Software Release History

The latest software release is Sendio 10. An overview of the features and enhancements for Sendio 10, Sendio 9, Sendio 8, Sendio 7 and Sendio 6 are provided below. Sendio provides three types of periodic software updates:

  • Services Updates (SU), which add new services or feature sets
  • Maintenance Releases (MR), provides minor functional enhancements and a roll-up of all bug fixes since the prior Maintenance Release or Services Update
  • Minor Updates, which may include refinements to existing functionality and/or bug fixes

The Sendio 6 OS is end of life. Contact [email protected] for pricing and migration options to the newest OS.

Sendio Services Updates

Sendio 10

30-July-2024 – Version 10.1.0

  • New policy to apply sending domain’s DMARC policy or Admin Hold all messages failing DMARC
  • New policies to Admin Hold inbound spam messages and/or Reject outbound spam messages
  • New exemptions to DKIM signature failures, spam hold policy, and DMARC policy
  • Improved classification of Inbound/Outbound message directionality
  • Improved error reporting for Entra ID (formerly Azure AD) synchronization and authentication
  • BREAKING CHANGE: IE support has been removed

19-February-2024 – Version 10.0.2

  • License Usage / Account export available in Accounts menu
  • New indicators to show when a message not scannable by AV or when an IP was unscanned due to service unavailability
  • Add/Drop Sender performance improvements
  • Proxy analysis improvements
  • DKIM signing improvements
  • Base Operating System updates

11-September-2023 – Version 10.0.1

  • Prevent usage of an IP address already in use
  • Categorize attachments that cause overly deep recursion during scanning as unscannable
  • Fix synchronization issues on first sync of a new secondary to an existing primary
  • Adjust retry interval when directory synchronization fails

13-June-2023 – Version 10.0.0

  • Base Operating System updates
  • Improve Server Recon performance to reduce sending server checking latency
  • SMBv2/3 support for backups

Sendio 9

27-February-2023 – Version 9.5.0

  • New AV, bulk check and IP Reputation engines
  • IMPORTANT: For organizations that use their firewall to restrict Sendio’s outbound communication please contact Sendio Support for an updated list of URLs to whitelist.

30-November-2021 – Version 9.4.0

  • Sync users/groups from Azure Active Directory
  • SSO with Azure Active Directory
  • Disable SMTP TLS 1.0 and 1.1
  • Other bug and security fixes

26-July-2021 – Version 9.3.1

  • Fix rendering of small message lists in Queue
  • Fix directory password verification
  • Fix for processing email messages with extremely large number of recipients

27-April-2021 – Version 9.3.0

  • Drop message group button
  • Disable TLS 1.0 and 1.1 in HTTPS
  • Bugfixes

15-Mar-2021 – Version 9.2.0

  • Set HTML5 UI as default UI
  • Display installed version number
  • Ability to purge accounts previously associated with a deleted directory
  • Bugfixes

04-Jan-2021 – Version 9.1.0

  • Admin notifications in HTML5 Admin UI
  • Default sysconfig@esp UI is set to the option chosen in System > Options
  • Default sysconfig@esp UI is set to HTML5 after January 18, 2021
  • Bugfixes and security updates

09-Nov-2020 – Version 9.0.0 – HTML Admin UI Release

  • HTML5 Admin UI.
  • Continuity in HTML5 User UI.
  • Links to HTML5 UI from Classic UI.
  • Allow Drop Sender on Delivered messages.

Sendio 8

31-Aug-2020 8.4.0 – Enhancements and Bugfixes

  • Contacts can be limited to match a CIDR range.
  • Product Notifications for Admins.
  • Bugfixes and other performance improvements.

17-Apr-2020 8.3.7 – Minor Enhancements

  • Added Admin ability to setup LDAPS in a Directory.

07-Feb-2020 – Version 8.3.6 – Bug Fixes and Security Fixes

  • Sysconfig Network Diagnostics updates.
  • HTML5 UI security fixes.
  • Security fixes for asset update process.
  • Internal logging fixes.

10-Oct-2019 – Version 8.3.5 – Bug fixes

  • Fix Apply Maintenance Release button in Putty/SSH console

01-Oct-2019 – Version 8.3.4 – Enhancements and Bug fixes

  • Performance Enhancement to AntiVirus Engine.
  • Bug fix: this release now properly DKIM signs null sender outgoing emails (out of office) if DKIM signing is enabled.
  • Minor change to “Network Diagnostics” SMTP test in Putty/SSH console to use a different default server for outgoing SMTP test.

14-Aug-2019 – Version 8.3.3 – Enhancements and Bug fixes

  • Enhancement in HTML5 UI to speed up the transition from the “Spam Hidden” view to the “Spam Visible” view when many messages are loaded.
  • Bug fix for HTML5 UI where users with a + character in the password could not login.
  • Improved HTML5 UI for the Microsoft Edge web browser so that adding a new Contact is easier and more consistent.
  • Updated SSH keys for Sendio Technical Support personnel.

07-Mar-2019 – Version 8.3.2 – Enhancements

  • Enhancement to Anti-Spoofing detection capabilities.
  • HTML5 UI “Load More” button added in order to more efficiently load more messages in certain situations.

