Releases


build-220203

NEW FEATURES:

  • Upgraded look of Hermes SEG Daily Quarantine Report and Hermes SEG Quarantine Report with new logo. Also updated the functionality of the Hermes SEG Quarantine Report to only report quarantined e-mail found in the past 2, 4 or 8 hours instead of the previous functionality that reported all quarantined e-mail for the current day on 2, 4 or 8 hour intervals. Updated wording in Admin --> Internal Recipients and Users --> Report Settings with new wording in the Quarantine Report Frequency field to reflect the new functionality.
  • Upgraded Admin --> Virtual Recipients and added ability to redirect multiple virtual recipients to internal or external recipients as well as the ability to redirect entire domains to internal or external recipients.

THE FOLLOWING PAGES HAVE BEEN UPGRADED TO VERSION 2.0:

  • Admin Console --> Virtual Recipients

FIXES:

  • Fixed issue when adding external recipients encryption S/MIME mandatory defaulting to postmaster e-mail address due to external recipients encryption using the same session.email variable as in the Application.cfc.
  • Fixed issue with Admin Console --> Message History --> Message Actions --> Release Message(s) to Recipient and User Console --> Message History --> Message Actions --> Release Message(s) to Mailbox was not releasing message(s).
  • Increased Hermes SEG Service timeout from the default 90 seconds to 360 seconds to avoid timeouts during system boot for systems with commandbox.

build-211207

NEW FEATURES:

  • Moved System --> Console Settings from the Pro version to the Community version. Streamlined system URLs (Secure Portal Address, User Portal Address) to use the system IP or Host Name set in System --> Console Settings.
  • Moved System --> System Certificates from the Pro version to the Community version. Import Certificate and Generate CSR is available on the Community version, Request Acme Certificate is available on the Pro version only.
  • Moved Gateway --> SMTP TLS Settings from the Pro version to the Community version.
  • Moved Content Checks --> Custom Antispam Filter Tests from the Pro version to the Community version.
  • Upgraded User Console interface at /users/ to version 2.0. Changed authentication code and made it less resilient to attacks. Increased hash iteration from 5000 to 10000 iterations leveraging SHA-512 algorithm. As a result, this update resets all User Console passwords and forces users to enter new paswords next time they login to the User Console. Added haveibeenpwned.com password checking feature. Removed password complexity requirements, set password lenghts to between 8 and 64 characters as per NIST 800-63 password guidelines. Improved Forgot Password functionality.

THE FOLLOWING PAGES HAVE BEEN UPGRADED TO VERSION 2.0:

  • Admin Console --> Gateway --> SMTP TLS Settings RENAMED/MOVED TO Admin Console --> Gateway --> SMTP TLS Settings (Pro Only)
  • Admin Console --> Gateway --> SMTP TLS Policy RENAMED/MOVED TO Admin Console --> Gateway --> SMTP TLS Settings (Pro Only)
  • User Console --> Report Settings
  • User Console --> Sender Filters
  • User Console --> Change Password
  • User Console --> Message History

FIXES:

  • Added function to not allow the deletion of the system-self-signed Certificate in System --> System Certificates.
  • Removed duplicate (smtpd_tls_CAfile) in /etc/postfix/main.cf. Did not seem to cause issues but it's cleaner now.
  • Added error handling in /inc/restart_authelia.com and /inc/restart_nginx.cfm.
  • Fixed /etc/logrotate.d/authelia permission issue.
  • Fixed various queries in view_message.cfm, view_message_history.cfm, view_smtp_tls_settings.cfm, view_system_certificates.cfm to make them less vulnerable to SQL injection attacks.
  • Fixed issue with in /opt/hermes/conf_files/50-user.HERMES where amavis was ignoring per user SVF policies because it was looking in the wrong SQL table and it was falling back to the Default policy.
  • Fixed issue when adding external recipients encryption defaulting to postmaster e-mail address due to external recipients encryption using the same session.email variable as in the Application.cfc.
  • Fixed issue with System --> Network Settings javascript not showing static settings when network mode was set to Static
  • Fixed issue with Train Spam, Train Ham and Forget Messages routines in both the Admin and the Users Consoles not syncing the Bayes Database.

build-211019

NEW FEATURES:

  • Added Nginx HTTP Server in lieu of Apache.
  • Added Lets Encrypt (Acme) Certificates support for HTTP and SMTP TLS (future).
  • Added Wildcard CSR generation capability.
  • Added Authelia Authentication Server for authentication into Admin Console.
  • Added 2FA (Two Factor Authentication) for Admin Console.
  • Added ability to add multiple System User accounts in addition to the default "admin" user. Will be expanded in the future to include permissions.
  • Added Basic API for internal system functions. Will be expanded in the future for more functionality.
  • Added support for checking System User passwords against haveibeenpwned.com.
  • Re-worked Admin Console Firewall to work through Nginx. It now includes the ability to allow IPs to Hermes and/or Ciphermail Admin consoles.

Enabled Uncomplicated Firewall (UFW) with the following allowed incoming ports by default:

  • 22/tcp (SSH)
  • 25/tcp (SMTP)
  • 9080/tcp (Hermes Old Web GUI HTTPS)
  • 80/tcp (Hermes New Web GUI HTTP)
  • 443/tcp (Hermes New Web GUI HTTPS)
  • 3306/tcp (MySQL)

THE FOLLOWING PAGES HAVE BEEN ADDED:

  • System --> System Certificates (Pro Only)
  • System --> Admin Authentication

THE FOLLOWING PAGES HAVE BEEN UPGRADED TO VERSION 2.0:

  • System --> Network Settings
  • System --> Admin Console Firewall (Pro Only)
  • System --> AD Integration (Pro Only)
  • System --> Console SSL Settings RENAMED/MOVED TO System --> Console Settings (Pro Only)
  • System --> Change Password --> RENAMED/MOVED TO System --> System Users
  • Gateway --> Certificate Signing Request RENAMED/MOVED TO System --> System Certificates (Pro Only)
  • Gateway --> Internal Recipients
  • Content Checks --> Message History & Archive RENAMED/MOVED TO Content Checks --> Message History
  • Encryption --> Internal Recipients Encryption RENAMED/MOVED TO Gateway --> Internal Recipients

FIXES:

  • Improved error handling in System --> System Backup for permission related errors in SMB Share
  • Added functions to disable firewall and reset all MySQL username/passwords in System --> System Settings when running System Restore
  • Fixed bugs in system_restore.sh script