320] fix to the SecurityPlus option to add a warning to the subject of messages with non-scanned attachments does not work
  • [12303] fix to default smart host "Allow per-account authentication" option does not work correctly
  • [12316] fix to ActiveSync sync issues with Android 4.4 clients
  • [12221] fix to calendar items created on ActiveSync clients have Low priority in WorldClient
  • [12277] fix to possible MDAirSync memory leak when processing FolderSync commands
  • [12276] fix to ActiveSync server may not send messages from Windows Phone clients
  • [12268] fix to possible error when using ActiveSync to accept a meeting request that was sent from an iCloud account
  • [12147] fix to meeting organizer is changed after accepting a meeting invitation using ActiveSync on an iOS device
  • [12159] fix to attachment downloads fail on some Samsung Android ActiveSync clients
  • [12170] fix to possible MDAirSync crash when running under IIS and IPv6
  • [12149] fix to contact birthday may be off by 1 day when using ActiveSync on an iOS device
  • [11417] fix to a potential script error when editing recurring events in the WorldClient LookOut theme

MDaemon 13.6.0 - October 15, 2013


  • [11492] MDaemon Standard has been renamed to MDaemon Lite.
  • [11676] The trial period for MDaemon, SecurityPlus, Outlook Connector, and ActiveSync has been reduced from 60 days to 30 days.



In WebAdmin, a "Reports" menu has been added for global administrators. Global administrators may choose from the reports listed below. For each report, data may be generated for several predefined date ranges or the admin may specify a custom date range.

  • [10802] Enhanced bandwidth reporting
  • [10803] Inbound vs. Outbound messages
  • [10804] Good messages vs. Junk Messages (percentage of email that is spam or a virus)
  • Inbound messages processed
  • Top recipients by number of messages
  • [10000] Top recipients by message size
  • Outbound messages processed
  • [10806] Top spam sources (domains)
  • Top recipients of spam
  • Viruses Blocked by Time
  • Viruses Blocked by Name

In order to facilitate this feature, MDaemon now logs statistical information to a SQLite database file.  By default this database is stored in the "MDaemon\StatsDB" folder and 30 days of data is retained.  Data older than this will be removed during the nightly maintenance process.  A new screen has been added to F2 | Logging | Statistics log which controls the statistics log file and DB maintenance.


ActiveSync Services for MDaemon now support MDaemon’s public folders in addition to mailbox folders. The behavior of any client accessing public folders via the ActiveSync protocol can vary. While MDaemon's ActiveSync implementation supports Email, Events, Contacts, Tasks and Notes, not all device clients are capable of handling this data.  Public folder access can be controlled at the user, domain, and server levels.s.

[11841] Added new switch to F2 | Server Settings | Public & Shared Folders screen which lets you set the global default for public folder sync'ing to Yes or No. The same switch was also added to Alt+M | ActiveSync | Options for convenience. Also added a control to Alt+F2 | Domain Settings | Options which lets you set public folder sync'ing at the domain level to one of the following three states: Yes, No, or Inherit. Inherit means the domain will honor the global default. Finally, added a control to the Account Editor | Mail Services which lets you set public folder sync'ing at the user level to one of the following three states: Yes, No, or Inherit. Inherit means the user will do whatever the domain is configured to do. This setting is not available as part of the template system.


  • [11354] Added an ActiveSync "soft wipe" ability. A soft wipe removes just the data for the ActiveSync account from the device, unlike a device wipe which restores the device to a factory default condition.
  • [5092] Added a "Folder" column for the "All Contacts" view in WorldClient.
  • [6017] Added an option to print messages with or without attachments.
  • [6028] Added a warning in WorldClient for users before sending a message with no subject.
  • [6490] Added a context menu option in WorldClient's LookOut theme that remembers the last folder a message was copied/moved to.
  • [8451] Added a context menu option in WorldClient's LookOut theme for resending a message that was previously sent by the user.
  • [8457] Added HTML editor to WebAdmin to edit default and domain signatures/disclaimers.
  • [10252] Added a favorite folders list to WorldClient's LookOut theme.
  • [11245] Added an option in WorldClient to "Never Mark" a message "Read" while previewing the message.
  • [10351] Colorized Session Log functionality has been added to WebAdmin for those who have enabled it in MDaemon.
  • [11218] Added keyboard shortcut layout options for the WorldClient LookOut theme.
  • [11695] Added a warning message when enabling the global or domain admin options within the account editor.
  • [11797] Re-sizing a dialog box in the MDaemon GUI will now scale the right hand dialog rather than the left hand tree window.
  • [11792] Added usage data to ActiveSync devices page in Mobile Device Management.
  • [11740] Added a X-MDBadQueue-Reason header when the CF "move message to bad queue" action is used.
  • [10696] The WorldClient LookOut theme's Folders right click menu command defaults the "subfolder of" field to the selected folder.
  • [11810] Added an ActiveSync sessions window to the Sessions pane in the main UI. This only shows ActiveSync sessions that persist (not all do). The entire window is erased and refreshed every 10 seconds. You can right-click an entry to Blacklist a device or see the Properties of a device.  ActiveSync sessions do not show up in the All Sessions window.
  • [10984] MDaemon will log an entry to the windows event log if an account gets frozen by hijack detection (if event logging is enabled and set to log security issues).  Also, a new switch was added to F2 | Logging | Windows Event Log which writes an entry to the windows event log anytime the holding queue is not empty and a holding queue summary email is generated.  This switch is enabled by default.
  • [11976] A new setting was added to Alt+M | ActiveSync | Options which will let you select a day of the month when MDaemon will automatically reset all ActiveSync device usage stats for all users across all domains.  You can change this to whatever day of the month you wish.  If you set the day to 31 and the month ends before day 31 then the last day of the month is used as the reset date.  The reset event takes place as part of the normal midnight maintenance and is logged to the System log like other maintenance routines.  The setting is set to 0 (disabled) by default.
  • [11998] Increased default encryption key length for newly generated self-signed SSL certificates.