07-Feb-2019 – Version 8.3.1 – Enhancements

  • Performance enhancement to AntiVirus engine.
  • Fixed minor issue in new HTML5 UI where even if the IT Admin had disabled the ability for users to see rejected messages, the user could still see such messages.

22-Jan-2019 – Version 8.3.0 – HTML5 UI -full production

  • Full production release for new HTML5 user UI, but the classic UI remains the default view until enabled by the IT Admin.
  • Admin UI option (located in System/Options) to make the HTML5 UI the default view for all users.
  • Menu option in new HTML5 UI session for a user to revert to the Classic UI if desired without logging in again.
  • Sendio logo added to HTML5 UI login page.
  • Allowance in new HTML5 UI for IE11 (Internet Explorer 11) browsers in compatibility mode.
  • Known issue in new HTML5 UI: Even if the IT Admin has disabled the ability for users to see rejected messages, the user can still see such messages at this time. A future fix is planned.

27-Dec-2018 – Version 8.2.8 – Bug fix

  • Bug fix: Fixed an issue where the Safari web browser was not loading in the Sendio classic UI

19-Dec-2018 – Version 8.2.7 – Bug fixes, minor enhancements

  • Bug fix to re-enable support of Internet Explorer 11 (IE11) “compatibility view” in the Classic UI
  • Beta UI – additional updates including IE11 support

13-Dec-2018 – Version 8.2.6 – Bug fixes, minor enhancements

  • Software Enhancement: UI now directly offers UI options upon login to assist with Classic UI ease of use.
  • BUG FIX: Fixed issue with the SPF Exemption feature where a MIME sender would get incorrectly exempted. Now only the envelope sender domain gets exempted.
  • Beta UI – additional updates

26-Nov-2018 – Version 8.2.5 – Minor security update

  • Updated SSH keys for Sendio Technical Support personnel

07-Nov-2018 – Version 8.2.4 – Bug fixes, minor updates

  • Disabled Java “Endpoint Identification” feature that was added in Version 8.2.3. This change will simplify Secure LDAP (LDAPS) setups.
  • Fixed issue with “Account Info” section not rendering for user logins. Bug was introduced in Version 8.2.3.
  • New “Show me How to Enable Flash” link from Sendio mobile login page for desktop (i.e. non Smartphone) browsers.
  • Improved handling of Adobe Flash with the Firefox browser. Previously the mobile UI was rendered before the “Run Adobe Flash” option could be clicked.
  • Beta UI – additional updates

01-Oct-2018 – Version 8.2.3 – Security updates, new CentOS version

  • Update to CentOS/RedHat 6.10 (includes all current RedHat security updates).
  • Spectre/Meltdown vulnerabilities resolved (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).
  • Removal of weak arcfour ciphers for SSH connections to Sendio.
  • UI beta update.

11-Sept-2017 – Version 8.2.2 – Enhancements and bug fixes

  • IMPROVEMENT: Update of self-signed cert for SMTP/TLS to sha256
  • IMPROVEMENT: Update of self-generated SMTP/TLS keys to 2048 bits
  • BUG FIX: For clustered appliance configurations fixes issue that caused some clustered NICs to occasionally reset.
  • BUG FIX: Fixes issue with Queue Summary (QS) process aborting if user Accounts were purged prior to QS run.
  • BUG FIX: Fixes issue with GUI restart when multiple apps were in “undeployed” state.
  • BUG FIX: For clustered appliance configurations fixes issue with secondary node restart after certain software package updates.
  • BUG FIX: Fixes issue with sysconfig console password not being properly restored during Backup/Restore process.
  • BUG FIX:Fixes issue with backup files that did not contain a full 24 hours of email messages (*.eml files).
  • IMPROVEMENT: Java updated to 1.8

30-May-2017 – Version 8.2.1 – Security update

  • BUG FIX: Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. [CVE-2016-10399]

13-Sept-2016 – Version 8.2.0 – Bug Fixes and OS update

  • IMPORTANT NOTE: This update may take up to 20 minutes to complete and messages will be deferred during the update process. You should update during an off-peak time.
  • IMPORTANT NOTE: This software update requires a full reboot after the update in order to update the Linux kernel.
  • BUG FIX: Redesigned deadline scheduler to improve queue summary scheduling accuracy for larger customers.
  • Update to CentOS/RedHat 6.8 (includes all current RedHat security updates).
  • BUG FIX: Fixed a primary email address management issue for certain complex directory syncs.
  • Enhanced the restart process for the “AppServer module.
  • BUG FIX: Fixed an issue that could cause misconfiguration of ssl certs during a restore from backup.
  • ENHANCEMENT: Implemented slightly randomized scheduling of short-lived, I/O-intensive processes (to soften I/O spikes on multi tenant VM hosts)
  • BUG FIX: Fixed an issue where sometimes the “message size” of an email was miscalculated.

12-Jul-2016 – Version 8.1.1 – Bug Fix

  • BUG FIX: Fixed issue with potential lock-up of IP Reputation service.

