|
Sambar Server Documentation
|
| Release History |
| Release | Features |
|---|---|
| Release 5.1 Production (4/2002) |
Fixed bug in mailing list BOUNCE header causing router failure
(thanks Jorge Somers!) Fixed inconsistency between mail routing pattern max in GUI and internally (thanks Paul Bickwermert!) Fixed security vulnerability associated with Authentication header corruption (thanks Mark Litchfield of ngasoftware.com) Fixed security vulnerability associated with "onfailure" RPC parameter (thanks Mark Litchfield of ngasoftware.com) Removed both cgi-win sample applications that shipped with the server (security vulnerability reported by Mark Litchfield of ngasoftware.com) Fixed custom logging to return query string when %q is specified (thanks Kevin Anderson!) Fixed intermittent bug with LIMIT sections in .htaccess (thanks Danny Mallory!) Modified scripting to truncate buffer on string evaluation rather than fail (thanks Ken Johanson!) |
| Release 5.1 Beta 5 (3/2002) |
Fixed crash introduced in 5.1 beta 3 SSI processing of DOCUMENT_ROOT. Fixed routing of BCC messages to strip errant 'From'. Changed log rotation format to include year. Removed the 255 character limit for DNS hosts file GUI editor; limit is now 1000 (thanks Melvyn Sopacua!) Fixed CScript 'if' and 'else if' statement processing (thanks Thomas Klingler!) Added 'group' to the SA_FTP structure for group access restrictions. Fixed infinite-loop and crash bug in CScript 'if' statement execution (thanks Thomas Klingler!) Added REMOTE_ADDR to ISAPI variables (thanks Melvyn Sopacua!). Removed errant code that stripped Document Directory if found as first part of the URL. Removed /syshelp/ssienv.shtml to remove potential security issue (thanks Dino!). Fixed "home" for rfc822 mail attachments in WebMail (thanks Sonia!). Upgraded to ZLIB 1.1.4 to fix buffer overflow bug. Implemented DNS Wildcards for wildcard matching on A record lookups against the hosts and mxhosts files. Added multiple rename() attempts so no Mail ROUTER shutdowns will occur on failure. Fixed WebMail filters to use CSS class names when appropriate. Fixed SQL Logger to use configured cache (rather than AUTH cache); thanks Peter Heywood! Added ability to have numbers in mailing list names. Upgraded SQLite to 2.3.3 Modified url-edit and dm-edit to perform html2txt on file contents to escape < > (thanks Ken Johanson!) Modified mailing list bounce mail handler to ignore soft bounces and delete user from mailing list on hard bounces. Added support for "opts utf8 on" in FTP server (thanks Steffen!). Fixed regex and regexi CScript functions (thanks Thomas Klingler!). Fixed some webmail HTML formatting errors (thanks Jorge Somers!). Added dbms.log to automatic log rotation processing. |
| Release 5.1 Beta 4 (2/2002) |
Fixup bare line-feeds from SMTP data passed via mail router. Changed Mail replyfile and forwardfile routing rules to pass the mime type of the file rather than text/plain (thanks Thomas Klingler!). If "Automatic Log Rotation" is enabled, rotate server.log and generate report. Fixed PATH_INFO in CGI scripts to better map PHP_SELF in PHP. Implemented "Exclude User Directories" to prevent access to users (i.e. admin) with Root Directories that should not be accessed. Fixed mailing list RE: versus Prepend Subject conflict (thanks Michael). Modified compilation of sambarcm.dll to disable optimizations (crashed RAS dial-on-demand). Fixed bug in CScript 'cp' routine (thanks Thomas Klingler!) Added /servlets/ directory to the JavaEngine CLASSPATH. Added "Enable Versioning" boolean to turn on/off versioning in Document Manager and WebDAV. Modified Automatic Log Rotation to rotate Mail and Server logs in addition to HTTP (htaccess). Implemented "User Directories" feature to map user root directories to /~username/ Fixed version control bug that affected checkin (thanks Oliver Deane!). Allow clearing of Append/Prepend script in htaccess via: PrependScript text/html ""Implemented forwardfile mail filter compliment to replyfile. Allow text strings output by mailmsgnav and mailheader to be internationalized. Fixed bug in mailing list when full domain names (local) are used (Thanks Joshua James!) Fixed STMP failure with replyfile when SMTP AUTH enabled (Thanks Danny Mallory!) Redesiged SQL Authentication to use custom log format for building query. Fixed bug in ISAPI ALL_HTTP that caused PHP to fail. Added WM_ENDSESSION handler for graceful shutdown on user logout. Added new Desktop prototype