Update Information

• Security: Serious security issue fixed, that could allow registered users to get to the accounts of other registered users
• Fixed: Many minor fixes and feature additions which have been primarily available through the surgemail webmail distributions. For a changes list see surgemail changes

3.1o
(Beta)

• Fixed: Fixed 'next/prev' for POP Folders when you move/delete an email.
• Fixed: session logout within panel failed to send the last message.
• Fixed: When using surgemail and quota on xfile reason it now reports failed cmds.
  (Sorry unable to store file 'user.dat'. Your have exceeded your quota limit)
  
  
• Updated: Importing Outlook address book with only firstname and email address.
• Updated: Web managers page now to give our more user information about tpl, color, language and browser users are using.
• Updated: Allowed 'FireFox v1.0.2:' for smooth to work.
  
  
• Added New CMD: cmd=do_rename_addr&old_abook_edit=oldname&abook_edit=newname
  This will rename the address book to the new name.
• Added INI setting: is_surgewall - When set to true it will remove the settings:
  use_surgemail_xfile
  and use_surgeplus_calendar
  as these do not work with SurgeMail in SurgeWall mode.
• Added INI setting: supported_languages Russian*,English these are the ONLY support languages that should be allowed to be selected.
• Added INI setting: max_email_send_size - Which is the max size in bytes emails are allowed to be send. The check is done one the TPL's and not within the CGI so it will not be perfect but should be aok for most cases.
  
  
• Added: User Address Books to be stored in an LDAP server for Smooth tpl set:
  Currently uses 2 extra Netwin Schemas:
  

  netwinaddress
  	Requires	name as string (100)
  	Allowed	notes as string
  netwinaddress_security
  	Allowed	user as string (100) domain_name as string (100) global as bool new_entry as bool (single) change_entry as bool (single) delete_entry as bool (single)

  SurgeLDAP v1.0o+ has these defined:

  Example WebMail ini settings to enable:
  

  ldap_server 127.0.0.1:389 ldap_base dc=netwin,dc=co,dc=nz ldap_global_base cn=Global,dc=netwin,dc=co,dc=nz ldap_layout cn=||cur_user||@||domain||,||ldap_base|| ldap_manager manager ldap_pass xpass ldap_create_user_dn true ldap_schema_address netwinaddress ldap_schema_security netwinaddress_security ldap_schema_entry mozillaAbPersonObsolete

3.1n
(Release)

• Added INI setting: bypass_v_header - When set to true will stop 'v_headers' from being sticky.
• Added INI setting: hide_stop_inline - When set to true , any stoped attachment the inline link will not appear.
• Added: Setup the CGI and templates to allow users to use teh timezone of the browser. setting: timezone browser
• Added: The ability for each user to upload each POP folder of their choice.
• Added INI setting: no_sent_attach - When set to true all email stored in 'sent' folder will NOT include the attachments
• Updated: Uploading large attachments reduce CPU usage.
• Fixed: Issue with HTML text with large lines losing spaces, surge tpl set only.
• Fixed: emails sent between midnight (12:00am) and 1 o'clock (1:00am) show up as 0:xx am not 12:xx am
• Fixed: Crash with incorrect user.dat setting: 'email_ips'

3.1m

• Fixed: Downloading attachments from an the email which starts off as multipart/rfc822
• Fixed: Emails which are missign entires in the index.dat file should new get updated.
• Added: Any emails which don't have a date field setup will default to the time it was downloaded.
• Fixed: Uploading draft files to NON-SurgeMail server can fail.
• Added CMD: cmd=no_surgemail&utoken=||utoken||
  This will display the no_surgemail.tpl file.
• Updated: Rebuilding of indexes for POP will keep the flags information.
• Fixed: Emails which have invalid RFC headers for each part.
  --MuLtIpArT_BoUnDaRy
  Content-Type: text/html;
  Content-Transfer-Encoding: quoted-printable
  X-MIME-Autoconverted: from 8bit to quoted-printable by smtp-out-2001.amazon.com id i9JDvw9S026188
• Added: '&confirm_from=user@domain' to 'cmd=send_confirm-xxx' will use this from address instead.

