Trustwave MailMarshal 10.2 Release Notes

(Previously known as Trustwave SEG)

Last Revision: August 28, 2024

These notes are additional to the MailMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21217.

New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 10.2.5

Policy print functionality: The Console includes ability to generate a plain language summary of email policy.
Rule copy functionality: The Console includes the ability to copy or move a rule to another policy group.
Operating System Support: Windows Server 2025 is supported.

Features New in 10.2.0

Single Sign On: MailMarshal supports SAML based Single Sign On for the Management Console.
User Account Audit: The Console allows review of user account creation, permission settings, and login activity.

Features New in 10.1.0

Updated Dashboard: The Dashboard provides a rich view of product operation and threats identified.
Enhanced Image Analysis: Image Analyzer now offers detection of many types of image content, including QR codes.
DANE support: MailMarshal can validate compliance with DANE (DNS-based Authentication of Named Entries) when delivering outbound messages. For more details see Trustwave Knowledgebase article Q21213.

Features New in 10.0.7

Quarantine Audit Search: The Console includes the ability to view and search Quarantine Audit history (operator actions on quarantined messages).
Updated TLS support: The TLS/SSL library included has been updated to the current release.
Operating System Support: Windows Server 2022 is supported. Windows Server 2012 and 2012R2 are no longer supported. Windows 8 and Windows 8.1 are no longer supported.
SQL Version Support: SQL Server 2022 and 2022 Express are supported. SQL Server 2012 and 2012 Express are no longer supported.

Features New in 10.0.5

Server Advanced Settings: The Console includes the ability to make advanced settings for each processing server.
PhishFilter: Default rules for new installations include the new anti-phishing layer PhishFilter. Customers upgrading from previous versions should see Trustwave Knowledgebase article Q21184.

Features New in 10.0.4

Column selection, sizing and memory: Users can select and resize columns in the Folders and Message History views. Each user's settings are remembered.
Date and Time format: Date and time format in the Management Console follows Windows System format on the Array Manager.
Time zone selection: Each console user can select and save a preferred time zone in their profile.
Operating System Support: Windows Server 2022 is supported.
Updated TLS support: The TLS/SSL library included has been updated.

Features New in 10.0.2

Branding: The product is renamed as Trustwave MailMarshal. Install locations and Registry locations are not affected. Database names are not changed on upgrade.
Reporting Groups Configuration: The ability to configure Reporting Groups is added to the Management Console.
Management Console Enhancements: Many functional and performance enhancements have been made to the Management Console. See release history for details.
Operating System Support: Windows 7 is no longer supported.

Features New in 10.0.1

Active Directory (NTLM) Authentication and Authorization: Access and folder permissions in the Management Console can use Windows or Active Directory credentials (similar to the permission settings in 8.X).
- To enable Windows Authentication, see the Config Service Admin Tool.
- Upgrade from version 8.2 enables Active Directory authentication.
- Only one of the two authentication types can be active.
- For an overview of how to configure this feature, see Trustwave Knowledgebase article Q21157.
Folder Paths: The ability to set an individual physical path for each folder (available in 8.X) is now available in 10.0.
Folder Security: The ability to set access security for folders (available in 8.X) is now available in 10.0.
- Default access for new installations is the same as in 8.X.
Commit Scheduling: The ability to defer configuration commits to a scheduled time (available in 8.X) is now available in 10.0.
Message Release: The ability to release a message for specific recipients (available in 8.X) is now available in 10.0.
Upgrade Improvements:
- On upgrade form 8.X, Windows Authentication for the Management Console is enabled. Folder permissions for Windows users and groups are preserved.
- Additional rare cases in configuration upgrade are handled (invalid goto and spoofing rule entries).
- The Upgrade Preview prompts for database credentials if required.
- On upgrade from 8.X, default SpamProfiler selections match the default settings on a new installation (Spam and Spam-Suspected).

Additional minor items are mentioned in Release History.

Task Notice Improvements: Status of long running tasks such as update check, virus scanner check, and configuration restore is better reported in the user interface.
Copy to host action: A new Content Analysis rule action allows you to send a true copy (not a BCC) to another host.
SQL 2019 support: MailMarshal has been tested with SQL 2019.

Features New in 10.0

New User Interface: Configuration and Console functions are combined in a new web based interface. The legacy Configurator, Console, and Web Console are no longer used.
Auditability: Configuration changes are fully auditable. Changes can be reviewed before commit.
New Configuration storage: Configuration details on the Array Manager are maintained in local files and not in the Registry.
Rule Condition AND/OR selection: Rule conditions that include multiple TextCensor scripts or Category scripts can be set to trigger if any of the selected items match. The default behavior still requires all selected items to match.
Updated TLS support: TLS protocol version 1.3 is now available. Additional Elliptic Curves are available for Perfect Forward Secrecy.
Operating System Support: Windows Server 2019 is supported. Windows Server 2008 R2 and SBS 2011 are no longer supported (Microsoft end of life for these versions).
Database Software Support: SQL Server and SQL Express 2017 are supported. SQL Server and SQL Express 2008 R2 are no longer supported (Microsoft end of life for this version).
Limitations and Known Issues: In the initial 10.0 release some functionality is not available. For details, see Trustwave Knowledgebase article Q21135.
- The DMARC Dashboard feature has been retired. Customers must use third party services for this functionality.

System Requirements

The following system requirements are the minimum levels required for a typical installation of the Trustwave MailMarshal Array Manager and selected database.

A full discussion of requirements for all supported configurations is available in the Trustwave MailMarshal User Guide. See also Trustwave Knowledge Base article Q11358.