  • [11634] fix to WebAdmin's "Junk Email Breakdown" report is not accurately displaying viruses detected or refused
  • [11752] fix to WorldClient LookOut theme message flagging refreshing wrong when preview pane is on right
  • [11761] fix to SyncML settings not correctly reflected in WebAdmin interface
  • [11786] fix to possible MDaemon.exe crash when using a mailing list that queries members from Active Directory
  • [11794] fix to binding secondary domains to individual IPs does not work
  • [11644] fix to colored logs ignoring color selection on line prior to end partial transcript entry
  • [11795] fix to Daily Quota Reports being sent to domain admins without any over quota users listed in the body
  • [11790] fix to device stats data using last accessed information instead of since device stat reset date
  • [11864] fix to the WorldClient Mobile theme error alert pops up in the compose view when tapping advanced
  • [11862] fix to MDaemon GUI's public folders manager does not allow certain Japanese and Chinese characters in folder names
  • [11871] fix to installer error message when dealing with disks > 2TB
  • [11874] fix to minor logic issue on WebAdmin's User Quota page
  • [11879] fix to ActiveSync server does not recognize TNEF meeting invites generated by Outlook
  • [11900] fix to WebAdmin not properly checking for a blank mailbox name before saving a new account
  • [10057] fix to WebAdmin may incorrectly assume message is local when releasing a message from the spam trap or holding queue. This results in the message not being delivered.
  • [11922] fix to Update Counts button on Account Editor | Quotas screen not working
  • [11541] fix to WorldClient LookOut theme may display the wrong message in the View Source window
  • [11846] fix to MDaemon UI issues when learning messages from the Bayesian Spam and non-Spam queues
  • [11745] fix to Account Editor may create an account even when a validation error occurs
  • [11043] fix to WorldClient LookOut theme may not print events from all selected calendars
  • [11912] fix to WebAdmin may crash when saving an autoresponder
  • [11744] fix to WorldClient LookOut theme contact info popup box lists email address three times
  • [11757] fix to message that contains only attachment would go missing when content filter rule inserts signature
  • [11910] added message to WebAdmin's Status page (for Global Admins only) if MDaemon update checker has found an update
  • [12026] fix to Account Template Mail Folder Path changes not saved properly in WebAdmin
  • [12027] fix to Max Message Size setting not always being saved properly in WebAdmin
  • [12016] fix to ActiveSync autodiscover not working on fresh installs of MD 13.5
  • [11974] fix to content filter rule using REGEX search-and-replace may garble header text
  • [12031] fix to frozen accounts may be able to send messages to local accounts using unauthenticated SMTP connections
  • [10445] fix to being unable to remove Groups from List Membership from WebAdmin
  • [12093] fix to unable to view some log files in WebAdmin when certain conditions exist
  • [12090] fix to duplication of certain files in WebAdmin's log file list

MDaemon 13.5.2 - August 6, 2013


  • [11478] The way smart hosts are used has changed. In the past the smart host for a domain was only used when the routing option to send all mail to domain smart hosts was enabled. This prevented use of smart hosts for particular domains and standard direct delivery for others. Beginning with this version if a smart host is configured and enabled for a domain then that smart host will receive outbound mail regardless of any other settings in the software. So, now it is possible to specify and use smart hosts for some (and not necessarily all) of your domains. Please note that use of smart hosts had to be reset to OFF for all domains due to this change. So, if you want to enable smart hosts for one or more domains use the domain manager to do so.
  • [11356] The WebAdmin log rollover and storage options have changed. WebAdmin will now rollover its logs on the same schedule as MDaemon (F2 | Logging in the MDaemon GUI). Weekly and Monthly rollovers are no longer supported. Additionally, new installs starting with this release will have their WebAdmin logs stored in the same location as the MDaemon logs (\MDaemon\Logs by default). Lastly, the WebAdmin-specific logging options that remain have moved under the general Log Options menu in WebAdmin.


  • [11382] POP/SMTP protocol command latency controls have been deprecated and removed from F2|Server Settings|Timeouts.
  • [11383] Moved message hop count setting from F2|Server Settings|Timeouts to Ctrl+Q|Retry Queue|Undeliverable Mail.
  • [11479] The POP-Before-SMTP settings have been removed from the Domain Manager's Smart Host screen.
  • [11521] The ActiveSync server sends messages to clients in newest-first order.
  • [11261] Improved clarity of Security menu in WebAdmin when SecurityPlus is not installed.
  • [10534] WebAdmin now hides the BES logs section if BES has not been installed.
  • [11086] Moved the Gateway | Options "Access" section to the Gateway | Dequeue section in WebAdmin.
  • [11262] Updated the WebAdmin logging section's menu style.
  • [11337] Added validation to WebAdmin's ActiveSync Policy Editor.
  • [8319] WebAdmin now decodes UTF-8 subject headers in its mail folder views.
  • [11239] Several WebAdmin validation error messages are now translated.
  • [10862] Added date and time pickers to the WorldClient Mobile theme's calendar and task editors.
  • [11208] Added several Options pages to the WorldClient Mobile theme.
  • [11540] The Calendar Statistics pane in WorldClient's LookOut theme can be turned off by setting HideCalendarStats=Yes in WorldClient's Domains.ini or a user's User.ini.
  • [11109] Added Email Templates to WorldClient's Simple and Standard themes.
  • [11672] WorldClient.exe is now Large Address Aware, allowing it to use up to 4 GB of RAM on a 64-bit OS.


  • [11559] fix to WebAdmin overwrites the language selected by the user with the HTTP Accept-Lanaguage of the browser
  • [10142] fix to the WorldClient Simple theme not populating the To address when clicking on a sender's name in the message list to compose a message
  • [11402] fix to not being able to select an autocompleted email address in the WorldClient Mobile theme
  • [11459] fix to the WorldClient LookOut theme's calendar statistics showing time amounts as decimal numbers of hours rather than hours and minutes
  • [1958] fix to the WorldClient move/copy dialog in some themes may make folders appear as if they are subfolders of the wrong parent folder
  • [11070] fix to the LookOut theme logging users out when very large numbers of messages are moved
  • [9054] fix to the WorldClient LookOut theme not unchecking the Unread advanced search field in the message list view
  • [11467] fix to formatting issue with accounts with a lot of mail in WebAdmin's User's Quota page
  • [8800] fix to the WorldClient LookOut theme's free/busy dialog not taking the start/end times from the calendar event editing dialog
  • [11524] fix to time of changed occurrences may be incorrect after accepting an invite in WorldClient from a user in a different timezone
  • [11548] fix to incorrect translated text on WorldClient's change password page
  • [11536] fix to ActiveSync server does not sync contacts that do not contain enough information to generate a FileAs value
  • [11558] fix to searching contacts in WorldClient using only an email domain name does not return any results
  • [11549] fix to account level autoresponder exceptions in WebAdmin only showing first address
  • [10114] fix to the HTML compose control may not work in Internet Explorer 10
  • [11483] fix to non-ASCII characters in messages may appear corrupted in some ActiveSync clients
  • [11593] fix to non-ASCII characters in HTML messages sent via some ActiveSync clients may be corrupted
  • [11597] fix to broken Outlook Connector download link in the emails MDaemon optionally generates after installing OC
  • [11564] fix to possible MDaemon UI crash at midnight after closing the composite log
  • [11502] fix to allowing the "MDaemon" account to be enabled for ActiveSync
  • [11580] fix to the WorldClient Mobile theme showing an incorrect page could when performing a search that returns multiple pages
  • [10375] fix to the WorldClient LookOut theme showing a blank window when clicking on the Maximize button on the HTML signature editor
  • [11618] fix to WorldClient.exe does not automatically listen on port 80 when ActiveSync is enabled
  • [11546] fix to the WorldClient LookOut theme's autoresponder editor not allowing Chrome users to select a time
  • [11606] fix to accepted meetings are not synchronized to the server when using Outlook 2013 with ActiveSync
  • [11515] fix to the WorldClient Standard theme's Contacts view having overlapped Edit and Delete buttons
  • [11613] fix to the WorldClient LookOut theme's ComAgent does not wrap long URLs or turn them into hyperlinks
  • [11642] fix to the WorldClient LookOut theme's ComAgent not showing emoticons
  • [7928] fix to the WorldClient LookOut theme Mark as Read/Unread is not available in some folders
  • [11659] fix to ActiveSync policy names containing non-ASCII characters are corrupted when viewed in WebAdmin
  • [11647] fix to not being able to send read or delivery receipt requests when using Outlook 2013 with ActiveSync
  • [11607] fix to ComAgent's "Show ComAgent window in Windows taskbar" option may not work correctly
  • [11662] fix to non-ASCII characters are corrupted in ComAgent reminder instant messages
  • [9750] fix to the WorldClient LookOut theme's Shared Calendars list may not show the folder's owner
  • [11666] fix to Content Filter's regular expression searches being case sensitive
  • [11557] fix to ComAgent error when using Outlook as the traditional mail client
  • [11490] fix to not being able to change ComAgent's skin more than once
  • [11601] fix to meeting invitations sent from ActiveSync clients may not be recognized by Outlook 2013
  • [11648] fix to ActiveSync server may generate malformed HTML when replying
  • [11652] fix to high/low message priority being reversed on ActiveSync clients
  • [11635] fix to BlackBerry 10 devices using ActiveSync cannot open large attachments
  • [11683] fix to MDaemon quarantines messages with an Outbreak Protection virus threat level of 1
  • [11628] fix to ComAgent contact synchronization with Outlook fails
  • [11681] fix to PIM items deleted on ActiveSync clients are not deleted from Outlook Connector
  • [9812] fix to Active Directory monitoring fails if the base entry DN is configured to bind to a specific object on a specific server
  • [11678] fix to Active Directory monitoring corrupts non-ASCII characters in public address books
  • [11728] fix to Active Directory monitoring does not create contacts in the public address book when the option to update the public address book is enabled but the option to create/update MDaemon accounts is disabled

