Trustwave MailMarshal 10.0 Release Notes

(Previously known as Trustwave SEG)

Last Revision: April 14, 2022

These notes are additional to the MailMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21075.

Table of Contents

New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 10.0.4

Features New in 10.0.2

Features New in 10.0.1

Features New in 10.0

Features New in 8.2

System Requirements

The following system requirements are the minimum levels required for a typical installation of the Trustwave MailMarshal Array Manager and selected database.

Table 1: System Requirements
Category Requirements
Processor Core i5 or similar performance
Disk Space 20GB (NTFS), and additional space to support email archiving
Memory 4GB (3GB available to MailMarshal plus 1GB for operating system). Allow an additional 2GB if SQL Express is installed locally.
Supported Operating System
  • Windows Server 2012, Server 2012 R2, Server 2016, Server 2019, Server 2022 (Essentials Edition or above)
  • Windows 8, Windows 8.1, Windows 10 (Installation of server components on these workstation operating systems is not recommended)
Network Access
  • TCP/IP protocol
  • Domain structure
  • External DNS name resolution - DNS MX record to allow Trustwave MailMarshal Server to receive inbound email
Software
  • Microsoft .NET Framework 3.5 SP1
  • Microsoft .NET Framework 4.6.1 (or later 4.X)
  • Database server (managed cloud service): Azure SQL Database
  • Database server: SQL Server 2019, SQL Server 2017, SQL Server 2016, SQL Server 2014, SQL Server 2012
  • Database server (free versions): SQL 2019 Express, SQL 2017 Express, SQL 2016 Express, SQL 2014 Express, SQL 2012 Express

    (Service packs listed are the minimum required for compatibility with all supported operating systems)

  • Web browser (for Management Console connection): Chrome, Edge, Firefox, or Safari. (Internet Explorer is not supported).
  • IIS (array manager only).
    • Windows Authentication must be enabled in IIS.
    • Note: WebDAV must not be active on the MailMarshal websites. For WebDAV removal, see Trustwave Knowledge Base article Q21096.
Port Access
  • Port 53 - for DNS external email server name resolution
  • Port 80 (HTTP) and Port 443 (HTTPS) - for SpamCensor updates
  • Port 1433 - for connection to SQL Server database and Reports console computers
  • Port 19001 - between Array Manager and Processing Nodes
    Note: Additional ports are required by the Nodes for email and updates.
  • Port 19006 and port 19007 (HTTPS) - for communication between components on the Array Manager. If the MailMarshal API is in use from other servers to the array manager, these ports must be open from the API client to the Array Manager.

 

Upgrade Instructions

Please review the MailMarshal User Guide before upgrading.  

Trustwave MailMarshal 10.0.2 supports a direct upgrade from MailMarshal/Trustwave SEG 8.2.3 and above, including the public release of SEG 10.0.0. (Upgrade from SEG 10 Beta releases is not supported).

If your installed version does not support direct upgrade, you can upgrade in steps.

Upgrade Preview

A standalone tool is available to check prerequisites and potential configuration issues before upgrade. See the product download page.

Database Prerequisites

Upgrading a Single Server

To upgrade a single MailMarshal server from any version supporting direct upgrade, install the new version on the existing server. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.

Upgrading an Array of Servers

You must upgrade each server by logging on locally. The remote upgrade feature that was present in earlier versions will not be available in MailMarshal 10.X.

Upgrading a Database

In the MailMarshal Server Tool, if you select a database that can be upgraded (version 8.2.3 or later 8.2.X), you will be given the option to upgrade and use the database.

Importing an 8.2 Configuration Backup

After installing MailMarshal 10.X, you can import a configuration backup from version 8.2.3 or later 8.2 version.

  1. Convert the backup to the 10.X backup format (zip file) using the MMConvConfig command line tool found in the MailMarshal 10.X installation folder.

  2. Import the converted configuration zip file using the Restore function in the Management Interface, or the MMExportConfig command line tool.

For full information about these tools see the User Guide.

Upgrading From Older Versions

To upgrade from a version prior to 8.2.3, first upgrade to version 8.2.3 (or later 8.2.X). Full details about upgrading from older versions can be found in the documentation for the target version.

Notes on Upgrading

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21075.

Read the notes for all versions newer than your installed version. This list only includes information about version 10.0. For upgrade changes in earlier versions, see the release notes of each version.

Uninstalling

MailMarshal can be installed in a variety of scenarios. For full information on uninstalling MailMarshal from a production environment, see the Trustwave MailMarshal User Guide.

To uninstall a trial installation on a single computer:

  1. Close all instances of the MailMarshal Management Console website and helper applications such as Server Tool.
  2. Use Add/Remove Programs from the Windows Control Panel to remove Trustwave MailMarshal.
  3. Use Add/Remove Programs from the Windows Control Panel to remove additional components you may have installed, such as Web components or the Marshal Reporting Console.
  4. If you have installed any components (such as the Web components) on other computers, uninstall them.
  5. If you have installed SQL Express specifically to support MailMarshal and no other applications are using it, uninstall SQL Express.

