XWall · The Mail Filter

v3.58 2022-02-16

  • New: Support für Bitcoin Bech32
  • New: Address Rewrite für inbound messages (InboundSMTPAddressRewrite=True, ISPEdition only)
  • New: Support for RFC 5802 - SCRAM-SHA-1
  • New: Support for RFC 7677 - SCRAM-SHA-256 / SCRAM-SHA-512
  • Fix: Approve script returns method and action not approved
  • Fix: Pack White List erroneously removed record when e-mail ended with an internal domain
  • Chg: DKIM prefers an aligned signature in case of multiply signatures
  • Chg: Exclude by DKIM honors only aligned signature
  • Chg: Address Rewrite targets only addresses for domains on Exchange
  • Chg: OpenSSL updated to v3.0.1
  • Chg: TLS RC4-MD5 and RC4-SHA is no longer supported
  • Chg: Windows 2000 is no longer supported

v3.57 2021-02-09

  • New: Mark subject for messages with an external source (InboundMarkSubjExternal=True)
  • New: Mark subject for messages that are received using a TLS connection (InboundMarkSubjTransferTLS=True)
  • Hew: Heuristic method checks for Zero-width space
  • New: Drop connection on failed SMPT authentication (InboundBlockAUIP=True)
  • New: Support for 7Zip with method PPMd
  • New: Support for Zip with method PPMd, DEFLATE64 and BZIP2
  • Fix: SMIME policy must not apply for non-SMIME messages
  • Fix: SMIME policy for non-removable signature
  • Fix: SMIME decrypt with a certificate in ALT directory
  • Fix: Reject DNS answer that is too long
  • Fix: EAI permits unencoded UTF-8 in message subject
  • Fix: DANE-TA and PKIX-TA
  • Fix: MTA-STS cache result
  • Chg: Archive with a CRC or IO error is handled like a password protected archive exploit
  • Chg: OpenSSL updated to v1.1.1i

v3.56 2020-02-03

  • New: Bitcoin address (Options->Blocking->Bitcoin)
  • New: Block Common countries (Options->Blocking->Country->Add Common)
  • New: Remove only the script from HTML (InboundRemoveHTMLScriptV2=True)
  • New: Archive with a very large content (Zip-Bomb) is handled like a password protected archive exploit
  • New: Restart on certificate pem file change
  • New: Support for Server Name Indication (SNI)
  • New: Exploit and attachment method handles HTML with an embedded file like a ZIP archive
  • New: SURBL and GURBL scan HTML attachments for an URL
  • New: Check for Office files inside TNEF with SMIME
  • Fix: Extended characters when running as a console application
  • Fix: SURBL parse URL with invalid character
  • Fix: FQDN when bound to a specific IPv6 address
  • Fix: DKIM sign with multiple Received: lines
  • Fix: PDF with literal dictionary in encrypted data
  • Fix: NTLM authentication with LM hash
  • Chg: Global Absolute Exclude also excludes from HTML and HTML-Script remove
  • Chg: DNS check uses Cloudflare rather than OpenDSN
  • Chg: Screen optimized for Linux WINE
  • Chg: Terminate with ESCAPE and SPACE when running as a console application
  • Chg: Faster startup with a lot of messages in MSG-IN or MSG-OUT
  • Chg: OpenSSL updated to v1.1.1d
  • Chg: Removed the term "Blocked" from the "Why:" section in the logfile
  • Chg: SPF processes ip mechanisms first, because no DNS lookup is required
  • Chg: DNS query with NXDOMAIN and CNAME against Windows DNS server