18-May-2016 – Version 8.1.0 – New AntiVirus engine, Bug Fixes

  • NEW FEATURE: Integrated CYREN antivirus checking
  • NEW FEATURE: Track per-message virus information in more detail.
  • IMPROVEMENT: No longer using DNS ANY queries to resolve sender domain.
  • BUG FIX: Fixed continuity-mode attachment bug.
  • BUG FIX: Fixed mobile UI date display bug.
  • IMPROVEMENT: Increased Java VM heap size on larger customer installations.
  • IMPROVEMENT: Updated application server middleware, IP reputation agent, Zero Hour agent
  • BUG FIX: Various minor bug fixes and stability improvements.

5-Jan-2016 – Version 8.0.2 – Queue Summary Minor improvements, Security Updates, Bug Fixes

  • IMPROVEMENT: Added support for STARTTLS when sending Queue Summary emails to users.
  • IMPROVEMENT:Delivery performance improvement for Queue Summary emails.
  • CentOS 6.7 security updates and Bug fixes.
  • Kernel security and bug fix update: CVE-2015-2925, CVE-2015-5307, CVE-2015-7613, CVE-2015-7872, CVE-2015-8104.
  • Postgresql security update: CVE-2015-5288.
  • Bind security update: CVE-2015-8000.
  • BUG FIX: Fixed “Purge Accounts” feature that was failing if “Queue Summary Automatic Login” was enabled.
  • BUG FIX: Fixed issue with modifying user access privileges in the sysconfig console which was failing if the user email address had special characters.

4-Nov-2015 – Version 8.0.1 – Queue Summary Minor improvements, Security Updates, Bug Fixes

  • Queue Summary now has timestamps of messages with timestamp format (e.g. Nov. 3 instead of 11/3)
  • Queue Summary now has a “Live Version” link that allows a web view of Queue Summary with the latest held messages shown.
  • Queue Summary how has a “Snapshot” taken time at the top of the page so that its generation time is clear.
  • In the web UI the setting called ”Queue Summary Show Alternate” has been changed to “Queue Summary Show Pending Bulk” to more accurately reflect the setting.
  • Security update: ntp security update: CVE-2015-5300, CVE-2015-7704.
  • Security update: nss, nss-util, and nspr security update: CVE-2015-7181, CVE-2015-7182, CVE-2015-7183.
  • Bug Fix:Fixed blank space in Queue Summary email under help link for certain email clients.
  • Fixed table width issues in Queue Summary email caused by long sender name or address.

23-Oct-2015 – Version 8.0.0 – Enhanced Queue Summary, Bug Fixes

  • Queue Summary layout optimized for Smartphone and tablets.
  • Users can now view the body of any held message directly from the Queue Summary email via a simple mouse click on the Sender email address. This works for both Smartphone and desktop (no Adobe® Flash® required).
  • Option to send two Queue Summaries per day to all users instead of one per day.
  • List of new Contacts added via the challenge email (SAV) are now displayed in Queue Summary with an option to change Contact to a “Drop” Contact.
  • Only pending messages from the last 28 hours are displayed in the Queue Summary.
  • Option for Automatic Login from Queue Summary report for non-Admin users via an authenticated http/https link that expires every 28 hours.
  • For individual user or group Accounts the Administrator is now allowed to specify an alternate email address to receive the Queue Summary. This may be helpful for large distribution groups (e.g. info@,sales@).
  • Statistics of messages arrived/accepted from past 24 hours are now displayed in the Queue Summary.
  • New Unsubscribe link at the bottom of the Queue Summary if the user no longer wants to receive it.
  • IMPROVEMENT: Accept/Drop Actions are now displayed in the Queue Summary even of the “Remember Me” login option is disabled.
  • IMPROVEMENT: HISTORY detail of a message now includes more clear information when if “contact checking” set to “Disabled”.
  • IMPROVEMENT: Recognize messages with ‘X-Amazon-Auto-Reply: true’ or ‘X-Auto-Response-Suppress: All’ headers from auto response messages.
  • IMPROVEMENT: For the HTML SAV feature the underlying reply email messages are now exempted from Silverlisting.
  • BUG FIX: Fixed verification messages for the HTML SAV feature to be case insensitive.
  • BUG FIX: Prior to this release the sysconfig console password could not be longer than eight characters. That restriction has been removed.
  • CentOS 6.7 updates and Bug fixes.
  • java-1.7.0-openjdk security update: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911.
  • openldap security update: CVE-2015-6908.
  • glibc bug fix update.

Sendio 7

1-Sept-2015 – Version 7.2.7 – Improvements, Security Updates

  • Upgrade to CentOS 6.7 base from CentOS 6.6.
  • kernel updates: CVE-2011-5321, CVE-2015-1593, CVE-2015-2830, CVE-2015-2922, CVE-2015-3636, CVE-2015-5364, CVE-2015-5366.
  • java-1.7.0-openjdk security updates: CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760.
  • httpd security update: CVE-2015-3183.
  • postgresql security update: CVE-2015-3165, CVE-2015-3166, CVE-2015-3167.
  • sqlite security update: CVE-2015-3416.
  • cups security update: CVE-2014-9679, CVE-2015-1158, CVE-2015-1159.
  • subversion security update: CVE-2015-0248, CVE-2015-0251, CVE-2015-3187.

