Changelog (last 12 months)

New in Version 13.3.9 [ Oct 01 2017]
========================================

* New Features and Improvements *
- [For v 13.3.9] - New SSL VPN activity report added.
- [For v 13.3.9] - Activity reports now export to a file with a CSV extension. ( TAB delimited format).
- [For v 13.3.8] - Added a new System Health check. Monitor search index health for the Kopano Search server.
- [For v 13.3.8] - Reduced system load when collecting log information.
- Added security HTTP headers to the webserver for PCI compliance.
- Reduced the memory footprint of the Web server on low RAM boxes.
- Enabled PHP opcache to speed up web server PHP parsing. Reduces server load.
- Update the SSL cipher suite to allow PFS ( perfect forward secrecy) ciphers. PCI compliance.
- PCI Compliance. Removed all hidden fields from authentication pages and removed the reliance on URL GET values.
- Recompiled the sendmail email MTA software to allow ServerSSLOptions to control SSL options. This is for PCI
compliance of the MTA.
- Added an option on the Email=> General page to allow the use of high security ciphers for SSL.
- Added a new option to Anti-Spam=> Advanced page. Enable an initial DNS RBL check - The mail server will now do an RBL
DNS check on the connecting host and deny access if the host exists in the RBL.

- Modified System Status=> Dmi Data to display information about memory slot population.
- Added a facility to allow a reverse SSH tunnel to firewalled boxes. This allows support to boxes that have a router
that is firewalled and not allowing incoming connections to the Igaware server.
- Added a Social networks category to the Web Filter.
- Added several fake email server and sender domains to the email block list.

* Fixes *
- Kopano SSL server ( port 237). Letsencrypt and other trusted certificates are now used properly for the Kopano
server's SSL connection. PCI compliance.
- IPSec VPN. Changed the Dead Peer Detection settings to quickly bring the link up on a DPD event.
- Email=> Blocking List. Fixed a problem where some entries where not written to the access_db correctly.
- Email Filtering. Fixed a problem where extra LAN networks where not trusted and email sent from them could be highly
spam scored.
- Updated and fixed a rare problem with the log rotation scripts.
- System=> SSL Certificates. Fixed the "days remaining" value. This wasn't reporting the correct number of days left
before certificate expiry.
- Updated the PHP pear/Mail module to the latest version. Fixes static call problem for SSL VPN config mail.

New in Version 13.3.9 [ Oct 01 2017]
========================================

* New Features and Improvements *
- New SSL VPN activity report added.
- Activity reports now export to a file with a CSV extension. ( TAB delimited format).
- Added a new System Health check. Monitor search index health for the Kopano Search server.
-Reduced system load when collecting log information.
- Added security HTTP headers to the webserver for PCI compliance.
- Reduced the memory footprint of the Web server on low RAM boxes.
- Enabled PHP opcache to speed up web server PHP parsing. Reduces server load.
- Update the SSL cipher suite to allow PFS ( perfect forward secrecy) ciphers. PCI compliance.
- PCI Compliance. Removed all hidden fields from authentication pages and removed the reliance on URL GET values.
- Recompiled the sendmail email MTA software to allow ServerSSLOptions to control SSL options. This is for PCI compliance of the MTA.
- Added an option on the Email=> General page to allow the use of high security ciphers for SSL.
- Added a new option to Anti-Spam=> Advanced page. Enable an initial DNS RBL check
- The mail server will now do an RBL DNS check on the connecting host and deny access if the host exists in the RBL.
- Modified System Status=> Dmi Data to display information about memory slot population.
- Added a facility to allow a reverse SSH tunnel to firewalled boxes. This allows support to boxes that have a router that is firewalled and not allowing incoming connections to the Igaware server.
- Added a Social networks category to the Web Filter.
- Added several fake email server and sender domains to the email block list.

* Fixes *
- Kopano SSL server ( port 237). Letsencrypt and other trusted certificates are now used properly for the Kopano server's SSL connection. PCI compliance.
- IPSec VPN. Changed the Dead Peer Detection settings to quickly bring the link up on a DPD event.
- Email=> Blocking List. Fixed a problem where some entries where not written to the access_db correctly.
- Email Filtering. Fixed a problem where extra LAN networks where not trusted and email sent from them could be highly spam scored.
- Updated and fixed a rare problem with the log rotation scripts.
- System=> SSL Certificates. Fixed the "days remaining" value. This wasn't reporting the correct number of days left before certificate expiry.
- Updated the PHP pear/Mail module to the latest version. Fixes static call problem for SSL VPN config mail.

