cloud servers update 19-11-18 (US) and 20/11/18 (EU)

Release overview

Release Date: 19 November 2018 (US cloud) and 20 November (EU cloud)
Servers: atmail cloud US servers, atmail cloud EU servers
Release Versions: atmail suite - 8.4.1 / atmail dav server - 8.4.1 / atmail mail server - 8.4.1

Security Fixes

Special thanks to Asad Muhammad for identifying potential brute force attack vectors.

For our customers' protection, atmail doesn't disclose, discuss, or confirm security issues publically. This update to the atmail cloud servers includes a multitude of security fixes for both the atmail suite and atmail mail server. If you are a direct client of atmail and further information is required please feel free to contact us in regards to the matter. 

New Features

Product	Component	Title	Summary
atmail suite
atmail suite	File Storage	My Files	Introducing "My Files" - allowing a user to store documents within the web interface, attach to emails and save attachments from emails. Add/remove/rename/move/copy files inside the UI Attach from storage Save to storage Connect your desktop to your online storage via WebDAV Download collections as ZIP
atmail suite	Calendar	Mini-Cal	A new monthly mini-calendar view is introduced on the left-navigation pane Allows a quick view of upcoming events and easy selection of current day
atmail suite	3rd Party Email Client configuration	Auto-Configuration Tool	Supports the automatic configuration of many third party IMAP clients (such as Outlook and Thunderbird for desktop and mac mail for iOS) and support for RFC6186
atmail suite	Accounts	Support for new 3rd Party Accounts	3rd party account support:  Gmail Support for Outlook, Yahoo! and Generic IMAP coming soon
atmail suite	Passwords	Password Policies and Best Practice	atmail cloud will enforce new policies for email accounts atmail cloud supports one time passwords for email users Local part login support
atmail suite	Translation	New Translations	Simplified Chinese
atmail suite	Settings	Empty trash on logout	Add trash purge setting on logout
atmail suite	Calendar	Send Invite "Toggle"	Choose whether to send an invitation when creating or updating new events
atmail suite	Mail Filters	Advanced Sieve UI	Support for nested sieve rules, allowing the creation of advanced mail filter rules
atmail suite	Quota	Combined Quota Mode	Support for combined quota for webmail and file storage (IMAP & DAV)
atmail suite	Password Management	External Password Management	Introducing preliminary support for external password management
atmail suite	Webmail	Email Composer Enhancements	Native emoji support within the email composer 😍 Added print icon in the email view header Can now report spam/not spam using buttons and context menus Can send read receipt requests
atmail suite	JMAP Proxy	General	Improved performance and resource usage Improved error handling Authentication framework for using 3rd parties Provisioning API client S3 Shared Storage for multinode installations New file storage API Upload/Download virus scanning
atmail mail server
mail server	Level 1 Support Functions	Enhanced Level 1 Support functionality for help desks	Administration UI can now display the following details/logs: Mailbox status (Enable/Disable) in user summary panel User’s settings to administrator Vacation settings Auto-Delete Trash Setting Real Name Display both mailbox quota size and DAV storage quota if assigned Webmail access Email provisioning Anti virus Spam Email tracking Rejected email MX Mail server audit log
mail server	Password Management	New policies can be applied to administrator and email accounts	Password must not contain more than X identical characters in a row Special character support After X bad attempts, lock out the administrator user for X mins Create new role permission for account password reset
mail server	Password Management	Best practice enforcement	Password expiry after X days and enforcement for administrator accounts Forced password change once expired Configurable grace period for password expiry New password must be different from the last X passwords used
mail server	Password Management	One-time passwords	One time passwords for email users and administrator accounts Mail server API now support setting OTPs
mail server	API	New admin api user	Added new atmail mail server administration api user
mail server	Branding	Multiple improvements to white-labelling and branding	Parallel Permissions: Themes POP-UP window configuration / white labeling You can now white label from address for customised forgotten password emails
mail server	Logging	Enhanced logging capabilities	In addition to Level 1 Support Functionality, the following is available: Audit log dash panel Implement logstash filter to parse audit log come from api server syslog configuration to ship with apiserver to enable logging to central logstash Example configuration for elasticsearch over HTTPS
mail server	administration	General	Admin User Lockout - Disable Lockout Support Integration Added migrateStatus to track potential migration statuses for users