Release History

The following additional items have been changed or updated in the specific build versions of Trustwave MailMarshal (previously Trustwave SEG) listed.

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21075.

10.0.4 (April 14, 2022)

MM-6025 Deletion of long unpacking paths is improved.
MM-7162 User input validation has been improved for many fields.
MM-7346 In earlier 10.X releases, DNS server selection for Mail Servers did not allow IPv6 addresses. Fixed.
MM-7353 In earlier 10.X releases, validation of element names did not exclude problem characters (; , \ /). Fixed.
MM-7434 Console Executive Name List entry supports pasting multiple lines from the clipboard.
MM-8995 On upgrade, upgrade preview, and import of 8.X backups, if digests contain references to deleted user groups the error is logged and action stops.
MM-9150 Installations check for available product upgrades and raise a notice in the Console.
MM-9225 API calls are provided to update and delete "usermaintained" user groups in bulk.
MM-9381 The included REST SDK has been updated.
MM-9568 For Service Provider Edition installations, the flag to allow "no tenant" messages could be ignored when multiple messages were sent on a connection. Fixed.
MM-9778 Backups made by earlier 10.X releases could not be restored if a rule made direct reference to Connector User Groups (error "invalid property bag"). Backup behavior is fixed.
MM-9791 The included DMARC library has been updated.
MM-9794 The included Regular Expression library has been updated.
MM-9806 In release 10.0.2 and 10.0.3, the Management Console Mail Server General page was not correctly populated by default. Fixed.
MM-9807 HTML Message stamps and templates now allow CSS styling attributes directly on elements.
MM-9834 Date and time format in the Management Console follows Windows System format settings on the Array Manager. For details of how to apply changes, see Trustwave Knowledgebase article Q21174.
MM-9836 Time zone adjustment for the Dashboard component was incorrect. Fixed.
MM-9847 DMARC evaluation now considers multiple domains in the From: header and applies the most restrictive result.
DKIM signing is attempted for the first domain in the From: header that belongs to a local domain with DKIM enabled.
MM-9849 Management Console user preferences now include a Time Zone setting (defaults to the Array Manager time zone).
MM-9876 Default Digest templates are updated to ensure the Release link displays on narrow screens.
MM-9902 SQM website headers are updated for better framing security.
MM-9904 SQM website error display is improved.
MM-9905 Management Console website headers are updated for better framing security.
MM-9906 Management Console cookies use the "Secure" setting when HTTPS is active.
MM-9916 Message extraction for DKIM signing uses a larger buffer for improved performance.
MM-9939 Certain characters in subject lines could cause the Message History display to fail. Fixed.
MM-9944 A new version of the Management Console UI framework is included.
MM-9952 DMARC evaluation now considers results of checking all DKIM signatures present in the message.
MM-9961 A new REST API request type is available to retrieve a MML file without unpacking.
MM-10119 The MMUpgradeToX prerequisite checker exited unexpectedly on node-only installs where IIS had been uninstalled. Fixed.
MM-10141 Rule Profiler data provided through the REST API was invalid. Fixed.
MM-10164 DeepEvals scores are cached to enhance performance.
MM-10171 The File Update notification email is reformatted and more informative.
MM-10190 Detail and formatting of the file update notification email has been enhanced.
MM-10192 Email messages with the ! character in the local part are no longer blocked by the "suspicious local part" setting.
MM-10195 BTM statistics retrieval is limited to the last 7 days.
MM-10211 The Config Service did not support Unicode characters in the SQL database password. Fixed.
MM-10216 Attempting to view an empty Change Set returned an error. Fixed.
MM-10217 PolicyGroup  enabled times could change unexpectedly when edited. Fixed.
MM-10218 Upgrade could fail where the Config Service DB connection used the IIS application pool account. Fixed.
MM-10257 When deleted rules were shown in an email policy view, invalid action buttons were enabled. Fixed.
MM-10263 Display pagination issues for the Folder view are corrected.
MM-10270 Display pagination issues for the Message History view are corrected.
MM-10281 Deleted Reputation Services were available for selection. Fixed.
MM-10303 The Reporting Retention Days setting from the interface was not applied. Fixed.
MM-10307 The Server Tool removes any double backslash from path entries to avoid possible issues when services use the path.
MM-10326 For Sent History items, the API did not return a usable reference to the original MML content. Fixed.
MM-10344 The header From: value was not properly populated when the value contained a comma. DKIM would fail due to the empty value. Fixed.
MM-10345 Content-Transfer-Encoding x-uue is recognized (treated as x-uuencode)
MM-10353 For Service Provider Edition installations, the "LHASH" parameter for delivery between nodes is ignored if it cannot be decoded.
MM-10376 The logic for checking user groups for retrieval is improved.
MM-10397 User Groups could not be added from Active Directory when the OU included non-ASCII characters. Fixed.
MM-10401 Delivery of Syslog records to the remote server is multi-threaded to cater for much higher volume.
MM-10411 Message history search by message name ignores all other parameters.
MM-10413 All database connectivity now supports SQL Multi-Subnet Failover.
MM-10407 Visual C++ 2010 redistributable or DLLS are no longer required.
MM-10413 Database connectivity supports SQL Multi-Subnet Failover.
MM-10434 The release of TLS/SSL libraries included with the product has been updated.