3.1l

• Fixed: The cgi was not existing cleaning if the data from the POP server incorrectly stopped unexpectly.
• Updated: XFLDDATA - To use utf7 encoding as well.
• Updated: POP side of webmail now checked for the response:
  -ERR [IN-USE] ....
  If it response back with this it will close the connection sleep for 1 second and try again. It will only attempt 3 time before giving up.
• Updated: Where the 'lang_cgi.dat' file is located. It's not expected to be in webmail's workarea.
• Added TPL cmds: ||strip_lang||x|| - removes all esc lang characters
  ||strip_lang_esc||x|| - remove only esc characters.
  ||java_lang||x|| - incodes using '!xx' encodeding.
  (&java_lang=true) required on some links to decode the above.
• Added INI setting: override_list_lang japanese
  Smooth tpl setting only.
• Fixed: Folder names that had '...&..-...' cause the CGI to have problems.
• Fixed: Email layout which had not place spaces after the header tags:
  ie. Content-Type:application/x-compressed-rtf
  Content-Transfer-Encoding:base64
  content-type:message/rfc822
  ..etc.
• Fixed: The cgi crashed with some address books, in some cases.
• Added: New 'memory.log' file in the workarea any cmd that crashes or requires 10+Meg memory will log 1 line in this file:
  log_memory false -- Disable log file
  #log_memory true -- log every cmd that uses 10Meg or more.
  log_memory true -- log every cmd

3.1k

• Fixed: new imap command 'XFLDDATA' was not using imap_prefix setting.
• Fixed: Quota percent when over quota can go negative.
• Added INI Settings: ignore_bad_rcpt - When set to true it will attempt to send to the working rcpt emails anyway.
• Added CMD: cmd=redirect&to=user@domain.com&fwd_list=list&....
  Do to a correct redirect
• Added CMD: cmd=pgp_pub_verify - This will verify the Public PGP key which is attached against the one on the users public key ring.
• Added CMD: cmd=not_spam and cmd=not_spamsel - This will allow users to submit real emails to your spam untils. uses ini setting:
  not_spam_email_address notspam@1.2.3.4
  for were to send it.
• Added user.dat Setting: _one_digest - When set to true this will when forwarding emails, send as 1 digest email message, instead of many emails.
• Added INI setting: cookie_domain_name - When set to true the name of the cookie will include the domain as well.
• Added INI setting: dsn_confirm - When set to true and the SMTP supports:
  DSN - Delivery Status Notifications
  http://www.ietf.org/rfc/rfc1891.txt
  It will request a DNS

3.1i

• Fixed: In somecases address book can cause the CGI to crash when sorting it.
• Added: href links now have only 80 characters display with '...' on the end.
  This was added to stop large URL's stuffing up the display of the email.
• Updated: cmd=url - requiring 'xdata=user@domain' as well.
• Updated: '<?' sequence was getting encode if inside japanese character,
  when it should not have been encoded.
• Updated: Emails which wraped japanese characters Were stuffing up decoding.
• Updated to remove the line breaks.
• Added New TPL variable: surgemail_disallow - This display the list of disabled SurgeMail features. ie, SMS

• Fixed: xfile - downloading aliases files cause CGI stall.
• Fixed: When viewing an email and click on the 'from' addres causes an error.
• Fixed: URL's in emails were being choped to about 200 bytes.
• Updated: Fixed some email layout issues with some HTML emails.
• Updated: British Daylight goes to GMT and back again.
• Added: WebMail Update Feature
• Added TPL Cmd: ||percent||var1||var2|| - returns 0-100.
• Added INI Settings:
  ip_restrict true
  ip_failed_count 20
  ip_timeout 600
  # ip_bypass 1.2.3.4
  
• Added TPL setting: ||file_ksize|| - for filestore files.
• Added INI Setting: only_fld_surgemail - When set to true bypass webmail's cache and use surgemail information only

• Update: 'email.htm' to now say: 'To_view_full_html_email_click_here'
• Fixed: trusted_sites issue.

• Fixed: If an error occurs with the SMTP it will now display the error to the user.
• Fixed: If a backup has been setup it will use this is the response from the IMAP/POP/SMTP/POPPASSD is not a successfull response.
• Fixed: Command managers updating user.dat settings has been fixed.
• Fixed: Updating a miss-spelt words would cause long lines to be choped to 512 characters.
• Fixed: Checkmail and page 1 not matching - Caused by index.dat lines being to large for emails which had heaps of to entries. Now limited to only 1k
• Fixed: Unable to create a folder that doesn't exists if folder was deleted with 3rd party mail clients and has been cached in webmail.
• Fixed: Languages Support issues with Japanese characters
• Fixed: WebMail crash on replying to emails which are just HTML emails.
• Updated: HTML emails that are display their 'src' if referencing an offsite image
  are replaced with a local setting.
  ie. blank_image /nwimg/imap/offsite.gif
  If no blank_image has been setup then no image is displayed.
• Update: update interface to surgemail filestore system to reduce load.
• Added TPL Fields: Now have the following available:
  is_mac
  opera_version, ie_version,
  safari_version, netscape_version,
  browser_info
• Added INI setting: remove_user_char - The character setup the username will be snipped on this when generating a default reply address.
  ie. remove_user_char %
  user%netwin.co.nz
  becomes: user
• Added INI setting: max_html_line - When webmail converts an HTML email to Plain text this setting is the number of sequence blank lines allowed.
  (for reply/forward only)
• Added INI Setting: trusted_sites - This are global trusted sites.
• Added New Feature: Trusted Sites - Emails which display images from site that are trusted are displayed. Otherwise they are removed.
  New CMD: cmd=add_trust&trust=domain.name
  New TPL: ||begin_trust|| ||trust|| ||trust_count|| ||end_trust|