Product Improvements

Product	Component	Title	Summary
atmail suite	Internationalisation	Translation Improvements	All language translation files have been reviewed and refreshed Password policy errors are now translatable Printed emails are now localized and translated, with date converted to browser timezone Calendar gutter timestamps are now localised Time/Date pickers are now localised
atmail suite	Password Management	Forgot Password?	Forgot password functionality will now update service account passwords If using atmail mail server, password policy will be applied to password reset functionality for webmail users External password mode
atmail suite	In-app help	Updated help	In-app help updated to reflect new features
atmail suite	Virtual folders	Configuration	Virtual folder configuration improved
atmail suite	Calendars	Invitations	Multiple minor improvements to calendaring invitations and increased 3rd-party suppor
atmail suite	Webmail	Email threading	API improvements resulting in improved threading in webmail interface for end-users
atmail suite	Contacts	Group management	Groups refreshed on contact-card deletion
atmail suite	General	Performance Improvements	Reduce number of queries during login process General performance improvements Logging and architecture changes to support level 1 functions and auditing
atmail suite	Email Headers	Date Parsing	The parser for date headers within emails has been improved
atmail suite	Accounts	Only display relevant information	Available accounts and primary account settings are now hidden if only one account Improved account add/remove functions backend error handling
atmail suite	Webmail	Unread Count	Unread counts across the application now use email count rather then thread count, avoiding confusion
atmail suite	Webmail	Visual Indicators	Draft "saving" text replaced with a universally recognisable icon for saving
atmail suite	General		Clean up of console output Improved error handling
atmail suite	Branding	White Label	White-label improvements, reduction of atmail references in core-code
atmail suite	General	General	Refactored upload/download of attachments for increased performance Improved Drag'n'Drop and Right-Click support
atmail suite	Calendar	Accessibility	Visual Indicators for Calendar Acceptance
mail server	Branding		Clean up confusing brand settings Improved branding UX flow of webmail integration plugin for atmail mail server New theme settings for atmail suite integrations (edit form) RBAC improvement allowing administrators to access the themes created by sub-administrator roles
mail server	Administration	Auditing enhancements	Auditing for lock outs and administrator login/logout attempts
mail server	Account Management		Random password generator in atmail mail server account manager
mail server	Misc		Updated jQuery and jQuery-UI libraries Update in app help to reflect added features. Add new theme settings to atmail suite integration plugin theme edit form Create help section for branding Add top level administrator controls to atmail suite integration plugin setting pane Domain rewrite API function documentation All log timestamps are in UTC format
mail server	API	User Level Forwarding	Administration API supports User Level Forwarding functionality
mail server	Sieve	Whitelisting	Improved whitelisting functionality
mail server	anti-abuse	Scanning	Content-type and virus scanning improvements
mail server	Password policy	Policy Permissions	Split password policy permission into separate perms for account and user policies
DAV server	General	Multiple Improvements	Added S3 Shared Storage for multi-node installations DAV to have authentication mode to authorise with IMAP server Storage quota should display on mailserver admin account view page Improved file upload support for PHP 7.2 Improved file upload handling Added hardening document about suppressing service and version details