26-June-2015 – Version 7.2.6 – Improvements, Security and Bug Fix Updates

  • IMPROVEMENT: Updated default server and client TLS cipher lists to be more secure.
  • IMPROVEMENT: Updated TLS ephemeral DH key parameters from 1024 bits to 2048.
  • IMPROVEMENT: Update TLS ephemeral RSA key from 512 bits to 1024.
  • Bug Fix: Fixed bug with exporting contacts via the Sendio web GUI.
  • Bug fix: Fixed an issue with the cluster restore mechanism.
  • openssl security updates: CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216.
  • CentOS 6.6 updates and Bug fixes.
  • tzdata (time zone) enhancement update.
  • dmidecode bug fix update.

11-June-2015 – Version 7.2.5 – Improvements, Security and Bug Fix Updates

  • IMPROVEMENT: For Sendio Virtual Edition, new option to install and reconfigure VMware Tools from Sysconfig console.
  • BUG FIX: Fixed issue with web session timeout setting that was introduced in Version 7.2.4.
  • BUG FIX: Fixed issue introduced in Version 7.2.4 which caused the restore of Sendio 6 backups onto Sendio 7 appliances to fail.
  • Kernel security and bug fix updates: CVE-2014-9419, CVE-2014-9420, CVE-2014-9585, CVE-2015-1805, CVE-2015-3331.
  • openssl security update: CVE-2015-4000
  • glibc bug fix update.
  • selinux-policy bug fix update.
  • dracut bug fix update.

21-May-2015 – Version 7.2.4 – Improvements, Security and Bug Fix Updates

  • IMPROVEMENT: Updated app server from JBoss to WildFly.
  • IMPROVEMENT: Added updated Go Daddy, Verisign, DigiCert & RapidSSL intermediate certs.
  • BUG FIX: Fixed issue where jsessionid parameters were present in http header [CVE-2014-0999].
  • BUG FIX: Fixed rare condition where incorrect message information could be shown in a user’s http/https session [CVE-2014-8391].
  • Kernel security and bug fix updates: CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421.
  • glibc security and bug fix updates: CVE-2013-7423, CVE-2015-1781.
  • java-1.7.0-openjdk bug fix update.
  • nss, nss-util, and nspr bug fix and enhancement updates.
  • ca-certificates bug fix and enhancement updates.
  • tzdata (time zone) enhancement update.

22-Apr-2015 – Version 7.2.3 – Security and Bug Fix Updates

  • Bug Fix: Fixed Queue Summary report getting hung due to network packet loss.
  • Kernel security and bug fix updates: CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369.
  • java-1.7.0-openjdk Security Update: CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488.
  • Postgresql security update: CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244.
  • bind security update: CVE-2015-1349.
  • flac security update: CVE-2014-8962, CVE-2014-9028.
  • krb5 Security: CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422.
  • Setroubleshoot security update: CVE-2015-1815.

27-Feb-2015 – Version 7.2.2 – FIXES

  • Samba security update: CVE-2015-0240.

29-Jan-2015 – Version 7.2.1 – Security and Bug Fix Updates

  • GHOST glibc security updates: CVE-2015-0235, CVE-2014-6040, CVE-2014-7817.
  • Kernel security and bug fix updates: CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322, CVE-2014-9322,CVE-2014-4656, CVE-2014-7841.
  • java-1.7.0-openjdk security and bugfix updates: CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412.
  • openssl Security Updates: CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206.
  • Other Security and bug fixes: CVE-2014-7817, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2004-2771, CVE-2014-7844, CVE-2014-8137, CVE-2014-8138, CVE-2014-9029, CVE-2014-8157, CVE-2014-8158,CVE-2014-9130.

7-Jan-2015 – Version 7.2.0 – FEATURES, IMPROVEMENTS, FIXES

  • NEW FEATURE: SPF checking exemption option for specific sending domains in System Settings.
  • NEW FEATURE: New Option in System Settings to send Queue Summary to Users only or users & Groups.
  • IMPROVEMENT: Security update: CVE-2014-3566, CVE-2013-6435.
  • IMPROVEMENT: Changed branding in various places from “Sendio ESP” to “Sendio Opt-Inbox”.
  • BUG FIX: Fixed problem with “Bounce Undeliverable Outbound Messages After” setting. It was previously using the Inbound setting by mistake.
  • BUG FIX: Fixed timezone information for Puerto Rico, Santiago and Caracas.
  • BUG FIX: We now turn off log scrolling when user navigates away from Logs tab.
  • BUG FIX: Fixed Drop Sender feature to work even if there’s an invalid email address in message header.

21-Nov-2014 – Version 7.1.6 – FIXES

  • Fixed an issue where the IP Reputation feature was not complying to the “IP Reputation Service Outage = Allow” setting in all situations.

18-Nov-2014 – Version 7.1.5 – IMPROVEMENTS & FIXES

  • Upgrade to CentOS 6.6 base from CentOS 6.5
  • Kernel security, bug fixes, and enhancements:CVE-2013-2596, CVE-2013-4483, CVE-2014-0181, CVE-2014-3122, CVE-2014-3601, CVE-2014-4608, CVE-2014-4653,CVE-2014-4654, CVE-2014-4655, CVE-2014-5045, CVE-2014-5077, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646.
  • openssh Security Update: CVE-2014-2532, CVE-2014-2653.
  • openssl enhancement update.
  • Add support for ECDHE TLS key exchange.