for single-signon access to WebMail, Document Manager, Disk Usage etc. Fixed Global Routing bug when BCC is used; message delivery looping (thanks Robert Stein!) Added SERVER_ADDR and SERVERIP to CGI and ISAPI. Fixed bugs in htaccess RedirectMatch: optional type and regex match of redirect argument failure (thanks Melvyn Sopacua!) Added RCH script element (same as RC@txt2html(RCDcachename.1)). New server features documentation (thanks Ken Johanson!) Fixed CScript bug where float points are mangled to integers on division and multiplication (thanks Thomas Klingler!) Fixed DHCP leases duration displayed and expired (thanks Ulrich Neumann). Allow "Tmp Directory" to be overridden per-vhost basis. Closed DoS security hole associated with cgi-win applications (reported by Tamer Sahin at www.securityoffice.net). Redesigned Document Manager to support multi-file operations. Added "Always Allow localhost" parameter to mail.ini for overriding SMTP AUTH. Revamped samples to use templates and added "Edit-This-Page" feature. Modified SMTP and POP3 servers to translate star (*) symbols to the at (@) symbol for username logins. This allows the Netscape mail client to access virtual-hosted mail accounts. Modified JavaEngine to no longer use "classic" interface (allows use with JRE 1.4). Fixed several bugs in Custom and SQL logging (%B, %{User-agent}i etc.). Fixed htacess Files and FilesMatch directive testing (thanks Steffen!). Fixed SMTP server bug that blocked outgoing mail if SMTP AUTH was not used (thanks Joe Maselli!). Allow CGI execution of .exe renamed .cgi (test executable mode). Fixed RCinclude to pass POST content to PHP scripts. Added RCEgroup variable. Upgraded OpenSSL libraries to 0.9.6c. |
| Release 5.1 Beta 3 (1/2002) |
Added several new htaccess directives including LIMITEXCEPT, Files,
FilesMatch, DirectoryMatch, and LocationMatch. Fixed mail search to not return false-positives. Added flastmod and fsize SSI commands. Added [envt] section to the config.ini for setting environment variables (both RCE and system setenv()). Modified SMTP server to forward "unknown" Local Domain mail to servers specified in the Relay Domains. Added support for "530 Login invalid." in proxy server. Modified all access.log writes to correctly log dynamic content length. Added custom log format for access.log Modified attachment boundary text changing ** to - so batemail won't strip the attachment (thanks Aaron). Fixed several DHCP bugs (thanks Ulrich Neumann). Fixed the search engine to handle full Latin-1 character set. Fixed RC$paramname.# to return the number of values corresponding to the paramname. Modified the JavaEngine log and logctx calls to pass a log level. Added Automatic Relogin boolean to allow automatic relogin after server restart, timeout or round-robin DNS environments. Fixed support for globals in CScript. Modified the NTAUTH, SQLAUTH and RADIUS authentication modules to look in the config/passwd for user access privileges. Reworked the server.log file format and added log levels. Fixed crash when Login Script used with ISAPI module. Added ability to view raw mail message header (useful for spam blocking). Fixed several cscript bugs (sprintf, NULL vs. "", etc.). Thanks Troy Leaver! Added the ability to unload an ISAPI DLL without restarting the server. Modified RCXfetchurl to honor the timeout during connect. Fixed mailing list bug that resulted in subsequent mailbox message being attached to the mailing list message. Extended the user's profile attributes with 'davdir' which maps to either 'dir' or the Documents Directory (for Document Manager access). |
| Release 5.1 Beta 2 (11/2001) |
Fixed bug in the JavaEngine JSP handler that returned the directory listing
when a JSP default page (i.e. index.jsp) is requested. Removed white-space inserted by server when an Automatic Directory Readme file is appended (thanks Jorge Somers!). Fixed mail fetcher "often" period to be every 10 minutes as documented. Added AuthMethod directive to specify the htaccess authentication mechanism. Fixed mail routing bug that caused mail server to hang on invalid message headers. Added the option of logging to a SQL table in addition to the access.log. Added ability to have multiple System Administrators (space separated list). Added SQL Authentication module for authenticating users against a DBMS. Modified the mail router to use the same retry mechanism when a remote SMTP server is configured as if the MTA is used. Fixed NT Authentication