(Previously known as MailMarshal SEG)
Last Revision:
September 09, 2015
These notes are additional to the SEG User Guide and supersede information supplied in that Guide.
The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q16693.
New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History
For more information about additional minor features and bug fixes, see the release history.
%PDF
do not comply with the PDF standard. These
files are now recognized separately.Note: Version 7.0 was released only for use by MailMarshal SPE customers. The features listed below are available to MailMarshal SEG customers from version 7.1.
The following system requirements are the minimum levels required for a typical installation of the Trustwave SEG Array Manager and selected database.
Category | Requirements |
---|---|
Processor | Pentium 4 |
Disk Space | 10GB (NTFS), and additional space to support email archiving |
Memory | 3GB (2GB available to SEG plus 1GB for operating system). Allow an additional 1GB if SQL Express is installed locally. |
Supported Operating System |
|
Network Access |
|
Software |
|
Port Access |
Note: Additional ports are
required by the Nodes for email and
updates.
|
Please review the SEG User Guide before upgrading.
Trustwave SEG 7.3.5 supports a direct upgrade from MailMarshal SMTP 6.9.5 and later versions. This is a change from 7.3.0 and earlier.
If your installed version does not support direct upgrade, you can upgrade in steps. In this case, you should also consider performing a clean installation instead of an upgrade.
You can access a supported SQL Express version from the Prerequisites tab of the SEG installation package. The "With SQL Express" version of the package also allows you to install SQL Express during the main SEG installation.
To upgrade a single SEG server from MailMarshal version 6.7 or above, install the new version over your existing version. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.
After upgrading the Array Manager you can upgrade the processing servers through the Configurator, with no need to log on to the processing servers. For more information, see the Upgrading section in the User Guide.
To upgrade from a version prior to 6.9.5, first upgrade to version 6.9.5. Full details about upgrading to version 6.9.5 from older versions can be found in the documentation for the target version, and in Trustwave Knowledge Base articles Q11025, Q11026, and Q11027.
Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q16693.
SEG can be installed in a variety of scenarios. For full information on uninstalling SEG from a production environment, see the Trustwave SEG User Guide.
To uninstall a trial installation on a single computer:
The following additional items have been changed or updated in the specific build versions of Trustwave SEG (previously MailMarshal) listed.
Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q16693.
MM-5141 | The Engine and Array Manager are now able to access up to 4GB of memory on a 64 bit system. Larger rulesets can be loaded without issues and performance enhancement is expected. |
MM-5143 | The version of Libtet (PDF unpacking) that is included in the installation has been updated to 4.4.0.8 |
MM-5144 | URL rewriting for BTM incorrectly treated some inline CSS declarations as URLs. Fixed. |
MM-5145 | Deletion of unpacked files with certain filenames could fail. Addressed by re-trying the deletion with no string parsing of the file name. |
MM-3499 | Configuration import could fail due to incorrect case-sensitive comparison of user group members. Fixed. |
MM-3509 | Active Directory authentication for SQM failed for users with a text name containing [ ] characters. Fixed. |
MM-4709 | TLS can now be configured with specific lists of cipher suites, overriding the generic selections. For details of this advanced option, contact Trustwave Support. |
MM-4823 | A problem with group synchronization in the Controller could cause the Receiver to stop processing messages. Fixed. |
MM-4837 | Clean installations no longer install MSXML4. |
MM-4857 | The Receiver now supports ECDHE key exchange for PFS (TLS "Perfect Forward Secrecy"). |
MM-4862 | Some utility files such as TextCensor2 DLLs might not be correctly updated on upgrade. Fixed: upgrade checks file version numbers instead of creation dates. |
MM-4863 | Links enclosed in round brackets and rewritten by the Blended Threats function incorrectly included the trailing round bracket in the rewritten link. Fixed. |
MM-4864 | For SEG Service Provider Edition installations, relay source checking was not limited to specific customer domains. Fixed. |
MM-4866 | Cleanup of OpenSSL sessions has been improved. |
MM-4867 | Service executable paths were not quoted. Fixed. |
MM-4869 | Notification messages created by the Engine are now DKIM signed if required. |
MM-4872 | TLS now disables SSLv3 by default as per recent security best practice. |
MM-4873 | TLS cipher lists now exclude Anonymous, MD5, RC4, and IDEA ciphers as per recent security best practice. |
MM-4874 | Text logging includes better thread information. |
MM-4876 | The FileType DLL is now replaceable through the automatic update process. |
MM-4880 | The OpenSSL DLLs are now replaceable through the automatic update process. |
MM-4892 | UUEncoded streams in the message body could be altered by the Blended Threats function. Fixed. |
MM-4911 | DKIM signing failed in some cases for email with headers longer than 2048 bytes. Fixed. |
MM-4930 | The version of Libtet (PDF unpacking) that is included in the installation has been updated to 4.4.0.1. |