10.0.3 (July 6, 2021)

MM-9761 In earlier 10.X releases, if the database location was changed, the installer did not correctly determine the database to be upgraded. Fixed.
MM-9776 Validation of group names on upgrade is improved.
MM-9802 The Management Console message view now includes a view of raw HTML source for HTML email bodies.
MM-9893 The Receiver could stop unexpectedly due to improper TLS renegotiation. Fixed.
MM-9897 In version 10.0.2, changing Reporting Groups in the Management Console prevented further configuration changes. Fixed.
MM-9914 In earlier 10.X releases, servers could show as offline in the Console because the status check timed out immediately. Fixed: the check waits 10 seconds for a response.

10.0.2 (April 28, 2021)

MM-7052 In earlier 10.X releases, new folder and classification names were not checked for duplicates of existing items. Fixed.
MM-7078 LZH unpacking now uses 7zip files.
MM-7424 Display of the DMARC DNS records on the Management Console Local Domains page was incomplete and inconsistent. Fixed.
MM-7435 When an array had no processing nodes, the Management Console Dashboard raised an error for each auto-refresh. Fixed.
MM-7518 The Marshal IP Reputation Service test function always reported invalid activation code. Fixed.
MM-7533 Rules can now be enabled or disabled from the list in the Management Console.
MM-7595 Reporting Groups can be configured in the Management Console.
MM-8994 With filtered lists, the detail pane could show details of the wrong item. Fixed.
MM-9081 Upgrade of 8.X Registry entries to the 10.X database was incorrectly case sensitive. Fixed.
MM-9087 The installer code has been cleaned of unused functions.
MM-9141 In the Management Console rule group selector, the preview feature hid the IP group selection. Fixed.
MM-9194 Management Console user preferences now allow the user to set the period for which messages in Archive folders are visible. The default is 36 months.
MM-9383 The version of the MSOLEDB driver included has been updated.
MM-9392 Authorized User entries with no name or email address entry could not be blocked/unblocked or deleted/undeleted. Fixed.
MM-9466 Rendering of complex HTML email bodies in the message view is improved.
MM-9473 The Management Console did not show all items in Archive folders if the retention was set to never expire. Fixed.
MM-9477 On the Management Console Edit User page, unnecessary radio button controls are removed.
MM-9502 CRL lookups results are cached in memory for up to an hour to reduce load caused by extremely large CRLs.
MM-9511 References to "black" lists and "white" lists have been changed to "block" and "allow".
MM-9532 The Engine service experienced excessive memory usage and file handle usage in some circumstances. Fixed.
MM-9539 In earlier 10.0 releases, CSS stylesheets displayed as text in the message view. Fixed.
MM-9540 In earlier 10.0 releases, HTML bodies of attached messages were not correctly rendered. Fixed.
MM-9542 SQL performance when purging DMARC data is improved.
MM-9546 The Receiver service no longer uses ANY queries when querying DNS based Reputation Services.
MM-9553 In the Management Console folder view, refreshing the list of dated folders updates the folder tree and retrieves any new folders.
MM-9554 A button to commit configuration on demand (even if no changes are pending) has been added to the Management Console under System Configuration > Array >General.
MM-9555 In the Management Console message details tab, the item size was not displayed. Fixed.
MM-9556 In the Management Console folder view, day folder dates in left and right panes could differ. Fixed.
MM-9559 In earlier 10.0 releases, the Array Statistics API call returned no data. Fixed.
MM-9561 After deleting a message in Folders or Message History, the view was not refreshed and browsers could report errors. Fixed.
MM-9599 The installer check for WebDAV could fail due to missing prerequisite DLLs. Fixed.
MM-9602 The Reporting settings page incorrectly required the MRC URL field to be completed. Fixed.
MM-9609 The installer provides provides better information about how to resolve installation issues.
MM-9612 Config Service database connection with Windows credentials enforced "log on locally" permission to the Array Manager but this was not needed. Fixed.
MM-9616 The Receiver service no longer uses ANY queries when querying the Marshal Reputation Service.
MM-9617 The Receiver service no longer uses ANY queries when querying DNS based block lists.
MM-9618 The Syslog service continued to retry sending and made excessive requests to the database when the target Syslog server refused connections. Fixed.
MM-9619 Usergroup pruning settings were not saved in the configuration backup. Fixed.
MM-9621 DMARC Reporting activity could consume excessive database connections. This issue has been addressed with changes to the connection logic.
MM-9622 The Management Console provides better information when a user cannot be logged on due to system error.
MM-9627 The message stamp and template editor used LF instead of CRLF for line endings. Email with this format is rejected by some servers. Fixed.
MM-9630 Addresses could not be added to user groups when duplicate group names existed in the list (for example, from multiple Connectors). Fixed.
MM-9636 Fields to select the single recipient address and "subscribed by default" were missing from the Management Console Digest configuration page. Fixed.
MM-9643 Certain plain text strings in message subjects were mis-interpreted as UTF-7 encoded in the Console display. Fixed.
MM-9644 Retrieval of Group information by the Management Console has been optimized.
MM-9658 The Management Console uses an updated version of the site framework.
  • Large lists such as email folder lists load more quickly.
  • List scrolling behavior on small windows and low resolutions is corrected.
  • Many small enhancements and minor fixes to functionality are included.
MM-9667 Management Console list columns with numeric data were sorted as text. Fixed: these columns are now sorted numerically.
MM-9672 Failed DNS lookups for A records would not be retried for 24 hours. Fixed: Lookups that fail for transient reasons can be retried after 1 minute.
MM-9675 The Receiver service no longer uses ANY queries when querying the Marshal IP Reputation Service.
MM-9702 When lists in the Management Console were filtered, action buttons could apply to the wrong item. Fixed.
MM-9737 Connection Policy groups could not be disabled. Fixed.
MM-9739 Management Console error messages related to deleting or disabling rules and groups are improved.
MM-9757 The release of TLS/SSL libraries included with the product has been updated.
MM-9779 Import of configuration could fail if it included rules created in some earlier versions that allowed duplicate GUIDs. Fixed.
MM-9782 The version of .NET Core installed is updated to the latest 3.1 (long term support) release.