v3.54 2018-02-17

  • New: Detect Mailing List (Options->Spam->Maillist)
  • New: Global Absolute Exclude from all methods and virus scan (Options->Global Exclude->Exclude - Other->Absolute Exclude)
  • New: Google Safe Browsing (https://safebrowsing.google.com/) (Options->Spam->GURBL)
  • New: Exploit and attachment method handles PDF with an embedded file like a ZIP archive
  • New: SURBL and GURBL scan PDF attachments for an URL
  • New: Detect VBA Macros in OpenXML
  • New: Exclude from E-Mail Block method (InboundExclBlockAdrFromAddress=xxxx@domain.com)
  • New: Exclude URL from Phishing Method (InboundExclBlockPhiURL="xxx")
  • New: Disable sending a non-delivery report to an UCEPROTECT MTA, which is a honeypot for ips.backscatterer.org (OutboundSMTPUCEPROTECT=True)
  • New: Support for TIFF image files
  • New: SURBL supports URL with Internationalized Domain Name (IDN)
  • New: Heuristic method detects Dingbats and Miscellaneous Symbols
  • New: Support for Unicode characters larger than UCS2 (0xFFFF)
  • New: CSV file as UTF-8 (StatisticFileUseANSI=False)
  • New: Support for SMIME RFC 5652 Cryptographic Message Syntax (CMS) (CMS vs PKCS7)
  • New: Support for RFC 8162 SMIMEA using DANE (InboundSMIMEVerifySMIMEA=True,OutboundSMIMEVerifySMIMEA=True)
  • New: SMIME download certificate using SMIMEA with domain wildcard
  • Fix: multi error line after BDAT from GMail
  • Fix: Optional startup delay failed in rare cases
  • Fix: No need to query White List when the sender is exclude from the White List
  • Fix: SPF record with a macro that refers to the HELO/EHLO FQDN
  • Fix: UnRAR DLL v5.40 with a directory
  • Fix: Filename in an archive with a white-space at the beginning or end
  • Fix: Outbound SMIME policy with e-mail mismatch
  • Fix: DKIM hash with a single tab in an empty body text
  • Fix: no global SPF exklusion after a restart
  • Fix: Allow DSN message for action "Send non-delivery report" to be signed (DSNAllowSign=True)
  • Fix: Country block with an IP address in the last tenth fail to resolve
  • Fix: Detection of X-Mailer in heuristic method
  • Fix: Erroneous detection of a DSN
  • Fix: DKIM with optional canonicalization tag
  • Fix: SMIME format in statistic file
  • Fix: SURBL and GURBL with recursive URL Shortening Services
  • Fix: DKIM for an empty message with "simple" Body Canonicalization Algorithm
  • Chg: Update for private Enhanced Status Codes in Office 365
  • Chg: Relaxed detection of newsletter
  • Chg: TLS as server enforce highest possible cipher (needed to get an A at www.ssllabs.com)
  • Chg: OpenSSL updated to v1.1.0g
  • Chg: Exclude Safe Links from URL Phishing Method
  • Chg: Exclude Common Domains from SURB and GURBL