MM-4932 | By default "bare" CR or LF characters in messages are changed to CRLF. |
MM-4933 | For SEG Service Provider Edition installations, some earlier versions allowed an incorrect entry of a hostname as the "forward to IP." Fixed: On upgrade the configuration is corrected to use these entries as hostnames. |
MM-4935 | Additional indexing is performed on the Message table in the database to enhance performance. |
MM-4944 | For SEG Service Provider Edition installations, SpamProfiler could apply the wrong direction for scanning. Fixed. |
MM-4945 | The Controller log now records DNS query responses that took over 1 second. |
MM-4948 | DKIM signing and verification incorrectly ignored whitespace at the top of the message body in text-only messages. Fixed. |
MM-4951 | Slow DNS responses could cause the Receiver to stop accepting messages. Addressed with changes to the process that updates lists of anti-relay and blocked hosts. |
MM-4952 | The version of libcurl included with the product is updated to 7.41.0. |
MM-4960 | SpamProfiler "valid bulk" classifications were not triggered due to unexpected format in data returned by SpamProfiler. Fixed. |
MM-4965 | URLCensor could perform unnecessary checks for incorrect URLs. Fixed. |
MM-4968 | SpamProfiler uses the same criteria for "inbound" and "outbound" messages that are used for other processing. |
MM-4969 | Full information about TLS negotiation is saved in the local message envelope. |
MM-4979 | Logging of DoS, DHA, relay, and other Receiver block events to the Event Log can be suppressed. For more information, see Trustwave Knowledge Base articles Q20228. |
MM-4988 | SpamProfiler responses were slow if IPv6 was enabled on the server. Fixed. The processing nodes MUST have a loopback adapter listening on the default IPv4 loopback address 127.0.0.1. |
MM-4990 | SpamProfiler responses were slow due to settings applied to the HTTP connection with the local SpamProfiler process. Fixed. |
MM-5001 | For SEG Service Provider Edition installations, Customer ID was not correctly determined for some Out Of Office messages. Fixed. |
MM-5002 | Blended Threats rewriting of subject lines added a space to the line. Fixed. |
MM-5028 | The OpenSSL library that SEG uses has been updated to version 1.0.1m. |
MM-3597 | The last lines of the Receiver log were not captured into the message envelope as expected. Fixed. |
MM-4514 | Email notifications are sent to the SEG Administrator from the local server when maintenance is about to expire or has expired. |
MM-4591 | The file extension .cpl has been added to the default Suspect Attachments rules. |
MM-4628 | File components that do not trigger a rule condition now do not add a line in text logs by default. |
MM-4629 | Visual C++ 2013 redistributables are now included in the installation. |
MM-4674 | The "monitor only" installation option and policy group have been removed. |
MM-4706 | DNS results were truncated if they exceeded the UDP packet size (notably when a large number of PTR records existed). Fixed by enabling EDNS0 in the DNS resolver. |
MM-4710 | Unpacking of XML based Excel documents now gets text from additional tags. |
MM-4711 | Unpacking of XML based Office Documents uses a simpler and more efficient parser. |
MM-4723 | Extracted binary unknown files could cause the engine to stop in TextCensor2 analysis due to improper formatting of extracted filenames. Fixed. |
MM-4725 | Moving or inserting User Groups by drag and drop now prompts for confirmation by default. |
MM-4727 | Better support for decoding Quoted Printable strings is provided. |
MM-4729 | For SEG Service Provider Edition installations, group information is loaded more efficiently. |
MM-4731 | Deleting User Groups now prompts for confirmation by default (in addition to the check for groups used in policy). |
MM-4748 | The OpenSSL library that SEG uses has been updated to version 1.0.1i. |
MM-4753 | Calls to TextCensor2 did not correctly handle the case where the requested file could not be opened. Fixed. |
MM-4760 | The default theme of SQM has been updated to a Trustwave branded theme. |
MM-4764 | The Array Manager could encounter a database deadlock when manipulating folder records. Fixed. |
MM-4766 | If a message file was manually deleted from the queue, the sender service could become unresponsive. Fixed. |
MM-4767 | When releasing a message through a digest link, a text note about adding the sender to safe senders was displayed in error. Fixed. |
MM-4773 | Default values for suspicious compression and max header lines have been updated to reflect current email sizes. Additional unpacking space could be required. See Trustwave Knowledge Base articles Q10868 and Q11369. |
MM-4774 | Links with query parameters could be invalidated when processed by a Blended Threats rewriting rule. Fixed. |
MM-4781 | Utility DLL files used by TextCensor have been reverted to the version installed with SEG 7.2.2. |
MM-4786 | The product End User License Agreement has been updated. |
MM-4789 | The storage location for automatic configuration backups can be set. See Trustwave Knowledge Base article Q19556. |
MM-4795 | SMTP Authentication failed with some remote systems due to incorrectly encoded strings. Fixed. |
MM-4797 | TLS Certificate verification in Connection rules did not work when SMTP Authentication was enabled. Fixed. |
MM-4799 | When adding a new node to an array, the node controller service could fail on startup, due to a problem with IP whitelist retrieval. Fixed. |
MM-4821 | A record of the creation and last modification of rules and policies (by user and time) is now stored in the Registry. |