10.0.1 (November 3, 2020)

MM-3361 Paged views of folders and history in the Console could miss items at the page boundary if they were received within the same second. Fixed.
MM-6288 Outgoing DMARC Report emails are now DKIM signed if DKIM is available for the domain.
MM-7029 The installer checks that requested website ports are available.
MM-7189 Management Console validation of rule user matching is improved (semi-colons are not allowed in email addresses).
MM-7194 Installation requires .NET 3.5 to be pre-installed (automatic installation in-line is not possible in supported Windows versions).
MM-7205 Entering a new license key requires commit of configuration, but the commit button was not enabled in this case. Fixed.
MM-7271 Un-installation now removes the Management Console and Config Service websites from IIS.
MM-7357 If configuration commit requires service restarts, the console user is notified. This notification was present in 8.X but was not available in 10.0.0.
MM-7411 Attempting to view a Message History record (with no message body information) could return an error in the Mail History view of the Console. Fixed.
MM-7534 Maintenance expiry is show on the license details page.
MM-7598 Version information ("About") is available in the Profile section of the Management Console.
MM-8477 When services restart, the Receiver service is started first to improve responsiveness where the Engine loads a large configuration.
MM-8632 DMARC results reported by MailMarshal for local domains were not sent to an external RUA. Fixed.
MM-8733 For MailMarshal Service Provider Edition installations, additional checking of the Customer ID is performed when a user attempts to view a message.
MM-8871 Logging could show an incorrect rule name for a Pass to Rule action if the action had been edited. Processing was not affected. Fixed.
MM-8875 If a MailMarshal 8.2 database is selected for use, User Group and Connectors information is checked. Groups must match the groups available in MailMarshal 10. If the groups do not match, the database will not be accepted.
MM-8876 When a new MailMarshal database is created in the server tool, user groups are populated from the Configuration Service database.
MM-8938 For MailMarshal Service Provider Edition installations, Receiver SPF checking for local addresses could cause some notification messages to fail. Fixed.
MM-8955 Status of manual configuration restore is better presented in the Management Console.
MM-8974 Upgrade is blocked if an invalid "pass to rule" action is found in the previous version configuration.
MM-8982 Scheduled automatic backups were run at the time entered even if the "back up at" option was not selected. Fixed.
MM-8993 Filtering in Message History and Folders views was not effective. Fixed. Note that filtering only affects the currently displayed page. To search over all messages use the message search.
MM-9027 Setting of the physical path for each folder is supported.
MM-9028 A "task was cancelled" message displayed if a manual check for updates took a long time. Fixed.
MM-9033 Management Console logs are deleted after 30 days by default.
MM-9042 For new installations or upgrades from 8.2, the Management Console SSL certificate matches the local server name.
MM-9043 In release 10.0.0, the Folders view of email did not open in certain timezones at certain times of day. Fixed.
MM-9044 In release 10.0.0, SQL Server 2017 or 2019 was not detected as a permitted version. Fixed.
MM-9093 The release of TLS/SSL libraries included with the product has been updated.
MM-9094 In release 10.0.0, rule user matching did not display the user list for editing when more than one individual user entry was present. Fixed.
MM-9122 In release 10.0.0, creating a user group with wide characters in the name or description returned an error. The group was created but the name was not correctly displayed. Fixed.
MM-9123 In release 10.0.0, the calendar control display in Mail History Search showed incorrect weekdays for dates. Fixed.
MM-9127 In release 10.0.0, some entries in Advanced Settings were incorrectly treated as case sensitive, and services could stop as a result. Fixed.
MM-9129 TLS version limits can now be set in Advanced Settings. For details see Trustwave Knowledgebase article Q21147. Upgrade now imports the settings made in Registry in version 8.X.
MM-9131 The version of .NET Core installed is updated to the current 3.1 (long term support) release.
MM-9132 Upgrade prerequisite checks could fail due to case sensitive checking of AD connector prefixes. Fixed.