New in Version 13.3.1 [ Jun 28 2017]
========================================

* New Features and Improvements *
- Installed a new version of Sophos AV software.
- Updated the OpenSSL libraries.
- Modified the Rsync backup server config' To allow multiple entries.
- Security hardened the Mail Server to only allow high strength ciphers.
- Web activity report search function has been re-written. Can now use | to separate multiple websites and * for a wildcard.
- New Anti-Spam rule added (IGA_RDNS_SPFERR). Triggers on both no RDNS and an SPF error.

* Fixes *
- Fixed a bug with the Desktop vacation message. It didn't work properly for non ADS accounts.
- Added the secure flag for HTTP cookies ( for PCI compliance).
- Completely re-written the hardware sensors health monitoring. Using IMPI and legacy sensors data. The CPU temps and
FAN speed will now be as accurate as possible. Tailored for each unique hardware platform.

New in Version 13.2.13 [ May 25 2017]
========================================

* New Features and Improvements *
- Updated the Horde groupware to the newest version. The old version is still available via a link on the login page.
- Added an option to the backup system to disable file deletion for Rsync backups. This is to protect against "locky"
type malware such as WanaCry.
- Updated the Active-Sync component of Zarafa to z-push version 2.3.6.OS
- zarafa-search/ zarafa-server now don't restart if it's already running
- Don't restart Zarafa Server if it is already running.
- Updated the HTTP Apache Web server to the latest version - 2.4.25 ( for http2 fixes [ deskapp files] )
- Added some Zarafa database housekeeping scripts.

* Fixes *
- Disabled IPv6 for Ethernet interfaces.
- Zarafa search startup and shutdown scripts now shutdown the search daemon properly.
- Fixed some problems with HTTP2 for the web server.

New in Version 13.2.12-1 [ Apr 30 2017]
========================================

* New Features and Improvements *
- Modified the initial boot-up scripts. The Igaware Server boot would halt with the maintenance mode if a hard disk was
not present. Now boots anyway.
- Installed libsmbclient-php. This provides SMB file access for the Zarafa Webapp FIles component.
- Added spell checker to Zarafa Webapp. The user still has to enable it in Webapp settings.
- Improved the speed of the web based applications. Added the opcache module to cache, in memory, pre-compiled PHP scripts.
- Installed catdoc to allow the indexing of MS documents for the Zarafa Search engine.
- Updated the Active-Sync component of Zarafa to z-push version 2.3.5.
- For Mail Scanning HTML SCRIPT tags in emails are disarmed instead of being blocked. This is configurable.
- Added a boot recovery mode ( initramfs). This allows local or remote access to the Igaware server without any
filesystems being mounted. This means that the root filesystem can be easily fixed if it ever goes wrong. Not yet :)
- Re-compiled PHP with "enchant". This is for the Webapp spell checker.
- Updated the aspell libraries. This is for the Webapp spell checker.
- Updated the ncuses libraries.
- Added cram-md5 authentication to the dovecot IMAP server.
- The MySql server is now not restarted automatically after a configuration change/ update.
- Improved the kernel swap performance by enabling zswap. If a system does go in to swap it will not be brought down
immediately by high load. This gives enough warning for us to fix the problem.
- The Zarafa Global Address Book ( GAB) is now synced automatically for Active-Sync Outlook users.
- Updated the "Scan LAN Network" function to include any Netbios or ARP detected devices. Fing doesn't find some
machines if they aren't pingable.
- Active Directory Server (ADS) provisioning. Zarafa groups are now copied to the Igaware ADS schema automatically
during provisioning of a new Igaware ADS.

* Fixes *
- Fixed a long standing problem with Windows ACE security for the File Server. Windows security settings are now stored
in a database rather than on the underlying filesystem. However, filesystem security settings were still being accounted. These have been removed.
- The Web config interface Zarafa groups display page has been rationalised.
- The sysvol and netlogon shares now use the new security database and not the filesystem permissions.
- Fixed a problem when an extra hard disk RAID pair are used on the File Server.
- When a config' change was made to the Windows file server the Netbios name daemon would sometimes not restart properly, resulting in problems with network browsing. This has been fixed.
- Removed TDB database mutexes on the File Server. This caused Lock violations.