• Fixed: with the ini setting 'use_x_uidl true' enable and filter rules setup which
  remove emails from the inbox did cause the wrong email to be displayed.
• Fixed: 'Mailman' long Filename over mutiple lines issue.
• Updated: IE does not correctly support ' character in filenames.
• Added: Sort Subject on Thread: sort_on=subject&sort_method=thread
• Added: user.dat settings:
  '_use_sms_sig'
  and '_sms_profile'
  This overrides: '_default_profile'
• Added INI Setting: cwmail_no_dist_list - Used only when converting cwmail users when true this will place all dist list in the address book instead.
• Fixed: Bug with smtp connection being dropped by the SMTP server.
• Added INI Setting: ignore_surghost_ini - when set to true it will ignore the surgehost.ini file.
• Added INI Setting: keep_attach_remote - when set to true and xfile is being used then it will not store the xfile locally.
• Added TPL CMD: cmd=save_status&status=....&utoken=||utoken|||
  Only valid bulliten users are allowed.
  on any tpl you can have: ||status_file||

• Added INI setting: domain_select - When setup this will display a pulldown list on
  the login page of all the domains setup by surgemail. Allowing the user to select the domains to use.
• New TPL Variables: is_mac - set to true if the user is on a mac. safari_version - if the users are using safari which is the mac this will have the version number
• New INI settings:
  create_sub_folders /
  delete_sub_folders /
  This will create and pre folders needed and the delete will remove any sub folders.
• Fixed: An issue with POP servers which use '!' character as part of the UIDL.
  (ie QPopper)
• New INI setting: override_prefix - This will override the imap prefix setting within the user.dat file.
• Templates: Fixed issue with manual fetch check when preview on and no messages in inbox

• Added INI Setting: spam_email_address - This is the email address that any spam is sent. The new command 'cmd=spam_remove-||uidl||' Is used on the item.tpl to allow users to send the email to the spam address.
• Added TPL Command:
  ||begin_alias||
  ||num|| - 1,2,3,4,...
  ||alias|| - Full alias address
  ||alias_email|| - (email address only)
  ||alias_personal|| - (personal name only)
  ||end_alias||
  This is generated from the file called: 'aliases.txt' in the users directroy. Which is retreived from SurgeMail.
• Update: The user Filters page has been completely redone.
• Update: skip any trailing fullstops on an email address in the body of a message.
• Added: New Import address book format: LDIF
• Added INI setting: enable_cmd_log - When set to true this will allow this to work:
  ./webmail.cgi -enable_cmdlog c:\webimap\hawk.log
  ./webmail.cgi -disable_cmdlog c:\webimap\hawk.log
  Allowing you to start the 'cmd_log' file to be turned on and off as needed

• Added INI setting: stop_attach_download - This setting will stop wild card files from being downloaded.
• Added INI setting: hide_stop_attach - This will not display the link to the user of any attachment that has been stoped.
• Fixed: Some EMails which are display in BIG5 can have large lines. They are not chopped which caused characters to be invalid.
• Fixed: Possible crash on Filtering.
• Fixed: Any time WebMail is going to output <scripts> unencoded it will replace with:
  [scripts]
  It will also be logged in the webmail.log file.
• Fixed: Bulletin Directory is now created if setup.
• Fixed: Some attachments are getting lost on a forward command.
• Fixed: Memory allocation fails on LARGE pop accounts when display all the folders.
• Added INI Setting: use_imap_local_search - When set to true teh IMAP searches will be done locally just like the POP account.
• Added CMD: do_create_addr - This will create an empty address book
• Added INI Settings: cwmail_allow_dash, cwmail_allow_dot, cwmail_allow_slash used only when converting CWMail users.
• Added CMD: ./webmail.cgi -password xpass This override the managers password in the ini file.
• Added: '&save_file=true' when added to the link to download a file it will always prompt the user for a location to save the file.
• Fixed: A UID issue on some POP server, some commands were incorrectly lowercasing it.

• Security Updates
• Updated: Temp files are place in a seperate folder called '../webmail/tmp/'
• Added: accept list to Webmail:
  New TPL vars: ||accept_no_filter|| ||accept||
  New TPL CMD: ||begin_acceptlist||..||end_acceptlist||
• Added: Attachment sizes to be displayed when using ||begin_attachments||..||end_attachments||
• Added: Searching on stated charset

• Updtaed: error.tpl - was one situation where a link to the login page was not supplied.