v3.53 2017-02-27

  • New: Detect Microsoft Office VBA Macros (Options->Block->Office)
  • New: Detect password protected Microsoft Office documents (Options->Block->Office)
  • New: Detect Microsoft Office document with an extension mismatch (Options->Blocking->Office)
  • New: Detect Microsoft Office VBA Macros using ClamAV (Options->ClamAV->Macro)
  • New: Optional scan attachments for ClamAV community rules (ClamAVUnofficialRuleScanAtt=True)
  • New: Limit inbound concurrent connection from a single host (InboundSMTPConcurrentConnections=100)
  • New: A non-delivery report as an action of a spam method is only sent when the sender is not faked (InboundSMTPDiscardDSNToFakedSender=True)
  • New: AES256 encryption and compression when sending a message to another XWall (InboundESMTPXBDATAAESA=True,OutboundESMTPXBDATAAESA=True)
  • New: Drop connection when the connection is from PushDo/Cutwail botnet
  • New: SPF block even when the sender is on the white list (InboundBlockSPFStrict=True;InboundBlockSPFStrictFromAddress=@a1.net)
  • New: SPF block of SPF excluded sender (InboundBlockSPFStrictExclFromAddress=True)
  • New: Exploit and attachment method handles 7Zip, GZip and TAR and MSOLExxx.bin archives like ZIP archives
  • New: SURBL exclude base URL from query (InboundExclBlockSURBLBaseURL=baseurl.com)
  • New: Adaptation for Windows 2016 and Windows 10
  • New: Support for Barracuda Sender Spoof Protection (btv1)
  • New: Support for RFC 2231 long filename
  • New: Inbound and Outbound exclude from history (KeepMessageFileInboundExclToAddress=@domain.com,KeepMessageFileOutboundExclFromAddress=@domain.com)
  • New: Heuristic method detects spam-cloud
  • New: Support for private Enhanced Status Codes in Exchange 2013 and Office 365
  • New: For DNS query in IPv6 environment use two queries rather than one, e.g. A and AAAA instead of ALL (DNSQueryTweak=False)
  • Chg: DiskFullAlert unit from bytes to megabyte to prevent overflow (check value at View->Advanced Configuration->Advanced)
  • Chg: CPS are converted to Kibit/s or Mibit/s
  • Chg: Queue messages when Exchange returns a temporary Error
  • Chg: Messages for the DSN From: E-Mail address are no longer accepted when relaying is disabled
  • Chg: Country block uses GeoLite database, IPv6 is also supported
  • Chg: Different error text for exploit with an archive with an unknown compression algorithm
  • Chg: SURBL method checks the new small base domain like "aa.at"
  • Chg: Attachments with an unknown filename get an extension based on the file type
  • Chg: File extensions in statistic CSV file
  • Chg: Windows NT 4.0 is no longer supported
  • Chg: Exe signed with SHA256, signature only valid on Windows 2008 R2 and above
  • Chg: SSLv2 and SSLv3 is no longer supported
  • Chg: RC4-MD5 and RC4-SHA is no longer supported for inbound connections
  • Chg: SMIME RFC 5751 (micalg=sha1 to micalg=sha-256)
  • Chg: Support for application/pdf Media Type (RCC 3778)
  • Chg: Support for Office 2007 File Format MIME Types
  • Chg: OpenSSL updated to v1.1.0e
  • Del: RAS, ETRN and SOCKS
  • Fix: Len of password for SMTP authentication with Amazon SES
  • Fix: Approve script with quoted file name
  • Fix: SMIME with an e-mail address that starts with a reserved filename
  • Fix: MBAdmin disable inbound authentication when old settings are still in place
  • Fix: Office File from iPhone crashed XWall
  • Fix: MBAdmin wrote INI in wrong directory after a common dialog changed the current directory
  • Fix: INI entry with a semicolon in a quoted string
  • Fix: DMARC ignored SPF policy
  • Fix: DNS MX query missed EDNS0 option
  • Fix: SPF with IPv6 for mechanism a, mx und exists
  • Fix: MIME coding for filename with an Umlaut and an ASCII body text
  • Fix: DKIM signing for non-delivery-message
  • Fix: SMIME quote e-mail with a leading space

v3.52 2016-01-22

  • New: Detect Malware and spam using SecuriteInfo community rules (http://www.securiteinfo.com) (Options->ClamAV->SecInfo)
  • New: TLS Mutual authentication with intermediate certificate (IncaMail of Swiss Post)
  • New: SMIME: extended error reporting; caching the verification result for five minutes; signing is faster by 43%, encrypting by 35%
  • New: Support for RFC 7505 - Null MX for Domains That Accept No Mail
  • New: Reject TLS on weak signature algorithm (Options->TLS/SSL->Policy)
  • New: TLS connection information of temp key for ECDHE and DHE
  • New: Show OpenSSL version at startup when diagnostic logging is enabled
  • New: Prevent TLS POODLE attack by disabling SSLv3 (TLSServCipherList=@NOSSLV3)
  • New: Show rules for SecuriteInfo and Sanesecurity (VerboseCAxCR=True)
  • New: XWall slows down the connection when the sending server is greylisted for more than 5 e-mail addresses ( honeypot, teergrube )
  • New: UDM method gets Bayes and heuristic values and spam information
  • New: Optimized reading of large certificate chains
  • New: Enhanced TLS security from and to Exchange (InboundExchTLSSecurity=True,OutboundExchTLSSecurity=True)
  • New: Added Facebook and Yahoo to Major ISP exclude
  • New: Detect suspicious messages by subject
  • New: Field Format with TLS in SS*.csv
  • Chg: Enhanced Status Codes updated to match RFC 7372
  • Chg: SMIME file operations under heavy load and virus scanner
  • Chg: SMIME RFC 5751 (x-pkcs7 to pkcs7)
  • Chg: DMARC (RFC 7489) requires that DKIM uses RFC5322.From as SDID
  • Chg: Disk Full Alert to 3 GB
  • Chg: DKIM signing algorithm from rsa-sha1 to rsa-sha256 to comply with RFC 6376
  • Chg: OpenSSL updated to v1.0.2e
  • Fix: Close outbound connection when TLS policy changes
  • Fix: Honor RBL white list in RCPT TO command
  • Fix: SMIME added the sign certificate twice to smime.p7s
  • Fix: TLS outbound policy and weak protocol
  • Fix: SMIME file error/undefined behavior in the Microsoft C run-time library (CRT)
  • Fix: Block attachment in TNEF with SMIME
  • Fix: SPF macro "v"
  • Fix: SMTP Forward with forwarded e-mail address already in the list of recipients
  • Fix: non-standard SMTP port for MX resolved host
  • Fix: Error text for domain based SLS/RBL