MDaemon 13.5.1 - June 28, 2013


  • [11512] fix to Content Filter corrupting messages that contain an attachment as the message body
  • [11463] fix to possible ActiveSync server crash when parsing malformed WBXML
  • [11537] fix to MDaemon's Account Editor does not show the correct state of the "automatically decline meeting request" options
  • [9813] fix to the meeting organizer does not receive a response when a conflicting meeting request is automatically declined
  • [11493] fix to MDaemon UI crash when opening the Public Folder Manager if a folder name is too long
  • [11446] fix to MDaemon UI crash when entering long values in the alias editor
  • [11487] fix to MDaemon may continuously retry failed connections to smart hosts
  • [11466] fix to the "Require IP persistence" option for WebAdmin is not honored
  • [11373] fix to WorldClient LookOut theme's ComAgent pane closes when clicked in
  • [11472] fix to ComAgent group messaging does not work for users with accents in their names
  • [11470] fix to the WorldClient LookOut theme may redirect IE8 users to the Standard theme
  • [11526] fix to WorldClient may crash while performing auto-complete lookup
  • [11461] fix to invalid ActiveSync GAL search response when there are multiple results
  • [11518] fix to ActiveSync GAL search responses do not include additional contact details
  • [11484] fix to ActiveSync log level cannot be changed from "None" on a new install
  • [11495] fix to a bad contact may cause an ActiveSync device to sync contacts over and over
  • [11516] fix to migration process may break IMAP ACLs for certain group names
  • [11529] fix to possible ActiveSync server crash when a message send fails

MDaemon 13.5.0 - June 18, 2013


  1. Please note that MDaemon's BlackBerry Enterprise Server does not (and can not) work with BlackBerrry OS 10 devices. BlackBerry OS 10 devices are managed through MDaemon's ActiveSync server or with different management tools obtained directly from BlackBerry themselves. MDaemon's BES is for devices running BlackBerry OS 7 or below and can not possibly be updated to support BlackBerry OS 10 or newer. The newer BlackBerry devices have moved on from the older BES technology.
  2. [11236] ActiveSync for MDaemon licensing has changed to have license sizes and software license renewal. A new screen at Alt+M | ActiveSync | Accounts lets you manage which accounts are allowed to use ActiveSync. Please review this screen and the ActiveSync Server screen to confirm the enabled accounts, domains, and options are configured how you want them.
  3. [10156] The behavior of the Ctrl+S | SSL & TLS | STARTTLS Required List has changed. Hosts and IPs listed here will now require TLS on both incoming and outgoing connections from any host or IP on the list. In the past, the list only applied to outgoing connections. Also, IPs listed here can now be specified in CIDR notation.
  4. [10500] In the past MDaemon would leave the public folders behind when a domain was deleted. A new option has been added to F2 | Server Settings | Public & Shared Folders which now determines whether this takes place. The default is to leave the public folders alone to preserve existing behavior but it is recommended to enable this option to delete them.
  5. [5597] When this version starts up for the first time it will perform a one-time migration of account settings from WEBACCES.DAT into the accounts' HIWATER.MRK file which is a more appropriate place for these configuration settings. The WEBACCES.DAT file is no longer used and will be removed as part of this migration process. Also, Ctrl+T|New Accounts|Web Services settings now apply only to newly created accounts and no longer affect existing accounts at all. A new "Apply installation defaults" button reverts all the settings on this page to installation defaults. Some of the verbiage on this screen and on the Account Editor|Web Services screen was changed slightly.
  6. [6814] The content of the NoComd.dat file is obsolete. Depending on your configuration, this file was emailed like an autoresponder to anyone who submitted an MDaemon command email that failed to contain any valid commands for MDaemon to process. The content of the file contained instructions on how to ask for help, which hasn't been possible for non-local users in quite a while. A new NoCommand.dat file has been created which no longer contains this errant instruction. If you would like to provide instruction to non-local users on (for example) how to send a SUBSCRIBE or UNSUBSCRIBE command email you can easily modify the NoCommand.dat file to do so. If you have previously modified the NoComd.dat file you can move your modifications into NoCommand.dat from the backup of NoComd.dat which was created as part of the installation process or from a backup created by the nightly config file backup feature.
  7. [10419] MDaemon no longer supports extraction of attachments into an account's FILES folder. This folder was rarely accessible. Instead, this option extracts attachments into the account's Documents IMAP folder which is accessible via WorldClient. Each account's FILES folder will be left in place in case there are files there which should not be deleted. However, no further use of this folder is made by MDaemon. As part of this, the $FILEDIR$ macro was removed. Also, text was updated on both the Account Editor | Attachments screen and the Ctrl+T|New Accounts|Web Services screens.
  8. [10340] The format of log file lines in colorized logs (see below) has changed to include a two-digit color code in each line immediately following the time-stamp.
  9. [10269] MDaemon will no longer bounce messages on a 5XX error from your smart host if one or more of the MX hosts from the receiving domain returned a temporary error earlier in the delivery session. This is on the theory that maybe one of the receiving domain's servers will correct itself before the next queue run. However, it is an indication of a bad site configuration if you are using a smart host and that smart host refuses to accept mail from your MDaemon server. It is expected that this will not ordinarily be the case. A new switch was added to F2 | Server Settings | Delivery called "Bounce message on 5XX error from smart host" which defeats this mechanism and causes the message to go ahead and immediately bounce. If the message is not bounced it becomes part of the standard retry queue mechanism.  If all of the receiving domains MX hosts return 5XX errors -and- the smart host returns 5XX errors then the message has nowhere else to go and is bounced regardless of any other settings.
  10. [10839] It's very easy to accidentally configure a valid account to receive bounces from mailing lists in such a way as to cause the list pruning operation to delete the account's other (non-list) related mail. To help prevent this when it is not intended we have updated the documentation with warnings and have reversed the default settings for two existing options: Ctrl+O | Miscellaneous "List pruner deletes messages that don't contain parsable addresses" has had the default change from TRUE to FALSE and Ctrl+O | Miscellaneous "List pruner saves messages which result in list member removal" has been changed from FALSE to TRUE. Please set these options to how you want your system to behave.