MM-9136 An additional SQL table index is added for User Groups to enhance Array Manager performance.
MM-9146 Upgrade from 8.X could not proceed if the System account was the Operational User of the MailMarshal database and the logged on user did not have database access. Fixed.
MM-9147 Editing an IP group did not correctly populate the form and the group could not be updated. Fixed.
MM-9149 The installer checks availability of website ports.
MM-9156 To enhance performance on very busy systems, the maximum values for sender threads configurable in the user interface have been increased and the sender check for processed messages is more frequent.
MM-9181 In release 10.0.0, upgrade or import of connectors did not handle names or descriptions that included certain extended characters. Fixed: German and Nordic characters are supported.
MM-9189 In release 10.0.0, the last user group in the list in the Console could not be opened by double-clicking. Fixed.
MM-9200 In release 10.0.0, the display of the message component tree in the Console was incorrect for identically named children of different attachments. Fixed.
MM-9218 Rejected message records in the database did not correctly translate IPv4 addresses stored in the IPv6 column. Fixed.
MM-9221 In release 10.0.0, upgrade could un-populate membership of connector based groups. Fixed.
MM-9222 The database record for a message could show an incorrect subject where multiple messages were received on the same connection. Fixed.
MM-9249 In release 10.0.0, high ASCII characters in subjects and filenames did not display correctly in the Console. Fixed.
MM-9255 After upgrade to 10.0.0 on a single server system, virus scanner updates could fail because a copy of an old license key was not removed. Fixed.
MM-9261 In release 10.0.0, files named with certain characters could not be viewed or downloaded in the Console. Fixed.
MM-9264 The listing of Top Level Domains included in the installation is updated (used by Blended Threat rewriting, DMARC, and SpamSURBL functions).
MM-9306 The SpamProfiler cartridge (executable) included in the release has been updated.
MM-9326 On upgrade to release 10.0.0, configuration import failed if disabled rules referenced non-existent user groups. Fixed: the offending disabled rules will not be imported.
MM-9347 Deleted Management Console users can be undeleted on the Authorized Users page.
MM-9397 Connector refresh times were not correctly set on restart of the Array Manager (UTC offset not applied). Delay to the next refresh could result. Fixed.
MM-9430 The version of the PDF unpacker that is included in the installation has been updated.

10.0.0 (April 14, 2020)

MM-4077 Certificate Revocation List retrieval is improved: retrieval stops after the first successful download and information about failed sources is cached.
MM-5741 In SpamCensor attachment checking, search limits now allow ranges. Details are available in the Advanced Anti-spam document.
MM-6645 Category script evaluation was not performed on a RTF email body contained in "winmail.dat". Fixed.
MM-6685 In Category Scripts, TextCensor rules with a score of zero (used in combinations of rules) did not trigger. Fixed.
MM-6697 Specific complex email address local parts could cause the Receiver to stop. Fixed.
MM-6797 The Header Rewrite action "insert if missing" replaced an existing header value. Fixed: the action does not change an existing header.
MM-6847 Elliptic Curves "X25519" and "X448" are supported for key exchange. "secp256k1" is no longer supported because it cannot be used with TLSv1.3. At least one Elliptic Curve will always be selected in the Configurator. "X25519" is the default choice.
MM-6853 DMARC evaluation did not correctly check domain alignment of the DKIM or SPF pass. Fixed.
MM-6900 The REST API did not handle large volumes of concurrent requests. Fixed.
MM-7209 In version 8.2.3 and 8.2.4, the "last seen" date for user group entries was not updated as expected. Fixed.
MM-7280 In version 8.2.2 through 8.2.4, DMARC validation failed when SPF was validated but an invalid DKIM key was retrieved. Fixed.
MM-8439 The Category Script "filter by types" selection has been removed from the user interface.
MM-8919 DMARC report generation deleted unrelated configuration files from the Unpacking\Temp subfolder. In some cases the Engine service stopped as a result. Also, invalid DMARC report messages were never deleted. Both issues fixed.
MM-8921 Expired day folders within the DMARC Reports folder were never deleted. Fixed.