Table 1: System Requirements
Category	Requirements
Processor	Core i5 or similar performance
Disk Space	20GB (NTFS), and additional space to support email archiving
Memory	8GB (6GB available to MailMarshal plus 2GB for operating system). Allow an additional 2GB if SQL Express is installed locally.
Supported Operating System	Windows Server 2016, Server 2019, Server 2022, Server 2025 (Essentials Edition or above) Windows 10 (Allowed but not recommended)
Network Access	TCP/IP protocol Domain structure External DNS name resolution - DNS MX record to allow Trustwave MailMarshal Server to receive inbound email
Software	Microsoft .NET Framework 4.6.1 (or later 4.X) MailMarshal will install additional software as needed, including .NET 8 and C++ Runtimes. If you have installed a later release/patch version of .NET 8, you must install the identical version of the Hosting, Runtime, and Desktop packages Database server (managed cloud service): Azure SQL Database Database server: SQL Server 2022, SQL Server 2019, SQL Server 2017, SQL Server 2016, SQL Server 2014 Database server (free versions): SQL 2022 Express, SQL 2019 Express, SQL 2017 Express, SQL 2016 Express, SQL 2014 Express (Service packs listed are the minimum required for compatibility with all supported operating systems) Web browser (for Management Console connection): Chrome, Edge, Firefox, or Safari. (Internet Explorer is not supported). IIS (array manager only). Windows Authentication must be enabled in IIS. Note: WebDAV must not be active on the MailMarshal websites. For WebDAV removal, see Trustwave Knowledge Base article Q21096.
Port Access	Port 53 - for DNS external email server name resolution Port 80 (HTTP) and Port 443 (HTTPS) - for SpamCensor updates Port 1433 - for connection to SQL Server database and Reports console computers Port 19001 - between Array Manager and Processing Nodes Note: Additional ports are required by the Nodes for email and updates. Port 19006 and port 19007 (HTTPS) - for communication between components on the Array Manager. If the MailMarshal API is in use from other servers to the array manager, these ports must be open from the API client to the Array Manager.

Upgrade Instructions

Please review the MailMarshal User Guide before upgrading.

Trustwave MailMarshal 10.2.X supports a direct upgrade from MailMarshal/Trustwave SEG 8.3.2, and MailMarshal 10.0.3 and above.

If your installed version does not support direct upgrade, you can upgrade in steps.

Upgrade Preview

A standalone tool is available to check prerequisites and potential configuration issues before upgrade. See the product download page.

Database Prerequisites

SQL 2014 is the minimum SQL Server version supported.

Upgrading a Single Server

To upgrade a single MailMarshal server from any version supporting direct upgrade, install the new version on the existing server. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.

Upgrading an Array of Servers

You must upgrade each server by logging on locally. The remote upgrade feature that was present in earlier versions will not be available in MailMarshal 10.X.

Upgrading a Database

In the MailMarshal Server Tool, if you select a database that can be upgraded (version 8.2.3 or later 8.2.X), you will be given the option to upgrade and use the database.

Importing an 8.X Configuration Backup

After installing MailMarshal 10.X, you can import a configuration backup from version 8.2.3 or later 8.2 version.

Convert the backup to the 10.X backup format (zip file) using the MMConvConfig command line tool found in the MailMarshal 10.X installation folder.
Import the converted configuration zip file using the Restore function in the Management Interface, or the MMExportConfig command line tool.

For full information about these tools see the User Guide.

Upgrading From Older Versions

To upgrade from a version prior to 8.3.2, first upgrade to version 8.3.2. To upgrade from 10.0.2 or below, first upgrade to 10.0.7. Full details about upgrading from older versions can be found in the documentation for the target version.

Notes on Upgrading

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21217.

Read the notes for all versions newer than your installed version. This list only includes information about version 10.0. For upgrade changes in earlier versions, see the release notes of each version.

10.1.0 Unsafe Legacy Renegotiation: Customers who installed the "unsafe legacy renegotiation" hotfix for TLS with release 10.0.7 must apply a new configuration setting. This setting ensures the same behavior as the previous hotfix. To maintain the behavior, apply the setting before upgrading to 10.1. See Trustwave Knowledge Base article Q21216.
10.0.7 TLS Cipher Lists: If you have manually entered cipher lists for TLS using the TLSCipherList Registry or Advanced setting, you must modify the manual cipher lists due to changes in the TLS/SSL library. See Trustwave Knowledge Base article Q21203.
Commit Scheduling/Manual commit: If Commit Scheduling is active, and you perform the upgrade outside the scheduled commit times, after upgrading all servers you must manually commit configuration to ensure all processing nodes receive the upgraded configuration.
10.0.2 Management Console edit page titles: On upgrade from earlier 10.X releases, the titles of edit pages may show as "EditTable". To fix this issue, clear the browser cache.
10.0.1 Windows Authentication: On upgrade from 8.2.X, Windows Authentication is enabled for the Management Console.
- The Windows Authentication feature of IIS must be enabled before upgrade.
- Folder permissions are retained.
10.0 Spam Types removed: The "filter by type" selection on the spam categories has been removed. The upgrade process checks for use of this selection and blocks upgrade until it is removed.
10.0 REST server requirement: The MailMarshal REST server (HTTPS configuration service) must be enabled before upgrade.
10.0 WebDAV incompatibility: WebDAV must not be enabled in IIS on the server that hosts the MailMarshal Management Console and Configuration Service websites.
10.0 Configuration Service Database Credential: On the Configuration Service Database page of the upgrade installer, you must enter an account with permission to create the new Configuration Service Database.
- You can use the Application Pool account only if the database is hosted on the Array Manager server.
- After completing installation, you can set up an Operational User for the Configuration Service Database, using the MailMarshal Config Service Admin tool.
10.0 Configuration Upgrade issues: MailMarshal attempts to upgrade the configuration as required. Certain rare issues require you to make changes in the SEG 8.2 configuration before you can complete the upgrade. For more details, please see Trustwave Knowledge Base article Q21122.

