Release Notes for Synology Mail Server

Version: 1.7.5-0660

---

Fixed Issues

1. Fixed security vulnerabilities (CVE-2023-20032 and CVE-2023-20052).

Version: 1.7.3-0657

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

What's New

1. Updated the ClamAV engine to version 0.103.1 to fix a security vulnerability.

Fixed Issues

1. Fixed the security vulnerabilities regarding OpenDMARC (CVE-2020-12460 and CVE-2021-34555).
2. Fixed the security vulnerability regarding SpamAssassin (CVE-2020-1946).
3. Fixed a security vulnerability regarding TLS.
4. Fixed an issue where emails might be blocked due to the abnormalities of the attachment filter.
5. Removed unmaintained SpamCannibal and Burnt Tech from the DNSBL.
6. Fixed an issue where passwords would be shown in the Postfix logs when emails were sent via PowerShell Send-MailMessage.
7. Minor bug fixes.

Version: 1.7.1-0622

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

Fixed issues

1. Fixed the issue where labels disappeared when users moved emails in Mozilla Thunderbird or Microsoft Outlook.
2. Fixed the issue where users couldn't open the SMTP page when the total length of all additional domain names exceeded 4095 bits.
3. Minor bug fixes.

Version: 1.7.0-0613

---

Important Note

1. The issues of Mail Server 1.7.0-0611 have been fixed.
2. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

What's New

1. Updated SpamAssassin to 3.4.3.

Bug fixed

1. Fixed a security vulnerability regarding OpenDMARC (CVE-2019-16378).
2. Fixed a security vulnerability regarding Dovecot (CVE-2019-11500).
3. Fixed a security vulnerability regarding SpamAssassin (CVE-2020-1930, CVE-2020-1931).
4. Minor bug fixes.

Version: 1.7.0-0611

---

Important Note

1. This update has been recalled on 2020/04/17 owing to the probability of operation failures arising on certain models.

Version: 1.6.9-0505

---

Fixed Issues

1. Fixed a security vulnerability regarding Dovecot. (CVE-2019-11500)

Version: 1.6.8-0502

---

1. Fixed a security vulnerability regarding Dovecot (CVE-2019-7524).
2. Minor bug fixes.

Version: 1.6.7-0497

---

1. Fixed an issue where DKIM verification might fail on normal mails.
2. Minor bug fixes.

Version: 1.6.6-0496

---

1. Thai user interface is now available.
2. Minor bug fixes.

Version: 1.6.5-0491

---

1. Fixed multiple security vulnerabilities regarding ClamAV (CVE-2017-12374, CVE-2017-12375, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380).
2. Fixed an issue where Mail Server upgrade might fail on DSM 6.2 Beta 1.
3. Enhanced system stability.

Version: 1.6.4-0489

---

1. Fixed several vulnerabilities of ClamAV (CVE-2012-6706, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668, CVE-2016-1371, CVE-2016-1372, CVE-2016-1405).
2. Updated default DNSBL list to reduce false alarms.
3. Improved spam detection rate.
4. Enhanced system stability.
5. Minor bug fixes.

Version: 1.6.3-0488

---

1. Fixed an issue where sending/receiving emails via SSL might not work on DS413 and DS213+ models.

Version: 1.6.2-0487

---

1. Supports integration with Synology Active Directory Server as an account source.
2. Fixed an issue where memory leak might happen.
3. Minor bug fixes.

Version: 1.6.1-0484

---

1. Supports auto updates via Package Center.
2. Fixed an issue where the added certificate might be reset to the default certificate after Mail Server upgraded.
3. Minor bug fixes.

Version: 1.5-0482

---

1. Enhanced the functionality of DKIM.
2. Improved the Daily Quota mechanism.
3. Fixed an issue where users might receive the notifications from themselves after enabling auto-reply.
4. Minor bug fixes.

Version: 1.5-0480

---

1. Minor bug fixes

Version: 1.5-0467

---

1. Upgraded dovecot to 2.2.19.
2. Minor bug fixes.

Version: 1.5-0461

---

1. Fixed an issue where mail reception/delivery might fail when SpamAssassin, Antivirus, and Content Scan were all enabled.
2. Fixed an issue where mail delivery to addresses with upper-case letters might fail.
3. Fixed an issue where mail delivery might fail when DMARC was enabled.