to try both SECUR32.DLL and SECURITY.DLL Extended the Login Monitor to apply to all .htaccess login restrictions. Replace GNUJSP with the Apache/Jasper JSP engine. Change config/mappings.ini [servlet-aliases] to: *.jsp = org.apache.jasper.servlet.JspServlet Added alias lookup support for combination of multiple user@domainX in addition to standard mailbox 'user' (thanks Falk Nisius). Fixed problem with missing 'From' user corrupting mailbox. Upgraded Servlet and JSP engine to Servlet 2.2 and JSP 1.1 support (Jasper JSP engine from Apache Tomcat 3.3 now included with distribution). Fixed PATH_TRANSLATED for ISAPI requests when aliases are used. Added "norequireSSL from" to perform the inverse function to requireSSL. Fixed "requireSSL from" to properly parse the entire IP list provided. Added Expire configuration parameters for dynamic server pages. Limited damage from SSL hang when Netscape 6.1 connects to the server -- needed fix is not available until the OpenSSL 0.9.7 release. initialization call for TLS usage (thanks Melvyn Sopacua!). Fixed mailing list reply-to and sender options to either: author | list | email-address Changed RCXmailnav to generate it's own TABLE tags, inconsistent with previous WebMail. Implemented Security Audit feature (/sysadmin/security/audit.stm). Fixed the CRON daemon to close open handles when spawning user processes (fixes handle leak/crash). Implemented Throttle IPs to limit the number of cnnections from a single host (thanks Jeff Adams!). Generalized distribution mechanism so it can be used for any server files. Implemented POP3 CAPA command for Outlook Express compatibility. Added requireSSL from ip1 ...ipN to HTACCESS directives. Fixed mailing list forwarding of attachments when sent from Netscape (thanks Chris Dixon!). Fixed mailto RPC to handle newline after To: list (fixes mail header bug in WebMail rewrite). Modified watcher daemon to attempt to restart the server three times before failing. Added special hash (#) character for returning the number of parameters returned in a multi-input form. Added HTACCESS support ErrorDocument. Upgraded to Danny Mallory & Nick Shaver's FANTASTIC!!! new WebMail interface. Added "Envelope-To:" support for mail fetcher. Updated SSL documentation thanks to Ann Lynnworth. Modified POP3 reader to allow WebMail and Outlook to share access in POP3. Added CGI Terminate configuration paramter to terminate CGI scripts on client disconnect. Fixed FTP Radius/NT login authentication module. Added "Flush Logs" option to disable buffering of log data on write. Fixed /session/highlight to skip non-text/html content. Added RCESERVER_ADDR to determine what server IP the client is connected to. |
| Release 5.0 Production (8/2001) |
Added the ability to delivery via relay using SMTP AUTH. Added NoISAPI and NoASP htaccess options. Fixed crash in RCXsendmail when username/password used (introduced in 5.0 B5 -- thanks Dave Goode!). Fixed CGI script security vulnerabilty (thanks Jeremiah Hobson!). Fixed buffer overflow sercurity bug in the telnet daemon. Added Maximum Fetcher Failures to allow fetcher failure shutdown to be configurable. Close STMP connection on mail message that exceeds maximum length (to avoid denial of service attacks). Fixed bug in mail global routing rules (missed first line of message body). Fixed ISAPI ALL_HTTP server variable to return data in correct format (fixes PHP bug). Fixed mail fetcher crash associated with unexpected headers. Fixed CGI processing to return STDERR information to client if CGI stderr = true. Removed /sysuser/cssmail from distribution (unable to keep in sync with WebMail). Fixed RCterminate to operate correctly when used in a PrependScript. Significantly improved the System Administrator console with new pages from Ken Johanson. Don't forward messages directed to the SMTP server as the result of a message bounce (thanks Jens Sorensen). Only log authenticate/logged-in users in the server.log Fixed corrupt ssleay.cnf file that shipped with previous releases (thanks Jeff Green!) Fixed stack overflow associated with invalid ISAPI DLL requests (thanks Montana!). Added getParameters() to ASP parameter processing for multi-input forms. Made max fetcher failures before fetcher shutdown configurable in mail.ini. Added CScript samples under /sysadmin/control/index.asp. Closed security hole in SSI; disallow .. in #include file (thanks Noam Rathaus!) Added ability to LIMIT based on WebDAV access requests via .htaccess. Added