v3.51 2015-02-04

  • New: Announce inbound SMTP authentication only after TLS is established (InboundSMTPAuthTLS=True)
  • New: SURBL expands shortened URLs like http://goo.gl/u6U1n0 (Options->SURBL->expand shortened URLs)
  • New: Force quick restart after configuration change (Signal->Restart)
  • New: Native ClamAV is checked every 8 hours; Postmaster gets a notification if warning after startup is enabled
  • New: Ignore IP address when resolving MX records, because the DNS of GMail returns a bad IP address (OutboundSMTPConnectIgnoreIP=
  • New: E-Mail Address Rewrite for outbound messages (View->E-mail Address Rewrite) (ISPEdition only)
  • New: Remove HTML for spam messages where the subject is marked (InboundRemoveHTMLSpam=True)
  • New: DNS support for large UDP packets
  • New: Phishing method uses Domain-based Message Authentication, Reporting and Conformance (DMARC)
  • New: Support for GB18030 (Chinese) codepage
  • New: Verify the recipients e-mail address dynamically using a SMTP query to Exchange (Options->Session->Recipient)
  • New: S/MIME policy for messages that are not signed or encrypted
  • New: Support for Server Name Indication (SNI)
  • New: Verify sending IP address using Forward-confirmed reverse DNS (FCrDNS) (Options->Spam->FCrDNS)
  • New: Enforce TLS using key word in subject (Options->TLS/SSL->TLS Outbound policy)
  • New: TLS Mutual authentication (Options->TLS/SSL->TLS Outbound policy)
  • New: Adaptation for Windows 10
  • New: Inbound SMTP authentication using a list of User/Pass, a script, query to Exchange or NTLM into Windows (Options->General->Authentication)
  • New: Reject TLS on weak protocol (Options->TLS/SSL->Policy)
  • New: Support for Public Suffic List (https://www.publicsuffix.org)
  • New: S/MIME encryption permits a void certificate
  • New: Support for UTF-16LE and UTF-16BE codepage
  • New: Heuristic method detects homoglyphs
  • New: Remove Outlook Hyperlinks in body text after HTML was removed for spam messages (InboundRemoveHTMLHyperlink=True)
  • Chg: Error text when a message expired without being sent
  • Chg: Show SLS/RBL even when the data is from cache
  • Chg: Search for included INI file in the program directory
  • Chg: zLib updated to v1.2.8
  • Chg: Exclusions are checked against the sending MTA and not against the connecting MTA
  • Chg: DKIM: better error description, relaxed DNS handling and parsing
  • Chg: Missing S/MIME sign or encryption triggers policy
  • Chg: Script method name from "phi" to "phishing", "heuristic" to "heur" and "from-us" to "internal-from"
  • Chg: SPF updated to comply with RFC 7208
  • Chg: DNSWL test IP address
  • Chg: OpenSSL updated to v1.0.1j
  • Chg: Relaxed parsing of white list feed subject for an e-mail address
  • Fix: Decoding of MIME word with folded lines and several linear white spaces
  • Fix: DSN error for an IPv6 host when IPv6 is disabled
  • Fix: Ignore local IP address on Linux
  • Fix: OpenSSL CVE-2014-0160 (http://heartbleed.com)
  • Fix: Exclude using domain based White List
  • Fix: Backscatter with a DSN without an IP address
  • Fix: Received header line with a literal IPv6
  • Fix: Space in SPF record for facebookmail.com
  • Fix: Dovecot Mail Delivery Agent (AON) creates invalid messages with bare CR
  • Fix: Global DKIM exclusion honors message From: e-mail address
  • Fix: Workaround for TLS Auto-Negotiate with Cisco IronPort C370 (IronPort sends wrong ciphers)
  • Fix: Parsing header line with all spaces
  • Fix: Invalid MX using
  • Fix: Missing "Closing connection" after a temporary error
  • Fix: Outbound virus scan before S/MIME, because S/MIME may encrypt the message

