MailMarshal SMTP

Version: 6.8, Last Revision: May 28, 2010

These notes are additional to the MailMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q12956.

Table of Contents

What's New
Upgrading MailMarshal

Hardware and Software Requirements

Change History


What's New

For more information about additional minor features and bug fixes, see the change history.

Features New in 6.8

Features New in 6.7

Features New in 6.5

Features New in 6.4.5

Features New in 6.4

Features New in 6.3

Note: Version 6.3 cannot be installed with software email processing servers.

Features New in 6.2

Upgrading MailMarshal

MailMarshal SMTP version 6.8 supports a direct upgrade from MailMarshal SMTP 6.4.5 and later versions.  This is a change from earlier versions. To upgrade from a version prior to 6.4.5, first upgrade to version 6.7.

Note: This release of MailMarshal 6.8 cannot be used to upgrade a MailMarshal 6.3 Appliance installation.

Please review the MailMarshal User Guide before upgrading.

For general information about upgrading issues see the remainder of this section.

Full details about upgrading from specific versions can be found in the following M86 Security Knowledge Base articles:

To upgrade from a version prior to 5.5, first upgrade to version 5.5, then to 6.4.5, and then to 6.8

Changes in Database Structure and Prerequisites

MailMarshal 6.8 no longer supports SQL 2000 or MSDE 2000.

MailMarshal can use:

You can access SQL 2008 Express SP1 from the Prerequisites tab of the MailMarshal installation package. The "With SQL Express" version of the package also allows you to install SQL Express during the main MailMarshal installation. Note: To install SQL 2008 Express on a server, you must first install .NET 3.5 SP1.

Upgrading a Single Server

To upgrade a single MailMarshal SMTP server from version 6.4.5 or above, install the new version over your existing version. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.

Upgrading an Array of Servers

After upgrading the Array Manager you can upgrade the processing servers through the Configurator, with no need to log on to the processing servers. For more information, see the Upgrading section in the User Guide.

Notes on Upgrading

Note: The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q12776.


MailMarshal can be installed in a variety of scenarios. For full information on uninstalling MailMarshal from a production environment, see the MailMarshal SMTP User Guide.

To uninstall a trial installation on a single computer:

  1. Close all instances of the MailMarshal Configurator, MailMarshal Console, and MailMarshal Reports.
  2. Use Add/Remove Programs from the Windows Control Panel to remove MailMarshal SMTP.
  3. Use Add/Remove Programs from the Windows Control Panel to remove additional components you may have installed, such as Web components or Reports.
  4. If you have installed any components (such as the Configurator, Console, Web components, or Reports) on other computers, uninstall them.
  5. If you have installed SQL Express specifically to support MailMarshal and no other applications are using it, uninstall SQL Express.

Hardware and Software Requirements

The following system requirements are the minimum levels required for a typical installation of the MailMarshal SMTP Array Manager and selected database.

Pentium 4
Disk Space
10GB (NTFS), and additional space to support email archiving
1GB (plus an additional 1GB if SQL Express is installed locally)
Supported Operating System
  • Windows 7
  • Windows Vista with Service Pack 1 or above
  • Windows Server 2008 including Server 2008 R2
  • Windows Server Standard or Enterprise 2003 with Service Pack 2 or above
  • Windows XP Professional with Service Pack 3 or above
  • Microsoft Small Business Server (SBS) 2003 or 2008
  • MailMarshal SMTP Server does not run on Windows XP Professional if the computer is not a domain member. Be aware of this restriction if you need to install a MailMarshal SMTP Server in a DMZ and it will not be a domain member.
  • To install Web Components on SBS 2008, you must complete additional configuration steps. See M86 Security Knowledge Base article Q12671.
Network Access
  • TCP/IP protocol
  • Domain structure
  • External DNS name resolution - DNS MX record to allow MailMarshal SMTP Server to receive inbound email
  • Database server: SQL Server 2008 (SP1), SQL Server 2005 (SP2)
  • Database server (free versions): SQL 2008 Express (SP1), SQL 2005 Express (SP2)

    (Service packs listed are the minimum required for compatibility with all supported operating systems)

Port Access
  • Port 53 - for DNS external email server name resolution
  • Port 80 (HTTP) and Port 443 (HTTPS) - for SpamCensor updates
  • Port 1433 - for connection to SQL Server database and Reports console computers
  • Port 19001 - between Array Manager and Appliances

Note: Additional ports are required by the Appliances for email and updates.


Change History       

The following additional items have been changed or updated in the specific build versions of MailMarshal SMTP listed.

Note: The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q12956.

6.8.3 (May 28, 2010)

MM-3363 The Array Manager did not correctly use the Windows authentication credential entered in Server Tool. Fixed.
MM-3365 In version 6.8, when a message was split for sending due to a large number of recipients, sending for additional groups of recipients was delayed. Fixed.
MM-3368 The default rule "Attachment Management (Outbound): Park Large Files for Later Delivery" was not updated with the new release action parameter in version 6.7. This could cause the engine to stop. Fixed.
MM-3369 Database names were not correctly escaped in all cases. This problem could result in inability to connect to a database with a name containing characters other than a-z and 0-9. Fixed.
MM-3377 The Array Manager did not correctly return the date of a message when queried by MailMarshal SPE. Fixed.
MM-3379 Database upgrade from version 6.4 to 6.8 could time out. Fixed. The problem could also be worked around by upgrading to version 6.7 and then to 6.8.
MM-3380 Upgrade did not correctly use port numbers in the connection string when connecting to SQL. Fixed.
MM-3385 In MailMarshal 6.8.2, SpamCensor processed message components in an incorrect order, and results could differ from other versions. Fixed. (April 27, 2010)