New in Version 13.2.11-1 [ Mar 31 2017]
=======================================

* New Features and Improvements *
- Updated the cryptography libraries ( openssl) to the lastest version for security reasons.
- Updated the Zarafa supporting libraries. This provides speed improvements.
- Added HTTP v2 support to the Apache web server. This provides bandwidth reduction and speed improvements.
- Improved the speed of the Apache web server. Moved the scoreboard file to shared memory.
- Added HTTP v2 support to the Apache web server.
- Updated Nmap to version 7.40. Nmap is a utility for network exploration and security auditing.
- The FTP server now has a built-in ls command. This allows directory listings for Shares.
- Updated the XML library (libxml2) to version 2.9.
- Updated NTFS related programs to the latest version. Mainly used for NTFS filesystem backups.
- Added the option - "Force use of high security SSL ciphers" - for the Zarafa (POP/ IMAP) gateway.
- Disabled the "ADS Realm" field if the Igaware server is already provisioned as an Active Directory server.

* Fixes *
- Squashed a bug with the new version of Zarafa. When sending to a mal-formed email address the bounce message would
contain foreign characters for the failed recipient.
- SSL VPN. Fixed a typo in the config file.
- Added a one-off call to z-push-admin -a fixstate. This is to fix and/or upgrade the z-push ( active-sync) profiles.
- Allow selected boxes to use an older version of PHP. This is until Horde is upgraded.
- Failed local email delivery will now be queued instead of being delivered to the users default mail folder.
- Set backend for z-push to BackendZarafa if Kopano is not being used.
- Fixed the firewall init' script for the fail2ban server.
- Fixed a bug with the Health status for the PPPOE network watchdog.
- Squashed a bug with the Letsencryt.org certificate renewal.

New in Version 13.2.10-3 [ Mar 22 2017]
========================================

* New Features and Improvements *

- Fixed z-push ( active-sync) state data for 13.2.10-3
- Several features and fixes addedd for 13.2.10-2
- Updated the Linux kernel to version 4.4.36-64.
- Installed fail2ban to block remote access from persistent "script kiddies".
- Updated the Zarafa system to the latest version of 7.2.5. This fixes a memory leak that slowed the server down over
several weeks.
- Re-compiled Zarafa 7.2 with new Gsoap, tcmalloc and vmime libraries. This removes a memory leak.
- Major update for PHP software to v5.5 from v5.3
- Added "Don't allow insecure plain-text login for POP or IMAP" option for Zarafa IMAP/ POP.
- Added a "RELAY:" option to the "SMTP Relay" page for the user entered domain list. The "Relay" host will be able to
relay through the mail server. This will never normally be required.
- Updated the tcpdump program ( network packet tracing) to the latest version.
- Updated the libpcap network libraries.
- Added a charset alias for glibc iconv. /usr/lib/gconv/gconv-modules - added "alias KS_C_5601-1987//
EUC-KR//". This is to handle Korean character sets in MIME Email.
- Removed the libiconv libraries. Was causing confusion and is not required - support is in glibc.
- Recompiled all binaries relying on the old libiconv libraries - rsync, clamav, lm_sensors, Zarafa.
- Updated the hard disk untility program - hdparm - to the latest version.
- Re-compiled gperf-tools ( tcmalloc) to create new .la ( libtool linker) files. To reference new compiler libstd++
file location
- Added a "within subnet" sanity check to the WAN gateway address.
- Updated the "checkin" web page with the real hardware product data, up-time and RAM information.
- Updated the hardware sensors ( for temperature and fan speed). Installed IPMITOOLS for sensors.
- Updated Zarafa Search with a new configuration file.
- Modified "default email domain" in Email=> General to include forwarded domains.
- Installed new self-signed SSL certificates for sendmail . You should use the letsencrypt certificates, if possible.
- Updated the FTP server software.
- Updated the IMAP/POP email server software.
- Updated the Fing network scanning software to v3.0
- Update the Z-Push active-sync software to v2.3
- Updated the cifs-utils software used to mount remote SMB shares for backup.( mount.cifs)
- The incoming SMTP mail server now also listens on port 587.
- Updated the Nmap network scaning software to v7.
- Updated System_Daemon php scripts
- Changed default dhcp lease time to 3 days from 1 month
- Updated the DHCP server software to the latest version.
- Removed root user access for FTP server.