8.2.6 (December 22, 2020)

MM-6770 SEG supports verification of DKIM signatures signed with Ed25519-SHA256 (RFC-8463).
MM-8477 When services restart, the Receiver service is started first to improve responsiveness where the Engine loads a large configuration.
MM-8698 Some URL validation issues were not covered by the fix in MM-7191 (release 8.2.4). Fixed.
MM-8733 For SEG Service Provider Edition installations, additional checking of the Customer ID is performed when a user attempts to view a message.
MM-8757 In version 8.2.2 and above, DMARC validation failed when SPF was validated but an invalid DKIM key was retrieved. Fixed.
MM-8781 The cloud archiving service could stop delivering messages to the archive (messages were queued at the SEG server). Fixed.
MM-8823 When AD Authentication is used in the Receiver, the sender address can be validated against the user's email addresses retrieved from AD.
MM-8902 For SEG Service Provider Edition installations, the domain part of Reputation Service results is not shown in logs so that paid domain keys are not visible.
MM-8910 DMARC report generation deleted unrelated configuration files from the Unpacking\Temp subfolder. In some cases the Engine service stopped as a result. Also, invalid DMARC report messages were never deleted. Both issues fixed.
MM-8917 Expired day folders within the DMARC Reports folder were never deleted. Fixed.
MM-8938 For SEG Service Provider Edition installations, Receiver SPF checking for local addresses could cause some notification messages to fail. Fixed.
MM-8942 In version 8.2.3 and above, the "last seen" date for user group entries was not updated as expected. Fixed.
MM-9089 For SEG Service Provider Edition installations, DMARC can be evaluated even if the destination customer has not enabled DMARC.
MM-9102 The database record for a message could show an incorrect subject where multiple messages were received on the same connection. Fixed.
MM-9139 The TLS/SSL library used by SEG has been updated.
MM-9142 Removing child IP groups caused the Array Manager to stop. Fixed.
MM-9156 To enhance performance on very busy systems, the maximum values for sender threads configurable in the user interface have been increased and the sender check for processed messages is more frequent.
MM-9209 DMARC Reporting activity could consume excessive database connections. This issue has been addressed with changes to the connection logic.
MM-9218 Rejected message records in the database did not correctly translate IPv4 addresses stored in the IPv6 column. Fixed.
MM-9246 The REST API could not retrieve mail component files with specific characters in the file name. Fixed: the API call has been updated to use the POST method.
MM-9262 In SURBL category lookups, the domain part of Reputation Service results can be hidden in logs so that paid domain keys are not visible.
MM-9435 CRL lookups results are cached in memory for up to an hour to reduce load caused by extremely large CRLs.
MM-9449 The Syslog service continued to retry sending and made excessive requests to the database when the target Syslog server refused connections. Fixed.
MM-9456 If the directory referenced by the Cloud Archiving service was not present, messages for archiving were deadlettered. Fixed: the directory is re-created if necessary.
MM-9510 The Engine service experienced excessive memory usage and file handle usage in some circumstances. Fixed.
MM-9534 Usergroup pruning settings were not saved in the configuration backup. Fixed.
MM-9544 The Receiver service no longer uses ANY queries when querying DNS based block lists.
MM-9547 The Receiver service no longer uses ANY queries when querying the Marshal Reputation Service.
MM-9573 For SEG Service Provider Edition installations, temporary files for messages that were split based on recipients were not deleted in some cases. Fixed.
MM-9567 The Syslog service could stop due to a race condition when invoked from multiple threads. Fixed.
MM-9569 User group pruning did not delete entries containing upper case letters. Fixed.

8.2.4 (October 31, 2019)

MM-6570 For MailMarshal Service Provider Edition installations, email between customers on the same system retains the external sender IP for policy evaluation.
MM-6764 For MailMarshal Service Provider Edition installations, client authentication did not override relay table checking. Fixed.
MM-6848 MMReleaseMessage checking of recipient addresses was case sensitive. Fixed.
MM-7124 For MailMarshal Service Provider Edition installations, visibility of messages in the SQM did not match the retention period for the containing folder. Fixed.
MM-7139 MailMarshal attempts to load a header rewrite map file from additional locations including the installation, Config and NodeConfig folders.
MM-7147 DMARC evaluation did not correctly check domain alignment of the DKIM result. Fixed.
MM-7176 The default retention period for service logs is increased to 14 days.
MM-7191 Reputation Services could return a TEMPFAIL for an indefinite time due to submission of URLs with a trailing . character. Fixed: the URLs are truncated correctly before submission.
MM-7254 In 8.1 and 8.2 releases, the User Filter function of the Console Recycle Bin returned an error. Fixed.
MM-7291 The DKIM signature header is added above existing headers (previously was at the end of headers).
MM-7297 Moving of temporary files during Receiver processing could fail. Fixed: moving is retried for a limited time.
MM-7298 Notification message names are logged to the Engine text log, for events such as dead letters.
MM-7317 DKIM header signing now only includes the headers recommended in the DKIM RFC.
MM-7603 The SpamProfiler "bulk" response attribute is captured for further processing.