MM-333 Console day folder display and digest generation were affected by Daylight Saving changes in a few cases. Fixed.
MM-558 Users can add email addresses to the Safe Senders list when releasing a message from a digest. The administrator can enable or disable this feature.
MM-601 The registry location for MailMarshal is now HKEY_LOCAL_MACHINE\SOFTWARE\Marshal. Upgrading moves the registry hive.
MM-809 The GetVersion stored procedure now has public execute rights to allow non-administrators to connect from the reporting console.
MM-1327 End-user whitelists and blacklists were not correctly updated if system times differed between the Array Manager and nodes. Fixed.
MM-1790 Many issues with updates through proxy have been resolved. See MM-2273. Updates affected include SpamCensor, BTM, and RSS feeds.
MM-1839 The Array Manager could stop if the SQL Server was slow to start during system startup. Fixed.
MM-2273 Web updates now use libcurl (instead of the deprecated Microsoft component WinInet).
MM-2450 End user whitelist and blacklist information was updated inefficiently, which could affect performance with large sets. Fixed.
MM-2501 The Receiver service could fail during shutdown in some cases. Fixed.
MM-2575 In some earlier versions, using a database with case-sensitive settings caused errors. Fixed.
MM-2726 Group reload times can now be specified (with a Registry entry).
MM-2727 LDAP and AD user group names could not be entered in the Configurator by typing. Fixed.
MM-2730 When a sending route is available but some messages are being refused with 400 level responses, the particular messages are now retried less often to save MailMarshal processing effort.
MM-2776 The MailMarshal Engine could stop unexpectedly while committing configuration under heavy load with McAfee virus scanning enabled. Fixed.
MM-2807 The installation package has been updated to SQL 2008 Express SP1.
MM-2840 Obsolete command line virus scanners McAfee NetShield and Vet NT 10.x have been removed from the selection list. The scanners continue to work if installed.
MM-2975 Transmission of log files from the Controller to the Array Manager has been made more efficient.
MM-3003 The Web Components installer did not check for all IIS prerequisites on some operating systems. Fixed.
MM-3011 The version of MSSavi.DLL included with MailMarshal has been updated to
MM-3013 MailMarshal now unpacks ISO image files.
MM-3010 IP addresses could be shown reversed in results of database queries. Fixed.
MM-3024 MailMarshal now supports installation on Windows 7, including Windows 7 Logo certification.
MM-3043 Logging by the Array Manager Spam RPC interface has been improved.
MM-3049 Certain PDF files caused an error in processing. Fixed.
MM-3055 The product has been rebranded for M86 Security.
MM-3064 Deleting all policy groups and creating a new one caused the Configurator to fail. Fixed.
MM-3066 DNS Blacklist rules could cause processing delays if the DNS server was unavailable. DNSBL requests are now cached separately from delivery requests to enhance performance.
MM-3067 Upgrade did not correctly handle LDAP groups used in the SpamProfiler Receiver exclusions. Fixed.
MM-3068 No Reputation Service entries could be created when using a Temporary key. Fixed: this restriction now only applies to the Marshal IP Reputation Service, by design.
MM-3070 The administrator can now allow end users to subscribe and unsubscribe from digests.
MM-3072 The Blended Threats Module has been updated with new rule conditions and a "hold queue" action.
MM-3073 Many improvements have been made to SQL support, including support for instances, support for Windows authentication, and assignment of user rights.
MM-3074 The Marshal IP Reputation Service "Test" button could return incorrect results depending on the response from DNS name servers. Fixed.
MM-3075 Sophos Anti-Virus (not Sophos for Marshal) could return "Not enough storage is available to complete this operation" on configuration commit. Fixed.
MM-3076 The MailMarshal Today page now provides summary information  for a user selectable time period and is renamed the Dashboard.
MM-3095 BTM updates could cause the MailMarshal Engine to stop due to a database exception. Fixed.
MM-3096 The Server Tool has been improved.
MM-3110 Submitting a message to M86 as spam or not spam from the Console now submits the message log as well as the message.
MM-3116 SPF evaluation did not correctly check PTR domains. Fixed.
MM-3135 Certain malformed TNEF files caused an error in processing. Fixed: These files are deadlettered.
MM-3138 SPF evaluation could fail in rare cases due to an issue with timeout evaluation. Fixed.
MM-3141 Certain PDF files caused an error in processing. Fixed.
MM-3147 IP group updates did not occur unless configuration was reloaded. Fixed. Also, reload times can now be specified (with a Registry entry).
MM-3165 After upgrading to version 6.7, some messages quarantined before the upgrade could not be released using the Console due to a change in message release handling. Fixed.
MM-3166 Certain PDF files caused an error in processing due to invalid paths in embedded files. Fixed.
MM-3205 The BTM status display in Configurator and Console did not show "out of date" while the initial database download was in progress. Fixed.
MM-3208 Some Configurator dialogs did not display toolbars correctly with some display themes. Fixed.
MM-3214 In version 6.7, the option "override default folder security" was selected by default for all folders. Fixed: this option is selected by default only for folders that may contain dangerous items (to avoid accidental release of these items).
MM-3270 Users imported with Group File Import tool were marked as "never seen" for pruning. Fixed: Imported users are now marked as "Seen today."
MM-3271 Partial message bodies shown in digests were not properly escaped or encoded. Fixed.
MM-3301 The Web Components installer now allows installation on Windows Server 2008, Web edition.
MM-3328 Unpacking of large Excel files could use excessive memory. Fixed.
MM-3344 The "Archive messages visible for..." setting did not apply in all locations within the Console. Fixed.
MM-3348 The Message Release external command did not work for nodes with ID greater than 9. Fixed. (November 2, 2009)