Uninstalling

MailMarshal can be installed in a variety of scenarios. For full information on uninstalling MailMarshal from a production environment, see the Trustwave MailMarshal User Guide.

To uninstall a trial installation on a single computer:

Close all instances of the MailMarshal Management Console website and helper applications such as Server Tool.
Use Add/Remove Programs from the Windows Control Panel to remove Trustwave MailMarshal.
Use Add/Remove Programs from the Windows Control Panel to remove additional components you may have installed, such as Web components or the Marshal Reporting Console.
If you have installed any components (such as the Web components) on other computers, uninstall them.
If you have installed SQL Express specifically to support MailMarshal and no other applications are using it, uninstall SQL Express.

Release History

The following additional items have been changed or updated in the specific build versions of Trustwave MailMarshal (previously Trustwave SEG) listed.

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21217.

10.2.5 (August 28, 2024)

MM-7378	The Console includes the ability to generate a plain language summary of email policy.
MM-7426	The Console validates copied and moved rules to prevent "go to rule" loops.
MM-7532	The Console includes the ability to copy a rule from one policy group to another.
MM-7592	The Console message viewer includes buttons to view the next or previous message.
MM-8950	Connector User Group selections for SpamProfiler and DHA did not display properly. Fixed.
MM-11421	The SQM Search function did not apply the user selection for delegated access to another user's messages. Fixed.
MM-11577	The Controller service could stop unexpectedly when processing certain recursive DNS CNAME queries. Fixed.
MM-11601	For group retrieval from Active Directory, the Array Manager logs the full path of the query, including the Domain Controller actually queried.
MM-11605	In release 10.2.0, the notice of available product upgrades was not presented on the Dashboard. Fixed.
MM-11660	After a change in system time format, login to the Management Console could fail. Fixed.
MM-11663	The Array Manager could stop unexpectedly when parsing certain unexpected values for Syslog logging.
MM-11665	The Connection rule "Reject non-matching TLS Client Certificates" is disabled by default for new installations.
MM-11667	The Console prevents copying rules with certain actions, based on the applicable direction.
MM-11684	The version of .NET installed is updated.
MM-11685	The version of Visual C++ redistributable included in the install is updated.
MM-11689	The version of the archive extraction software included in the installation has been updated.
MM-11695	The Array Manager could stop unexpectedly due to exceptions in Dashboard data processing. Fixed.
MM-11802	Message subjects containing the + symbol in plain text could be misinterpreted as Unicode. This issue has been fixed for many common cases.

10.2.0 (July 2, 2024)

MM-6930	Including certain characters in Executive Name text caused the Engine to stop. Fixed.
MM-10604	Manual backups of configuration could return a "task was cancelled" error due to timeout of the web interface. The backup was actually created. Addressed with a longer timeout in the web interface.
MM-11293	Message history could fail to display a message when the HTML body was invalid. Fixed.
MM-11114	Syslog could be enabled in the Console when no Syslog database was configured. Fixed.
MM-11415	The version of TLS libraries included is updated.
MM-11446	The calculations of trends over time used in the Dashboard could be incorrect for certain periods. Fixed.
MM-11447	The calculations of security scores in the Dashboard did not take account of rules that apply to both incoming and outgoing messages. Fixed.
MM-11449	DANE delivery was disabled when TLSA lookup returned a TempFail. Fixed: this temporary DNS failure will result in a retry.
MM-11455	It is possible to specify the AD domain controller to query for all uses of AD authentication.
MM-11456	MailMarshal supports SAML Single Sign On for the Management Console.
MM-11458	MailMarshal provides auditing of user account creation, permission assignments, and logins to the Management Console.
MM-11460	The version of .NET installed is updated.
MM-11509	Some files related to the Configuration Service were not correctly versioned. Fixed.
MM-11511	Deletion of nested unpacking folders could fail in rare cases. Fixed.
MM-11513	Image Analyzer logged excessive information. Fixed.
MM-11519	The list of file types passed to Image Analyzer has been optimized.
MM-11522	Deliveries that encountered certain failures in DANE evaluation were retried excessively. Fixed.
MM-11529	User groups used directly in rules and also as child groups, could be lost from the in memory copy in rare cases. Fixed.
MM-11530	Additional indexing of DMARC tables in the database has been included for performance where large numbers of domains are reported on.
MM-11534	The Image Analyzer version included in the release has been updated.
MM-11537	The SpamProfiler cartridge (executable) included in the release has been updated.
MM-11544	On upgrade to 10.1.0 if a specific named user group existed upgrade failed. Fixed.
MM-11566	Resource management for Image Analyzer is improved.
MM-11572	Child user groups could be lost from the in memory copy in rare cases. Fixed.
MM-11576	Management of resources used by Image Analyzer is improved.