MM-4834 | Messages with malformed headers containing bare linefeeds could cause the Receiver to fail in some cases. Fixed. |
MM-4679 | In release 7.2.2, navigation and updating of the SQM (next/previous message) failed due to improper encoding of item keys. Fixed. |
MM-4681 | In earlier 7.2 releases, Engine memory usage could grow due to a problem in TextCensor2. Fixed. |
MM-4704 | In earlier releases, Engine memory usage could grow slightly when configuration was reloaded. Fixed. |
MM-4749 | The McAfee linking DLL (MsMcAfee.dll) that is included in the installation has been updated to version 1.3.4. This version improves engine restarting after a signature update. |
MM-4751 | The findmapsentry (RBL or reputation service check) option in the MMLookup tool did not return any results. Fixed. |
MM-4754 | Rewriting of URLs in the subject line for Blended Threat analysis can be disabled with a registry entry. See Trustwave Knowledge Base article Q19439. |
MM-4755 | The OpenSSL library that MailMarshal uses has been updated to version 1.0.0m. |
MM-4757 | For MailMarshal SPE installations, BTM rewriting could cause the Engine to stop if more than one instance of rewriting was running. Fixed. |
MM-4758 | SpamProfiler could initialize with an invalid license in specific circumstances. Fixed. |
MM-4759 | The version of Libtet (PDF unpacking) that is included in the installation has been updated to 4.3.0. |
MM-4761 | Evaluation of CRLs that use the Issuing Distribution Point extension caused the Receiver to fail. Fixed by the update to OpenSSL 1.0.0m. |
MM-3728 | The Console closed unexpectedly when a different folder was selected while viewing a message. Fixed. |
MM-3804 | For MailMarshal SPE installations, a message sent to both internal and external addresses was not correctly delivered to the external addresses in some cases. Fixed. |
MM-3810 | For MailMarshal SPE installations, an internal message sent to customers hosted on different arrays could be deadlettered. Fixed. |
MM-4352 | For MailMarshal SPE installations, messages are now delivered directly between customers hosted on the same node. |
MM-4540 | The Configurator Server information did not show the server operating system accurately. Fixed. |
MM-4543 | Additional entities are translated by the SpamChecker HTML to plain text extractor. |
MM-4556 | The upgrade installer will not proceed if the Array Manager executable cannot be replaced. |
MM-4559 | For MailMarshal SPE installations, the Marshal Agent and Marshal Interface Agent services are now stopped during upgrade installation. |
MM-4562 | Columns on the Configurator Servers page were incorrectly labeled. Fixed. |
MM-4563 | Inserting new fields with header rewrite did not correctly add required line breaks. Fixed. |
MM-4564 | The version of SQL Express included in installers has been updated to 2008 R2 SP2. |
MM-4567 | SpamCensorType functionality did not work with TextCensor 2 expressions in some cases. Fixed. |
MM-4568 | In the Console, searching for a partial message name could fail due to a missing parameter. Fixed. |
MM-4570 | Handling of unpacking problems is improved. |
MM-4572 | In earlier 7.2 releases, detailed logging of TextCensor criteria did not work as documented. Fixed: detailed logging with expression values is enabled by default. |
MM-4573 | The Array Manager stopped unexpectedly when a product maintenance web response was malformed. Fixed. |
MM-4574 | In earlier 7.2 versions, releasing a message from a digest link could require clicking twice. Fixed. |
MM-4579 | SMTP Authentication can now be validated against an Active Directory group. For details, see Trustwave Knowledge Base article Q16649. |
MM-4580 |
A new option RELEASETRUST for HTML Message Digests allows the user to release a
message and add the sender to Safe Senders. |
MM-4582 | The Statistic Data Purge procedure could cause high CPU usage due to SQL transaction locking. Fixed. |
MM-4587 | The File Type DLL included has been updated to version 7.10.1. |
MM-4593 | The SQM Blocked Mail page returned a "potentially dangerous request" error for some email addresses. Fixed. |
MM-4597 | The SpamProfiler cartridge has been updated to version 3052. |
MM-3577 | The "suspicious compression" feature could fail for certain values of file sizes. Fixed. |
MM-4546 | In earlier 7.2 releases, DNS queries could fail through some DNS servers due to the servers not responding correctly to the DNS "ANY" keyword. Fixed. |
MM-4549 | MailMarshal components could fail to open a message file (MML) due to delay in the Windows file system releasing the file from a previous operation. Fixed. |
MM-4550 | The unpacker DLL could be overwritten by an older version when restoring configuration. Fixed. |
MM-4555 | The Controller service could stop unexpectedly due to a memory issue with IPv6 DNS lookups. Fixed. |
MM-1342 | The Regular Expression engine (Boost) has been updated to version 1.4.2 in all areas of the product. Matching behavior is unchanged. |
MM-2265 | SpamCensor, SpamBotCensor, and Spam Category scores are available as variables for substitution. |
MM-2350 | Extraction of IP addresses from header lines could incorrectly include other strings in dotted format. This could result in false triggers on DNS Blacklists and country lookups. Fixed. |
MM-2984 | The SQM "latest blocked email" list (homepage) now includes the TO address. |
MM-3547 | The MMLViewer application now includes separate tabs for Connection, Content, and Delivery logs. |
MM-3562 | Unknown or blank Content Transfer Encoding strings are now handled more gracefully. For more details and available settings see Trustwave Knowledge Base article Q10166. |