v3.50 2014-02-22

  • New: TLS with Perfect Forward Secrecy (PFS) using ECDH und DHE (proposed by C't magazine for computer technology)
  • New: Protection against connection flooding from a botnet (Options->Blocking->Drop)
  • New: View->Advanced Configuration->SMTP->Close connection after rejecting MAIL FROM (Note: This violates the RFC)
  • New: ClamAV virus scanner in native mode (Options->Virus->ClamAV)
  • New: Detect Phishing, Scam and Malware using Sanesecurity rules (http://www.sanesecurity.com) (Options->Spam->SaneSecurity)
  • New: Automatically exclude major ISP from Greylisting (Gmail,Hotmail,Office,MessageLabs,Postini,GMX)
  • New: Support for Microsoft Security Client Antimalware as on-demand scanner
  • New: Heuristic checks for phishing html attachments
  • New: More options for Kaspersky virus scanner
  • New: Enforce user based message size limit during the SMTP session
  • New: TLS inbound and outbound type and policy (Options->TLS/SSL)
  • New: Temporary SMTP error on mandatory TLS connection (InboundSMTPTLSRequiredError4xx=True)
  • New: Support for Thai ISO 8859-11, TIS-620 and Windows 874
  • New: Heuristic method supports GTUBE (Generic Test for Unsolicited Bulk E-Mail)
  • Chg: Optimized adding of a disclaimer at the end of a very large HTML message
  • Chg: Disable QuickEdit-Mode when running as a console application
  • Chg: Blocking a host or IP address during the SMTP session is done after the MAIL FROM and a second time after the RCPT TO
  • Chg: Ignore IPv6 MX record when IPv6 is not enabled
  • Chg: SMTP session no longer accepts a RCPT TO after a rejected MAIL FROM command
  • Chg: S/MIME cipher changed from DES3 with 168 bit to AES with 256 bit
  • Chg: Enhanced TLS peer certificate verification removed (OutboundSMTPTLSVerify=True)
  • Chg: Support for DANE TLSA certificate verification removed (OutboundSMTPTLSVerifyDANE=True)
  • Chg: Prevent white list pollution by omitting e-mail addresses that are excluded by SPF or DKIM
  • Chg: X-Message-Flag: header line removed
  • Chg: SPF with more than one TXT record result in an error
  • Chg: SPF ignores ip4:, because that IP range enables everything
  • Chg: Yield CPU when decoding large HTML messages
  • Chg: OpenSSL updated to v1.0.1f
  • Chg: Global excluded IP address or host is also checked against the sending MTA
  • Fix: SPF ignore empty txt record
  • Fix: Add outbound DKIM and disclaimer only when the sender is on Exchange
  • Fix: Add outbound DKIM and disclaimer for a Star-Match-All only when the sender is on Exchange
  • Fix: Server query for an userbased white list
  • Fix: Phishing method with an URL that is folded using a CRLF
  • Fix: SPF ignore invalid ip4:hostname
  • Fix: SMTP AUTH PLAIN for some versions of Android
  • Fix: DKIM verify when the TXT record is quoted
  • Fix: Decoding recursive TNEF message
  • Fix: Phishing method failed to show the DKIM result
  • Fix: Bug for user based message size limit when relaying
  • Fix: Bug global exclude for TLS connections
  • Fix: Decoding MIME attachments where a line with a space is between the boundary
  • Fix: Check for Out-of-Office subject uses specific rather than generic text
  • Fix: Query for local IP addresses on Windows 2012 R2
  • Fix: Options->Spam->CCS im Demo Mode
  • Fix: Calculate queue object for system messages with a from routing

