Latest Updates

Igaware software automatically updates. Below is the change log for the last 12 months.

New in Version 13.2.11-1 [ Mar 31 2017]
=======================================

* New Features and Improvements *
- Updated the cryptography libraries ( openssl) to the lastest version for security reasons.
- Updated the Zarafa supporting libraries. This provides speed improvements.
- Added HTTP v2 support to the Apache web server. This provides bandwidth reduction and speed improvements.
- Improved the speed of the Apache web server. Moved the scoreboard file to shared memory.
- Added HTTP v2 support to the Apache web server.
- Updated Nmap to version 7.40. Nmap is a utility for network exploration and security auditing.
- The FTP server now has a built-in ls command. This allows directory listings for Shares.
- Updated the XML library (libxml2) to version 2.9.
- Updated NTFS related programs to the latest version. Mainly used for NTFS filesystem backups.
- Added the option - "Force use of high security SSL ciphers" - for the Zarafa (POP/ IMAP) gateway.
- Disabled the "ADS Realm" field if the Igaware server is already provisioned as an Active Directory server.

* Fixes *
- Squashed a bug with the new version of Zarafa. When sending to a mal-formed email address the bounce message would
contain foreign characters for the failed recipient.
- SSL VPN. Fixed a typo in the config file.
- Added a one-off call to z-push-admin -a fixstate. This is to fix and/or upgrade the z-push ( active-sync) profiles.
- Allow selected boxes to use an older version of PHP. This is until Horde is upgraded.
- Failed local email delivery will now be queued instead of being delivered to the users default mail folder.
- Set backend for z-push to BackendZarafa if Kopano is not being used.
- Fixed the firewall init' script for the fail2ban server.
- Fixed a bug with the Health status for the PPPOE network watchdog.
- Squashed a bug with the Letsencryt.org certificate renewal.

New in Version 13.2.10-3 [ Mar 22 2017]
========================================

* New Features and Improvements *

- Fixed z-push ( active-sync) state data for 13.2.10-3
- Several features and fixes addedd for 13.2.10-2
- Updated the Linux kernel to version 4.4.36-64.
- Installed fail2ban to block remote access from persistent "script kiddies".
- Updated the Zarafa system to the latest version of 7.2.5. This fixes a memory leak that slowed the server down over
several weeks.
- Re-compiled Zarafa 7.2 with new Gsoap, tcmalloc and vmime libraries. This removes a memory leak.
- Major update for PHP software to v5.5 from v5.3
- Added "Don't allow insecure plain-text login for POP or IMAP" option for Zarafa IMAP/ POP.
- Added a "RELAY:" option to the "SMTP Relay" page for the user entered domain list. The "Relay" host will be able to
relay through the mail server. This will never normally be required.
- Updated the tcpdump program ( network packet tracing) to the latest version.
- Updated the libpcap network libraries.
- Added a charset alias for glibc iconv. /usr/lib/gconv/gconv-modules - added "alias KS_C_5601-1987//
EUC-KR//". This is to handle Korean character sets in MIME Email.
- Removed the libiconv libraries. Was causing confusion and is not required - support is in glibc.
- Recompiled all binaries relying on the old libiconv libraries - rsync, clamav, lm_sensors, Zarafa.
- Updated the hard disk untility program - hdparm - to the latest version.
- Re-compiled gperf-tools ( tcmalloc) to create new .la ( libtool linker) files. To reference new compiler libstd++
file location
- Added a "within subnet" sanity check to the WAN gateway address.
- Updated the "checkin" web page with the real hardware product data, up-time and RAM information.
- Updated the hardware sensors ( for temperature and fan speed). Installed IPMITOOLS for sensors.
- Updated Zarafa Search with a new configuration file.
- Modified "default email domain" in Email=> General to include forwarded domains.
- Installed new self-signed SSL certificates for sendmail . You should use the letsencrypt certificates, if possible.
- Updated the FTP server software.
- Updated the IMAP/POP email server software.
- Updated the Fing network scanning software to v3.0
- Update the Z-Push active-sync software to v2.3
- Updated the cifs-utils software used to mount remote SMB shares for backup.( mount.cifs)
- The incoming SMTP mail server now also listens on port 587.
- Updated the Nmap network scaning software to v7.
- Updated System_Daemon php scripts
- Changed default dhcp lease time to 3 days from 1 month
- Updated the DHCP server software to the latest version.
- Removed root user access for FTP server.