MM-3576 | CSR and Private Key signing in the TLS wizard now uses stronger algorithms. Older deprecated algorithms are no longer available. |
MM-3579 | MailMarshal now passes tests for immunity to plaintext command injection in STARTTLS (CERT VU#555316) . Earlier releases were also immune through functionality not tested by commercial tests. |
MM-3596 | When unpacking fails, the detected type of file is logged in the Engine log. |
MM-3599 | Web components installation now enables IIS Static Content to ensure files such as stylesheets will be served. |
MM-3735 | Configuration can now be backed up automatically. By default configuration is backed up daily and backups are retained for a week. |
MM-3738 | Log messages relating to DBLog files (database logging from nodes) now include the file name for ease in debugging. |
MM-3871 | Small images are exempt from Image Analyzer processing. The default minimum size processed is 75x75 pixels. For details of how to adjust this value, see Trustwave Knowledge Base article Q14960. |
MM-3881 | When a message is received via TLS, the protocol version is recorded in the message envelope to enable further processing based on this value. |
MM-3892 | New Connection and Content Rule conditions are available to match the TLS protocol version used when receiving a message. |
MM-3914 | Sent History log files are compressed to save disk space. This change applies only to new files (upgrading does not compress existing files). |
MM-4014 | Running services from the command line with -debug did not log the verbose information seen in the command window to the text logs (for some services). Fixed. |
MM-4036 | Email viewed in the Console could be unpacked differently than during email processing, because custom file types were not applied in the Console unpacking. Fixed. |
MM-4058 | In some earlier versions the POP3 service would be started automatically at system restart even if not required, and could prevent configuration reload. Fixed. |
MM-4071 | Category script evaluation includes additional exception handling and logging. |
MM-4083 | Performing Manual Update of SpamCensor and other files did not set the correct reload or restart requests. Fixed. |
MM-4084 | In DOCX and PPTX files, edited or deleted text was not extracted correctly and was not correctly detected by TextCensor or Category Script regular expression matching. Fixed. |
MM-4112 | TLS Client Certificate checking for Common Name and Subject Alternative Name did not correctly handle wildcard certificates. Fixed. |
MM-4136 | The Credit Card category script and the associated default rule have been updated. See the upgrade notes above. |
MM-4141 | The MMLookup utility now accepts a parameter to clear the MailMarshal DNS cache (?clearcache) |
MM-4187 | For MailMarshal SPE installations, items with a null SMTP MAIL FROM are correctly processed. |
MM-4193 | Visual C runtime requirements have been consolidated or moved to newer versions. |
MM-4200 | Text was not correctly extracted from non-English Office 2003 documents. Fixed. |
MM-4209 | SPF checking could return an unexplained error after failing on a malformed record. Fixed: Items after an "all" terminator are discarded (a warning is logged). Additional details are logged. |
MM-4213 | Text was not correctly extracted from some complex Word documents containing Unicode text blocks of more than 1023 bytes. Fixed. |
MM-4232 | TextCensor can optionally log details of matched expressions to the Engine (Content Analysis) text log. See Trustwave Knowledge Base article Q15173. |
MM-4234 | The TextCensor matching engine can be updated automatically through the SpamCensor update function. |
MM-4236 | The Image Analyzer module has been updated to version 5.1. |
MM-4237 | Maintenance entitlement information is now retrieved through a web service and displayed in the Configurator and Console. |
MM-4283 | The SQM website could become unresponsive when handling messages with malformed "from" addresses. Fixed. |
MM-4291 | In version 7.1, domain-specific overrides for the {Administrator} and {ServerAddress} variables were not honored. Fixed. |
MM-4296 | The version of MSKaspersky.dll installed with MailMarshal was not the latest released version. Fixed. |
MM-4304 | Comparison of file names during configuration import was failing due to case sensitivity. Fixed. |
MM-4308 | In some 7.1 releases, Blended Threats provisioning was not storing retrieved credentials. Fixed. |
MM-4311 | Some duplicate expressions have been removed from TextCensor scripts. |
MM-4313 | Installation or upgrade now installs .NET Framework 3.5 SP1 as necessary. |
MM-4314 | The MailMarshal Support tool is now included in product installation. |
MM-4323 | Automatic message release could fail in some cases due to a corrupted release code caused by certain webmail clients and browsers. Fixed. |
MM-4341 | The version of MSKaspersky.dll included with the product is updated to 1.0.2. |
MM-4347 | SQM sessions with forms authentication did not expire after the configured period. Fixed. |
MM-4351 | A new option on the External Command Rule Action allows you to request repacking of a message (so that any changes made by the command will be included in the delivered message). |
MM-4353 | In version 7.1, calculation of the oldest message date could cause the array manager to stop. Fixed. |
MM-4354 | When upgrading to version 7.1, the prior version database log files with Blended Threats properties were not correctly processed (property id 3 does not exist). Fixed. |
MM-4358 | An obsolete column used by the old BTM functions was removed from the SQL database. |