MM-466 SpamCensor now checks attached email messages as well as the top level message.
MM-1664 User groups can be "pruned" of entries that have not matched recently.
MM-1675 The MMC "export list" functionality now works in the Console message search window.
MM-1763 The SQM website can now authenticate users in multiple AD domains.  For details, see Knowledge Base article Q12902.
MM-1774 When a key request is submitted, MailMarshal opens a webpage providing more information about the key request process.
MM-1799 Some Excel 2007 documents saved in Excel 2003 format were detected as type OLE. Fixed.
MM-2010 Image Analyzer could return different scores for the same image. Fixed.
MM-2028 From and Recipient IP addresses are now included in the message record in the database.
MM-2060 Unpacking of OpenOffice file types has been validated.
MM-2299 SQM website searching on "From" addresses has been improved.
MM-2128 MailMarshal now correctly detects Microsoft Document Imaging (MDI) files.
MM-2314 Web installer and CD-Rom autorun packages are now digitally signed.
MM-2395 Watermark text is now extracted from many Microsoft Office files including Word 2003 and 2007, PowerPoint 2003 and 2007, and Word XML formatted files.
MM-2440 Message purging performance has been significantly improved for large installations with long archive retention.
MM-2441 SMTP response text returned by the Receiver can now be customized. For details, see Knowledge Base article Q12897.
MM-2482 The default retention period for new Archive folders is now 3 months.
MM-2487 User groups can be searched for an email address.
MM-2525 Web Components did not function correctly on SBS2008. Fixed.
MM-2560 Emptying the Console Mail Recycle Bin did not delete all physical files. Fixed. Note that the fix only corrects the deletion behavior. Earlier files must be removed manually.
MM-2571 Installation now checks for supported SQL service pack as well as major version.
MM-2588 An updated Quarantine Sync tool is provided with the product installation.
MM-2590 The SQM website now provides users the option to receive or not receive digests (if enabled by the administrator).
MM-2595 Configuration commits can now be scheduled through the Configurator | Server Properties.
MM-2612 When the SQM website connects to a different version Array Manager, the message returned to the web user is now informative.
MM-2640 MailMarshal expected a specific, older version of MSXML. Fixed.
MM-2643 Unpacking of BinHEX files has been improved.
MM-2652 The SpamProfiler registry settings were not correctly updated during upgrade from 6.4. Fixed.
MM-2662 In the Web Admin Console, Mail History and Folder searches only returned the first page of results. Fixed.
MM-2669 When a user group was renamed in the Configurator, the name was not updated in the rule wizard display. This was a display issue only. Fixed.
MM-2672 The Sender could consume all threads delivering a single message to many domains. Fixed: a maximum of 10 concurrent threads will be used for each message.
MM-2673 Default thread counts for "small" and "large" sites have been increased. Upgrading does not change existing settings.
MM-2676 The Receiver service could stop unexpected due to an error in the SPF evaluation. Fixed.
MM-2689 The ability to add file fingerprints from the Console has been reinstated. The feature can be enabled for specific folders.
MM-2694 Creating an account with a password over 60 characters caused the Configurator to fail. Fixed: a limit of 100 characters is supported and enforced.
MM-2706 Certain binary files were incorrectly recognized as type ARJ. Fixed.
MM-2707 File type identification now includes separate types for web form text and web form binary data.
MM-2708 Multiple local domain and default route entries could be added to a routing table. Fixed. For upgraded installations, the Configurator enforces a single entry when the routing table is edited.
MM-2712 Messages with MIME content-type fields spanning thousands of lines could cause the MailMarshal Engine to fail. Fixed.
MM-2713 SpamProfiler updates could fail due to a download timeout, particularly if the update was started manually. Fixed.
MM-2718 SpamCensor can now scan MIME headers for all parts of a message.
MM-2719 SpamProfiler cartridge version 3050 is included in the product installation.
MM-2728 File type identification has been improved for Word 6 and Word Document with IRM types.
MM-2750 Configuration reload status now displays in the MMC status bar (lower right).
MM-2760 Certain Excel 2007 files caused the MailMarshal Engine to fail during unpacking. Fixed.
MM-2789 Upgrading the database from version 6.5.4 or below could fail due to the database update script attempting to drop a non-existent property. Fixed.
MM-2795 In some earlier versions, attachments with filenames in Arabic caused message to be deadlettered. Fixed.
MM-2803 In version 6.5.4, when the DNS server was not contactable, messages were returned instead of being queued. Fixed.
MM-2818 Handling of bare LF characters at the end of messages by the Sender has been corrected.
MM-2819 Handling of bare LF characters by the Receiver has been corrected.
MM-2820 The Sender now delivers the oldest untried messages for a route first.
MM-2821 The Sender now limits thread usage so that no one type of delivery can consume all available threads. The delivery types are new messages, deferred messages, DNS routes, and static routes.
MM-2822 A DNS lookup that returned "no data" resulted in the message being retried. Fixed: the message is now marked as undeliverable.
MM-2823 PDF unpacking is now more robust when unpacking malformed attachments.
MM-2826 SpamProfiler scores are now logged to text logs as with SpamCensor scores.
MM-2857 SpamProfiler has been moved out of the Receiver process for reliability.
MM-2867 A new Upgrade Tasks page is included in the Configurator.
MM-2879 The default SpamProfiler threshold is now >99 (was >95).
MM-2913 Visual C++ redistributable versions included in the installer have been updated.
MM-2922 The version of MSSavi.DLL included with MailMarshal has been updated to This DLL resolves issues with Sophos engine updates while under load.
MM-2960 Configuration changes have been made to improve compatibility of the Web Components with SBS2008 and Windows 2008 64 bit editions. Additional manual changes may be required. For details, see Knowledge Base article Q12671.
MM-2964 The MailMarshal engine could fail while unpacking specific embedded PDF files. Fixed.
MM-2986 The default SMTP response when a message is refused at the Receiver due to SpamProfiler evaluation has been improved. The new text is: 550 Message refused by MailMarshal SpamProfiler.
MM-3036 Key requests did not include information about some additional items enabled by the existing key. Fixed.
MM-3037 The SQM website might not show the latest messages on the main page, because the user last logged in time was not always set correctly. Fixed.
MM-3045 When multiple virus scanners were in use, a virus could be undetected if the first scanner invoked did not detect it. Fixed. (May 22, 2009)