8.2.3 (July 2, 2019)

MM-6447 In version 8.1 and above, the SQM Mail Search in "all folders" returned no results. Fixed.
MM-6759 The Engine stopped when the Executive Names list contained Unicode characters. Fixed.
MM-6790 For MailMarshal Service Provider Edition installations, messages were incorrectly marked as having an external sender in specific cases. Fixed.
MM-6835 The Trustwave Email Archiving rule action could queue messages for archiving when the feature was not configured or the license was expired. Fixed.
MM-6849 The JSON structure returned from the API quarantine folders call has been improved.
MM-6850 The Engine now continues to run when incorrect Azure Information Protection credentials are provided. Affected messages will be deadlettered.
MM-6852 Azure Information Protection is added to the REST API.
MM-6856 ACE archive unpacking executables are removed from the product on install and upgrade.
MM-6865 Azure SQL Managed Instances are detected for feature support.
MM-6876 For MailMarshal Service Provider Edition installations, caching of AIP RMS credentials is improved.
MM-6878 For MailMarshal Service Provider Edition installations, per-customer use of AIP RMS credentials is enabled.
MM-6892 Adding users to groups in the database could cause delays for email logging. Fixed.
MM-6904 Unpack exceptions did not log the file name. Fixed.
MM-6909 In earlier 8.2 releases, HTML message stamps configured for the bottom of a message were placed at the top of certain poorly formatted messages. Fixed.
MM-6917 Insertion of Receiver logs to the database could be slow, resulting in deadlocks. Fixed.
MM-6919 Insertion of Receiver logs to the database could be slow, resulting in deadlocks. Fixed.
MM-6924 For MailMarshal Service Provider Edition installations, the Customer ID is included with Syslog Quarantine Audit records.
MM-6925 Database log processing could be slow on installations with very large user groups while the "last seen" data was updated. Fixed.
MM-6938 Certain header field variable additions included an extra carriage return character. Fixed.
MM-6973 Syslog service reloading has been updated to work with MailMarshal Service Provider Edition installations.
MM-6982 On upgrade to previous versions, some new SQL table indexes were not created. Fixed.
MM-6986 Additional indexes are created on SQL DMARC tables.
MM-6990 The Receiver could stop unexpectedly when processing a malformed DMARC record. Fixed.
MM-6991 The "do not NDR" rule action was not applied to BCC copies of the original message. Fixed.
MM-6999 The Routing Table format has been modified to support MailMarshal Service Provider Edition scenarios.
MM-7007 Checking of receiver "time behind" and engine throttling is improved.
MM-7065 Array Manager file operations could fail due to the DMARC report generator not releasing some files when an exception occurred. Fixed.

8.2.2 (February 14, 2019)

MM-6700 Some installations affected by the issue fixed in MM-4324 required a manual update to stored procedures after every upgrade. Fixed.
MM-6763 When Syslog processing was enabled, the Array Manager could stop unexpectedly. Fixed.
MM-6771 In earlier 8.2 releases, folded Subject lines were not correctly populated by the Receiver. Fixed.
MM-6772 In earlier 8.2 releases, DKIM signing and verification did not correctly handle folded headers. Fixed.
MM-6783 In version 8.1 and above, the repacking flags for external commands were incorrectly set. Fixed.
MM-6785 Syslog processing caused the Array Manager to stop with certain system date formats. Fixed.
MM-6787 The Array Manager log now includes more details of DBLog file processing.
MM-6788 The default settings for update of the "last seen" value (user group pruning) have been adjusted to improve database performance on large sites.
MM-6789 In some cases the Engine did not deadletter a message when an exception occurred in unpacking. Fixed.
MM-6795 In version 8.1 and above, slow processing of rule profiling data at the Array Manager could cause DBLog files to be queued at the processing servers. Fixed.
MM-6799 Rule profiler usage statistics were incorrect when a rule was copied. Fixed.
MM-6802 Routing table entries containing high ASCII characters such as umlaut characters could not be edited in the Configurator. Fixed.
MM-6804 Gathering of Product Improvement Program (telemetry) data caused services to fail when the SQL server was unavailable. Fixed.
MM-6807 The SpamProfiler cartridge (executable) included in the release has been updated.

8.2.1 (December 14, 2018)

MM-6731 Messages deadlettered due to rejection by the Archiver server were incorrectly classified as "deadletter - routing". Fixed: these messages are classified as "deadletter - archiving"
MM-6736 The Receiver incorrectly skipped DKIM/DMARC evaluation for inbound messages. Fixed.