The ActiveSync server now supports ActiveSync protocol versions 12.1, 14.0, and 14.1. This should allow our ActiveSync server to communciate with a wider variety of devices and applications including Outlook 2013. The amount of work and changes necessary for this were extensive but mostly behind the scenes deep inside the ActiveSync server engine itself. However, the changes have allowed us to expose new ActiveSync policy capabilities and make many improvements to overall device mananagement. As before, Alt-N's ActiveSync server is a separately licensed product available for a one-time free trial period and for purchase on the Alt-N web site after the free trial has expired. Additional changes include:

[10521] The Alt+M | ActiveSync | Policies screen has been redesigned and now allows specification of many new ActiveSync policy elements. There are numerous new possibilities with this than in older versions. As before, specific devices may elect to ignore your policy requests and we've found this to be somewhat sporadic depending on the device used and the version of the OS running on the device.

[10478] The Alt+M | ActiveSync | Options screen has a new control which will let you specify the number of days of inactivity after which MDaemon will forget about a particular device. This defaults to 31 days. When MDaemon forgets a device it means that any previous configuration and/or access history is discarded. The next time the device connects it will be forced to reprovision if a policy is in place at the domain level, perform an initial foldersync, and re-sync all subscribed folders. This helps to keep your installation clean from having a lot of old/retired/unused devices. As part of the daily cleanup event MDaemon will check all devices for inactivity.

[9240] Improved ActiveSync and SyncML Server screens in UI so that you no longer have to save changes when selecting a new domain from the domain drop-down list. Settings are remembered and saved all at once if you click OK or ignored entirely if you click Cancel.

[10477] The Alt+M | ActiveSync | Integrated Accounts screen was converted from a ListBox to a TreeView based dialog and renamed "Devices". Also, the BES and BIS "Integrated Accounts" screens were reorganized and renamed as "Devices" and "Subscribers" respectively.

[10479] The "Delete" buttons found on both the Alt+M | ActiveSync | Devices and Account Editor | ActiveSync Devices were renamed to "Forget device" which more accurately reflects what's happening there. When these buttons are pressed the ActiveSync server is told to discard any previous configuration and/or access history for a particular device.

[10692] ActiveSync now supports a device ID, device type, and device OS white and black list.  New screens for managing this were added to Alt+M | ActiveSync.  You can white and/or black list devices based on their ID, type, and OS values. 

[9508] The option to enable/disable ActiveSync services was moved from Account Editor | Options to Account Editor | Mail Services.

[10811] Added Alt+M | ActiveSync | Restrictions screen which lets you specify User Agent and Device Type values and restrict devices matching those values to specific versions of ActiveSync.


MDaemon now supports attachment linking for outbound messages. In the past this feature was restricted to incoming messages only. A new option has been added to the Account Editor | Attachments screen to enable this on a per-user basis. The option works only in conjunction with Attachment Linking so that overall system must also be enabled and the user configured to use Attachment Linking. When the user sends an email, Attachment Linking will extract the file, store it, and replace it with a URL that you can customize. Also, a new control has been added to Ctrl+W | Attachment Linking which allows you to specify the maximum number of days that any attachment will be stored.  As part of the daily cleanup event MDaemon will remove any file found to be older than the specified number of days from the root attachment folder and all sub-folders thereof.  This only works when you are using the default root attachment folder which is <MDaemonRoot>\Attachments\.  It does not work if you customize the attachment folder to point elsewhere.  This option is disabled (set to 0) by default to preserve existing behavior.  See the user's manual for complete details on Attachment Linking. In addition, the overall system was polished up and refined internally for optimization purposes. The option called "Extract text/plain attachment types" was renamed to "Extract quoted-printable text/plain attachments" to better reflect what it has always done.

[9359] Another new Attachment Linking option was added to Ctrl+W | Attachment Linking which allows you to specify a minimum size below which attachments are not extracted. Using this you can configure MDaemon to ignore small attachments and only pull out bigger ones. This option is disabled (set to 0) by default to preserve existing behavior.  As a result of the code changes needed to implement this the following macros have been deprecated and are no longer supported:  $ATTACHMENTCOUNT$, $ATTACHMENT(x)$, and $ATTACHMENTS$.

[10414] Attachment Linking will try to use the file name provided in the MIME headers (if present). But if the file name is longer than 50 chars then only the last 50 chars will be used. If the file name is missing an extension ".att" will be appended (MDaemon needs an extension).


The Alt+F2 | Domain Manager has been reworked. It now displays several screens for each domain instead of having everything on a single screen. There are also better options for creating, deleting, and renaming a domain. Many domain specific functions have been removed from other places in the UI and consolidated here. As a result of this you will no longer find default domain related settings in F2 | Default Domain & Servers. In fact, that menu selection has been renamed to F2 | Server Settings. MDaemon no longer needs the concept of primary/secondary domains but it does still need one of your domains to be selected as the default domain. The default domain is used any time the server engines can not determine a more appropriate domain to use in a given processing context (which should be almost never). The Domain Manager has a button which allows you to easily select which of your domains you want as the default.  The default domain can not be deleted.

[9303] The F2 | Domain Signatures (text/plain) and F2 | Domain Signatures (text/html) screens were removed and replaced by a single screen at F2 | Default Signatures. This makes it possible to see and edit both signatures in the same view.  The Domain Manager includes a similar screen for individual domains.

[4536] It is now possible to specify different smart host related settings on a per-domain basis using the new Domain Manager. F2 | Server Settings | Delivery still controls the type of message routing which takes place. In order to use any smart host the proper message routing option still needs to be selected there. Also, its necessary to configure a default smart host which will be used by any domain that does not configure a different smart host to use. The default smart host is configured at F2 | Server Settings | Delivery.

[10896] The "Enable smarter message routing" option was removed from F2 | Server Settings | Delivery UI.

Many of the screens at Ctrl+W | WorldClient (web mail) have lost the domain dropdown box and now apply only as defaults for newly created domains.  The screens were copied into the Domain Manager where you can configure per-domain options for all the elements.

[10008] PUBLIC FOLDER MANAGER (Requires MDaemon PRO)

The old UI for managing public folders was difficult to use with a large number of public folders. A new UI is available via Alt+P that is a bit better. The older public folder UI was removed from F2 | Server Settings however the Public & Shared Folders global options screen is still there.

[5920] The Public Folder Manager will no longer allow public folder submission addresses to be used if the address is already being used by another public folder. Also, the submission address value is now checked to be sure it is a valid email address form.


The grouping feature has been improved in several ways. First, a new UI for it has been added to Ctrl+T which lets you more easily manage groups.  The old UI for this was removed from Ctrl+T.  Second, groups can now have an optional Account Template assigned. Account Templates allow you to define named sets of account settings. A UI for managing Account Templates is accessible using Ctrl+T or from the Accounts | Groups & Templates top level menu. Third, the Account Editor | Mail Folder & Groups screen has been redone (in fact, the Account Editor has been slightly updated in several places). From this screen you can assign one or more groups to an account. The old UI for setting up new account default settings has been removed. New accounts now automatically have the "New Accounts " account template applied to them at the time they are created.  The "New Accounts" template is a special template that can not be renamed or deleted but you can edit it.  It then takes the place of the old New Account Defaults.