MM-2634 In previous 6.5 releases, the Console did not display sender information for messages with a blank Return Path, due to the changes made for issue MM-1390. These changes have been reverted.
MM-2647 In previous 6.5 releases, the Console and SQM Website encountered performance issues, due to the changes made for issue MM-1390. These changes have been reverted.
MM-2652 In previous 6.5 releases, upgrading from earlier versions caused a problem with the SMTP response sent by SpamProfiler message rejection. Fixed.
MM-2654 The custom engine threads setting is now validated when entered in the Configurator. The valid range is 1 to 5 threads. (May 18, 2009)

MM-2629 The upgrade installation did not correctly roll back when cancelled due to lock on the MMPrfMon.dll. Fixed.
MM-2630 Messages with improperly formatted Content-Type declaration could cause a loop in the MailMarshal Engine. Fixed.
MM-2631 Certain Excel binary worksheets caused an exception when opened for examination. Fixed. (May 1, 2009)

MM-2598 User defined filetypes were not available in version 6.5.0. Fixed.
MM-2577 Improved the error message returned when attempting to connect to Array Manager from a mismatched version of the Spam Quarantine Management website. (March 25, 2009)

MM-57 When connecting the Console to a remote server in a workgroup, an uninformative error message could be returned. Fixed.
MM-106 PDF unpacking has been improved for documents with unknown inline image types.
MM-109 The global Maximum Number of Recipients can now be set separately for incoming and outgoing messages.
MM-145 Nested TNEF messages now display correctly in the Console and MML Viewer.
MM-195 Sorting by size in the Sender node of the Console did not work correctly. Fixed.
MM-488 If an array is managed by MailMarshal SPE, the Configurator now raises a warning when connecting.
MM-584 The Image Analyzer DLL is now installed in the \config directory to allow remote updates if required.
MM-604 Renaming elements was not supported in Taskpad view under MMC 3.0. Fixed.
MM-637 Image Analyzer could return  the result "unsupported" for several files after processing one unsupported file. Fixed.
MM-643 Handling of PDFs with embedded files in annotations has been improved.
MM-805 In some earlier versions, running the installer in Modify mode could place some folders in an incorrect location. Fixed.
MM-904 The {Date=%%c} variable did not use locale settings as required. Fixed.
MM-941 In the Web Console, clicking the Delete link for a message twice within Mail History could return an exception. Fixed: the message display is now updated after deletion so that the correct link displays.
MM-959 Unpacking of PDF files with embedded object streams has been improved.
MM-995 Some DNSBL matches were not logged. Fixed.
MM-1141 A number of potential attachment stripping vulnerabilities have been addressed.
MM-1213 The default use of URIBL evaluation no longer includes greylisted domains. These entries often resulted in false positive identification of spam.
MM-1228 The Server Tool could not stop the Controller service if dependencies were running. Fixed: the Server Tool now stops dependencies if required.
MM-1229 The Server Tool did not restart the Updater service on a node when "Restart Running Services" was selected. Fixed.
MM-1234 Header rewriting could incorrectly add new header lines in the middle of an existing folded line that contained blank lines. Fixed.
MM-1239 To ensure that routing exceptions are processed, new routing table entries are created above an existing Local Domains entry.
MM-1264 Office 2007 Macro files could not be saved from the message viewed. Fixed.
MM-1301 The default action for release from deadletter folders in the Web Console is now to pass through (matching the MMC Console).
MM-1312 ACE archives with permissions set on individual contained files could not be unpacked or deleted. Fixed.
MM-1313 Unpacking of compressed RTF documents has been improved.
MM-1328 The SQM website could generate a JavaScript error on the login page after first installation. Fixed.
MM-1329 The SQM website did not grant the first user Administrator permission when initially configured with Forms authentication. Fixed.
MM-1340 If the Controller executable was locked during upgrade, the old version could continue to run without warning, causing other issues. Fixed: If the Controller is locked, the installer warns the user and offers to postpone changes until the next restart.
MM-1348 Handling of header rewriting for invalid email addresses has been improved.
MM-1357 In the Web Console, attempting to release a message and selecting no recipients caused an exception. Fixed.
MM-1360 Changing the location of Array Manager logging with the server tool did not work for standalone array managers. Fixed.
MM-1364 A potential memory access problem was identified in the Base64 decoder. Fixed. See also MM-1141.
MM-1371 File naming for unpacked files has been improved to address vulnerabilities (trailing dots).
MM-1385 Web Components did not install correctly if the "C:\Program Files" folder did not exist. Fixed.
MM-1388 A new Norman integration DLL is included in this version. Some deadlock issues are fixed.
MM-1390 The "From" field in the SQM website views now shows the return-path email address as used in MailMarshal user matching.
MM-1391 When a TLS self-signed certificate was already present, creating a Certificate Signing Request deleted the existing certificate. Fixed: the CSR now generates a separate file (csrprivkey.pem) and warns the user appropriately if files will be deleted.
MM-1427 Disabling SpamProfiler in the Configurator now stops SpamProfiler internet updates.
MM-1585 DNS blacklist exclusions in SpamHaus.xml were not applied due to an incorrect group name label. Fixed.
MM-1772 TIF images are now visible in the Console preview. Large BMP, GIF, TIF, PNG, and JPG files are displayed as thumbnails for enhanced performance.
MM-1773 PDF unpacking could fail due to Unicode characters in file names. Fixed.
MM-1796 The Safe and Blocked Senders features of the SQM website can now be disabled.
MM-1806 Messages deadlettered as Undetermined were incorrectly placed in the Malformed folder. Fixed.
MM-1814 HTML formatted email with META REFRESH tags could potentially redirect to malicious content when viewed in the console. Fixed.
MM-1817 The Zero Day Protection Framework default rule used an incorrect email notification template. The default has been fixed.
MM-1832 In version 6.4 the Remote MTA information was not included in "undeliverable" notifications. Fixed.
MM-1834 The SQM website did not show the latest messages on the main page, because the user last logged in time was updated inappropriately. Fixed.
MM-1838 Folder names could be entered with leading or trailing whitespace, which could cause email processing services to fail. Fixed.
MM-1844 Reloading an empty AD universal group generated inappropriate error messages. Fixed.
MM-1855 Configuration Merge files are no longer available in the installation.