3-Nov-2014 – Version 7.1.4 – IMPROVEMENTS & BUG FIXES

  • openssl security update: CVE-2014-3513, CVE-2014-3567. https://rhn.redhat.com/errata/RHSA-2014-1652.html
  • Updated default SSL CipherSuite to list strong ciphers that allow Forward Secrecy.
  • Updated default SSL Protocol list to TLSv1.0, TLSv1.1, TLSv1.2. Dropped support for SSLv3.
  • Updated self and sendio certs to SHA256 version.
  • Do not allow use of SSLv3 in smtps, since it is insecure.
  • Updated IP reputation version.
  • More detailed NDR from Sendio back to an external Sender.
  • Actions to mark read/unread in Email Continuity inbox.
  • Display which email addresses are invalid in Email Continuity message composer.
  • Use shorter (5 sec) timeout for directory login bind when cached password matches (Email Continuity).
  • tzdata (time zone) update for Asia/Novokuznetsk, Jamaica, Africa/Blantyre, Bujumbura, Gaborone, Harare, Kigali, Lubumbashi, and Lusaka, Africa/Maseru and Africa/Mbabane. https://rhn.redhat.com/errata/RHEA-2014-1355.html
  • Bug Fix: For Email Continuity, GUI now surrounds From display name with quotes in message composer to ensure proper delivery.
  • Bug Fix: For Email Continuity, GUI fixed to Show Full To & CC header in Sent Items.
  • Bug fix: Automatically show correct Sendio version in in the web browser when the system software gets updated.
  • Bug Fix: Allow login with userID only (ie. userID instead of [email protected]) if only one domain is provisioned on Sendio.

26-Sept-2014 – Version 7.1.3 – IMPROVEMENTS & BUG FIXES

  • Continuity message viewer: Delivered messages are now considered as read in Continuity Inbox.
  • Bash security update: CVE-2014-7169, CVE-2014-7186, CVE-2014-7187.
  • nss security update: CVE-2014-1568.
  • openssl security update: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511.

24-Sept-2014 – Version 7.1.2 – IMPROVEMENTS & FIXES

  • Continuity Message Viewer: Display inline images.
  • Continuity Message Viewer: Open links in a new window.
  • Continuity Message Viewer: Open image attachments in a new window.
  • Continuity Message Composer: Use correct Content-Type for attachments.
  • Continuity Message Composer: Improved message composer address separator.
  • Kernel security & bug fix updates.
  • Bash security update: CVE-2014-6271.
  • Updated timezone database with new rules for Russia, Turks and Caicos Islands.
  • Bug Fix: Failed to create HTML SAV request to users that have special letters in their name (such as é).
  • Bug Fix: All expired messages in archive were not getting deleted
  • Bug Fix: Adjusted message loopback behavior to only auto-accept a message from a smarthost if sender address domain matches recipient address domain

3-Sept-2014 – Version 7.1.1 – IMPROVEMENTS & FIXES

  • Important Security Update(glib)
  • Updated Zero Hour antivirus version.
  • Improved method for ensuring new HTML CSS styles are loaded to a user’s web browser.
  • Bug Fix: Improved reliability of Icepack notification after a software update.
  • BugFix: Fixed manual time sync from sysconfig

14-Aug-2014 – Version 7.1.0 – FEATURES, IMPROVEMENTS, & BUG FIXES

  • NEW FEATURE: Sendio Email Continuity. Provides the ability to view, reply, forward and compose new email messages from the Sendio ESP Web interface. This is an incrementally licensed feature. Contact [email protected] for more details.
  • NEW FEATURE: Password Caching. Directory password is cached in an encrypted format on Sendio. If the Sendio ESP can’t connect to the customer directory, it compares the password entered to the cached password. This is an incrementally licensed feature bundled with Sendio Email Continuity. Contact [email protected] for more details.
  • MINOR FEATURE: System admins can now set message spooling time within System/Options of web GUI (“Bounce Undeliverable Messages”)
  • BUG FIX: Kernel security, bug fix, and enhancement update.
  • BUG FIX: httpd security update.
  • BUG FIX: nss and nspr security, bug fix, and enhancement update.
  • IMPROVEMENT: Improved message deletion efficiency in maintenance service.
  • BUG FIX: Updated sendio-djbdns to handle strange dnscache response truncation.
  • IMPROVEMENT:ca-certificate package upgraded to version 2014.1.98.
  • BUG FIX: Fixed restore directories permissions.
  • BUG FIX: Fixed ftpd start/stop mounting/unmounting behavior.
  • BUG FIX: Fixed HELO name and sender address for Queue Summary messages.

17-July-2014 – Version 7.0.11 – UPDATES

  • Important Java security update.

2-July-2014 – Version 7.0.10 – UPDATES & FIXES

  • Important OS Kernel security update and bug fix.
  • Fixed issue where su process may not stop properly.
  • Fixed SAV Statistics tracking for passthrough accepted message.