MM-4363 | Blended Threats provisioning did not work correctly through certain proxies. Fixed. |
MM-4364 | Unpacking of PDF documents now times out after 4 minutes by default. The timeout can be adjusted using a Registry setting. See Knowledge Base article Q15160. |
MM-4365 | Security for the storage of passwords in SQM is enhanced. |
MM-4366 | A SQM page was vulnerable to arbitrary redirection. Fixed. |
MM-4367 | SQM did not clear session identifiers on logout. Fixed. |
MM-4368 | Blended Threats license provisioning is now checked immediately when a new license key is entered. |
MM-4374 | The Sync Tool creates a dump file if it encounters an unhandled exception. |
MM-4375 | The Sync Tool did not gracefully handle non-MML files in the quarantine folders. Fixed. |
MM-4376 | Server ID numbers are shown for each server in the lists in Configurator and Console. |
MM-4377 | Options for the command line ESET NOD32 virus scanner now match the syntax for NOD32 version 4. Note that if you have an earlier version of NOD32 you must upgrade NOD32 (strongly recommended) or manually reconfigure the settings. |
MM-4383 | Installation of SQM did not properly detect and use a pre-existing installation of .NET 4.5. Fixed. |
MM-4394 | Entry and validation of Blocked Hosts now supports network ranges in CIDR notation. |
MM-4397 | Certificate Signing Requests created by the TLS certificate wizard contained the local hostname or FQDN in the SAN field if no other SAN entries were specified. Fixed. |
MM-4414 | Database partitioning issues could cause the Array manager to be unable to start. Fixed. Note that this issue affects only SQL Server Enterprise installations. |
MM-4423 | Retrieval of CRLs used by the TLS functions now times out more quickly. Timeouts can be configured with Registry entries; see Knowledge Base article Q15590. |
MM-4449 | iCalendar message parts (MIME type text/calendar) were not correctly recognized and unpacked. Fixed. |
MM-4452 | TLS CRL retrieval attempted to retrieve CRLs from unsupported locations. Fixed: only HTTP and HTTPS locations are checked. |
MM-4458 | Logging of valid PTR checks has been enhanced. |
MM-4462 | When a configuration was imported from an installation with a different directory location, SpamCensor updates could retain entries for two sets of files. Fixed. |
MM-4465 | Sender IP address match ranges entered in previous versions could have invalid netmask entries. On upgrade these ranges will not be imported. IP ranges are now entered in CIDR notation. |
MM-4485 | Web Components installation did not correctly detect the presence of ASP.NET 4.5. Fixed. |
MM-4501 | If a TLS client certificates was expired or not yet valid, attempting to retrieve the CRL could cause the Receiver to fail. Fixed. |
MM-4502 | The date of expiration of the product maintenance contract is now displayed in the Console and Configurator. |
MM-4518 | The Social Security Number category script and the associated default rule have been updated. See the upgrade notes above. |
MM-4277 | In earlier 7.1 releases, BTM Provisioning caused an automatic commit of configuration every 24 hours. Fixed: configuration is only committed when required. |
MM-2988 | The Sophos for Marshal (MSSophos.dll) version included with MailMarshal has been updated to 1.3.4.0. This version improves the behavior when updating the Sophos Engine under load. |
MM-4252 | Utilities that retrieve content using HTTPS did not properly release memory. Fixed. |
MM-4255 | The SecureTrust and Secure Global CA certificates are now installed to the Windows certificate store by the MailMarshal installation. These root certificates are used by Trustwave-issued SSL certificates and are not part of the default certificate set in some Windows releases. |
MM-4259 | The Blended Threats provisioning process did not correctly encode high order characters before submitting via HTTP. HTTP error 400 could be returned in some cases. Fixed. |
MM-4265 | The Blended Threats provisioning process did not succeed on servers with XSD validation enabled (the default setting for Windows 2003). Fixed. |
MM-1256 | In earlier versions, restarting the Array Manager Service or the Array Manager server forced a restart of services and full refresh of configuration on all nodes. This behavior no longer applies. You can force a restart and refresh by clicking Force Configuration Reload on the Configurator Tools menu. |
MM-1449 | The minimum period for retention in Archive and Sent History folders is now 1 day. The default is now 7 days. |
MM-2792 | For MailMarshal SPE installations, the SSMURL setting (base URL of SQM) can be set for each customer. |
MM-2899 | SPF thresholds can be altered, if necessary, by setting Registry values. For details, see Trustwave Knowledge Base article Q14723. |
MM-3139 | A new Content Analysis Rule Condition is available to check whether or not a message was received over a SMTP Authenticated connection. |
MM-3466 | Some Excel 2007 (XLSX) files could take an hour or more to unpack due to inefficient XML parsing. Fixed. |
MM-3583 | In version 6.9 and above, sender logs were not available in the Console for "temporarily undeliverable" messages. Fixed. |
MM-3760 | In rare cases, a TEXT file could have been incorrectly identified as COM due to a buffer size issue. Fixed. |
MM-3796 | In versions 6.7 and above, SpamProfiler user group exclusions were not correctly applied at the receiver if the group was not used in another rule, and the User Group selected could be deleted even though it was used in policy. Fixed. |
MM-3845 | Client TLS certificates are supported for Inbound TLS. |