v3.49 2013-01-15

  • New: Add inbound header based on sender or recipient (InboundHeader=)
  • New: Support for Exchange 2010 Importance header line
  • New: S/MIME sign and encryption of pre-signed and/or pre-encrypted messages
  • New: Reassemble of S/MIME signed, detach signed and encrypted messages
  • New: Support for DANE TLSA certificate verification (OutboundSMTPTLSVerifyDANE=True)
  • New: Support for DomainKeys Identified Mail Signatures (DKIM)
  • New: DKIM verification using Author Domain Signing Practices (ADSP)
  • New: Heuristic checks for identical URL
  • New: Phishing method uses DKIM
  • New: Added additional DKIM error messages
  • New: Terminate connection after a client tried two messages without any valid sender or recipient address
  • Chg: Accept an E-Mail address with a user part longer than 64 bytes
  • Chg: SPF reject during the SMTP session is immediately after the MAIL FROM
  • Chg: Country blocking is for IPv4 addresses only and ignores IPv6 addresses
  • Chg: SLS/RBL IPv4 lists are only used for IPv4 addresses, IPv6 lists only for IPv6 addresses
  • Chg: Removed support for Domain-Based E-Mail Authentication Using Public Keys Advertised in the DNS (DomainKeys)
  • Chg: MX query for inbound domains uses old cached IP addresses in the case the DNS server is not available
  • Chg: Protect SLS and SPF global exclusion against faked header lines
  • Chg: Updated domains in Options->Global Exclude->DKIM->Add common
  • Chg: Exploit method handles RAR archives like ZIP archives
  • Fix: S/MIME remove signature for outgoing messages
  • Fix: Disable TLS/SSL cipher DES-CBC-SHA
  • Fix: Virus scanner in a directory with an Umlaut
  • Fix: DNS server that can not handle EDSN records
  • Fix: History added non-delivery reports even then outbound history was disabled
  • Fix: no DKIM check for messages using an inbound domain as the sender
  • Fix: Domain in global SPF exclusion
  • Fix: UnRAR DLL v4.20 with a RAR volume
  • Fix: TLS with more than one intermediate certificate shows wrong status

v3.48 2012-08-06

  • New: Compiled with ASLR (address space randomization) and NX (no execution)
  • New: Support status query using Nagios
  • New: Verify a certificate using the CommonName and the subjectAltName
  • New: Connection cache to Exchange (OutboundExchConnectionCache=True)
  • New: Global exclusion for TLS required sender (InboundExclTLSRequired=True)
  • New: Enhanced TLS peer certificate verification (OutboundSMTPTLSVerify=True)
  • New: Prevent test for On-Access scanner at startup (VirusScannerOnAccessStartupCheck=False)
  • New: SPF reject during the SMTP session only on FAIL, even when SOFTFAIL or NEUTRAL is enabled (InboundBlockSPFSMTPLevelOnlyFail=True)
  • New: Drop connection based on blocked host name
  • New: Support for Online Certificate Status Protocol (OCSP)
  • New: Heuristic scans for word with upper chars like ThereAreHugeDiscountOnTheseDrugs
  • New: Zip archive with an unsupported compression method is handled like a password protected zip archive
  • New: The Format column in the statistic file indicates a IPv6 connection
  • Chg: Outbound TLS connection use TLSv1, omit SSLv2, and reconnect with SSLv3 when TLSv1 fails
  • Chg: Removed announcement for NTLM AUTH for SMTP clients
  • Chg: No longer checking a Backup MX for SLS/RBL and other methods during the SMTP session
  • Chg: Senderbase and Country skip the backup MX
  • Chg: Heuristic value for tags in a html page
  • Chg: IPv6 DNS query using ALL and fall back to A/AAAA for server that don't support it
  • Chg: SPF favors spf1 over spf2.0
  • Chg: Removed unnecessary information from block statistic file to make it smaller
  • Chg: Caching of SLS/RBL positive answers
  • Chg: Avoid SLS/RBL queries for excluded senders
  • Chg: Optimized text scan and e-mail compare with wildcards
  • Chg: Persistent cache for SLS, SURBL, SPF and Senderbase
  • Chg: Default Greylisting exclusions removed
  • Chh: SPF detect useless record "v=spf1 ?all"
  • Fix: Checking for an exploit in a zip file
  • Fix: Reject internal From: address during the SMTP session was not working
  • Fix: Inbound connection manager stopped when out of resources
  • Fix: Binding to a IPv6 address erroneously enabled inbound IPv6
  • Fix: MBAdmin crashed in Options->Global Exclude
  • Fix: Message-id was not unique when created within one tick
  • Fix: S/MIME certificates with an e-mail only in subjectAltName
  • Fix: On-Access virus scanning with file extensions enabled resulted in a false positive when the extension was very long with non-ASCII characters
  • Fix: Heuristic failed to proper scan HTML source
  • Fix: Unnecessary restart when timezone changes
  • Fix: Very large attachment filled with ASCII zeros takes a long time to decode
  • Fix: SPF for IPv6
  • Fix: SPF exists method with a macro
  • Fix: FQDN on a machine with more than one IP address
  • Fix: S/MIME encryption with missing cert file failed with wrong error
  • Fix: Write blocking statistic when the connection is dropped because of a blocked IP address