10.1.0 (April 3, 2024)

MM-7272	In previous 10.X releases, the Management Console did not correctly display DKIM record status. Fixed.
MM-7413	Image Analyzer rules could be created when the feature was not licensed. Fixed.
MM-10759	The location of the Controller Temp folder can be configured with an entry in the JSON configuration file.
MM-10822	The limit on length of folder descriptions was not validated on entry in the Management Console. Fixed.
MM-10843	Certain values of Marshal Reputation Service credentials were not recognized as valid by the test in the Management Console. Fixed.
MM-10920	The FolderRetention variable is now available for use in notification templates as well as in digest templates.
MM-10955	The Receiver could stop unexpectedly when evaluating certain badly formed DKIM signatures. Fixed.
MM-10961	Logic to throttle message acceptance under high load is improved.
MM-10983	The version of .NET installed is updated.
MM-10984	For Service Provider Edition installations, the Syslog service uses the globally configured certificate for all customers.
MM-10985	Array Manager retry behavior during transient database errors is improved.
MM-11031	For Service Provider Edition installations, an option is provided to reject messages addressed with a domain part that is a non-routable IP address.
MM-11036	When editing the "Skip to specific rule" action it was possible to select a rule in a disabled policy group. Fixed.
MM-11037	Handling of failed Active Directory based authentication attempts in the Receiver is improved.
MM-11038	Validation of HTML entry in stamp and template editors disallowed the text "start". Fixed.
MM-11041	In release 10.0.7, if update of Visual C++ executables required a system restart, the installer exited with no warning. Fixed.
MM-11042	Parameters used to generate the certificate for the REST server have been updated for compatibility with current operating systems.
MM-11044	Management of unexpected conditions in Syslog record processing is improved.
MM-11049	The "last seen" column is removed from the IP Groups member detail listing. "Last seen" is not implemented for IP addresses.
MM-11097	DNS lookup supports DNSSEC.
MM-11108	The database connection string includes the "ApplicationName" attribute for better tracking.
MM-11160	Saving changes to Connector definitions did not correctly validate unchanged passwords. Fixed.
MM-11169	In rare cases, changes in user group membership were not propagated to processing nodes. Fixed.
MM-11210	The message move and delete actions now require selection of a "category" (malware, phishing, spam, or none) for use in the Dashboard.
MM-11232	Export of files from the Management Console failed with a "network issue" error in some recent client browser versions. Fixed.
MM-11242	Release 10.0.7 did not allow upgrade from 8.3.X releases. Fixed.
MM-11250	Image Analyzer now offers detection of many types of image content.
MM-11280	Outbound email delivery supports DANE.
MM-11359	The SpamProfiler cartridge (executable) included in the release has been updated. HTTPS communication with the SpamProfiler updater is enforced by default.
MM-11360	The version of Visual C++ redistributable included in the install is updated.

10.0.7 (September 29, 2023)

MM-7326	Quarantine Audit history can be viewed and searched from the Management Console.
MM-7416	In earlier 10.X versions, node servers could not be deleted from the installation through the Console. Fixed.
MM-8657	Specific formatting of IP address values in the HELO string caused SPF evaluation to fail. Fixed.
MM-10504	In earlier 10.X versions, some log lines were omitted from the Receiver logs. Fixed.
MM-10687	Outbound digests were not generated when the "operational user" was used for SQL connection. Fixed.
MM-10813	In the Management Console, selecting from a checkbox list with hundreds of entries returned the wrong item. Fixed.
MM-10830	SPF evaluation over-counted the number of DNS lookups required. Fixed.
MM-10845	SPF record macro expansion did not correctly expand IPv6 addresses. Fixed.
MM-10850	Import of configurations could fail if some specific values were included, due to an issue with parsing XML paths. Fixed.
MM-10909	MailMarshal uses an updated version of the TLS/SSL library.
MM-10926	Links containing querystrings in the text of a HTML message body (not within a HREF tag) were treated incorrectly by the BTM rewriter. Fixed.
MM-10954	Text logs showed an incorrect delay time on Syslog queue inserts for some actions. Fixed.
MM-10967	IP group membership was not correctly propagated to processing servers after complete refresh of the group with some continuing members. Fixed.
MM-10983	The version of .NET installed is updated to the current .NET 6 release 6.0.20
MM-10988	The SpamProfiler cartridge (executable) included in the release has been updated.
MM-10991	The version of Visual C++ redistributable included in the install is updated.
MM-10992	Universal C runtime updating is removed from the installer (not required by supported OS versions).

10.0.6 (February 28, 2023)

MM-10540	In earlier 10.X versions, the message release "keep message" option was not correctly selected when the console user did not have permission to delete the message. Fixed.
MM-10572	The Array Manager REST API now supports only TLS 1.2 or 1.3 connections.
MM-10605	In some earlier 10.X versions, it was not possible to select another message from the message history when the details pane was open. Fixed.
MM-10611	In some earlier 10.X versions, the message viewer incorrectly remove the word "start" from the message text. Fixed.
MM-10644	After upgrade from 8.X, custom routing or relay entries were not reflected in the Management Console. Fixed.
MM-10704	Message stamp editing removed HTML entities, required for correct display of accented characters in stamps. Fixed: for details of how to save HTML stamps with entities for accented characters, see Trustwave Knowledgebase article Q21195.
MM-10711	After upgrade or configuration import, membership of connector groups was lost until the next scheduled synchronization. Fixed.
MM-10718	The header "insert if missing" action requires the value to start with a space, but leading spaces were trimmed from entered text. Fixed.
MM-10720	Controller retrieval of user groups is now batched for efficiency.
MM-10748	In earlier 10.X releases, the Quarantine Audit did not record the user name for actions taken in the Management Console. Fixed.
MM-10749	Upgrade from version 8.X failed if a TLS certificate had been configured for Syslog. Fixed.
MM-10753	Attempting to view a large message (for example 50 MB) in the Management Console returned an error. Addressed by increasing the timeout for retrieving and displaying messages.
MM-10772	The version of .NET installed is updated to the current .NET 6 release (replacing .NET Core 3.1).
MM-10800	Subfolder dates shown in the Folders view in the Management Console could be one day off depending on Daylight Saving Time. Fixed.
MM-10806	Management Console tree views with a large number of nodes such as folder views could cause browser slowness and out of memory errors. Fixed.
MM-10812	Validation of group names on upgrade used incorrect criteria and could cause the installer to exit unexpectedly. Fixed.