MM-3901 | The optional notification emails for automatic updates (SpamCensor updates) are now generated for failed updates as well as successful updates. |
MM-3924 | TLS negotiation could fail when using a chained certificate due to a problem with OpenSSL. Fixed by the change to OpenSSL1.0.0. |
MM-3927 | The stored procedure used to purge statistics data in version 6.9 was inefficient. Fixed. Note that on upgrade, irrelevant old records are purged and a SQL table is re-indexed. |
MM-3929 | In some earlier versions the SQM "maximum blocked mail displayed" setting was not correctly applied. Fixed. |
MM-3950 | In rare cases, a multi-part MIME message would not be properly unpacked due to a weakly formatted boundary line. Fixed. |
MM-3952 | Older archived messages might not be shown in the Console if the retention time setting was extended. Fixed. |
MM-3955 | In the TLS Certificate Wizard, the Key Length field could be edited to include inappropriate characters. Fixed. |
MM-3956 | Upgrading removes rule conditions and files used by the previous version of the Blended Threats Module. |
MM-3960 | In the TLS Certificate Wizard, when importing a signed certificate, the password text was not obscured. Fixed. |
MM-3961 | In version 7.0, service text logs showed false "invalid file" errors for deadletter folders. Fixed. |
MM-3962 | In version 7.0, some entries in the Controller text log did not display the names of dead letter folders. Fixed. |
MM-3963 | Logs now include information about the MailMarshal version at the beginning of processing for each service for each message. |
MM-3967 | In some earlier versions, the rule print output displayed some HTML tags in the text. Fixed. |
MM-3977 | The Engine rewrites URLs in messages bodies as required for the new BTM rule action, including obfuscated URLs. |
MM-4005 | In some cases where an attachment was an Office 2003 document containing an embedded Office 2007/2010 document, the message was deadlettered due to an unpacking problem. Fixed. |
MM-4013 | In version 6.9.5 and above, processing logs were not appended to the "report as spam/not spam" information. Fixed. |
MM-4015 | Global exclusions to BTM rewriting are remotely updated through the automatic update service (SpamCensor updates). |
MM-4018 | TextCensor scanning was applied to the top level of Office 2007 documents, resulting in false positives. Fixed: for these documents, TextCensor now applies only to extracted text. |
MM-4024 | For MailMarshal SPE installations, the array delivery override setting was not being applied. Fixed. |
MM-4033 | The product End User License Agreement has been updated. |
MM-4037 | The MailMarshal installer recognizes and supports SQL Server 2012 and SQL Express 2012. |
MM-4039 | The MailMarshal product works with SQL Server 2012 and SQL Express 2012. |
MM-4051 | The EMF unpacker caused a fault in the Engine service when unpacking items with zero size. Fixed. |
MM-4052 | The OpenSSL library that MailMarshal uses has been updated to version 1.0.0i. |
MM-4107 | The selected TLS Certificate Validation options are more clearly presented in the rule summary. |
MM-4111 | TLS Certificate Validation can be configured to access any required Windows certificate stores. Frequently used stores are used by default. |
MM-4113 | TLS Certificate Validation can save certificate information to disk for debugging. |
MM-4137 | The version of Libtet (PDF unpacking) that is included in the installation has been updated to 4.1.0. |
MM-4140 | For MailMarshal SPE installations, a Local Domain could not be re-used if moved to another array, re-created, or disabled and enabled. Fixed. |
MM-4158 | In some cases content extracted from Office documents was incorrectly identified as EMF instead of WMF, resulting in a dead lettered message. Fixed. |
MM-4091 | For MailMarshal SPE installations, messages between customers hosted on the same array were not always handled correctly. Fixed. |
MM-4092 | For MailMarshal SPE installations, an incorrect SMTP verb was sent to non-SPE servers, causing messages to be rejected. Fixed. |
MM-3969 | During installation of MailMarshal or Web Components, prerequisite detection failed if a newer version of Visual C++ 2010 runtimes were already installed. Fixed. |
MM-3972 | On upgrade to 7.0.0, an incorrect error displayed when no WMI dependent services needed to be stopped. Fixed. |
MM-3978 | In version 7.0.0, lines in the Receiver log file were double-spaced. Fixed. |
MM-3980 | In version 6.9 and above, PDF attachments with Unicode characters in the filename were not unpacked and scanned. Fixed. |
MM-157 | TLS certificate creation now supports Subject Alternative Names. |
MM-1603 | Rule printing output was not correctly escaping HTML. Fixed. |
MM-1633 | Connection and Content Analysis rules now include TLS properties criteria. |
MM-1688 | Connection and Content Analysis rules now include a "Received via TLS" condition. |
MM-1928 | Setting content size or count rule conditions to 0 caused the Engine to stop. Fixed. |
MM-2328 | The OpenSSL library that MailMarshal uses has been updated to version 1.0.0e. |
MM-2544 | Initial changes have been made to support IPv6 in a future release. (No IPv6 functionality is available for use in this release.) |
MM-2783 | Outbound TLS is enabled by default for new installations. |
MM-3120 | The SMTP Authentication username (if any) is logged to the Receiver and Engine text logs. |
MM-3276 | The installer logic to stop and re-start the WMI service has been improved. |
MM-3635 | Dead Letter rules now allow the Send mail template notification action. |