v3.47 2011-06-22

  • New: IPv6 support (InboundSMTPIPv6=True OutboundSMTPIPv6=True OutboundExchIPv6=True)
  • New: Remove x-originating-ip header line, added by Exchange 2010 SP1 (OutboundRemoveHeaderXOriginatingIP=True)
  • New: Received header line shows TLS cipher information (TLSv1/SSLv3:AES256-SHA:256)
  • New: Show IP address of the sending MTA (VerboseDomainMX=True)
  • New: At startup XWall queries the public name server from Google and
    opendns.org for the MX records of the inbound domain (CheckDNSQueryMXPublicNS=True)
  • New: Timeout of 10 minutes for on-demand virus scanner (VirusScannerTimeout=10000)
  • New: Enforce TLS for authenticated users (InboundSMTPTLSRequiredAuthUsers=True)
  • New: Relaying for IP address and MAIL FROM address
  • New: TLS information shows the algorithm and bits of the public certificate
  • Chg: Graceful shutdown with CTRL_CLOSE_EVENT in Windows 7/2008
  • Chg: Quoted Printable encodes a dot at the beginning of a line,
    because Exchange 2003 sometimes has a problem it
  • Chg: OpenSSL updated to v1.0.0a
  • Fix: DNS query for Exchange, smart host and static route used wrong name server
  • Fix: S/MIME CRL with Comodo certificate
  • Fix: invalid A records are no longer showing an IP address of
  • Fix: MX query with a CNAME using a Bind name server
  • Fix: DSN for persistent temporary failure had a status field of 5.x.x rather than 4.x.x.
  • Fix: SPF records which is sent in several parts without a delimiter in between
  • Fix: CCS DNS packets rejected by a Cisco PIX
  • Fix: Folded header line that start with a white space
  • Fix: Parsing a very long Content-Type: header line
  • Fix: Quote the filename for UDM and Approve script when the TEMP directory contains a space