Bug Fixes

• atmail suite

  • Calendar VEVENTS that contain UTC timezone can now be processed
  • Error now displayed to user when a calendar invite fails to be processed
  • Fixed error where an invited event cannot be modified
  • When deleting from important list task stays in important list
  • Support for short TZID field in calendar invites
  • Correctly changes service account passwords with forgotten password, not just main user
  • Fixed various nil pointers and invalid memory address issues in calendar event processing
  • Accepting calendar invites sent from Apple products duplicates DTSTAMP
  • Fixed JavaScript error breaking calendar when using locale other then English
  • API proxy server side event not releasing connections correctly on disconnect.
  • Once local storage is cleared, authentication steps do not populate x-jmap-extension header with "com.atmail.accounts:1" causing failure for forgotten password path
  • API server APNS client new account polling time + general resource usage higher then it could be
  • Rename folder not sending folder ID in some cases which results in folder rename not working
  • Calendar event creation failed when no timezone is set
  • Can't change calendar after adding event
  • Calendar - To date cannot be changed.
  • Child folder becomes parent when email is moved to it
  • Renaming parent folder removes child folder until refresh
  • Load locale data returns null for some languages
  • Error after switching language if the thread list context menu has been used
  • Cannot delete mail from Trash using context menu
  • Duplicate key warning
  • Clear storage on fresh login
  • Moving an email to trash doesn't work when Redis is unavailable
  • Can set AccessTokenExpiry again
  • Duplicate key warnings
  • Duplicated event created when an event is accepted.
  • sideMenuItemActiveColor now correctly unset on blur
  • Active Folder Colour now correctly unset on blur
  • Folder counts missing
  • Deleting a folder would report "NaN" as email count
  • Fixed high-rate of draft saves
  • Now cannot select external account as primary and remove mail server backed account
  • CORS headers did not correctly parse host names with ports
  • Change password displays error but changes password
  • Forgotten password link works again
  • Google Account setup was incorrect for internal test system
  • Shared links expire is now optional and not limited
  • Attachments that are too large display a warning with no information of what's wrong
  • When clicking some items in menus, the mouse up event triggered then menu item click event
  • Hamburger menu icon not shown when sidebar hidden
  • Fixed various infinite routing bugs which resulted in stack overflow in browser
  • Can't change color of calendar
  • Upload multiple files will get some files failed randomly
  • Removed atmail branding in the in-app help documentation
  • Can now correctly sort messages by sender, subject, date and size.
  • Confusing behavior of selection of individual messages with the checkbox or "Shift + Click" to select multiple messages.
  • Multi-select of files selects random when holding shift
  • FILE_TOO_LARGE should display appropriate message instead of "Oops! An error occurred."
  • Console warnings in browser for react
  • Dates for autoreply (out of office) no longer showing
  • When creating a contact, photo name isn’t cleared on save
  • Successful saving of empty contact details, no warning message displayed
  • Unable to select/deselect calendars. Events disappears when clicked but appears again after few seconds
  • Event - Able to Save Earlier Start Date than End Date and/or Missing Title
  • Category dropdown still shows deleted categories
  • Unable to Cancel Adding a Category in Tasks
  • Renaming a folder presents user with error before changing folder name
  • Events created at a specific time and covering the whole day next day didn’t show correct highlight
  • Webmail quota display bar not updating
  • Unable to delete occurrence for repeated events
  • Calendars - Unable to save with selected date on reminders
  • Deleting a folder with emails in it doesn't count the emails
  • Settings - Mail - Rules with “IS” is not applied
  • Settings - Mail - Send an automated reply to incoming emails. Set rules with empty Subjects created an incorrect header on auto replies
  • Contacts - Able to Save Blank Phone/Emails when Updating Contacts
  • Tasks - Cancel/Save Button won’t disappear after successful update
  • Download attachment in IE and Edge opens blank tab and does nothin
  • Contacts - Saved Notes are not editable
  • Saving edited timezone on event doesn't save change
  • Tasks - Unable to delete single task only for recurring tasks. When deleted, all task created with it are also deleted
  • Webmail - Calendar Settings - Set the default reminder to Select Date but in Add Calendar event, default reminder is “At time of Event”
  • Webmail - Calendar Settings - No invitation Email sent when “Delete email events on responding” is enabled
  • Saving event with custom reminder date/time fails
  • Can't delete or move emails with gmail integration
  • Task created in different months for start and end dates shows only end date
  • In responsive mode title bar needs to be colored
  • Tasks - No error message when saving earlier deadline
  • Tasks - No error message when saving blank title
  • Icons in mail on hover don't show a tooltip
  • Composer isn't theme color settable (send button too)
  • Deleting draft doesn't send draft to trash
  • Event invitations aren't saved in sent folder
  • Contact us link needs to be added in in-app help
  • UI Dropdown list in Timezone Add Event is broken
  • Settings > Accounts > Edit > Click IMAP = Empty dropdown
  • Contact search through filters should search ONLY in current filter
  • Left pane scroll board isn't click draggable
  • Forward email with option to keep a copy
  • Can't delete from trash
  • Gmail integration sending message produces error even though message sends and composer doesn't close
  • Settings - Send an automated reply to incoming emails - No error when saving earlier date/blank subject /or body
  • Gmail integration doesn't have auto suggestion on TO field
  • Contacts - SSE Event Error when clicking the More Menu above the page
  • Add support for handling disabled sieve filters in UI
  • Calendar - No preview for repeated events
  • Downgrade sql scripts syntax error
  • Race condition with new http transport client
  • Calls to JMAP methods panic if ServiceAccount missing
  • Expires should be a timestamp in getFiles response
  • Duplicate migration files causing errors on update
  • File preview overwrites file with empty data
  • Add custom header addition support for security headers
  • Redis connection pool not freeing
  • Must set proper Content-Length when upload file to DAV
  • Gmail Integration Issues