10.0.5 (August 31, 2022)

MM-8598	The Policy Group Schedule page includes a Set Default Schedule option.
MM-9304	Timezones used in DMARC reporting were made consistent.
MM-9818	The DMARC library included is updated.
MM-10136	The Archiver service used to connect to Cloud Archiving could stop in a specific case. Fixed.
MM-10154	Advanced Settings for individual processing servers can be managed from the Mail Servers area in the Console.
MM-10339	In release 10.0.4, the rule editor for condition "sender authenticated successfully" did not work correctly. Fixed.
MM-10346	In release 10.0.4, mail server Receiver and Sender statistics were not visible when the queue list was empty. Fixed.
MM-10391	Connectivity between Array Manager and Nodes is more reliable in distributed installations.
MM-10403	It is now possible to specific the IP address binding for the API deliveryserver/check function.
MM-10404	For Service Provider Edition installations, messages from an authenticated connection must be from or to domains belonging to the authenticated customer.
MM-10405	For Service Provider Edition installations, the local loopback target IP address can be specified.
MM-10420	Group Manager querying of Connector groups is more efficient.
MM-10443	When editing file type conditions, a type found in more than one of the groups was not correctly displayed or removed. Fixed.
MM-10445	The version of the Regular Expression library included has been updated.
MM-10448	When editing the deadletter spam rule, conditions were not shown correctly. Fixed.
MM-10459	On upgrade, obsolete versions of some third party modules are removed from the Config and NodeConfig folders.
MM-10499	In release 10.0.4, the Light theme setting was not persisted for Windows authentication users. Fixed.
MM-10500	In release 10.0.4, the password entered in the TLS Wizard for p12 export was not applied to the file. Fixed.
MM-10507	The version of Image Analyzer included is updated to resolve a memory leak issue.
MM-10509	In release 10.0.4, User Matching entry for rules did not allow entries with only wildcards (such as @.*). Fixed.
MM-10513	In release 10.0.4, sorting of the user group Last Seen column was incorrect. Fixed.
MM-10515	DMARC Aggregate Reports could include data from multiple days. Fixed.
MM-10566	In release 10.0.4, the rule condition "sender authenticated successfully" was written to configuration incorrectly by the editor. Fixed.
MM-10569	New PhishFilter rules are included in the default rules for new installations and supporting files are provided.
MM-10570	Tensorflow.dll is installed to the Config folder and removed from the main install folder.
MM-10571	In version 10.0.4, the database connection string for the Configuration Service database did not include the Multi-Subnet Failover keyword when selected. Fixed.
MM-10574	In some earlier versions, quoted commas in the From: header were not correctly parsed. Fixed.
MM-10586	In release 10.0.4, the Message Viewer truncated forwarded message content in the message body. Fixed.
MM-10592	Certain messages delivered to the Cloud Email Archive Service were corrupted in transmission. Fixed.
TUI-459	In release 10.0.4, the Management Console did not display when the browser language was set to Swedish. Fixed.

10.0.4 (May 17, 2022)

