SecurityGateway Email Firewall v7.0 now available

Upgrading to this version of SecutrityGateway requires your licence to have upgrade cover that extends until at least 18th August 2020.

Check your existing key’s expiry date and version support.

If your licence’s upgrade cover expired prior to the date above, you will need to renew your upgrade cover using the link above before upgrading.

To upgrade, simply download the latest version and install over the top of your current installation.

What’s new in this version

Two-Factor Authentication

For added protection against unauthorised login, SecurityGateway now
supports Two-Factor authentication. Administrators can enable two-factor
authentication globally or per-domain.

Domain Administrators can create new domains

Global administrators can enable the ability for domain administrators to
create new domains. The number of domains that domain administrators
can create can be limited by the global administrator.

Check for Compromised Passwords

Hackers often rely on lists of leaked or published passwords to send out spam or to launch dictionary attacks. To help protect users from these tactics, SecurityGateway can check users’ passwords against a compromised password list from a third-party service, and then prevent that user from using passwords found on the list. If the password is present on the list, it does not mean the account has been hacked. It means that someone somewhere has used that password before and it has appeared in a data breach.


Clustering provides improved failover and redundancy by allowing multiple active SecurityGateway servers to share a single database.

MTA-STS (Strict Transport Security)

MTA Strict Transport Security (MTA-STS) is a new internet standard that improves email security by requiring email to be sent to an authenticated server using good encryption between all connections through which the message passes. This helps prevent unauthorised message tampering while ensuring privacy and data integrity.

Improved Email Security using RequireTLS

RequireTLS allows administrators to flag messages that must be sent using an encrypted (TLS) connection. Messages that cannot be sent via a TLS-encrypted connection will be bounced back to the sender rather than being sent without TLS. Like Strict Transport Security (STS), RequireTLS also protects against man-in-the-middle and encryption downgrade attacks.

SMTP TLS Reporting

Misconfigured TLS settings can lead to undelivered email messages or delivery over unencrypted connections. To help alert administrators of potential issues, SMTP TLS Reporting can be used to alert administrators of TLS connectivity problems experienced by mail servers, gateways, or other applications used to send mail. When this feature is enabled, each day SecurityGateway will send reports to all STS-enabled domains that it has sent (or attempted to send) mail to that day. Administrators can then use this information to take corrective action to secure their email communications.

Firebird 3 Database

To improve performance, SecurityGateway’s database has been upgraded to Firebird 3.

Other Improvements for SecurityGateway 7

  • The interface has been updated with a more modern appearance.
  • Administrators can now exclude specific senders from virus scanning.
  • Added an option for the whitelist to take precedence over blacklist.
  • Added the ability to specify which user account the SecurityGateway Windows Service runs under.
  • Added support for SIEVE Variables Extension RFC 5229.
  • Added an option to toggle viewing a password when it’s being typed.
    A new access control option added to the User Options page allows this feature to be disabled.
  • Added an option to include the computer name in the log file name.
    This option is required if the log directory is set to a UNC path and
    allows multiple servers in a cluster to log to the same location.
  • Added option to the installer to specify external Firebird server
    parameters during the initial installation.
  • Added an option to not log SMTP or HTTP connections from
    specified IP addresses. Incomplete and rejected SMTP messages
    from a specified IP address will also not be added to the database. If the
    message is accepted for delivery it will be added to the database.

For a complete list of new features & updates, please see the SecurityGateway release notes.