Version: 1.5-0459

---

1. Upgraded Postfix to version 3.0.

Version: 1.7.5-20671

---

Compatibility & Installation

1. Mail Server 1.7.5-20671 requires DSM 7.2 and above.

Version: 1.7.5-10670

---

Fixed Issues

1. Fixed security vulnerabilities (CVE-2023-20032 and CVE-2023-20052).

Version: 1.7.5-0660

---

Fixed Issues

1. Fixed security vulnerabilities (CVE-2023-20032 and CVE-2023-20052).

Version: 1.7.4-10659

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

Compatibility and Installation

1. Updated to be compatible with DSM 7.1 Beta.

Fixed Issues

1. Fixed security vulnerability (CVE-2002-20001).

Version: 1.7.3-0657

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

What's New

1. Updated the ClamAV engine to version 0.103.1 to fix a security vulnerability.

Fixed Issues

1. Fixed the security vulnerabilities regarding OpenDMARC (CVE-2020-12460 and CVE-2021-34555).
2. Fixed the security vulnerability regarding SpamAssassin (CVE-2020-1946).
3. Fixed a security vulnerability regarding TLS.
4. Fixed an issue where emails might be blocked due to the abnormalities of the attachment filter.
5. Removed unmaintained SpamCannibal and Burnt Tech from the DNSBL.
6. Fixed an issue where passwords would be shown in the Postfix logs when emails were sent via PowerShell Send-MailMessage.
7. Minor bug fixes.

Version: 1.7.3-10657

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

What's New

1. Updated the ClamAV engine to version 0.103.1 to fix a security vulnerability.

Fixed Issues

1. Fixed the security vulnerabilities regarding OpenDMARC (CVE-2020-12460 and CVE-2021-34555).
2. Fixed a security vulnerability regarding TLS.
3. Fixed an issue where the auto-reply function might not work properly after users updated their DSM from 6.2 to 7.0.
4. Fixed an issue where emails might be blocked due to the abnormalities of the attachment filter.
5. Minor bug fixes.

Version: 1.7.2-10652

---

Compatibility and Installation

1. Updated to be compatible with DSM 7.0.

Version: 1.7.1-0622

---

Important Note

1. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

Fixed issues

1. Fixed the issue where labels disappeared when users moved emails in Mozilla Thunderbird or Microsoft Outlook.
2. Fixed the issue where users couldn't open the SMTP page when the total length of all additional domain names exceeded 4095 bits.
3. Minor bug fixes.

Version: 1.7.0-0613

---

Important Note

1. The issues of Mail Server 1.7.0-0611 have been fixed.
2. The update is expected to be available in all regions within the next few days. The actual time of release may vary slightly depending on the region.

What's New

1. Updated SpamAssassin to 3.4.3.

Bug fixed

1. Fixed a security vulnerability regarding OpenDMARC (CVE-2019-16378).
2. Fixed a security vulnerability regarding Dovecot (CVE-2019-11500).
3. Fixed a security vulnerability regarding SpamAssassin (CVE-2020-1930, CVE-2020-1931).
4. Minor bug fixes.

Version: 1.7.0-0611

---

Important Note

1. This update has been recalled on 2020/04/17 owing to the probability of operation failures arising on certain models.

Version: 1.6.9-0505

---

Fixed Issues

1. Fixed a security vulnerability regarding Dovecot. (CVE-2019-11500)

Version: 1.6.8-0502

---

1. Fixed a security vulnerability regarding Dovecot (CVE-2019-7524).
2. Minor bug fixes.

Version: 1.6.7-0497

---

1. Fixed an issue where DKIM verification might fail on normal mails.
2. Minor bug fixes.

Version: 1.6.6-0496

---

1. Thai user interface is now available.
2. Minor bug fixes.

Version: 1.6.5-0491

---

1. Fixed multiple security vulnerabilities regarding ClamAV (CVE-2017-12374, CVE-2017-12375, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380).
2. Fixed an issue where Mail Server upgrade might fail on DSM 6.2 Beta 1.
3. Enhanced system stability.

Version: 1.6.4-0489

---

1. Fixed several vulnerabilities of ClamAV (CVE-2012-6706, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668, CVE-2016-1371, CVE-2016-1372, CVE-2016-1405).
2. Updated default DNSBL list to reduce false alarms.
3. Improved spam detection rate.
4. Enhanced system stability.
5. Minor bug fixes.