MM-6025	Deletion of long unpacking paths is improved.
MM-7162	User input validation has been improved for many fields.
MM-7346	In earlier 10.X releases, DNS server selection for Mail Servers did not allow IPv6 addresses. Fixed.
MM-7353	In earlier 10.X releases, validation of element names did not exclude problem characters (; , \ /). Fixed.
MM-7434	Console Executive Name List entry supports pasting multiple lines from the clipboard.
MM-8995	On upgrade, upgrade preview, and import of 8.X backups, if digests contain references to deleted user groups the error is logged and action stops.
MM-9150	Installations check for available product upgrades and raise a notice in the Console.
MM-9225	API calls are provided to update and delete "usermaintained" user groups in bulk.
MM-9381	The included REST SDK has been updated.
MM-9568	For Service Provider Edition installations, the flag to allow "no tenant" messages could be ignored when multiple messages were sent on a connection. Fixed.
MM-9778	Backups made by earlier 10.X releases could not be restored if a rule made direct reference to Connector User Groups (error "invalid property bag"). Backup behavior is fixed.
MM-9791	The included DMARC library has been updated.
MM-9794	The included Regular Expression library has been updated.
MM-9806	In release 10.0.2 and 10.0.3, the Management Console Mail Server General page was not correctly populated by default. Fixed.
MM-9807	HTML Message stamps and templates now allow CSS styling attributes directly on elements.
MM-9834	Date and time format in the Management Console follows Windows System format settings on the Array Manager. For details of how to apply changes, see Trustwave Knowledgebase article Q21174.
MM-9836	Time zone adjustment for the Dashboard component was incorrect. Fixed.
MM-9847	DMARC evaluation now considers multiple domains in the From: header and applies the most restrictive result. DKIM signing is attempted for the first domain in the From: header that belongs to a local domain with DKIM enabled.
MM-9849	Management Console user preferences now include a Time Zone setting (defaults to the Array Manager time zone).
MM-9876	Default Digest templates are updated to ensure the Release link displays on narrow screens.
MM-9902	SQM website headers are updated for better framing security.
MM-9904	SQM website error display is improved.
MM-9905	Management Console website headers are updated for better framing security.
MM-9906	Management Console cookies use the "Secure" setting when HTTPS is active.
MM-9916	Message extraction for DKIM signing uses a larger buffer for improved performance.
MM-9939	Certain characters in subject lines could cause the Message History display to fail. Fixed.
MM-9944	A new version of the Management Console UI framework is included.
MM-9952	DMARC evaluation now considers results of checking all DKIM signatures present in the message.
MM-9961	A new REST API request type is available to retrieve a MML file without unpacking.
MM-10119	The MMUpgradeToX prerequisite checker exited unexpectedly on node-only installs where IIS had been uninstalled. Fixed.
MM-10141	Rule Profiler data provided through the REST API was invalid. Fixed.
MM-10164	DeepEvals scores are cached to enhance performance.
MM-10171	The File Update notification email is reformatted and more informative.
MM-10190	Detail and formatting of the file update notification email has been enhanced.
MM-10192	Email messages with the ! character in the local part are no longer blocked by the "suspicious local part" setting.
MM-10195	BTM statistics retrieval is limited to the last 7 days.
MM-10211	The Config Service did not support Unicode characters in the SQL database password. Fixed.
MM-10216	Attempting to view an empty Change Set returned an error. Fixed.
MM-10217	PolicyGroup enabled times could change unexpectedly when edited. Fixed.
MM-10218	Upgrade could fail where the Config Service DB connection used the IIS application pool account. Fixed.
MM-10239	Syslog record insertion to the local database could drop records on service shutdown. Fixed.
MM-10257	When deleted rules were shown in an email policy view, invalid action buttons were enabled. Fixed.
MM-10263	Display pagination issues for the Folder view are corrected.
MM-10270	Display pagination issues for the Message History view are corrected.
MM-10281	Deleted Reputation Services were available for selection. Fixed.
MM-10303	The Reporting Retention Days setting from the interface was not applied. Fixed.
MM-10307	The Server Tool removes any double backslash from path entries to avoid possible issues when services use the path.
MM-10326	For Sent History items, the API did not return a usable reference to the original MML content. Fixed.
MM-10344	The header From: value was not properly populated when the value contained a comma. DKIM would fail due to the empty value. Fixed.
MM-10345	Content-Transfer-Encoding x-uue is recognized (treated as x-uuencode)
MM-10353	For Service Provider Edition installations, the "LHASH" parameter for delivery between nodes is ignored if it cannot be decoded.
MM-10370	The size of the Receiver in-memory CRL cache is increased.
MM-10376	The logic for checking user groups for retrieval is improved.
MM-10397	User Groups could not be added from Active Directory when the OU included non-ASCII characters. Fixed.
MM-10401	Delivery of Syslog records to the remote server is multi-threaded to cater for much higher volume.
MM-10411	Message history search by message name ignores all other parameters.
MM-10407	Visual C++ 2010 redistributable or DLLS are no longer required.
MM-10413	All Database connectivity supports SQL Multi-Subnet Failover.
MM-10434	The release of TLS/SSL libraries included with the product has been updated.

10.0.3 (July 6, 2021)

MM-9761	In earlier 10.X releases, if the database location was changed, the installer did not correctly determine the database to be upgraded. Fixed.
MM-9776	Validation of group names on upgrade is improved.
MM-9802	The Management Console message view now includes a view of raw HTML source for HTML email bodies.
MM-9893	The Receiver could stop unexpectedly due to improper TLS renegotiation. Fixed.
MM-9897	In version 10.0.2, changing Reporting Groups in the Management Console prevented further configuration changes. Fixed.
MM-9914	In earlier 10.X releases, servers could show as offline in the Console because the status check timed out immediately. Fixed: the check waits 10 seconds for a response.

10.0.2 (April 28, 2021)