MM-1867 The SQM administrator function to delete all users was not implemented. Fixed.
MM-1892 A current SpamProfiler cartridge is provided for new product installs.
MM-1899 In version 6.4.5, specific TNEF files were not unpacked properly. Fixed.
MM-1911 SpamProfiler updates can now roll back the cartridge version as well as incrementing it.
MM-1915 The Web Console again allows transparent authentication by NTLM where possible.
MM-1916 SQM forms based authentication now allows logging in with email address domains such as @local (as well as public Top Level Domains)
MM-1920 MailMarshal can now identify Word 6.0 documents. Older data structures found in these documents could theoretically be used to inject malicious content.
MM-1925 A required DLL (cmae.dll) was not included with Array Manager only installations. Fixed.
MM-1927 Office 2007 hyperlinks were incorrectly treated as unpackable files. Fixed.
MM-1931 MailMarshal Manager and Array Properties have been converted from tabbed dialogs to a property page with a selection tree.
MM-1945 Upgrading from version 6.4.1 to 6.4.5 did not correctly update some stored procedures. Fixed.
MM-1949 Files unpacked from Office 2007 documents could contain path information that caused the McAfee scanner to fail. Fixed.
MM-1950 Each rule that quarantines messages can now specify what rules apply to the messages when released.
MM-1957 The database MessageName index now includes the message edition. Message purging speed will be enhanced. Existing databases are upgraded by the installer.
MM-1963 The SQM Create User function did not set a primary user email alias. Digesting could be affected. Fixed.
MM-1971 SpamProfiler can now be used in a Standard Rule condition.
MM-1974 Image Analyzer integration has been updated to use the latest version of Image Analyzer software.
MM-2003 The SQM website did not allow a delegate user name that contained a space. Fixed.
MM-2004 The chart data displayed on the SQM website did not add to 100% due to rounding. Fixed.
MM-2011 Incorrect locking in the group management code could cause the Controller service to stop. Fixed.
MM-2015 MailMarshal services and interfaces are granted Administrator privilege to run under UAC.
MM-2073 Temporary unpacked files with Unicode characters in the names are now renamed if necessary to complete processing.
MM-2098 Encrypted PDF documents could be detected as type PDF (not encrypted). Detection of this type has been improved.
MM-2117 The Clean theme in the SQM could display untidily when very log message subjects were displayed. Fixed.
MM-2135 When releasing a message from the link in a digest email the time displayed was shown in GMT instead of local time. Fixed.
MM-2136 Folder message counts displayed in the SQM website could be incorrect in some circumstances. Fixed.
MM-2137 The SQM home page display did not update when all message were deleted. Fixed.
MM-2138 The "add email address" function in the SQM website can be disabled by the administrator.
MM-2140 Certain malformed email addresses could cause errors in the SQM website. Fixed.
MM-2142 SQM website loading times are significantly improved with .NET 3.5 and other enhancements.
MM-2182 JPEG2000 files were not correctly identified. Fixed.
MM-2187 TLS could not use certificates that were provided by the CA as multiple certificates in a certificate chain. Fixed.
MM-2205 The user selection of Safe and Blocked senders lists enable/disable from the SQM website was not applied correctly. Fixed.
MM-2222 If TLS is required for a domain, MailMarshal Sender will always attempt to connect using EHLO regardless of other settings.
MM-2228 SPF or Sender ID records with badly formatted includes could cause the Receiver to stop. Fixed.
MM-2257 Some PDF files were not identified as encrypted. Fixed.
MM-2269 Certain PDF documents have highly recursive element nesting and can cause unpacking to fail. MailMarshal now limits unpacking of PDF to 500 levels of nesting by default. You can set the limit using a registry value. See M86 Security Knowledge Base article Q12243.
MM-2276 Additional text such as watermarks is now extracted from PowerPoint documents.
MM-2277 Watermark text is now extracted from Word 2003 and Word 2007 documents.
MM-2324 The Sender service did not honor the LogMask entry (to specify logging level) in the Registry. Fixed.
MM-2341 The "pass message to rule" action did not validate selection of the rule to pass to, which could result in an invalid configuration causing the Engine to stop. Fixed.
MM-2358 The latest CountryCensor database is included in this release.
MM-2361 The maximum number of recipients per connection from the sender can be set with a Registry value. The default number of recipients per connection is 250.
MM-2404 Hotkey conflicts have been resolved on some wizard pages.
MM-2444 Blocked Hosts did not correctly resolve FQDN entries. Fixed.
MM-2451 SQM with authentication by email address now requires email addresses to be within the MailMarshal local domains at the time of registration.
MM-2455 Message recipients with a + symbol in their email address could not release messages from digest links. Fixed.
MM-2466 The Migration Tool and Quarantine Upgrade Tool are no longer provided with the product installation. To upgrade from version 5.5, you must first upgrade to version 6.4 or below.
MC-1 File Type checking now can access files named with Unicode characters.
MC-2 Excel 2003 worksheets created in Excel 2007 were incorrectly recognized as file type OLE. Fixed.
MC-4 Certain MSI files were incorrectly recognized as OLE files. Fixed.
MC-6 .torrent  files are now recognized (type Bittorent .torrent metainfo file).
MC-7 Certain PowerPoint files generated in Microsoft Office 2002 SP2) were incorrectly recognized as file type OLE. Fixed.
MC-8 UTF-8 files with small numbers of errors are not correctly detected.
MC-9 Some executables were wrongly detected as self-extracting ZIP files. Fixed.
MC-12 Certain True Type fonts were detected as type BIN. Fixed.
MC-13 Certain CAB files were detected as type BIN. Fixed.
MC-14 OGG audio and video streams are now detected.
MC-20 Certificate Revocation Lists (CRLs) are now detected.
MC-21 Firefox updates (MAR) are now detected.
MC-22 Google Safe Browsing updates are now detected.
MC-25 Some PowerPoint files were incorrectly recognized as OLE files. Fixed.
MC-34 Detection of HTML has been improved where large amounts of other text content was present at the top of the file.
MC-37 PDF detection has been enhanced with a new type for documents with operations protected (Protected Acrobat PDF Document). These files can be unpacked and scanned.
MC-39 Microsoft Document Imaging (MDI) files are now recognized.
MC-40 Many Open Office document file types are now recognized.
MC-41 Word 2007 documents with Restricted Access were detected as type OLE. Fixed: these documents are now detected as encrypted Word documents.
MC-42 Some RAR files caused a timeout when unpacked. Fixed. (September 9, 2008)

