SecurityGateway version 7.0.0 is available now!
Please review the list of Special Considerations and Changes detailed below before installing this update.
If you have any questions about this release please feel free to contact us on firstname.lastname@example.org
Latest download available from here
- Because of changes to and deprecation of many settings in clamd.conf, the installer will now overwrite existing clamd.conf. If you have customized your clamd.conf you may need to review and make changes to clamd.conf after installation.
-  The “Create log files based on the day of the week” option has been removed. If this option was selected, it will be changed to “Create a new set of log files each day” by the upgrade process.
-  the “Setup|Mail Configuration|Email Protocol|Use ESMTP whenever possible” option has been removed. ESMTP is now always advertised and used whenever possible.
-  the “Setup|Mail Configuration|Email Protocol|Hide ESMTP SIZE command parameter” option has been removed. The ESMTP SIZE command is now always advertised.
For added protection against unauthorised login, SecurityGateway now
supports Two-Factor authentication. Administrators can enable two-factor
authentication globally or per-domain.
Domain Administrators can create new domains
Global administrators can enable the ability for domain administrators to
create new domains. The number of domains that domain administrators
can create can be limited by the global administrator.
Check for Compromised Passwords
Hackers often rely on lists of leaked or published passwords to send out spam or to launch dictionary attacks. To help protect users from these tactics, SecurityGateway can check users’ passwords against a compromised password list from a third-party service, and then prevent that user from using passwords found on the list. If the password is present on the list, it does not mean the account has been hacked. It means that someone somewhere has used that password before and it has appeared in a data breach.
Clustering provides improved failover and redundancy by allowing multiple active SecurityGateway servers to share a single database.
MTA-STS (Strict Transport Security)
MTA Strict Transport Security (MTA-STS) is a new internet standard that improves email security by requiring email to be sent to an authenticated server using good encryption between all connections through which the message passes. This helps prevent unauthorised message tampering while ensuring privacy and data integrity.
Improved Email Security using RequireTLS
RequireTLS allows administrators to flag messages that must be sent using an encrypted (TLS) connection. Messages that cannot be sent via a TLS-encrypted connection will be bounced back to the sender rather than being sent without TLS. Like Strict Transport Security (STS), RequireTLS also protects against man-in-the-middle and encryption downgrade attacks.
SMTP TLS Reporting
Misconfigured TLS settings can lead to undelivered email messages or delivery over unencrypted connections. To help alert administrators of potential issues, SMTP TLS Reporting can be used to alert administrators of TLS connectivity problems experienced by mail servers, gateways, or other applications used to send mail. When this feature is enabled, each day SecurityGateway will send reports to all STS-enabled domains that it has sent (or attempted to send) mail to that day. Administrators can then use this information to take corrective action to secure their email communications.
Firebird 3 Database
To improve performance, SecurityGateway’s database has been upgraded to Firebird 3.
Other Improvements for SecurityGateway 7
- The interface has been updated with a more modern appearance.
- Administrators can now exclude specific senders from virus scanning.
- Added an option for the whitelist to take precedence over blacklist.
- Added the ability to specify which user account the SecurityGateway Windows Service runs under.
- Added support for SIEVE Variables Extension RFC 5229.
- Added an option to toggle viewing a password when it’s being typed.
A new access control option added to the User Options page allows this feature to be disabled.
- Added an option to include the computer name in the log file name.
This option is required if the log directory is set to a UNC path and
allows multiple servers in a cluster to log to the same location.
- Added option to the installer to specify external Firebird server
parameters during the initial installation.
- Added an option to not log SMTP or HTTP connections from
specified IP addresses. Incomplete and rejected SMTP messages
from a specified IP address will also not be added to the database. If the
message is accepted for delivery it will be added to the database.