MM-7052	In earlier 10.X releases, new folder and classification names were not checked for duplicates of existing items. Fixed.
MM-7078	LZH unpacking now uses 7zip files.
MM-7424	Display of the DMARC DNS records on the Management Console Local Domains page was incomplete and inconsistent. Fixed.
MM-7435	When an array had no processing nodes, the Management Console Dashboard raised an error for each auto-refresh. Fixed.
MM-7518	The Marshal IP Reputation Service test function always reported invalid activation code. Fixed.
MM-7533	Rules can now be enabled or disabled from the list in the Management Console.
MM-7595	Reporting Groups can be configured in the Management Console.
MM-8994	With filtered lists, the detail pane could show details of the wrong item. Fixed.
MM-9081	Upgrade of 8.X Registry entries to the 10.X database was incorrectly case sensitive. Fixed.
MM-9087	The installer code has been cleaned of unused functions.
MM-9141	In the Management Console rule group selector, the preview feature hid the IP group selection. Fixed.
MM-9194	Management Console user preferences now allow the user to set the period for which messages in Archive folders are visible. The default is 36 months.
MM-9383	The version of the MSOLEDB driver included has been updated.
MM-9392	Authorized User entries with no name or email address entry could not be blocked/unblocked or deleted/undeleted. Fixed.
MM-9466	Rendering of complex HTML email bodies in the message view is improved.
MM-9473	The Management Console did not show all items in Archive folders if the retention was set to never expire. Fixed.
MM-9477	On the Management Console Edit User page, unnecessary radio button controls are removed.
MM-9502	CRL lookups results are cached in memory for up to an hour to reduce load caused by extremely large CRLs.
MM-9511	References to "black" lists and "white" lists have been changed to "block" and "allow".
MM-9532	The Engine service experienced excessive memory usage and file handle usage in some circumstances. Fixed.
MM-9539	In earlier 10.0 releases, CSS stylesheets displayed as text in the message view. Fixed.
MM-9540	In earlier 10.0 releases, HTML bodies of attached messages were not correctly rendered. Fixed.
MM-9542	SQL performance when purging DMARC data is improved.
MM-9546	The Receiver service no longer uses ANY queries when querying DNS based Reputation Services.
MM-9553	In the Management Console folder view, refreshing the list of dated folders updates the folder tree and retrieves any new folders.
MM-9554	A button to commit configuration on demand (even if no changes are pending) has been added to the Management Console under System Configuration > Array >General.
MM-9555	In the Management Console message details tab, the item size was not displayed. Fixed.
MM-9556	In the Management Console folder view, day folder dates in left and right panes could differ. Fixed.
MM-9559	In earlier 10.0 releases, the Array Statistics API call returned no data. Fixed.
MM-9561	After deleting a message in Folders or Message History, the view was not refreshed and browsers could report errors. Fixed.
MM-9599	The installer check for WebDAV could fail due to missing prerequisite DLLs. Fixed.
MM-9602	The Reporting settings page incorrectly required the MRC URL field to be completed. Fixed.
MM-9609	The installer provides provides better information about how to resolve installation issues.
MM-9612	Config Service database connection with Windows credentials enforced "log on locally" permission to the Array Manager but this was not needed. Fixed.
MM-9616	The Receiver service no longer uses ANY queries when querying the Marshal Reputation Service.
MM-9617	The Receiver service no longer uses ANY queries when querying DNS based block lists.
MM-9618	The Syslog service continued to retry sending and made excessive requests to the database when the target Syslog server refused connections. Fixed.
MM-9619	Usergroup pruning settings were not saved in the configuration backup. Fixed.
MM-9621	DMARC Reporting activity could consume excessive database connections. This issue has been addressed with changes to the connection logic.
MM-9622	The Management Console provides better information when a user cannot be logged on due to system error.
MM-9627	The message stamp and template editor used LF instead of CRLF for line endings. Email with this format is rejected by some servers. Fixed.
MM-9630	Addresses could not be added to user groups when duplicate group names existed in the list (for example, from multiple Connectors). Fixed.
MM-9636	Fields to select the single recipient address and "subscribed by default" were missing from the Management Console Digest configuration page. Fixed.
MM-9643	Certain plain text strings in message subjects were mis-interpreted as UTF-7 encoded in the Console display. Fixed.
MM-9644	Retrieval of Group information by the Management Console has been optimized.
MM-9658	The Management Console uses an updated version of the site framework. Large lists such as email folder lists load more quickly. List scrolling behavior on small windows and low resolutions is corrected. Many small enhancements and minor fixes to functionality are included.
MM-9667	Management Console list columns with numeric data were sorted as text. Fixed: these columns are now sorted numerically.
MM-9672	Failed DNS lookups for A records would not be retried for 24 hours. Fixed: Lookups that fail for transient reasons can be retried after 1 minute.
MM-9675	The Receiver service no longer uses ANY queries when querying the Marshal IP Reputation Service.
MM-9702	When lists in the Management Console were filtered, action buttons could apply to the wrong item. Fixed.
MM-9737	Connection Policy groups could not be disabled. Fixed.
MM-9739	Management Console error messages related to deleting or disabling rules and groups are improved.
MM-9757	The release of TLS/SSL libraries included with the product has been updated.
MM-9779	Import of configuration could fail if it included rules created in some earlier versions that allowed duplicate GUIDs. Fixed.
MM-9782	The version of .NET Core installed is updated to the latest 3.1 (long term support) release.

10.0.1 (November 3, 2020)