* Fixes *
- Fixed ifup-aliases. Now ignores the main WAN ip and does not duplicate it.
- Fixed Zarafa for Korean charset display problem.
- Patched the GSOAP libraries with Zarafa patches ( memory leak) . Compiled as shared libraries. Looks like previously
it was static.
- Fixed some console system status health scripts. Now stores time of last fail. Reboot status now shows all reboots in history.
- Brain-dead Zarafa servers issue a kill(0,) which sends a kill to all process group members. Kills init.d script and affects console_health. Added trap '' SIGTERM to init.d script for Zarafa.
- Removed the loading of SIP VOIP helper modules on all machines. (rmmod sip helper modules in rsyncittemp)
- Fixed the email alias user list for file share access. For ADS users use the sAMAccountName as the key for write-read
access list.
- Changed the sendmail MTA CA certificate bundle to ca-bundle ( STARTLS can now verify incoming SSL connections)
- NOTE: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge causes lost interrupt and poll mode for bad
performance !!!
- Make sure that the Realtek r8168 driver is installed if the card is a 8168 chipset. The Linux default r8169 will not work at gigabit speeds !!
- DHCP server config - don't allow "/" in machine names.
- Fixed display issues with "Lan Devices" pages. Did not remember interfaces option and defaulted back to LAN if LAN2 was selected.
- Enabled LOOSE_PROVISIONING for Z-push ( active-sync). Android update requires it.
- Permissions and owner of mail spool file are now checked and set for users.
- Fixed a problem with Zarafa Out of Office.


New in Version 13.2.10-pre20 [ Jan 21 2017]
============================================

* New Features and Improvements *
- Updated the "Powered Off" System Status monitor. All reboots are now recorded properly and available on the System Status and System Check-in Pages.
- Added an option to the IPSec connection screen to allow the definition of the Source WAN IP address.
- Updated the iSCSI SCST mods and progs to latest version to support kernel version 4.
- Updated the hardware sensors config files.
- All devices will update to the new Linux Kernel version on next reboot.
- Installed the latest CA SSL certificates.
- Added a menu option to create free SSL certificates from letsencrypt.org for the Igaware server. This will automatically create and install trusted SSL certificates for HTTP, IMAP/POP, SMTP STARTLS and Zarafa IMAP/POP. Menu option is at System => SSL Certificates. This is BETA.
- Added Explicit Congestion Notification (ECN) for TCP network connections when requested by incoming connections.
- Email Filtering - Blocked Wordpress email exploits.
- Installed the latest version of irqbalance. This distributes interrupt requests between processors.
- The "Scan LAN Network" device discovery feature has been completely re-written. Five different methods are now used to discover devices on the network. New options are provided to deal with network discoveries. Give it a whirl.
- The DHCP server now makes sure that static DHCP leases - those devices listed on the "LAN Devices" pageare not handed out to other devices. Previously, if a device did not respond to a PING echo request, then it's lease could be handed out to another device. This can not happen now. Also, if a device is deleted
from the "LAN Devices" page, the DHCP lease is removed from the lease file.

* Fixes *
- The ISCSI subsystem was not shuting down on reboot.
- IP alias now ignores the main WAN IP address and does not duplicate it.
- Fixed a problem with email routing based on sender address( smarttable)
- Fixed a problem with the Zarafa IMAP SSL certificates.
- Fixed some bugs with the new letsencrypt.org SSL certificate install.
- Fixed permission issues with SSL certificate install.
- Several USB disks were not detected properly with the new kernel running. Loaded the UAS ( USB Attached storage) kernel module.
- Installed a new Linux kernel version 4.4.36. This fixes a rare CPU lockup problem.
- Small bug fixes with letsencrypt SSL certificates for sendmail.
- Added fullchain SSL certificate to mail server.
- Various small bug fixes.

New in Version 13.2.9 [ Nov 16 2016]
=====================================

* New Features and Improvements *
- Added an option to change the destination port to 2525 for Email Recipient Address Verification. Microsoft Exchange > 2013 requires this. Please read the on-line help for this option to explain how to set up MS Exchange for this.
- Updated the libboost libraries to v1.49 for Zarafa.
- Loaded new CPU microcode for buggy Intel processors.
- Updated identiy files for PCI and USB devices.
- Installed a new version of cifs-utils. This allows mounting of remote Windows Shares. ( mount.cifs)

* Fixes *
- The Anti-Virus daemon is now not reloaded if there have been no changes to the AV signature datbase. This caused problems if the database reload took too long.
- Removed a race condition if the AV database was reloaded and the Mail Scanner detected that the AV server was not responding in time.
- Removed the Samba winbind seperator from smb.conf. Did not work - removing the definition does work and gives '\' as the seperator.
- Fixed the username authentication for the SSL VPN server. ( patch has been temporarily removed)
- Patched kernel to stop a spinlock problem. ( in af_unix.c)
- Fixed a problem with the DHCP server config file. Machine names with a : character would stop the DHCP server. (dhcpd.conf. Removed : & ) from machine names)

 

To learn more about the call us on 0191 280 4013.