5-June-2014 – Version 7.0.9 – UPDATES & FIXES

  • Important security update for SSL and TLS.
  • Time Zone enhancements update.
  • Fixed the IP reputation service restart script.

28-May-2014 – Version 7.0.8 – UPDATES & FIXES

  • Important Security updates to OS Kernel.
  • Fixed an issue which was not allowing maximum message size to be set to unlimited.
  • Fixed an issue where sometimes the restore process of a Sendio 6 backup was failing to properly restore one or more configuration settings (specifically CMDB settings).

15-May-2014 – Version 7.0.7 – UPDATES & FIXES

  • Updated Zero Hour antivirus to version 5.
  • Updated IP Reputation to Version 4.
  • Fixed smb/windows share for Backup feature to mount drives if domain name is included in user name.
  • Fixed icepack to reload servicecontrol module.
  • Improved Sendio6 backup restore to restore data even if any user account with name sysadmin/sysconfig exists.

17-Apr-2014 – Version 7.0.6 – MINOR FEATURES, UPDATES & FIXES

  • Message Actions buttons as an option when viewing an email message.
  • Added New HTML Verification Request and Acknowledgment templates.
  • Improved Sendio 6 backup restore for checking database connectivity before upgrading.
  • Fixed to create any missing indices when migrating from Sendio 6 versions.
  • Java Security update.

09-Apr-2014 – Version 7.0.5 – FIXES

  • Important Security updates for OS Kernel, Java, and database.>

08-Apr-2014 – Version 7.0.4 — FIXES

  • Fix CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets.

21-Mar-2014 – Version 7.0.3 – UPDATES & FIXES

  • Underlying changes in SAV template software code in preparation for support of HTML-based SAV messages in addition to text-based SAV.
  • Bug Fix not to make recursive symlinks in httpd directory.

3-Mar-2014 – Version 7.0.2 – MINOR FEATURES, UPDATES & FIXES

  • New feature which automatically redirects mobile browsers (iPad, IPhone, Android Smartphone, etc.) to the Sendio mobile site (http://url/m).
  • New feature which automatically redirects web browsers without flash installed to mobile site ((http://url/m).)
  • Improvement: Added google public DNS servers has secondary and tertiary nameservers in addition to root server based DNS lookups.
  • Added Support for X-SAV-VfyFrom header in SAV response messages in preparation for support of HTML-based SAV messages
  • Support for new template tags: [origsenderbox], [origsenderdom], [origvfycode], [sendiomsgid], [msgvfyhash], [useraddrbox], [useraddrdom] in preparation for support of HTML-based SAV messages
  • Bug Fix: Fixed to set message status to Deleted and immediately expiring if form some reason message cannot be saved to the MsgArchive (rare occurrence).

20-Feb-2014 – Version 7.0.1 – MINOR FEATURES, UPDATES & FIXES

  • Bug Fix: Fixed the issue with LDAP restore showing sub-optimal performance
  • Bug Fix: Stop Sendio services and unmount file systems properly on shutdown/restart.
  • Bug Fix: Fixed CMDB qmail restart post script. So that all the qmail values like Machine name & timeouts take effect immediately on settings in values.
  • Bug Fix: CVE-2011-1431 / vu555316 “STARTTLS plaintext command injection vulnerability”
  • Bug Fix: Fixed dkim signing for system generated emails like SAV messages, DSN.
  • Bug Fix: Fixed the issue for local deliveries if MX internal host was not set.
  • Bug Fix: Fixed the error in setting http to https redirect in web interface SSL tab.
  • Bug Fix: Fixed not to allow SSL Country code to be empty.
  • Improvement for a Sendio 6 to Sendio 7 migration updated process to not use a local DNS server IP address if 127.0.0.1 (which means “use DNS root servers”) was first in the “DNS Address List” in Sendio 6 setup.

1-Feb-2014 – Version 7.0.0 – First Sendio 7 Release

  • All Sendio6 functionality and features migrated to Sendio 7.
  • Restore backups from Sendio6 ESP.
  • HTTP to HTTPS redirect option, which was Enable/Disable HTTP access on port 80 in sendio6. This setting is in Sysconfig console and Web Interface.
  • Custom DNS in Sysconfig console->Network Configuration
  • New “Use Custom DNS Servers?” terminology in “Network Configuration” of Console.
  • “Use Custom DNS Servers? : Disabled” – Will use default DNS root servers with local DNS cache.
  • “Use Custom DNS Servers? : Enabled” – Will use DNS servers from the “DNS Server IP Addresses” list with local DNS cache in “Forward only” mode.

Sendio 6 Services Update (Sendio 6)

1-Apr-2016 – Version 16.0401.0 mandatory update

  • Update of public key used for encryption of Backup tar files

11-Dec-2014 – Version 14.1211.0 – IMPROVEMENTS

  • General updates and improvements to IP Reputation Service.

20-Nov-2014 – Version 14.1120.0 – IMPROVEMENTS

  • Removed support for SSLv3 & SSLv2 protocols in https, smtp starttls and smtps.