* Fixes *
- Fixed ifup-aliases. Now ignores the main WAN ip and does not duplicate it.
- Fixed Zarafa for Korean charset display problem.
- Patched the GSOAP libraries with Zarafa patches ( memory leak) . Compiled as shared libraries. Looks like previously
it was static.
- Fixed some console system status health scripts. Now stores time of last fail. Reboot status now shows all reboots in history.
- Brain-dead Zarafa servers issue a kill(0,) which sends a kill to all process group members. Kills init.d script and affects console_health. Added trap '' SIGTERM to init.d script for Zarafa.
- Removed the loading of SIP VOIP helper modules on all machines. (rmmod sip helper modules in rsyncittemp)
- Fixed the email alias user list for file share access. For ADS users use the sAMAccountName as the key for write-read
access list.
- Changed the sendmail MTA CA certificate bundle to ca-bundle ( STARTLS can now verify incoming SSL connections)
- NOTE: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge causes lost interrupt and poll mode for bad
performance !!!
- Make sure that the Realtek r8168 driver is installed if the card is a 8168 chipset. The Linux default r8169 will not work at gigabit speeds !!
- DHCP server config - don't allow "/" in machine names.
- Fixed display issues with "Lan Devices" pages. Did not remember interfaces option and defaulted back to LAN if LAN2 was selected.
- Enabled LOOSE_PROVISIONING for Z-push ( active-sync). Android update requires it.
- Permissions and owner of mail spool file are now checked and set for users.
- Fixed a problem with Zarafa Out of Office.


New in Version 13.2.10-pre20 [ Jan 21 2017]
============================================

* New Features and Improvements *
- Updated the "Powered Off" System Status monitor. All reboots are now recorded properly and available on the System Status and System Check-in Pages.
- Added an option to the IPSec connection screen to allow the definition of the Source WAN IP address.
- Updated the iSCSI SCST mods and progs to latest version to support kernel version 4.
- Updated the hardware sensors config files.
- All devices will update to the new Linux Kernel version on next reboot.
- Installed the latest CA SSL certificates.
- Added a menu option to create free SSL certificates from letsencrypt.org for the Igaware server. This will automatically create and install trusted SSL certificates for HTTP, IMAP/POP, SMTP STARTLS and Zarafa IMAP/POP. Menu option is at System => SSL Certificates. This is BETA.
- Added Explicit Congestion Notification (ECN) for TCP network connections when requested by incoming connections.
- Email Filtering - Blocked Wordpress email exploits.
- Installed the latest version of irqbalance. This distributes interrupt requests between processors.
- The "Scan LAN Network" device discovery feature has been completely re-written. Five different methods are now used to discover devices on the network. New options are provided to deal with network discoveries. Give it a whirl.
- The DHCP server now makes sure that static DHCP leases - those devices listed on the "LAN Devices" pageare not handed out to other devices. Previously, if a device did not respond to a PING echo request, then it's lease could be handed out to another device. This can not happen now. Also, if a device is deleted
from the "LAN Devices" page, the DHCP lease is removed from the lease file.

* Fixes *
- The ISCSI subsystem was not shuting down on reboot.
- IP alias now ignores the main WAN IP address and does not duplicate it.
- Fixed a problem with email routing based on sender address( smarttable)
- Fixed a problem with the Zarafa IMAP SSL certificates.
- Fixed some bugs with the new letsencrypt.org SSL certificate install.
- Fixed permission issues with SSL certificate install.
- Several USB disks were not detected properly with the new kernel running. Loaded the UAS ( USB Attached storage) kernel module.
- Installed a new Linux kernel version 4.4.36. This fixes a rare CPU lockup problem.
- Small bug fixes with letsencrypt SSL certificates for sendmail.
- Added fullchain SSL certificate to mail server.
- Various small bug fixes.


New in Version 13.2.9 [ Nov 16 2016]
=====================================

* New Features and Improvements *
- Added an option to change the destination port to 2525 for Email Recipient Address Verification. Microsoft Exchange > 2013 requires this. Please read the on-line help for this option to explain how to set up MS Exchange for this.
- Updated the libboost libraries to v1.49 for Zarafa.
- Loaded new CPU microcode for buggy Intel processors.
- Updated identiy files for PCI and USB devices.
- Installed a new version of cifs-utils. This allows mounting of remote Windows Shares. ( mount.cifs)