Groups can now be used to assign most of an account's settings automatically. For example, if you want to assign an autoresponder to a certain set of accounts you can create and name an account template which defines the autoresponder, then assign that account template to a group, and then finally assign the group to one or more of your accounts. From that point, the template will determine the accounts autoresponder settings.  Templates can control almost all or just select portions of an account's settings. You can decide what portions of an account's settings are to be part of a template.  When an account is part of a group which maintains an account template the controls within the account editor which are managed by the groups account template will be disabled and a message will be displayed saying that certain account settings are governed by a group. When you edit an account template any account which is a member of a group that owns the template will be automatically updated.  When you change a group's account template to another account template or delete a group or account template all the relevant user accounts are updated immediately.  Groups have a new "Priority" setting (from 1-1000). When an account is a member of multiple groups that each own an account template with conflicting account settings the group with the lowest priority value wins and will have its account template applied. When there is no conflict the settings from each group are collectively applied.  In the case of a tie the first group found wins.  When an account is removed from a group that has an account template the account settings previously controlled by the account template revert to whatever the New Account template says or possibly to another group's account template if the account is a member of multiple groups.

[8381] Groups can disable ComAgent entirely or just the instant messaging portion of ComAgent independently of an account template.  In case of a conflict with an account template owned by the group (if any) then this setting wins.

[10450] The Groups member of the MD_UserInfo structure has been increased in size allowing an account to be a member of many more groups than before.

[9715] Groups now have an edit control where you can specify an Active Directory group.  When an MDaemon group is configured to link to an Active Directory group any member of the Active Directory group will be placed into the linked MDaemon group automatically.  This only works if you are using the Active Directory monitoring feature.  You can map any AD attribute you want to use as a trigger for putting accounts into MDaemon groups however the "memberOf" AD attribute will most likely be the one to use.  You can configure this by editing ActiveDS.dat in notepad.  This feature is disabled by default.  To enable it, edit ActiveDS.dat and tell MDaemon what AD attribute to use for your group trigger or uncomment the "Groups=%memberOf%" line in ActiveDS.dat to use what I guess would be the most common attribute.


ComAgent now supports multiple languages. Rather than each language of MDaemon including a ComAgent in just that language, all languages of MDaemon now include a ComAgent that supports English, German, Spanish, French, Italian, Japanese, Dutch, Polish, Portuguese, Russian, Swedish, Thai, and Chinese. The user can select the language from ComAgent's Preferences dialog. ComAgent now also has improved support for international characters in instant messages and file transfers.


The UI tabs which display Routing, SMTP-in, SMTP-out, IMAP, POP, MultiPOP, and DomainPOP activity may now use some colors to help visually separate events during a session. A new option was added to F2 | Logging | Options called "Use colors when displaying mail session logs" to control this. The same UI option can also be found at Ctrl+O | GUI. The option is disabled by default. The default text colors can be changed by editing the LogColors.dat file as follows:


Background=0x000000Background color; black
SelectedBackground=0xff0000Selected background color; blue
Default=0xffffffDefault text color; white
Processing=0x00ffffInternal processing and parsing activity; default is yellow
DataIn=0x008040Incoming data from other server; default is dark green
DataOut=0x00ff00Outgoing data sent to other server; default is bright green
Error=0x0000ffError messages; default is red
TCPIP=0xff8000 TCP/UDP/DNS/PTR related activity; default is light blue
SpamFilter=0x0080ffSpam filtering; default is orange
AntiVirus=0xdda0ddAntiVirus processing; default is plum
DKIM=0xff00ffDomainKeys and DKIM activity; default is fuchsia
VBR=0x40c0ffVouch by Reference activity; default is light orange
SPF=0x0808080 Sender Policy Framework activity; default is grey
Plugins=0x0080c0Any message sent from a plugin; default is brown
Localq=0x00ffffLocal queue routing; default is yellow
Spam=0x0080ffSpam message routing; default is orange
Restricted=0x40c0ffRestricted message routing; default is light orange
BlackList=0x808080Blacklisted message routing; default is grey
Gateway=0x00ff00Gateway message routing; default is light green
Inboundq=0xff8000Inbound message routing; default is light blue
PublicFolder=0xdda0ddPublic folder message routing; default is plum

If you want to use colors but don't want to colorize one or more of the above elements just set the corresponding values to zero. For example: SpamFilter=0 (the Default color will be used). That trick doesn't work for Background or SelectedBackground.  If you want to change those two you have to provide a new color value.  The color values are specified in hexadecimal of this form: 0xbbggrr where bb is the relative intensity for blue, gg for green, and rr for red. So it's a COLORREF basically. There are many sites online which provide lists of hex values for colors. Watch the byte order though as many provide them in #rrggbb form. Changing colors requires a restart of MDaemon or creation of a file called COLORS.SEM in the APP folder. The main UI utilizes colors in real time as the log string is actually constructed and displayed however the configuration session which reads log files from disk must read the color value from a new bit placed just after the time-stamp in the logged string.  As a result, a configuration session will not be able to colorize portions of log files created prior to MDaemon 13.5.0.

Because attributes necessary to the use of colors may be specified only at the time the window is initially created toggling the use of colors on/off requires an MDaemon restart before it will take effect.


Active Directory monitoring has been improved to periodically query AD and keep all public contact records updated with the most recent information stored in AD. Common fields like an account's postal address, phone numbers, business contact information, etc will be populated into their public contact record and this data will be updated any time it is changed in Active Directory. Numerous contact record fields will be monitored in this way. For a complete list of which public contact record fields can be mapped to Active Directory attributes see my commentary in the ActiveDS.dat file. Also, you do not need to enable full Active Directory account monitoring to take advantage of this. A new switch has been added to the Ctrl+U | Active Directory | Monitoring which allows you to enable this feature independantly from the full Active Directory account monitoring feature (which may be too much for many sites).

The ActiveDS.dat file has several new mapping templates which allow you to specify one or more AD attributes from which to populate a particular contact record field (for example, %fullName% for the fullname field, %streetAddress% for the street address, etc). I've defaulted many of these to what appear to be correct values on our active directory server here at Alt-N but your mileage may vary. I could not find proper attributes in our Active Directory for some of the contact fields but thats because I'm not an AD expert. They are exposed anyway and can be used if needed. A one-time migration of ActiveDS.dat will be performed upon first-time start-up of MDaemon 13.5.0 in order to expose these changes.  None of your existing alterations to this file will be lost.

MDaemon must match an accounts email address to some attribute within Active Directory in order to know which contact record to update. If it can't find such a match it does nothing. By default MDaemon will try to construct an email address using the data taken from the attribute mapped to the Mailbox template (see ActiveDS.dat) to which MDaemon will internally append the default (primary) domain name just as it would when actually creating and deleting accounts based on Active Directory data. However, you can uncomment the "abMappingEmail" template inside ActiveDS.dat and tie it to any AD attribute you wish (like %mail% for example). Just understand that MDaemon expects the value of this attribute to contain an email address that will be recognized as a valid local user account.

MDaemon accounts which are flagged as hidden are not subject to having their contact record created or updated. This feature will create the contact records on the fly if they don't already exist and it will update contact records which do exist. It does not care about and will happily overwrite any changes you make outside of Active Directory. Contact record fields that are not mapped are left unaltered so any existing data that is not subject to being changed by this process will not be altered or lost. Lastly, the Active Directory UI screens have been reworked slightly and the code over-all has been somewhat optimized but you should know that this process hits Active Directory every 10 seconds by default (you can change it) so if you query the root for this rather than a more narrow Active Directory container you might notice it (or maybe not, I don't know for sure).

