Release candidate 2.5.0 available


A release candidate of the upcoming 2.5.0 release is available.
Currently only the installation packages (DEB, RPM, tar) are available.
The Virtual Appliances will follow later this week.

The packages and installation/upgrade guide can be downloaded from:

Release notes:

* a page has been added on which a MIME encoded email can be uploaded
   for text extraction. This allows the admin to see which text the DLP
   scanner uses for pattern matching.
* PDF option "Send CC to replier" added. If set, a CC of the PDF reply
   will be sent to the replying user.
* S/MIME option "Skip import of untrusted certificates" added. By
   default all certificates from a signed email will be imported even if
   untrusted. By enabling "Skip import of untrusted certificates", only
   trusted certificates are imported.
* "Signing subject trigger" option added. This can be used to force
   signing of email if the subject contains a user defined keyword
   (keyword can be removed if configured).
* Password strength check/estimate is added to the portal password
   selection/change pages. The minimum required password strength can be
   set by the administrator. By default you are not allowed to use your
   email address as your password or base your password on your username
   or use a qwerty sequence of more than 5 characters.
* System page added on which the server can be restarted/rebooted and
   Postfix stopped/started.
* Three custom properties and templates added. These properties and
   templates can be used if the mail flow (config.xml) is modified by
   the admin and the changes require some user configurable options.
* a page has been added with which an email can be sent. This is helpful
   for testing purposes.
* French language support added to portal
* WEB GUI is automatically logged off after 5 min. of inactivity.
* The HTML text extractor for the DLP scanner now by default skips HTML
   comments. This makes it less likely to have false positives for
   certain patterns (for example SSN pattern)
* The HTML text extractor for the DLP scanner now by default only scans
   the HTML body. This makes it less likely to have false positives for
   certain patterns (for example SSN pattern)
* The HTML text extractor now also scans application/xhtml+xml
* "Dynamic" memory allocation is now enabled by default. The DJIGZO
   back-end now by default uses a heap size of 0.6 * available memory.
* The back-end SMTP server no longer adds a received header. This makes
   it easier to remove internal IP addresses from the received headers
   using Postfix header checks.
* Backup's are now gzip'd.
* Changing the Web GUI IP filter no longer requires a restart of the web
   server. The IP filter settings are read from
* Max inline body of PDF is now by default 256K. If the text is larger
   that max, the text will be added as a text attachment.
* back-end logs now rotate at 10MB (was 5MB)
* The SMS option "Phone number allowed" is no longer enabled by default.
   Note: This is a non-backward compatible change since the default
   value changed. To revert back to the old behavior, enable the global
   "Phone number allowed" option.
* sudo usage has been simplified. Scripts will now be executed from
* Some jars updated to newer releases
* Support for right to left (RTL) text added to the PDF encryption
* Support for multiple SMS transports added.
* The DLP scanner now also extracts the meta content of MIME parts. This
   can for example be used to block or quarantine certain attachment
   types. The attachment type is detected from the content of the
   attachment and not from the filename.
* Comodo classes have been removed for now since the Comodo EPKI no
   longer allowed certificates to be automatically requested (the Comodo
   module will probably be added in later versions)
* Changing the automatic backup cron expression no longer requires a
   restart. The backup job will be rescheduled.
* The signature algorithm identifier of a signed email changed between
   RFC 3851 and RFC 5751. RFC 5751 uses for example sha-1 whereas RFC
   3851 uses sha1. The gateway by default follows RFC 5751. Some
   anti-spam gateways however cannot handle the new RFC 5751 syntax. The
   SMIMESign mailet can be configured to revert back to RFC 3851.
* URL detection for the PDF module has been improved.
* The reply link in the PDF is now a clickable image.
* OpenJDK 7 is now supported.
* WEB GUI look and feel updated. Moved some functionality to different
   pages (for example SMS queue is not part of the Queues page). Most
   menu items can be dynamically extended to support add-ins.
* JCE policy manager page removed since this is not longer required with
* Most pages now close after applying the settings instead of showing
   "settings applied".
* The WEB GUI now checks whether regular expressions are valid.

Bug fix

* The HTML text extractor for the DLP scanner sometimes removed white
   space characters which resulted in merged words.
* Some internal James log files were not correctly log rotated.
* On Chrome, if an attachment was removed from the PDF reply page, the
   frame was not resized.

Kind regards,

Martijn Brinkers


DJIGZO email encryption