* Fixes *
- The Anti-Virus daemon is now not reloaded if there have been no changes to the AV signature datbase. This caused problems if the database reload took too long.
- Removed a race condition if the AV database was reloaded and the Mail Scanner detected that the AV server was not responding in time.
- Removed the Samba winbind seperator from smb.conf. Did not work - removing the definition does work and gives '\' as the seperator.
- Fixed the username authentication for the SSL VPN server. ( patch has been temporarily removed)
- Patched kernel to stop a spinlock problem. ( in af_unix.c)
- Fixed a problem with the DHCP server config file. Machine names with a : character would stop the DHCP server. (dhcpd.conf. Removed : & ) from machine names)


New in Version 13.2.8 [ Oct 13 2016]
=====================================

* New Features and Improvements *
- Added several new Anti-Spam rules to filter out the new Porn related Spam.
- The Desktop vacation shortcut now authenticates with AD users.
- Fileserver shares can now easily be moved to a different RAID disk pair. Previously, this was difficult to implement.
- Installed the latest RAID disk untility - mdadm v3.4
- The Zarafa Server memory cache is now perioicaly cleared down to improve performance.

* Fixes *
- New Zarafa libraries caused the web server to stop responding.
- Fixed location of netlogon and sysvol shares for the AD Server.
- Squashed bugs in the Email "vacation" desktop shortcut.
- Fixed the email vacation "reply to" address when the recipient user is an AD user.
- Fixed the backup catalog listing. The /home/zarafa/ directory was being traversed for no reason.


New in Version 13.2.6 [ Sep 28 2016]
=====================================

* New Features and Improvements *
- Added MAX protocol option to NT4 PDC config. This allows Windows 10 machines to connect properly to the NT4 PDC.
- Added JAR file name to "block by filename" email filtering.
- Improved Email Spam detection score.
- Enabled the ZEN Spamhaus DNSBL list.
- Added an option to the Advanced Anti-Spam page to enable the blocking of spoofed local domains. With this option enabled, incoming Internet Email is blocked if the sender address is spoofed to be from a local domain. This option is on by default. This should further reduce Spam levels.
- SMB Leases are now enabled by default on new fileserver shares. It's a good idea to enable this on existing shares as it greatly reduces network latency.
- Upgrade to Zarafa 7.2 is now complete.
- Installed the latest version of the Samba server. This is a major upgrade from v 4.1 to v 4.4. It improves support for Windows 10 clients both with RSAT config and file sharing.
- Updated the Anti-Virus scanner to the latest version.

* Fixes *
- Fixed a problem if the email delivery failed to the old MBX mailbox format. The error would be silently ignored.
- Zarafa version 7.2 startup. Under some circumstances the server would not start properly. Modified startup scripts.
- Reduced memory usage of the Email Scanner on low memory systems.
- Fixed the Samba file sharing "Badlock" Vulnerability.
- Fixed Zarafa CalDav support for Zarafa version 7.2
- Changes in Windows Services settings could interfere with the operation of the Active Directory Server.
- Many other small fixes.

New in Version 13.1.0 [ Aug 14 2016]
=====================================

* New Features and Improvements *
- Installed Zarafa major version 7.2. This provides many improvements, such as the new Zarafa search indexing service.
- Installed Zarafa Web Services ( Zarafa WS). This allows connection via Exchange Web Services for the Mac Mail client amongst others.
- Re-compiled Python with 32 bit Unicode support. Required for the new Zarafa search indexing server.
- Re-compiled SAMBA with the new python 32 bit Unicode.
- Updated Z-push ( Active-Sync) to the latest version. Provides Outlook Active Sync support.
- Changed MailScanner.conf to add headers to the top - for DKIM
- The Web Cache/ proxy now uses shm shared memory. This improves performance.
- Updated Zarafa to v 7.2.4.28. mem leaks
- Zarafa-Python fully implemented now.
- Upgraded Python to version 2.7.11
- Renewed the SSL certificates for the Zarafa Server and Gateway.
- Upgraded Swig to the newest version.
- The ADS user "description" field is now shown in the old "comment" user field.

* Fixes *
- ADS provsioning now copies all user values, such as Vacation message, email forwarding, etc.
- Fixed bugs on UPS status page.
- Fixed the Ipsec connection monitor. The ipsec up call now works. Squashed bug that stopped it working.
- Fixed the Zarafa gateway startup when secure pop/imap ports are used by xinet.
- High system load experienced with Fileserver Shadow Copy feature.
- Fixed the Internet Speed Test for the new Python version.
- Internet Speed Test now shows WAN PPP interfaces.
- Fixed the Active SSL VPN display in Network Connections.