[10017] Active Directory monitoring will now update an account's alias value. In the past an accounts alias could be plucked from Active Directory only at the time the account was initially created. Note that there's no way to remove any old alias that might have been put there by AD changes earlier because I can't easily tell what old alias should be deleted and I can't delete them all because some aliases might have been created outside AD (users can have more than one alias). This means that over time some orphaned aliases might accumulate but no harm done and they can be removed using the alias editor.

[10476] Active Directory monitoring feature updated to test and log entire set of values for an attribute. In the past only the first in the set was being tested/logged.  Also the logging was simplified and shortened.


Performance counters have been implemented to allow monitoring software to track MDaemon's status in real time. There are counters for the number of active sessions for the various protocols, number of messages in the queues, server active / inactive states, MDaemon up time, and session and message statistics.


  • [11296] The WorldClient Mobile theme is now updated for modern smart phones to create an improved user experience for touch screen devices.
  • [10019] The MDaemon system account email address is no longer visible/selectable within controls like the public folder submission address dropbox. The account is not eligible for these types of functions and thus should not be selectable.
  • [9820] When applicable, WebAdmin now shows quota information per user on the Mailbox Charts.
  • [9047] When looking at the bad queue content within the GUI the "Subject" column has been replaced with "Bad queue reason" and contains a text description of why the message was placed within the bad queue.
  • [10129] WebAdmin's Holding Queue and Spam Trap views now display the X-MDaemon-Deliver-To header information for each message.
  • [10093] If an email is destined for a domain which has no MX records and also has no A records then the message will be immediately bounced back to sender as undeliverable.
  • [10176] Loading IPScreen.dat items into the GUI is deferred until the IP Screen editor is selected rather than when the Security Settings dialog is first opened.
  • [10284] F2 | Server Settings | Servers no longer has per-domain options related to maximum acceptable message size. These options exist in the Domain Manager and the F2 screen is for global (not per-domain) settings.
  • [10322] Added option to F2 | Server Settings | Servers which causes the SMTP server to refuse duplicate recipients in the same SMTP session. Duplicates are refused with "452 That recipient has already been specified." This option is disabled by default to preserve previous behavior.
  • [9721] When a public folder goes from not having a submission address to having one every existing ACL is granted the "post" right now rather than just the "anyone" ACL.
  • [10341] The text strings sent to the routing log have been simplified and made consistent. Long paths that are not necessary were shortened. The System log will display each queue path on startup on queue state changes.
  • [10342] DNSBL hits and refusals now have their own separate counters within the UI tool window and on the statistics report. These counts are no longer folded into the SPAM counts.
  • [10368] Added option to enable/disable sending of notification emails to the Ctrl+P | Spam Filter | Updates screen. This mirrors the same option currently found in the Content Filter UI and does the same job but here it is easier to find.
  • [10371] The "Account Settings" menu option was renamed to "Account Options" and a new "Passwords" screen was added into it. From here you can set the requirement to use strong passwords and you'll find a new button which will let you edit the bad passwords file. Values in the bad passwords file can never be used for account passwords.  Bad passwords can be provided using reg-ex. This requires the strong passwords option be enabled.
  • [10381] Removed the "double click item to remove it from list" type of behavior that some parts of the UI still employed. These included the Sender Blacklist, IP Screening, and Host Screening dialogs, all of which have a "remove" button for this purpose now.
  • [10397] The catalog editor was converted to a standard type modeless dialog box.
  • [10404] The ZIP file names of log archives now include a date-stamp of when the ZIP file itself is created rather than a date determined (sometimes errantly) by what might be inside the ZIP. So today's ZIP contains what was archived today, which could be yesterday's log files -or- many days worth of log files X days old or older, depending on your configuration settings.
  • [9026] Log files are no longer archived as part of the cleanup.bat file processing and this now takes place as its own event and as the very last thing in the midnight cleanup processing chain. Hopefully this will fix an issue which sometimes occurs where log files have nothing or the wrong things in them.
  • [8766] Added descriptive text to groups editor explaining how to edit a group name and description.
  • [8007] The Ctrl+T | Account Templates | Web Services now includes the ability to set defaults for LAN IP exceptions.
  • [6251] When MDaemon generates Message-ID values, APOP greetings, and AUTH "first ready" responses it now uses server FQDN values rather than the default domain name.  Where possible the FQDN value used will be the one associated with the current processing context.
  • [7261] The option to force a Reply-To header into all messages not containing one has been removed from Ctrl+O | Headers screen.  MDaemon can't get this right in all cases and this is a mail client responsibility (not a mail server's).
  • [6482] In the past the greylisting system first translated RCPT data in case an alias was used and then compared, stored, and used this translated data which may then have differed from the actual RCPT data provided.  This violates the greylisting best-practices and whitepaper which states that the actual RCPT data must be used (not some translated or altered version of it).  So the greylisting system has been changed and now the actual RCPT data is always used.
  • [10354] When an autoresponder attempts to subscribe an address to a mailing list the attempt will now fail if the address is one of those configured to not receive the autoreponse.
  • [9528] Added "Update Counts" button to Account Editor | Quotas which refreshes the counts on the screen (sometimes the cached values are out of date). Also, I changed the descriptive text on this screen to indicate that the email count includes stored documents as well.
  • [6928] Account mail folder paths may no longer contain the following DOS/Windows reserved names as this causes problems for some OS API calls: \AUX\, \CON\, \COM1\, \COM2\, \COM3\, \COM4\, \LPT1\, \LPT2\, \LPT3\, \NUL\, \PRN\. Attempting to create or edit an account which contains any of these values within the mail folder path will generate an error message.
  • [10420] The session identifier logged with each line of a session's log no longer includes the so-called child ID value.  This value is not necessary (the session number is enough) and it is already logged at the top of each session.  So the identifier is now simply the session number (from 1-999999) which rolls over back to 1 after reaching 1000000.  It is not intended to be a GUID but rather is just a visual aid when looking at a log file in a viewer.  The current value will now be stored and remembered across reboots rather than starting over at 1 each time MDaemon is restarted.  Also, the session identifier will now be padded with leading zeros so that the log lines up evenly when using a viewer like notepad.
  • [10430] The "Folder, Attachments, Groups" screen within the Account Editor has been renamed to "Mail Folder & Groups."  The attachment related settings have been removed and placed into a new screen within the Account Editor called "Attachments."
  • [10431] The "New Account Defaults" settings have been removed from the Account Settings editor and placed into their own editor called Account Templates which you can access using Ctrl+T or from the Accounts top-level menu.
  • [10432] The "Account Defaults" screen within the Account Editor has been reorganized and the controls resized so that the values they contain can fit when at their maximums.
  • [10463] The account/folder/group/mailing list picker object has been reworked and is now resizable and will remember its size and position.
  • [9504] The IPs within the IP Screen and Host Screen UI will be sorted.
  • [9497] The "Use subaddressing" checkbox was moved from Account Editor | IMAP Filters to Account Editor | Options so it can be part of the new account template system (the IMAP Filters page is not part of the template mechanism).
  • [10159] The spam filter will no longer bother checking the size of a message if spam filtering is already being skipped for certain other reasons.
  • [8890] When dynamic screening detects a connection from an IP that has been temporarily banned it will now issue a 4XX temp error with a message to try again later. The previous 5XX error and non-descript message was inaccurate for this situation.
  • [10297] Added option to Ctrl+P | Spam Filter | Options which will let you keep the spam filter white and blacklist entries in sorted sequence. Note that if you have added your own comments into the file (lines starting with #) enabling this option will sort these lines to the top of the file which is probably not what you want. This feature is disabled by default to preserve existing behavior. The sort operation takes place upon the next change to the white or black list file.
  • [9819] New controls were added to Ctrl+U | Quotas which cause a daily quota report email to be sent to all global and domain administrators. The report lists all accounts which are within XX percent of their quota maximums. You can configure the percent. If you set the percent to ZERO all accounts get included in the report. The report sent to global administrators includes information on all relevant accounts for all domains. The report sent to the domain administrators just covers their domain. The report can be costly in terms of cycles so it runs in its own thread and is part of the daily cleanup event. Also, and separately but I'm listing it here, a new switch was added which toggles sending of the near quota warning emails to accounts on/off. In the past configuring the percent for this to ZERO was the toggle.