MM-3650 |
Messages that would have been deadlettered with "too many
lines before boundary" are now unpacked and the pre-boundary
material is scanned as text. The registry entry for
MaxPreBoundaryLines is irrelevant and is removed on upgrade. |
MM-3651 | Dead Letter rule actions were not applied correctly where different actions were required for different recipients. Fixed. |
MM-3694 | The default Receiver Socket Timeout (SMTP transmission timeout) has been changed to 30 seconds (was 300 seconds). |
MM-3726 | The SpamProfiler cartridge has been updated to version 3051. |
MM-3750 | Outbound TLS can be configured to offer a client certificate if requested. |
MM-3756 | The product is rebranded as M86 MailMarshal SEG. |
MM-3779 | Database upgrade now checks for pre-existing customer created objects with the same name as objects that would be created. |
MM-3797 | Retrieval of User Group information from the Array Manager to processing servers could cause performance issues when used over slow WAN links. Fixed. |
MM-3799 | Dead Letter rules now allow the Delete action. |
MM-3800 | Dead Letter rules now allow the BCC action. |
MM-3801 | Dead Letter rules now allow the Set Message Routing to Host action. |
MM-3802 | Dead Letter rules now allow the Write log message with classification action. |
MM-3813 | It is now possible to specify that message delay notifications should be sent externally. See Trustwave Knowledge Base article Q14383. |
MM-3819 | Dead Letter rules now allow the Where detected as spam by SpamProfiler condition. |
MM-3822 | Dead Letter rules now allow the Move to folder action. |
MM-3850 | More detailed debugging information about SpamProfiler classification is included in message log files. |
MM-3870 | Unpacking and file type functionality can now be updated automatically, using the same Internet update functions used for SpamCensor. |
MM-3872 | Setting count rule conditions to "less than 0" was allowed by the Configurator. Fixed. |
MM-3954 | In version 6.9, MailMarshal rejected messages when the local part of the email address was longer than the RFC length of 64 characters. This restriction is now disabled by default. To enforce the restriction, contact Trustwave Support for details of a registry entry. |
MM-3904 | DOC files with poor formatting in the User Summary Info area can cause MailMarshal services to stop. If you encounter this issue, please contact Trustwave Support for details of a setting to skip processing of this part of documents. |
MM-3907 | Sent History retention cannot be set to less than one month. If Sent History items are consuming excessive disk resource, please contact Trustwave Support for details of additional options. |
MM-3909 | In earlier 6.9 versions, messages with invalid envelope information were not properly deadlettered. Fixed. |
MM-3911 | Unpacking of certain poorly formatted PDF files can fail. If you encounter this issue, please contact Trustwave Support for details of additional options. |
MM-3912 | Word documents with null fields in Document Summary Info could cause the Engine to stop. Fixed. |
MM-3913 | Certain Word documents with invalid document summary information were incorrectly deadlettered. Fixed. |
MM-3918 | It is now possible to specify that message delay notifications should be sent externally. See Trustwave Knowledge Base article Q14383. |
MM-3755 | Messages with attached Office 2003 documents that contained embedded Office 2007/2010 documents were deadlettered. Fixed. |
MM-3855 | In 6.9.7, specific formatting in OLE document summary information could cause messages to be incorrectly deadlettered. Viewing these messages in the Console could cause additional problems. Fixed. |
MM-3770 | Upgrade now provides more user friendly information about status during database upgrade. |
MM-3771 | Upgrade now provides more user friendly information about status while calculating time required for database upgrade. |
MM-3816 | In 6.9.6, the Web Console could return an error for non-administrative users under Windows Authentication. Fixed. |
MM-3817 | In 6.9.6, OLE documents with document summary information over a certain length could cause the Engine to stop. Fixed. |
MM-3818 | In 6.9.6, unpacking of OLE data from Excel files could cause the Engine to stop in specific cases. Fixed. |
MM-3836 | In 6.9.6, checking of mailbox name length could return an incorrect result for some cases using ESMTP extensions. Fixed. |
MM-3844 | In 6.9.6, warning messages generated during PDF unpacking were not handled correctly in some cases. Fixed: The affected documents are unpacked and scanned. Any warnings concerning embedded content (such as images in unsupported formats) are logged to the Engine text logfile. |
MM-108 | Many images are now extracted from PDF documents. |
MM-1483 | Help and header text for the Rule Profiler function has been added to mmlookup.exe. |
MM-1567 | PDF unpacking now handles Unicode. |
MM-2236 | Some PDF files caused recursion in the Engine and could not be unpacked. Fixed. |
MM-2363 | The version of 7zip (archive unpacker) included with MailMarshal has been updated to 9.20. This version handles additional compression formats. |
MM-2834 | PDF files with limitations on printing and other functions were incorrectly identified as Encrypted PDF. Fixed. |
MM-2837 | Image Analyzer has been updated to version 5. |
MM-2859 | Binary files are now better recognized as type COM or EXE. |
MM-2977 | PDF Xref detection is improved. |