Version: 1.6.3-0488

---

1. Fixed an issue where sending/receiving emails via SSL might not work on DS413 and DS213+ models.

Version: 1.6.2-0487

---

1. Supports integration with Synology Active Directory Server as an account source.
2. Fixed an issue where memory leak might happen.
3. Minor bug fixes.

Version: 1.6.1-0484

---

1. Supports auto updates via Package Center.
2. Fixed an issue where the added certificate might be reset to the default certificate after Mail Server upgraded.
3. Minor bug fixes.

Version: 1.5-0482

---

1. Enhanced the functionality of DKIM.
2. Improved the Daily Quota mechanism.
3. Fixed an issue where users might receive the notifications from themselves after enabling auto-reply.
4. Minor bug fixes.

Version: 1.5-0480

---

1. Minor bug fixes

Version: 1.5-0467

---

1. Upgraded dovecot to 2.2.19.
2. Minor bug fixes.

Version: 1.5-0330

---

Added new models support

Version: 1.5-0461

---

1. Fixed an issue where mail reception/delivery might fail when SpamAssassin, Antivirus, and Content Scan were all enabled.
2. Fixed an issue where mail delivery to addresses with upper-case letters might fail.
3. Fixed an issue where mail delivery might fail when DMARC was enabled.

Version: 1.5-0459

---

1. Upgraded Postfix to version 3.0.

Version: 1.5-0327

---

1. Fixed an issue where the mail content could not be correctly displayed.
2. Fixed an issue where DKIM signature did not apply when a customized domain was added.

Version: 1.5-0326

---

1. Fixed a security vulnerabilitty (CVE-2015-3420).
2. Minor bug fixes.

Version: 1.4-0288

---

1. Fixed an issue where domain users could fail to receive emails.
2. Fixed an issue where emails could not be sent via SMTP relay server.
3. Fixed an issue where mail delivery could fail on non-TLS SMTP servers.
4. Fixed a security issue that allows remote attackers to cause a denial of service (system crash) via a crafted Crypter PE file.
5. Minor bug fixes.

Version: 1.4-0284

---

1. Fixed an issue where domain users could fail to receive e-mails.
2. Fixed an issue where e-mails could not be sent via SMTP relay server.

Version: 1.4-0281

---

1. Mail Server now scans messages for potentially dangerous content.
2. You can send daily reports about the status of Mail Server. The report will include summaries of hourly traffic, delivered/received messages, deferred/rejected messages, SMTP delivery failures, warnings, and the number of senders and recipients.
3. Added support for intermediate certificates.
4. Added advanced anti-spam settings, and an option to reject spam client connections.
5. Added daily sending quota to limit each user's outbound mails.
6. Added Mail Server Settings Check to analyze potential weaknesses.
7. Added support for app privilege.

Version: 1.3-0216

---

Add DS415+ support

Version: 1.3-0215

---

Fixed Issues

1. Fixed a security issue of dovecot to prevent remote parties from performing denial-of-service attacks via an incomplete SSL/TLS handshake for IMAP/POP3 connections. (CVE-2014-3430)
2. Fixed an issue that caused the authentication of SMTP relay servers to fail if the password contained a dollar sign ($).

Version: 1.3-0213

---

1. Fixed an issue where mail delivery would fail after SpamAssassin or Antivirus was enabled for users upgrading from DSM 5.0 beta.

Version: 1.3-0212

---

1. Updated to be compatible with DSM 5.0.

Version: 1.2-0130

---

1. Enhanced the stability of spam filtering.
2. Enhanced the compatibility for Microsoft Outlook.

Version: 1.2-0126

---

1. The Auto BCC feature allows you to automatically send a BCC (Blind Carbon Copy) of certain messages to a specific address.
2. Added support to adjust the spam threshold value for the spam filter, as well as enable auto learning or auto white list.
3. ClamAV (Antivirus Essential) is now supported to scan all incoming and outgoing messages for viruses. It is available on DiskStations with 512MB or more RAM.
4. The black and white List feature allows you to reject, discard, or allow certain messages based on various criteria, such as the sender, domain, or connection from certain IP address.
5. The queue page allows you to view and manage the status of mail in the queue.
6. Ports for SMTP and SMTPS can now be customized.

Version: 1.1-0070

---

1. Upgraded to support DSM 4.2.
2. Supports using LDAP and AD accounts (Requires DSM 4.2).

Version: 1.0-0033

---

1. Fixed an issue that it was possible to login SMTP server with guest account, resulting in the possibility of sending out spam e-mails.