  • [10406] A new control was added to Ctrl+O | System which will let you set the hour at which the daily maintenance and cleanup event takes place. In the past this has been fixed at midnight (which I still recommended). The new control defaults to midnight to preserve existing behavior. Regardless of what hour you schedule for this some things still happen at midnight anyway (such as the running of Midnight.bat and log file maintenance).
  • [10246] If a mailing list allows anyone to post (that is, the mailing list is NOT configured to allow only list members to post) then messages from NULL sender (ie.. MAIL FROM:<>) sent to the list will be accepted.  In the past, they were refused.
  • [5699] If a mailing list's public folder is missing, messages will be routed to the bad message queue rather than being dropped on the floor.
  • [10498] MDaemon's startup routine has been optimized and is now many times faster - especially for sites with thousands of domains.  MDaemon no longer logs every missing postmaster/abuse alias for every domain.  Instead, it logs a single message saying you are missing at least one (if you are).  Also, the socket startup routine was optimized to log only errors and not every single protocol initialization for every single domain (this was REALLY slowing things down).  Finally, the Everyone@ and MasterEveryone@ lists are no longer created if they already exist.  These lists contain macros and not actual list members so there's no reason to always rebuild them on startup.
  • [10499] I added an option to Ctrl+O | Preferences | UI which lets you control whether you want the various dialogs throughout the UI to expand the left hand tree nodes or not.  Note that the first (or root) node is always expanded regardless of this setting.
  • [10510] The routing log will display encoded From/To/Subject data in decoded form.
  • [6144] The mail statistics report email now reports free disk space in MB rather than bytes.
  • [10227] The UI will display consistent results when creating a certificate for use with SSL/TLS.
  • [8719] DomainPOP and MultiPOP logging no longer bothers with logging the temp file I/O.  Instead it logs the final message creation placed into the Inbound queue (or an error result).  This lets you track DomainPOP/MultiPOP through other logs which was not easy to do in previous versions.
  • [5818] An option was added to Ctrl+U | Passwords which allows you to set a maximum number of days before users will have to change their password.  This option defaults to ZERO (disabled).  If you set it to (for example) 30 days then users will have 30 days from the next time their account is edited in the UI or from their next logon via POP, IMAP, SMTP, or WorldClient to change their password (which, once changed, will start a new 30 day time limit).  After that, if they don't change their password they will not be able to logon to POP, IMAP, SMTP, WorldClient, or WebAdmin.  WorldClient will prompt the user for a change of password if the user has permission to edit his password, but Outlook, Thunderbird, etc, will not. Many mail clients will not show a helpful error message to the user, so they may need admin assistance to figure out why the logon is failing. Accounts which are about to have their passwords expire are sent a warning email each day for X days leading up to the password becoming expired.  The number of days can be set by a new option at Ctrl+U | Passwords.
  • [10520] Added an option to the Account Editor | Account Details screen which allows you to require an account to change their password before it can connect using POP, IMAP, SMTP, WorldClient, or WebAdmin.  Take care with this option because it may not be easy or possible for an account to do this (see 5818).
  • [10222] Added an option to the Account Editor | Account Details screen which allows you to "Freeze" an account.  Frozen accounts can receive mail but can not send or check mail.  The controls on this screen were re-organized somewhat.  The Smart Host logon/password options were moved from here to the Account Editor | Mail Services screen.
  • [10512] Added options to Account Editor | Web Services screen to disable ComAgent entirely and/or disable the Instant Messaging portion of ComAgent.
  • [10544] The icons in the account manager have changed slightly. Frozen accounts now receive the white X icon (this used to be the icon for accounts with partial mail service). Frozen accounts are similar to disabled accounts which also have an X icon and white is a good color to indicate a frozen state. Accounts with partial mail service now get an orange check mark to indicate their similarity to full access accounts which have a green check mark.
  • [1889] WorldClient now gives users the ability to download all of a message's attachments by sending them in a zip file.
  • [10030] The IMAP server now supports the XLIST extension.
  • [2434] The Enter key may be used in ComAgent's "My Contacts" window to open an instant messenger window for the selected contact
  • [10632] Added RESTARTWC.SEM sem file which causes WorldClient to be stopped and restarted. This works only when WorldClient is running using its own built-in web server.
  • [3429] Removed the WorldClient option to send an invitation to the meeting planner. It did not work properly and it only made sense for public folders, for which a more robust solution needs to be developed.
  • [10563] The rules processing engine within content filter is now enabled by default for new installations.
  • [10567] F2 | Event Scheduling will no longer show AntiVirus related elements when AntiVirus is either not installed or has an expired subscription.
  • [6023] Contact "Email 2" and "Email 3" fields are now used for auto-complete results and contact search results
  • [8339] Contact "Nickname" field is now used for auto-complete results and contact search results
  • [10857] The holding queue no longer automatically stores messages sent to or from a disabled or frozen account unless the holding queue is enabled and a new switch at Ctrl+Q | Holding Queue which configures this specific behavior is also enabled (it is enabled by default to preserve existing behavior).
  • [10846] Increased amount of space for account restrictions by factor of 10. Better solution will come in MDaemon 14.0.
  • [2540] Gateway .LCK files are stored in the \MDaemon\Lockfiles\ folder now rather than the gateway's mail folder. This allows much faster startup times for sites with large numbers of gateways.
  • [9700] Updated Content Filter's regex engine.  The new engine follows the ECMA grammar and is much more powerful than the previous regex engine.  There are some syntax changes, the main being backreferencing (\1, \2, \3, etc) has changed to ($1, $2, $3 and so on).  MD3Conv will update any rules that contain "regular expression search and replace" during installation including MDaemon's ticketing system rules.
  • [10917] MDaemon no longer forces the domain names you create to lower case. Domain names are case-insensitive so MDaemon will use whatever case you use when you create the domain's name.
  • [10890] MDaemon.exe is now Large Address Aware, allowing it to use up to 4 GB of RAM on a 64-bit OS.
  • [10932] Disabled accounts are now removed from the domains global address book. If the account is later re-enabled it will be added back (depending on your configuration settings).
  • [8079] WorldClient sends an email to the postmaster when the dynamic screening bans an IP. Settings to control this are in \MDaemon\WorldClient\WorldClient.ini:
  • Updates to the WorldClient LookOut theme:
    • [10747] Update to modernize the theme's appearance and color scheme
    • [8948] A new Email Templates editor for inserting pre-written pieces into emails
    • [10853] Quick calendar filtering on the Day, Week and Month views to allow you to narrow down the labels of the calendar entries - just hover over a calendar label list below the calendar folder list to reduce the displayed entries.  This also gives users a small report on their event totals.
    • [10854] When the message list is less than 600 pixels wide it will re-render to be a double-rowed message list
    • [10373] Various performance improvements to speed up the loading time
    • [10855] When users hover over calendar entries they will now be presented with a preview of the event to speed up seeing details
  • [11025] Added an option to add message footer to messages that have attachments that could not be scanned.
  • [9025] Messages sent to the MDaemon system account to perform various functions are now logged with details in a new "MDaemon" tab within the main UI and tracked into their own log file.
  • [10073] By default MDaemon will no longer send a "No valid command found" email back to those who send such emails. You can re-enable this function via a new option in Ctrl+O|Preferences called "Send response to invalid command messages."
  • [10074] MDaemon no longer supports making account changes by sending email messages to the system account. Account holders can still make changes to their accounts by logging into WorldClient or WebAdmin. The UI checkbox called "Allow changes to account via email messages" has been removed from both the account editor and the new account defaults UI.
  • [10077] Numerous popup dialogs were changed to have unnecessary text such as "Click 'Ok' to continue" removed.
  • [11118] added Thai language to WorldClient language options
  • [9813] Added ability for an account that automatically processes meeting requests to decline conflicting and recurring requests
  • [10444] Added text clarifying the use of Macros in List Membership to WebAdmin
  • [3122] Added About MDaemon dialog to WebAdmin. More to come for this page in further versions.
  • [11224] Added an option in ComAgent to show the ComAgent window on the taskbar.
  • [11202] Added file name to ComAgent file transfer window captions.
  • [10246] Messages sent to lists with a NULL reverse path were previously rejected after RCPT but are now rejected after DATA in order to work with several routers and call-back verification schemes.