New in Version 13.0.6-btrfs [ Jun 07 2016]
==========================================

* New Features and Improvements *
- [ for 13.0.6 ] Don't check mail from flybe.com and booking.com mail servers for HTML SCRIPT tags.
- [ for 13.0.6 ] Modified the Email forwarding code to use a more efficient method.
- Included Sophos Anti-Virus as an option for email.
- Updated the ClamAV Anti-Virus engine to the latest software version.
- Updated Email Active-Sync (Zarafa Z-Push) to the latest version 2.2.10.
- Updated the CRON scheduling program with a new version of cronie.
- Added the CRON scheduling program to the System Status health scripts.
- Added a file server audit facility. This logs all file access for the File Server.
- Added a file server audit log viewer to the System=> Tools=> Log Viewer.
- Installed SAVI-Perl Perl module for the Email Sophos Antii-virus (
sophossavi).
- By default, email attachments with Windows OLE Macros are blocked.
- Changed the Rsync incremental backup to append the source box serial number to the backup folder.
- Changed the backup to use the Perconda for Zarafa backup for all backups not just USB disk.
- Installed the PERL fixlatin encoding module.
- Added an IP Address search option to the checkin search page.
- Added options for the delivery of virus-stripped and/or attachment stripped emails.
- Added an Email option - "Send to Recipients seperately" - to force delivery to recipients one recipient per message.
- Added DOS protextion to the Web Server. Timeout added to limit "hanging" connection that would exhaust connection limits.
- Security - Updated the BASH command interpreter to the newest version.
- Updated the kernel to support the new btrfs filesystem.
- Installed the btrfs filesystem supporting programs.
- Modified service switch to allow delivery of email to Active Directory users.

* Fixes *
- [ for 13.0.6 ] Web site filter - The Company defined list doesn't like subdomains - www.gov.uk, gov.uk, for example. Remove superfluous domains ( e.g www.gov.uk in above)
- [ for 13.0.6 ] Web Cache

- The Don't Authenticate list doesn't like subdomains - www.gov.uk, .gov.uk ( note: dot ) , for example.
- [ for 13.0.6 ] Fixed a problem with the Fileserver AV options page.
- Fixed the "logrotate" scripts. Some had the wrong owner and were ignored - syslog, squid, etc
- Fixed ADS provision on older machines.
- Fixed a DOS on the IMAP and POP Email servers.
- Squashed a bug on the Backup LAN machine source page.
- Fixed the Web activity report - for custom time frame the dates weren't propagated to the report.
- Fixed a problem with sub-domains in the Web cache/proxy authentication whitelist.
- Disabled spam checks from the SSL VPN subnet.
- Allowed email relaying from the SSL VPN subnet
- Fixed a problem whith setting the hardware clock - hwclock.
- Fixed a rare problem with Zarafa not starting properly after a configuration change.
- Fixed a problem with backups so that they will run even if DNS lookups are blocking.
- PPTP VPN firewall rules fixed for a rare problem.


*Fixes*

- user groups forgotten when ticking onchange boxes in usersForm
- Fixed a problem with User Groups. They would be forgotten in rare cases.
- Added new firmware for bnx2 network cards. This prevented Dell hardware from initialising some network cards.

New in Version 13.0.4-btrfs [ Apr 13 2016]
==========================================

* New Features and Improvements *
- Added a Time Zone feature. The system Time Zone can now be set to reflect the customer's geographical location.
- Updated the Linux Kernel to support the new BTRFS filesystem.
- Installed supporting software for the BTRFS filesystem.
- Installed a new LZO compression library, for new filesystem compressing operations.
- Updated several Linux utility programs.
- Removed the MultiViews option from the Web Server configuration. This speeds up web server requests.

* Fixes *
- Network aliases script fixed for use with new glibc libraries.
- ifup-aliases script fixed for new glibc libraries.
- Fixed a bug in the network down script for PPP connections with IPSec VPN. The PPP connection didn't always come back up.
- Fixed a bug with SSL VPN and multiple LAN networks. The network routes were not pushed to the client device.

New in Version 13.0.3-glibc [ Mar 21 2016]
==========================================

* New Features and Improvements *

* Fixes *
- After the recent security updates, Outlook users would sometimes be refused connection to the Zarafa server. This has been fixed.
- PPTP VPN. A bug with a recent BASH update prevented some users from accessing devices on the server's LAN.
- Security. Updated the Anti-Virus engine to catch zero hour viruses.
- Security. A major update of the GLIBC libraries has been released to fix several security vulnerabilities that have been identified, namely; CVE 2015-7547 ( Buffer overflow) and CVE-2015-0235 ( GHOST vulnerability)