MM-3361	Paged views of folders and history in the Console could miss items at the page boundary if they were received within the same second. Fixed.
MM-6288	Outgoing DMARC Report emails are now DKIM signed if DKIM is available for the domain.
MM-7029	The installer checks that requested website ports are available.
MM-7189	Management Console validation of rule user matching is improved (semi-colons are not allowed in email addresses).
MM-7194	Installation requires .NET 3.5 to be pre-installed (automatic installation in-line is not possible in supported Windows versions).
MM-7205	Entering a new license key requires commit of configuration, but the commit button was not enabled in this case. Fixed.
MM-7271	Un-installation now removes the Management Console and Config Service websites from IIS.
MM-7357	If configuration commit requires service restarts, the console user is notified. This notification was present in 8.X but was not available in 10.0.0.
MM-7411	Attempting to view a Message History record (with no message body information) could return an error in the Mail History view of the Console. Fixed.
MM-7534	Maintenance expiry is show on the license details page.
MM-7598	Version information ("About") is available in the Profile section of the Management Console.
MM-8477	When services restart, the Receiver service is started first to improve responsiveness where the Engine loads a large configuration.
MM-8632	DMARC results reported by MailMarshal for local domains were not sent to an external RUA. Fixed.
MM-8733	For MailMarshal Service Provider Edition installations, additional checking of the Customer ID is performed when a user attempts to view a message.
MM-8871	Logging could show an incorrect rule name for a Pass to Rule action if the action had been edited. Processing was not affected. Fixed.
MM-8875	If a MailMarshal 8.2 database is selected for use, User Group and Connectors information is checked. Groups must match the groups available in MailMarshal 10. If the groups do not match, the database will not be accepted.
MM-8876	When a new MailMarshal database is created in the server tool, user groups are populated from the Configuration Service database.
MM-8938	For MailMarshal Service Provider Edition installations, Receiver SPF checking for local addresses could cause some notification messages to fail. Fixed.
MM-8955	Status of manual configuration restore is better presented in the Management Console.
MM-8974	Upgrade is blocked if an invalid "pass to rule" action is found in the previous version configuration.
MM-8982	Scheduled automatic backups were run at the time entered even if the "back up at" option was not selected. Fixed.
MM-8993	Filtering in Message History and Folders views was not effective. Fixed. Note that filtering only affects the currently displayed page. To search over all messages use the message search.
MM-9027	Setting of the physical path for each folder is supported.
MM-9028	A "task was cancelled" message displayed if a manual check for updates took a long time. Fixed.
MM-9033	Management Console logs are deleted after 30 days by default.
MM-9042	For new installations or upgrades from 8.2, the Management Console SSL certificate matches the local server name.
MM-9043	In release 10.0.0, the Folders view of email did not open in certain timezones at certain times of day. Fixed.
MM-9044	In release 10.0.0, SQL Server 2017 or 2019 was not detected as a permitted version. Fixed.
MM-9093	The release of TLS/SSL libraries included with the product has been updated.
MM-9094	In release 10.0.0, rule user matching did not display the user list for editing when more than one individual user entry was present. Fixed.
MM-9122	In release 10.0.0, creating a user group with wide characters in the name or description returned an error. The group was created but the name was not correctly displayed. Fixed.
MM-9123	In release 10.0.0, the calendar control display in Mail History Search showed incorrect weekdays for dates. Fixed.
MM-9127	In release 10.0.0, some entries in Advanced Settings were incorrectly treated as case sensitive, and services could stop as a result. Fixed.
MM-9129	TLS version limits can now be set in Advanced Settings. For details see Trustwave Knowledgebase article Q21147. Upgrade now imports the settings made in Registry in version 8.X.
MM-9131	The version of .NET Core installed is updated to the current 3.1 (long term support) release.
MM-9132	Upgrade prerequisite checks could fail due to case sensitive checking of AD connector prefixes. Fixed.
MM-9136	An additional SQL table index is added for User Groups to enhance Array Manager performance.
MM-9146	Upgrade from 8.X could not proceed if the System account was the Operational User of the MailMarshal database and the logged on user did not have database access. Fixed.
MM-9147	Editing an IP group did not correctly populate the form and the group could not be updated. Fixed.
MM-9149	The installer checks availability of website ports.
MM-9156	To enhance performance on very busy systems, the maximum values for sender threads configurable in the user interface have been increased and the sender check for processed messages is more frequent.
MM-9181	In release 10.0.0, upgrade or import of connectors did not handle names or descriptions that included certain extended characters. Fixed: German and Nordic characters are supported.
MM-9189	In release 10.0.0, the last user group in the list in the Console could not be opened by double-clicking. Fixed.
MM-9200	In release 10.0.0, the display of the message component tree in the Console was incorrect for identically named children of different attachments. Fixed.
MM-9218	Rejected message records in the database did not correctly translate IPv4 addresses stored in the IPv6 column. Fixed.
MM-9221	In release 10.0.0, upgrade could un-populate membership of connector based groups. Fixed.
MM-9222	The database record for a message could show an incorrect subject where multiple messages were received on the same connection. Fixed.
MM-9249	In release 10.0.0, high ASCII characters in subjects and filenames did not display correctly in the Console. Fixed.
MM-9255	After upgrade to 10.0.0 on a single server system, virus scanner updates could fail because a copy of an old license key was not removed. Fixed.
MM-9261	In release 10.0.0, files named with certain characters could not be viewed or downloaded in the Console. Fixed.
MM-9264	The listing of Top Level Domains included in the installation is updated (used by Blended Threat rewriting, DMARC, and SpamSURBL functions).
MM-9306	The SpamProfiler cartridge (executable) included in the release has been updated.
MM-9326	On upgrade to release 10.0.0, configuration import failed if disabled rules referenced non-existent user groups. Fixed: the offending disabled rules will not be imported.
MM-9347	Deleted Management Console users can be undeleted on the Authorized Users page.
MM-9397	Connector refresh times were not correctly set on restart of the Array Manager (UTC offset not applied). Delay to the next refresh could result. Fixed.
MM-9430	The version of the PDF unpacker that is included in the installation has been updated.

10.0.0 (April 14, 2020)

MM-4077	Certificate Revocation List retrieval is improved: retrieval stops after the first successful download and information about failed sources is cached.
MM-5741	In SpamCensor attachment checking, search limits now allow ranges. Details are available in the Advanced Anti-spam document.
MM-6645	Category script evaluation was not performed on a RTF email body contained in "winmail.dat". Fixed.
MM-6685	In Category Scripts, TextCensor rules with a score of zero (used in combinations of rules) did not trigger. Fixed.
MM-6697	Specific complex email address local parts could cause the Receiver to stop. Fixed.
MM-6797	The Header Rewrite action "insert if missing" replaced an existing header value. Fixed: the action does not change an existing header.
MM-6847	Elliptic Curves "X25519" and "X448" are supported for key exchange. "secp256k1" is no longer supported because it cannot be used with TLSv1.3. At least one Elliptic Curve will always be selected in the Configurator. "X25519" is the default choice.
MM-6853	DMARC evaluation did not correctly check domain alignment of the DKIM or SPF pass. Fixed.
MM-6900	The REST API did not handle large volumes of concurrent requests. Fixed.
MM-7209	In version 8.2.3 and 8.2.4, the "last seen" date for user group entries was not updated as expected. Fixed.
MM-7280	In version 8.2.2 through 8.2.4, DMARC validation failed when SPF was validated but an invalid DKIM key was retrieved. Fixed.
MM-8439	The Category Script "filter by types" selection has been removed from the user interface.
MM-8919	DMARC report generation deleted unrelated configuration files from the Unpacking\Temp subfolder. In some cases the Engine service stopped as a result. Also, invalid DMARC report messages were never deleted. Both issues fixed.
MM-8921	Expired day folders within the DMARC Reports folder were never deleted. Fixed.

To review Release History for earlier releases, please see the Release Notes for the specific versions.

Legal Notice

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

The authors make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.