MM-1962 SQM support for MailMarshal SPE 2.3. (August 6, 2008)

MM-1896 In version 6.4.5, messages were not automatically released from parking folders as specified. Fixed. (June 26, 2008)

MM-781 Receiver Rule logging could cause database deadlock errors. The issue has been further addressed with sorting of items from multiple nodes.
MM-1447 DeadLetter templates now include separate options for inbound or outbound messages.
MM-1486 A new more descriptive variable name {ReputationServices} duplicates {MMSmtpMapsRBL}.
MM-1487 DOS and DHA blocking times are now based on the time when the block was first applied (not the time of the most recent attempt).
MM-1488 Folders and classifications now cannot be deleted when they are used in classification groups.
MM-1493 Automatically generated trial keys now support Sophos for Marshal.
MM-1495 MailMarshal can now unpack Microsoft SZDD archives.
MM-1496 Certain upgrade scenarios could create an open email relay. Fixed.
MM-1503 The Route to Host rule action now accepts a port number.
MM-1507 SQM did not allow updating a safe or blocked entry to a wildcard string. Fixed.
MM-1510 The installer now checks for and installs the correct version of Microsoft Visual C redistributable (8.0 SP1)
MM-1511 SpamProfiler updating now supports NTLM for proxy authentication.
MM-1516 Receiver rule checking for FQDN hostnames now accepts hostnames with between 3 and 10 parts by default. This behavior can be changed with a Registry entry. See M86 Security Knowledge Base article Q12041.
MM-1518 Messages quarantined by SpamProfiler and released could pass through MailMarshal without being virus scanned. Fixed with rule changes.
MM-1519 When the engine started, it could create a crash dump zip file unnecessarily. Fixed.
MM-1524 The Route to Host rule action can now specify that the remote host is MailMarshal SES. Additional data is sent to preserve message logging between servers.
MM-1552 The SpamCensor updater now provides a better error message when update fails due to problems retrieving the Certificate Revocation List.
MM-1556 Releasing a message from the SQM website did not honor the folder options for pass through or continue processing. Fixed.
MM-1569 Image Analyzer has been updated to the latest available version.
MM-1576 The rule condition "Where Sender's IP address matches address" is now available in Standard rules as well as Receiver rules.
MM-1765 Some other servers could reject MailMarshal digest messages as malformed due to invalid UTF-7 encoding. Addressed with a registry setting to disable this encoding if necessary.
MM-1788 Internet access settings for nodes were not honored. Fixed.
MM-1793 The LDAP connector now has improved ability to recognize the end of returned data ("no such object"). (March 06, 2008)

MM-1382 MP3 files could cause the file type checker to exit unexpectedly. Fixed.
MM-1396 Receiver disk check could give incorrect results. Addressed with updated logic. Also, this check can now be disabled. See M86 Security Knowledge Base article Q11669.
MM-1398 Messages tagged by SpamProfiler could never be released when reprocessed. Fixed.
MM-1400 Creation of zip files used for debugging of the unpacking process could cause issues. Fixed.
MM-1406 SpamProfiler now allows exceptions by User Group and by Safe Senders lists.
MM-1412 In previous 6.4 releases, environment variables did not work in message templates. Fixed.
MM-1418 Inappropriate POP3 alias errors appeared in the event log when POP3 accounts were created for authentication. Fixed.
MM-1422 Upgrade converted anti-relay IP ranges (from netmask to range format) incorrectly. Fixed.
MM-1432 The Engine now supports "rule profiling" to record the average run time of a rule and the number of times it is run. The result can be queried using MMLookup.exe. See M86 Security Knowledge Base article Q11981.
MM-1440 Problems with message formatting in the Sender service could cause the service to exit unexpectedly. Fixed.
MM-1442 The Sender notifications did not provide a detailed reason for failure. Fixed.
MM-1459 The -r (list of recipient fields) option of MMGetMail did not function. Fixed.
MM-1461 After upgrade some local domains variables in templates could be blank. Fixed.
MM-1467 Attempting to upgrade the Spam Quarantine Management component actually uninstalled it. Fixed.
MM-1475 The RemoteIP variable was not populated in the sender notification template. Fixed. (January 30, 2008)