3-Nov-2014 – Version 14.1031.0 – IMPROVEMENTS & BUG FIXES

  • Updated Zero Hour antivirus version, which includes a bug fix for a potential memory leak.

26-Sept-2014 – Version 14.0926.0 – IMPROVEMENTS & BUG FIXES

  • Bash security update: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187.
  • Updated DigiCert intermediate CA certs.
  • Bug Fix: Failed to create HTML SAV request to users that have special letters in their name. (like é)

28-May-2014 – Version 14.0528.0 – IMPROVEMENTS

  • Updated Zero Hour antivirus to version 5.
  • Updated IP Reputation to Version 4.

17-Apr-2014 – Version 14.0417.0 – MINOR FEATURE

  • Added New HTML Verification Request and Acknowledgment templates

26-Mar-2014 – Version 14.0321.0 – Updates & Fixes

  • Updated ClamAV to 0.98 version
  • Acknowledging verification messages using email found in the X-SAV-Vfy From header if it is present (Enhancement in preparation for an HTML SAV)
  • New template tags: [origsenderbox], [origsenderdom], [origvfycode], [sendiomsgid], [sendiodlvid], [msgvfyhash], [useraddrbox], [useraddrdom] (Enhancement in preparation for an HTML SAV)
  • Support for encoding in response template tags (e.g. [orgname|url],[orgname|html][orgname|b64]). (Enhancement in preparation for an HTML SAV)
  • Log Communication Exception if initial directory bind fails
  • Bug Fix: Fixed cluster restore and backup restore script to compile required conf files.
  • Bug Fix: Fixed not to send Queue Summary reports for deleted accounts.
  • Bug Fix: Fixed Prequeue exception for Untrusted mime type.
  • Bug Fix: Fixes CVE-2011-1431/vu555316 “STARTTLS plaintext command injection vulnerability”

06-NOV-2012 – VERSION 12.1106.0 – UPDATE

  • Minor update enabling improved remote access capabilities to appliances for Sendio Tech Support.

01-May-2012 – Version 12.0501.0 – Updates & Fixes

  • Resolves an issue with Adobe Flash player 11.1.102.62 bug when site viewed as Outlook folder.

23-February-2012 – Version 12.0223.0 – Updates & Fixes

  • Resolves issue with Adobe Flash player 11.1.102.62 bug.

30-January-2012 – Version 12.0130.0 – Updates & Fixes

  • Updates anti-virus engine to most recent version.
  • Updates LDAP synchronization to recognize email addresses stored in CN attribute of LDAP user accounts (for Lotus Notes/Domino compatibility).
  • Fixed a delay when verifying SMB mount for Backup/Restore Location.
  • Fixed issue where restoring from backup could fail if a certain index was missing.

05-August-2011 – Version 11.0805.0 – Updates & Fixes

  • Updates anti-virus engine to most recent version
  • Changes Sender Address Verification address to resolve issue with Microsoft Outlook caching
  • Updates SilverListing to skip SilverListing test if IP address is listed in a Contact even when “SilverListing anti-spoof protection” is enabled
  • Adds option to configure NTP servers in SSH interface
  • Adds option to configure HTTP proxy for Sendio services in SSH interface
  • Adds custom LDAP query feature in Directory configuration
  • Fixed issue in Contact checker where extremely long (illegal RFC) addresses caused severe CPU utilization

08-February-2011 – Version 11.0208.0 – Fixes

  • Fixes issue where AV engine incorrectly identifies phishing URL

25-January-2011 – Version 11.0125.0 – Fixes & Updates

  • Fixes Anti-Virus update issue
  • Increases SMB Backup Location timeout to resolve connectivity issue

10-December-2010 – Version 10.1210.0 – Fixes & Updates

  • Fixes HTTPD security issue
  • Updates DKIM library

22-October-2010 – Version 10.1022.1 – Fixes

  • Fixes issue where DKIM sometimes returns incorrect results
  • Fixes issue with IP Reputation caching

24-Sept-2010 – Version 10.0924.0 – Fixes & Enhancements

SilverListing Spoof Protection

  • SilverListing has been extended to provide spoof detection through this new feature. By enabling SilverListing Spoof Protection if an email is received from a sender associated with an “Allow Contact” record but from a new IP address, SilverListing will be applied. Since all valid email messages from Allow Contacts come from a very small list of IP addresses the vast majority of email will be delivered immediately. For those email messages that come from an IP which has not previously passed the SilverListing test then SilverListing will be applied to confirm the message is not from a spammer.
  • Enabled by default.

Sender IP Address Bad Reputation

  • The Commtouch IP Reputation feature will allow Sendio administrators to define how Sendio should handle messages from sources with an IP reputation that indicates a 90% or higher likelihood of sending spam. Our testing has shown the 90% value is the ideal value for stopping known spammers without increasing the chance of false positives. As such this value is not configurable.
  • If the Commtouch service or our Premium AV service was not purchased then the Sendio IP Address Bad Reputation feature will be grayed out and unavailable.
  • Enabled by default – Action set to Hold Message.

When No Contact Matches

  • Very basic question – how should Sendio respond when there is neither a Contact nor an Administrator Policy that applies to a message? Previously this logic was tied directly with Sender Address Verification. This new feature allows you to configure the 2 elements (Contact Checking and SAV) separately. For example now messages can be Held without generating an SAV.
  • Default action set to Hold Message.