setheader functionality to Sambar script scalars. Added Header set functionality to htaccess. Fixed the POP3 IP security when both POP3 Server and Proxy are enabled. Fixed ISAPI mapping to work properly when ISAPI Extensions is blank (thanks Alex Broens. Added SMTP AUTH support to mailit.exe. Added support for T_ANY DNS lookups. Fixed Fetcher to handle somewhat malformed mail messages. Fixed Fetcher to use "local" Unknown Mailbox rather than system. Fixed bug in mail relaying (Restrict Relay IPs could not be set). Fixed two servlet bugs related to JSP default pages and HttpUtils.getRequestURL() (thanks Kevin Anderson!) Added RCEbuilddate to the server environment variables. |
| Release 5.0 Beta 5 (7/2001) |
Modified fetcher to use "Recieved... for" if available, when no local
user found. Evaluate .htaccess for "File not found" errors so RedirectMatch can be evaluated (thanks Jeff Adams) Modify the config.ini file with each dynamic change via the sysadmin console (so changes are preserved on restart.) Added SSL-FTP server support. Fixed /servlet/ mapping in JavaEngine. Fixed bare line-feeds in SMTP interfaces as per RFC 822 (thanks Dave Culberston!) Fixed security leak associated with the pagecount RPC, and changed to script-only execution (thanks John Boatwright!) |
| Release 5.0 Beta 4 (6/2001) |
Fixed MTA retry code (mail was not being re-tried every 4 hours). Changed MTA to bounce all 5xy messages to the sender immediately. Added optional username/password to RCXsendmail RPC. Fixed mail server fully qualified domain name bug in mail routing. Added POP3/SSL support to mail server; automatically available if SSL and Mail server are both enabled. Changed the Windows Tray application to perform correctly when the X box is clicked (hide to tray); exit requires right-click in system tray. Fixed the Document Manager IE Edit "Save" button bug (now always enabled.) Fixed the mailit.exe to send attachments as ISO-8859-1 rather than US=ASCII (thanks Michal Nusko). Added mail anti-spam routing filters. (See the anti-spam documentation for details. Allow mailing lists to be domain specific (thanks James!) Increased mail aliases configuration to 500 entries from 50. Fixed DLL loader to be case-insensitive when loading ISAPI extension DLLs (thanks Marcel Kuiper!) Added RCEservicename to return the name of the NT service (if in use). Fixed CGI environment variable PATH_TRANSLATED to conform to use by PHP (thanks Ken Johanson!) Added startup/shutdown options for cron actions. Modified GUI to display more lines of the activity log. Modified WebMail "sent" folder to display recipient rather than sender. Maximum Simultaneous Logins can now be restricted. |
| Release 5.0 Beta 2 & 3 (5/2001) |
Fixed mail message delivery bug due to invalid local user (thanks Dave Culberston!) Increased the number of global routing rules permitted to 200. Fixed NT Service -c option for specifying a configuration directory. Added NTVIEW.EXE, a GUI for viewing NT Service activity. Made Windows Server GUI resizeable. Added byte logging to SMTP and POP3 mail. Automatic log rotation now rotates mail, dhcp, and search logs (in addition to HTTP and proxy) Added DHCP server (still Alpha quality). Added RCterminate to halt all execution including nested scripts. Added Radius Server authentication option. Added NTP Server (time) synchronization option. Fixed run-away logins (bug with large cookies -- thanks Ken Johanson!) Fixed SCRIPT_URI CGI variable argument (thanks Ken Johanson!) Fixed SSI file open of '' failure (the bug was found in GZIP file compression as well). Drop ability to override cgi-win execution with module extensions. |
| Release 5.0 Beta 1 (3/2001) |
Changed ISAPI direct execute extensions to return 404 (not found)
for missing files. Allow mail with attachments to be prohibited from mailing lists. Optional subscribe/unsubscribe messages in mailing lists. Optional footer messages for mailing list messages. Fixed multiple mailing list administrators (management GUI in WebMail). Added option to modify service name on installation of ntserver. Modified server and ntserver to take -c Implemented multiple message move from the webmail home page. Changed mail router router to send HELO message with mail server name. Modified compression code to fix ZLIB failure. Fixed stripping of first character from mail addresses. Added CScript ASP support. |
| Archived release history... | |
© 1998-2001 Sambar Technologies. All rights reserved. Terms of Use.