8.2.0 (December 6, 2018)

MM-1717 SpamCensor and SpamProfiler results are added to message headers for easier analysis.
MM-4324 Merging a configuration allowed duplicate classification codes. Fixed: Classifications are made unique when merging. Upgrade to 8.2 or above resolves existing duplicates.
MM-4842 IP allow list updates are improved to ensure that pruned addresses are not restored by an update.
MM-5007 DKIM keys can now be included in the configuration backup.
MM-5125 Message subjects written to the database by the Receiver and Sender now support wide characters.
MM-5132 For MailMarshal Service Provider Edition installations, the Customer Name is available in Templates and Digests with the variable {CustomerName}.
MM-5554 Global TLD information consumed by all feature is retrieved from a file that can be updated through the product update service. An updated file is also included in this release.
MM-5634 When a message is temporarily undeliverable, the failure reason or code is logged to the message table.
MM-5635 A new rule action provides the ability to insert text at the beginning of a message subject.
MM-5740 SpamCensor attachment evaluation now allows multiple entries in the FileType parameter.
MM-5776 The version of the charting software included in the installation has been updated.
MM-5895 The DMARC DNS record check from the Configurator now uses Google DNS or a DNS server set with a registry key.
MM-6251 The DKIM library included is updated.
MM-6277 A new rule action allows MailMarshal to not return an NDR when onward message delivery is refused. This action is logged.
MM-6290 The Sender service could stop unexpectedly in rare cases due to routing issues. Fixed.
MM-6314 The DMARC library included is updated.
MM-6316 Badly formatted DMARC reports were never deleted from folders. Fixed.
MM-6339 The version of the Yara Analysis Engine included is updated.
MM-6341 For MailMarshal Service Provider Edition installations, messages are rejected by default if the SPE Customer ID cannot be determined.
MM-6369 The Configurator now allows selection of more than one Elliptic Curve for key exchange.
MM-6399 Shutdown of the SpamProfiler service has been improved.
MM-6408 The included default database provider driver is MSOLEDBSQL (supporting TLS v1.2 secured connections).
MM-6435 The web access component included with the product is updated.
MM-6449 Image Analyzer has been updated to version 7.
MM-6450 Subfolders of the Config folder are now included in the configuration commit from Array Manager to processing servers.
MM-6501 For outbound messages, SPF, DKIM, and DMARC evaluation is now only performed if explicitly required by rules. Internal servers sending through MailMarshal are not expected to have entries that allow DMARC validation. The previous behavior (evaluating all messages) can be set if required.
MM-6522 Message stamping uses in-memory files to improve performance.
MM-6567 The DMARC Report Import service now only runs if required by configuration settings.
MM-6572 Releasing of messages to multiple recipients by the Controller service is more efficient.
MM-6585 SQM now correctly displays Unicode characters in message subjects.
MM-6586 In earlier versions, encoding tags in the subject line (such as UTF-8) could be ignored if presented in uppercase. Fixed.
MM-6590 The Server Tool now allows explicit configuration of separate Server, Database, and Operational User for the Syslog database.
MM-6567 The DMARC Report Import service runs only when DMARC is enabled for a local domain.
MM-6601 DKIM key generation now allows selection of the key length (1024, 2048, or 4096).
MM-6602 Message stamps now allow CSS STYLE tags to be defined and merged into the styles for the stamped message.
MM-6603 DMARC policy processing now honors the optional "PCT" value.
MM-6608 For MailMarshal Service Provider Edition installations, DMARC settings were not correctly applied for each customer. Fixed.
MM-6609 DMARC validation of incoming DMARC reports has been updated to be independent of other rules.
MM-6611 SpamProfiler holds some suspect messages briefly for rescanning to improve accuracy.
MM-6618 Enabling Syslog in the Configurator no longer checks for a Syslog database. This change allows configuration of the service when the Windows user does not have permission to connect to the database.
MM-6629 Named Expressions in TextCensor scripts could not be edited. Fixed.
MM-6632 MailMarshal now collects anonymized summary system data for the MailMarshal Product Improvement Program by default. For details, see Trustwave Knowledge Base article Q21064.
MM-6643 Message data submitted for SpamProfiler for evaluation is limited in size for performance reasons.
MM-6649 The timestamp of Syslog records was converted to Array Manger local time instead of UTC. Fixed.
MM-6651 When editing or creating a TextCensor script, the presence of named expressions was not correctly checked. Fixed.
MM-6660 The TextCensor DLL included with the installation has been updated.
MM-6692 DMARC tables are indexed for performance improvement.
MM-6695 The Block Malware - Outbreak Detection rules are removed. These rules depend on a sub-category in SpamProfiler that is not currently implemented.

To review Release History prior to version 8.2, please see the Release Notes for the specific versions.

Legal Notice

Copyright © 2022 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

The authors make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.