MM-1337 Could receive error "Error talking to client 'nnn.nnn.nnn.nnn' Property IpAutoWhitelisted not found" when using TLS. Fixed.
MM-1363 The version number of the configuration merge file CurrentConfigMerge.xml was incorrect. Fixed.
MM-1367 Deleting messages for a route from the Console caused all later messages for that route to be deleted until the Sender service was restarted. Fixed.
MM-1373 Execution of a SQL query by the Array Manager to determine the license count has been removed for performance reasons.
MM-1374 Zero length strings could cause services to exit unexpectedly (due to change in behavior in a new version of runtime libraries). Fixed. (January 25, 2008)

MM-1355 The installer will now prevent installation on Windows 2000 machines (for both new installations and upgrades). (January 22, 2008)

MM-1333 When upgrading, the MMReceiver and BlockedHostIP tables could generate duplicates and cause the upgrade to fail. Fixed.
MM-1336 The Configurator ceased to function when the "Server and Array Properties" window has been opened from the "MailMarshal Manager properties" window. Fixed.
MM-1337 Could receive error "Error talking to client 'nnn.nnn.nnn.nnn' Property IpAutoWhitelisted not found" when RBL check is enabled. Fixed.
MM-1341 Certain regular expression behavior differed from previous releases. Fixed.
MM-1343 Option added to change SpamProfiler behavior to apply to inbound messages only, or inbound and outbound messages. (January 15, 2008)

MM-166 Routing overrides did not work for local domain delivery. Fixed.
MM-232 Message size is now available as a MailMarshal variable for use in templates. This variable reflects the size as originally received.
MM-345 Messages that cannot be delivered after multiple retries now have a final classification of "undeliverable."
MM-404 Deletion of nested user groups is handled properly.
MM-445 Messages in deleted folders no longer appear in the Console Mail Recycle Bin.
MM-447 Storage and reloading of "valid fingerprints" is now more efficient.
MM-449 Messages with no body are handled correctly at all points in the product.
MM-452 The Blocked Host IP table (used by DoS and DHA functions) is now purged of data over 7 days old.
MM-453 Forward slashes in Active Directory group member names could cause errors in updating the groups. Fixed.
MM-455 Some Unicode files were incorrectly recognized as Binary. Fixed.
MM-482 Server From and Administrator email addresses can now be set for each Local Domain and will be used for messages relating to the domain.
MM-492 Some subject lines were incorrectly converted from UTF-7 to Unicode. Fixed.
MM-516 Detection of MP3 files has been improved.
MM-550 The console now allows you to configure the oldest message to display in archive folders.
MM-568 The rule interface for Spam Type categories did not save the correct selection. Fixed.
MM-578 Certain attached log files could be identified as mail headers. Fixed.
MM-595 URLCensor did not correctly look up a URL ending in . (dot). Fixed.
MM-637 Image Analyzer behavior with unsupported TIF files is improved.
MM-640 SORBS Reputation Service is no longer used by default.
MM-669 The Sender can now be bound to a specific IP using a Registry entry
MM-738 The keyboard Delete key did not function correctly in the Console under MMC 3.0. Fixed.
MM-776 Deadlettered messages are now logged with folder classifications and can be reported on by folder.
MM-781 Receiver Rule logging could cause database deadlock errors. The issue has been further addressed with changes to batch insertion of these records.
MM-793 Error handling for SPF records over 512 characters was not correct. Fixed.
MM-818 Messages with MIME boundaries declared in the headers are now deadlettered by default.
MM-819 Active Directory imported groups that contain child groups could not be deleted. Fixed.
MM-821 Message count and size rule conditions now allow "equal to" and "not equal to" an exact value.
MM-891 Digest generation failed for email addresses with a comma in the local part. Fixed.
MM-906 If the MailMarshal Sender gets a 500 response to the DATA command, the message will be retried.
MM-922 Office 2007 files are correctly recognized and unpacked. See also MM-962.
MM-935 "Scraping" of email addresses from LDAP connectors has been improved and better documented.
MM-953 Mail Batching is no longer supported within the product. The  MMGetMail.exe external utility is available to perform this function.
MM-962 Excel 2007 Binary format (.xlsb) files are recognized  as "Excel 2007 Binary document" but not fully unpacked. See also MM-922.
MM-963 Rule criteria evaluation for "greater than 0" failed. Fixed.
MM-1001 Deadletter folders now have a default release type of pass through with no further processing.
MM-1039 A Category script has been added for HIPAA compliance support.
MM-1068 Sophos could be invoked twice for a message if used in multiple rules with different conditions. Fixed.
MM-1123 Regular Expression filtering is now available to limit the items written to text logs.
MM-1182 The MailMarshal Web Configuration Tool is not used by the 6.4 Web components and has been removed.
MM-1206 Message digesting could fail when using a classification, if a classification of the same name had previously been deleted. Fixed. (July 19, 2007)

MM-532 Low Disk Space handling has been enhanced to include a receiver slowdown threshold in addition to the receiver stop threshold.
MM-585 User Group information on the nodes is now stored encrypted.
MM-602 Receiver Rule logging could cause database deadlock errors. Issue has been addressed by batching the insertion of these records.
MM-621 Image Analyzer was failing on certain GIF files. Fixed.
MM-628 The Receiver no longer lists the version in response to SMTP request HELP VERSION. This is a security enhancement.
MM-644 DNS caching did not support round robin delivery. Fixed.
MM-647 Naming mail folders using digits only could cause errors. Fixed.
MM-651 Server Host Name field was not displayed after being updated in the Configurator. Fixed.
MM-652 Header Matching and Rewriting now works properly for fields up to 100 characters long.
MM-654 Image Analyzer now runs multi-threaded.
MM-656 MailMarshal now detects Office 2007 documents as PPTX, DOCX, and XLSX.
MM-668 MailMarshal dump files are now deleted automatically after a month (configurable).
MM-802 Zip files that use backslash as the path separator were deadlettered. Fixed. (September 07, 2007)