MM-3332 | Receiver, Engine, and Sender logs for each message are now stored in the message file. The Console message viewer displays the available information in separate tabs. Message log information for items that have been successfully delivered is now retained in a reserved folder named "Sent History." |
MM-3339 | Messages to be sent over TLS were not properly retried after temporary failure. Fixed. |
MM-3366 | The Receiver service could incorrectly detect that the mailbox name was too long (more than 255 characters). Fixed. |
MM-3367 | Certain Office 2007 documents were not recognized due to internal structure. Fixed. |
MM-3387 | SQL code for database creation and upgrade is now within a transaction to allow easier rollback if problems are encountered. |
MM-3405 | MailMarshal Sender throughput has been enhanced with increased buffer sizes. |
MM-3406 | MailMarshal Receiver throughput has been enhanced with increased buffer sizes. |
MM-3410 | DBlog files now correctly handle larger content. |
MM-3419 | Office 2007 files generated through the OpenXML SDK were not correctly unpacked. Fixed. |
MM-3422 | PDF unpacking has been improved, notably for Unicode and some encodings of images. |
MM-3427 | The MailMarshal database now supports index partitioning if installed on SQL Server Enterprise Edition (for new databases only). |
MM-3431 | Database and processing enhancements have been made to support MailMarshal SPE with multiple customers. |
MM-3456 | User Defined and custom document properties are now unpacked and scanned in Word 2003 and Word 2007 documents. |
MM-3472 | The Server Tool now checks the validity of the configured database on startup (this allows the database to be re-created when the SQL server has been rebuilt). |
MM-3494 | Word documents encrypted with IRM in Word 2007 (2003 compatibility mode) were deadlettered. Fixed: these documents are correctly recognized. |
MM-3495 | The minimum version allowed for upgrade is 6.5.1. |
MM-3513 | Messages quarantined with a default release action of "skip remaining rules" were not reprocessed as requested upon release. Fixed. |
MM-3514 | Console Dashboard data was never purged from the database. Fixed. |
MM-3536 | TLS now allows selection of a minimum cipher strength for inbound and outbound connections. |
MM-3538 | The certificate used to sign executable files has been updated. |
MM-3539 | The message parking feature logged redundant messages when a message was unparked. Fixed. |
MM-3550 | Logging of low disk space warnings has been enhanced for readability. |
MM-3551 | The Array Manager could stop unexpectedly if a new database was created and configuration was not synchronized. Fixed. |
MM-3553 | Routing enhancements have been made to support MailMarshal SPE with multiple customers. |
MM-3582 | A full BTM database update could stop message processing for a significant time. Fixed. |
MM-3598 | PDF unpacking has been enhanced. Images, attachments, and annotations are unpacked. |
MM-3604 | Deadlettered messages can be passed through to users by rule action. |
MM-3611 | Sender and Recipient IP addresses could be logged incorrectly (with reversed octets). Fixed. |
MM-3612 | The integration with Norman Endpoint Protection is updated. |
MM-3613 | Retention and permissions for Deadletter folders are now set through the Configurator. |
MM-3622 | Receiver rules with the message size conditions "equal to" and "not equal to" caused the receiver to fail. Fixed. |
MM-3628 | EMF files are now correctly unpacked and the contents are scanned. See also MM-3725. |
MM-3634 | New database objects are included to summarize traffic data for MailMarshal SPE installations. |
MM-3649 | Additional logging has been added in the Engine service for Dead Letter rule processing. |
MM-3676 | Configuration of the Marshal IP Reputation Service was invalidated when another Reputation Service was configured. Fixed. |
MM-3684 | Error messages logged to the Event Log could cause issues due to recursive substitution of variables. Fixed. |
MM-3691 | BTM updates could prevent reloading of configuration at the Engine. Fixed. |
MM-3696 | PDF unpacking has been improved. Incorrect character strings are no longer present. |
MM-3697 | PDF unpacking now supports "linearized" PDF. |
MM-3699 | Selecting the default message digest template for new digests loaded additional incorrect characters. Fixed. |
MM-3705 | The Console and Configurator now use the terms "Connection Policy" or "Connection Log", "Content Analysis Policy" or "Content Analysis Log," and "Delivery Log". |
MM-3712 | A more descriptive logging message is written by the Array Manager on shutdown when the SQL database is unavailable. |
MM-3722 | The Sender would stop in the unlikely event that no route at all could be found for a message. Fixed. |
MM-3725 | Files unpacked from EMF files (MM-3628) are only saved and scanned if they are of a recognized type. Type BIN (unknown) files are not saved. |
To review Release History prior to version 6.9.5, please see the Release Notes for the specific versions.
Copyright © 2015 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document,
they make no representation or warranties with respect to the accuracy or
completeness of the contents of this document and specifically disclaim any
implied warranties of merchantability or fitness for a particular purpose. No
warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for
your situation. You should consult with a professional where appropriate.
Neither the author nor Trustwave shall be liable for any loss of profit or any
commercial damages, including but not limited to direct, indirect, special,
incidental, consequential, or other damages.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit https://www.trustwave.com.