• atmail mail server

  • Delete_account cron scripts work again
  • Sievec now doesn't fail on initial compile if already loaded and running
  • Password policy is sometimes not saved although success message is displayed
  • Deleting a brand, then domain is still assigned to it in the DB
  • Fixed issue with some database migration scripts
  • Fixed various areas in mail server that was missing internationalisation support
  • Forgotten password not functional - Added new configuration for an atmail mail server administration api user
  • Warnings thrown when kicked back to login screen on one-time-password (OTP)
  • Issues relating to duplicated theme names
  • Fixed error during update
  • Fixed grammar of error when creating webmail domain that already exists
  • Assigned user roles no longer become unavailable after creator is deleted
  • Check deletedAccounts table before adding a new user
  • Generate random password results in an infinite loop in some cases
  • Change password displays error but changes password
  • Database update process should be in a transaction
  • Screen Issue when Scrolling Down on atmail mail server
  • Filter does not apply in dashboard/admin logs of atmail mail server
  • Client IP, Browser and Platform Columns does not filter in Dashboard>Admin Log
  • Allow Google accounts needs to be changed to Third Party accounts
  • Password Policy - Minimum Numeric Character automatically turns '0' when disallow numeric character is ON
  • Password Policy - Only Enable Three-of-Char-Types checking but error message is different
  • Pressing "Delete Selected" with no selected aliases throws a javascript error presented in an alert("box").
  • One Time Password works only on newly created account - not in edit user account
  • Mailserver create/update account apis should be able to update account.userStatus
  • Running cron to delete users doesn't completely delete them can't recreate, thinks they still exist
  • MailServer - Count in LoginLog is different from Log detail Totals

• atmail DAV server

  • Fix initialise declaration in PropertyStorage
  • Calendar VEVENTS when snoozing in atmail suite should be reflected in Outlook for Mac
  • Accepting calendar invites sent from Apple products duplicates DTSTAMP
  • Rescheduled recurring Invitations using external clients iCal to Outlook
  • DAV php 7.2 webfiles throws error on upload
  • Upload_max_filesize in php ini has to be set for upload
  • DAV configuration duplicating IMAP details

Known Issues Resolved

• atmail suite

  • Some email headers report "invalid date"
  • Moving an email to trash doesn't work when Redis is unavailable
  • If email addressee is unknown Avatar component throws a warning
  • Invalid dates cause repeated calls to FormattedRelative component
  • Fixed broken change account type in Webmail > Settings > Accounts
  • Rescheduled Recurring Invitations iCal to Outlook
  • Improved socket count footprint for API server
  • SSE connection timeouts are large
  • Redis connections leak during some functions 

Known Issues Outstanding

• atmail suite

  • API call getContacts → blank {} properties is treated as NULL
  • atmail suite → When receiving a thread update, the avatar is not updated to latest replied user
  • Some mail is not reported due to virtual folder dovecot bug when using file based indexes (clear virtual indexes as a workaround)
  • RPM script doesn't output the right configure command as shown in help centre
  • Calendar entries that are not parsable by the dav server will not be displayed in the webmail UI
  • Transient password accounts will not work if the domain is switch back to normal logins and visa versa
  • Combined quota will only update on login if SSE is disabled or in error.
  • Mini calendar isn't formatted correctly for 12h time. AM and PM are placed on new lines and the text is too small.
  • Calendar entries that are not parsed correctly by the DAV server will not be displayed
  • SSE not idling on selected mailbox

• atmail mail server

  • On first installation, if a domain is created before services are published the domain will be unavailable to the API.

• atmail DAV server

  • Quota allocated for storage cannot be changed via UI, DB only.