  • [10233] fix to SMTP MAIL value not tested against "Spam Filter (no filtering)" list
  • [10259] fix to list of AV excluded-from emails being included in the list of password- protected files exclusion list
  • [10393] fix to DomainPOP not always handling tab characters properly when parsing for addresses
  • [10257] fix to change of log file size not taking effect immediately
  • [7771] fix to restricted accounts being unable to send mail to other domain sharing servers
  • [10036] fix to unable to stop/disable WorldClient service from configuration session
  • [9561] fix to message to multiple lists with public folders not each getting a copy in the public folder
  • [9231] fix to "...but only from LAN IPs" options in web default settings not applied to all accounts when "Apply to all accounts now" button pressed
  • [5044] fix to mailing lists being incorrectly written to the global address book file
  • [5410] fix to bounce notifications improperly stripping BATV encoding from return path address
  • [6155] fix to smart routing sometimes delivering local mail from the remote queue
  • [10453] fix to mailing list membership not updated when group names changed or deleted
  • [10471] fix to MDaemon account showing up in various account picker/account tree objects within the GUI
  • [8128] fix to Active Directory full scan button not always taking stock of latest Active Directory configuration settings
  • [8650] fix to DomainPOP parsing not handling BATV encoded local addresses properly
  • [8482] fix to missing domain public folders not always being created when option to do so is enabled
  • [6627] fix to Ctrl+E | Mail Scheduling Option "deliver mail X minutes after last delivery" never working properly
  • [9374] fix to list password not parsing from encoded subject data properly
  • [10253] fix to $SUBJECT$ macro not handling encoded subject data properly
  • [6590] fix to Active Directory search code not working with multi-byte characters properly
  • [3554] fix to MDStats adding entries to SA whitelist_from_rcvd often incorrectly (now uses just whitelist_from)
  • [10455] fix to forwarded messages not honoring outbound IP binding or forwarders account disabled status
  • [2347] fix to account/group updates not updating Content Filter rules
  • [10573] fix to inline image links are broken in WorldClient's HTML compose editor
  • [10564] fix to "All messages sent From" option from "postmaster" to "postmaster@$DEFAULTDOMAIN$."
  • [10483] fix to searching in the WorldClient LookOut theme's calendar year view
  • [9991] fix to random crashing on shut down for ComAgent
  • [3861] fix to disabling instant messaging for a user does not take effect until ComAgent is restarted
  • [3187] fix to not all instant messaging items are removed from the ComAgent UI when instant messaging is disabled
  • [10624] fix to WorldClient users may receive a "The meeting location is occupied at that time" error message when creating event with location and time of an existing event. This was a holdover from an obsolete resource scheduling approach. The recommended approach is to create and invite a resource user that automatically accepts and declines calendar invites. This is compatible with all platforms that support calendar invites and free/busy lookups.
  • [10614] fix to an appointment changed by another user via WorldClient will show it as a meeting request on an ActiveSync device
  • [10468] fix to the attendee does not receive a meeting request when creating a meeting in a shared calendar using WorldClient
  • [10636] fix to possible IMAP and WorldClient error when moving folders to become subfolders of Inbox
  • [10797] fix to WebAdmin displaying a blank entry for domain selection on the ActiveSync Server page
  • [10821] fix to right-click add to black/white list feature not adding correct address to lists in some cases
  • [10686] fix to Firefox printing message headers on a separate page from the body in the LookOut theme
  • [10771] fix to "strong password required" error message missing from ODBC and LDAP backend DLLs
  • [10786] fix to UI allowing accounts to be created with mailbox ending with '.'
  • [10908] fix to ActiveSync and SyncML UI not handling default settings properly in all cases
  • [10648] fix to changes to "Add Sender Header" in WebAdmin's Headers page not being saved.
  • [11012] fix to newly created gateways not honoring all default dequeue IP access settings properly
  • [9232] fix to ComAgent does not send instant messages when the Enter key is pressed if certain dialogs are open
  • [11032] fix to WebAdmin not handling the Account Restrictions page properly for all languages
  • [10992] fix to when accepting a meeting request in WorldClient, the invitee's Outlook Connector shows the invitee as the meeting organizer
  • [11022] fix to list unsub confirmation checkbox not sticking
  • [11216] fix to wrong commandline value logged when running an external process fails
  • [6755] fix to blank "File As" field in Outlook Connector for contacts created in WorldClient that have only a company name
  • [11223] fix to potential crash when using "Remove contacts which are missing name or phone data" button
  • [11212] fix to vulnerability (false positive) reported in WebAdmin during PCI Compliance check
  • [11182] fix to script error in WebAdmin when editing content filter rule using MSIE and a language other than English
  • [10728] fix to account with "+" sign not rendering properly in WebAdmin's Alias Editor
  • [11267] fix to Timeout and Remote IP columns not sorting properly on sessions tab in UI
  • [11281] fix to unable to delete/edit/refresh the session window content in the configuration session
MDaemon is a registered trademark of Alt-N Technologies, Ltd.
Copyright ©1996-2013 Alt-N Technologies, Ltd.

Try MDaemon free for 30 days

Download MDaemon 30-Day-Trial Download MDaemon and start your fully functional 30 day free trial to have your own email solution up and running in less than 30 minutes.

Download Now - Free 30-Day-Trial
Existing MDaemon user?