No Contact Match for Bulk Messages

  • Sendio has always included Bulk classifications within the user interface (to get a sense for what Bulk is you can change the message view in your Sendio web interface to Pending messages, show bulk), but with the release of Sendio 6 administrators will now be able to configure how Sendio should respond when there is neither a Contact nor an Administrator Policy that applies to a Bulk message.
  • Default action set to Hold Message.

Sender Address Verification (SAV)

  • This is the same as the existing option but only applies to non-Bulk messages. Sender Address Verification will be sent to new senders.
  • Enabled by default.

Send SAV for Bulk Messages

  • For messages tagged as Bulk will Sendio generate an SAV? Research indicates that extremely few SAV generated for Bulk messages are ever replied to.
  • Disabled by default.

Send SAV Acknowledgements

  • Based on customer feedback we now allow you to configure whether Sendio will send the SAV Acknowledgement to senders that reply to the SAV.
  • Enabled by default.

24h System Sender Response Limit

  • This option defines the maximum number of automatic responses (SAV, NDR, DSN) generated by a Sendio system to a particular email address in a 24 hour period.
  • Value set to 50 by default.

24h Per User Sender Response Limit

  • This option defines the maximum number of automatic responses (SAV, NDR, DSN) from a given Sendio user to a particular email address in a 24 hour period.
  • Value set to 1 by default.

Manual Time Synchronization

  • From the SSH (PuTTY) interface > System Control section there is now a Sync Time option. Selecting this option will force Sendio to immediately synchronize the internal time with an NTP server

Sendio 5 Services Update (Sendio 5)

08-February-2011 – version 11.0208.0 – Fixes

  • Fixes issue where AV engine incorrectly identifies phishing URL

25-January-2011 – version 11.0125.0 – Fixes & Updates

  • Fixes Anti-Virus update issue
  • Increases SMB Backup Location timeout to resolve connectivity issue

10-December-2010 – version 10.1210.0 – Fixes & Updates

  • Fixes HTTPD security issue
  • Updates DKIM library

22-October-2010 – version 10.1022.1 – Fixes

  • Fixes issue where DKIM sometimes returns incorrect results
  • Fixes issue with IP Reputation caching

30-July-2010 – version 10.0730.0 – Fixes & Enhancements

  • Added support for IP address ranges in the Sender Host Addresses field
  • Syntax is 192.168.3.0/26
  • Resolved JBoss Application Server Web Console Authentication security issue
  • Resolved JBoss EAP jmx authentication bypass with crafted HTTP request issue

29-June-2010 – version 10.0629.0 – Updates

  • Updates for Raid controller drivers & firmware

11-June-2010 – version 10.0611.0 – Updates & Enhancements

  • Improved SilverListing performance in high-volume environments
  • Updated SMTP address in SMTP Diagnostics test
  • Updated Administrative policy Event Details in Message History

07-May-2010 – version 10.0507.0 – Fixes & License

  • Fixed issue where null sender created @ user Contact

23-April-2010 – version 10.0423.0 – Fixes

  • Fixed issue where Sendio Update randomly locks

05-March-2010 – version 10.0305.0 – Fixes

  • Fixed issue where NTP randomly stops synchronizing with an external clock
  • Fixed issue where TCP Window Scaling prevented connection with random hosts
  • Fixed issue where backup fails to mount remote backup location
  • Fixed issue where SSH console crashes when accessing antivirus page and outbound HTTP is blocked
  • Fixed issue where msgarchive daemon failed to close properly resulting in high CPU utilization

06-November-2009 – version 1106 – Enhancements & Update

  • Adds Sendio Mobile Web functionality
  • Sendio Mobile Web located at http://your_Sendio_URL/m
  • Updated root DNS server IP list
  • Updated Spanish SAV templates
  • Improved downloading/installation of Sendio Updates

01-September-2009 – version 0901 – Enhancements & Bug Fixes

  • Adds compatibility with one-time sender addresses such as BATV
  • Fixed database schema issue
  • Fixed ClamAV message scanning issue

04-August-2009 – version 0803 – Fixes

  • Updated ClamAV engine to version 0.95.2
  • Updated Console interface to better display AV updates
  • Fixed issue with Postgres database slow shutdown

24-July-2009 – version 0723

  • Journaling/eDiscovery
  • If you have a separate journaling/archiving/eDiscovery solution Sendio will be able to send copies of all inbound messages before they reach your internal e-mail service
  • Updated Queue Summary
  • Added the ability to Drop messages and Users to the daily Queue Summary message. There is also a link to the main Sendio web interface at the top of the Queue Summary
  • List Auto-Accept
  • Sendio can now automatically accept certain valid list/newsletter messages
  • Check Anti-Virus Status
  • Administrators can now check which anti-virus data file is in use and, if necessary, perform a manual update
  • Shorter SAV Message
  • A shorter version of the Sender Address Verification message is now available, and will be the default, in addition to the original

Please Note: Anti-virus signature definition files are updated hourly. These data files do not fall under the category of software updates.