MM-911 The TAR unpacker included in MailMarshal was vulnerable to Directory Traversal Attacks. Fixed. (June 25, 2007)

MM-730 A buffer overrun in the cached DNS framework could cause the Receiver to stop unexpectedly. Fixed.
MM-731 The Spam Quarantine Management website password reset facility was vulnerable to a specially crafted request. This vulnerability could allow the new password to be sent to arbitrary additional email addresses. Fixed.
MM-732 A problem with PDF checking could cause email containing valid PDF files to be deadlettered. Fixed.
MM-781 Receiver Rule logging could cause database deadlock errors. The issue has been addressed by batching the insertion of these records. (May 2, 2007)

MM-181 Unpacked files with Unicode or non-English characters in the long file names could not be scanned. 8.3 filenames are now used to access these files.
MM-260 DoS and DHA were not creating logging entries. Fixed.
MM-363 PDF unpacking could cause the MailMarshal Engine to stop. Fixed.
MM-365 Some characters were not displaying correctly in the Configurator when entered in the classification description. Fixed.
MM-367 MailMarshal did not generate an error if semi-colons were not used between entries in the TO, CC and BCC fields in message templates, or if multiple variables were entered into the From field. Fixed.
MM-369 DNS lookup and result caching is now provided by the Controller.
MM-373 Additional configuration is available per node for Receiver binding. Thread usage limits can be set for specific IP addresses or ports.
MM-375 Database stored procedures and indexes have been modified to improve performance at large sites.
MM-376 Modified the PurgeMessages stored procedures to improve performance under heavy load.
MM-394 DoS logging appeared in the MMReceiver logs regardless of whether or not DoS was enabled.
MM-395 Some TNEF files were not being recognized correctly. Fixed.
MM-396 The number of dump files the MailMarshal services generate is now limited to 10.
MM-397 Rule Merge files now can only be imported to the correct version of MailMarshal.

LDAP groups were not fully populated if the connection to the LDAP server was terminated in the middle of an update. Fixed.

MM-408 DHA evaluation was being performed for outbound messages. Fixed.
MM-409 A Registry entry has been added to control whether invalid recipients are stripped by DHA evaluation.
MM-411 The node properties dialog did not correctly show the status of the Customized Local Domains checkbox. Fixed.
MM-417 Remote Console users were not permitted access as specified in MailMarshal security settings unless they had administrative rights on the server. Fixed.
MM-420 The Array Manager could fail to process a mail file because the file was opened for writing by another process. Fixed.
MM-425 Large sites received "Cannot create new connection because in manual or distributed mode" errors, when using Receiver rule logging. Fixed.
MM-427 Users could create and use a Standard folder while editing a Parking rule action. This caused the Engine to stop. Fixed.
MM-429 A problem with the XML configuration handler could cause the Controller to stop unexpectedly. Fixed.
MM-432 The standalone Message Viewer now uses the Windows theme.
MM-433 LDAP and AD groups could not be directly specified in the DHA group selection due to unescaped commas. Fixed.
MM-434 ORDB has been removed from the default list of Blacklists, because ORDB has shut down.
MM-439 The selection list for server notification templates included digest templates. Fixed. Where digest templates were used, upgrade selects the built-in template.
MM-440 Receiver HELO rules now allow wildcards.
MM-443 User Safe and Blocked senders lists in the SQM console now allow additional wildcards.
MM-454 Some PDF documents were not being recognized as encrypted. Fixed.
MM-457 The PDF unpacker was taking an excessive amount of time while extracting certain individual pages. Fixed.
MM-464 Local Domain entry now supports the standard wildcard syntax including character ranges.
MM-467 The proxy configuration option 'Preset Configuration' has been removed. Upgrades change 'Preset Configuration' to 'Direct Access.'
MM-468 DNS Blacklist evaluation has been enhanced to support the range of responses provided by Spamhaus ZEN. For more information about ZEN, see M86 Security Knowledge Base article 11541.
MM-469 Searching by Message Name could be slow. An index hint has been added to improve performance.
MM-471 Digest generation performance has been improved.
MM-476 The Console could become unresponsive while releasing messages due to problems checking Windows access rights. Fixed.
MM-477 On some occasions the file name condition wasn't triggering with obfuscated headers. Fixed.
MM-486 MailMarshal can now detect Word documents saved in Office 2003 format, by Office 2007 applications. (NOTE: At this point MailMarshal does not fully support Office 2007 documents.)
MM-490 Updated OpenSSL libraries to the most recent version, due to earlier versions containing security vulnerabilities.    
MM-492 Certain non-conforming subject lines could be incorrectly converted from UTF7 to Unicode. Fixed.
MM-493 Stipulated DoS and DHA blocking periods were not being honored. Fixed.
MM-514 Improved DOS and DHA logging in Receiver log.
MM-517 It is now possible to specify which protocol is used during TLS sessions by adding a Registry entry. TLSv1 is the default.
MM-520 Message digests now correctly display subject lines containing Unicode characters.
MM-536 McAfee for Marshal dll has been updated to use McAfee engine 5.100.
MM-546 The Console generated numerous error dialogs if services on a node were stopped while the node was selected. Fixed. 
MM-564 The CountryCensor database has been updated to a more recent version.
MM-569 CountryCensor XML files have been updated to use the new entries in the CountryCensor database.

To review Change History prior to version 6.2, please see the Release Notes for the specific versions.

Copyright M86 Security 2010