v3.46 2010-08-17

  • New: Options->Global Exclude->Exclude dnswl
  • New: Blacklist (http://www.dataenter.co.at/doc/xwall_undocumented_config.htm#blacklist)
  • New: S/MIME verbose output for certificate rule (VerboseSMIMECert=True)
  • New: The Format column in the statistic file indicates a TLS connection
  • New: SPF detect useless record "v=spf1 +all"
  • New: Checking on-demand virus is at startup
  • New: Switches for ClamAV virus scanner
  • New: Native support for ClamAV (VirusScannerClamAVNative=True)
  • New: Remove HTML format only when there is a script (InboundRemoveHTMLScript=True)
  • New: Send information message after restart and startup (SendStartupAlways=True)
  • New: White list domain based in ISP Edition (OutboundAddressWhiteListDomainBased=True)
  • New: CCS acts as a global heuristic spam repository
  • New: Closing connection after some "relaying denied"
  • New: Disable automatic fix of recipient e-mail address (InboundESMTPRepairInvalidRecipient=False)
  • New: Reject self-sending-spam during the SMTP session (InboundBlockFromUsSMTPLevel=True)
  • New: Partial support for SPF spf2.0/pra
  • New: Inbound bandwidth limit per message in byte per second (InboundSMTPBandwidthThrottling=16384)
  • New: Outbound bandwidth limit per message in byte per second (OutboundSMTPBandwidthThrottling=16384)
  • New: SMTP with SSL/TLS on port 465 (vergin.net as smart host)
  • Chg: XWall uses only one write on the socket for the EHLO response, or else the Axway Firewall can't handle the data when TLS is active
  • Chg: Testing for SLS/RBL updated to RFC 5782
  • Chg: Packing the White list removes all internal e-mail addresses, you can disable this using OutboundAddressWhiteListPreventInboundDomain=False
  • Chg: SPF skips the backup MX
  • Chg: InboundDomainMX honors CIDR notation
  • Chg: Update switches for McAfee Command Line Scanner v6.x
  • Chg: Updated e-mail address parser for RFC 3696, RFC 5321 and RFC 5322
  • Chg: In a TLS session the whole certificate chain is sent to the client
  • Chg: Self-sending spam method blocks only when the senders and recipients domain are on the same Exchange server
  • Chg: Suppress non-delivery report to an internal domain only when the domain is on the same Exchange server
  • Chg: Reassemble message removes header lines with more than 998 chars
  • Chg: Removed special handling for Netscape Mailer after the DATA command
  • Fix: Status of CryptoFilter license was shown when no license was installed
  • Fix: Workaround for a bug in Exchange 2010 when a message has no body text and plain text attachment
  • Fix: Outbound S/MIME and Disclaimer didn't work together
  • Fix: S/MIME ignores lonesome smime.p7m attachment
  • Fix: SLS/RBL/RHSBL work with dbl.spamhaus.org
  • Fix: SURBL work with dbl.spamhaus.org
  • Fix: Outbound attachment blocking with action "Forward to Admin"
  • Fix: Unique ID after a missing RSET

v3.45 2010-01-20

  • New: View->Statistic
  • New: Callback sender verification (Options->Session->Verify)
  • New: Sign outbound messages using DomainKey (Options->DomainKeys)
  • New: Block messages with a invalid DomainKey (Options->DomainKeys)
  • New: Global exclude messages with a valid DomainKey (Options->Global Exclude->DomainKeys)
  • New: Remove DomainKey signature for inbound messages (Options->System->Format)
  • New: Verify and/or remove S/MIME encryption and/or signature for inbound messages (Options->S/MIME) (add-on to XWall, extra license needed)
  • New: Block image spam (empty message with a png picture) (Options->Spam->Image)
  • New: Payload limit for outbound messages (message size x recipient count) (OutboundPayloadLimit=xxx)
  • New: Add the extension of the attachment to the temporary file name with on-access scan ( VirusScannerOnAccessUseExt=True)
  • New: Disable TLS/SSL weak cipher (TLSServOmitWeakCipher=True, TLSClientOmitWeakCipher=True)
  • New: Country block also checks Hotmail's X-Originating-IP: header line
  • New: ISP Edition may use different DSN From: e-mail addresses for each e-mail or domain
  • New: Options->Session->Greeting delay can be adjusted
  • New: Set limit of bad e-mail addresses in an inbound SMTP session (InboundSMTPMaxBadMailSession=x)
  • New: Support for RFC 2319 - Ukrainian Character Set KOI8-U
  • Chg: If TLS is enforced and the recipients server returns a temporary error, the message is rescheduled rather then sending a non-delivery report (happens with Bank of America)
  • Chg: If the codepage is US-ASCII but the disclaimer is non-ASCII, the codepage is auto detected
  • Chg: Default codepage from UTF-7 to UTF-8 because some free mailer don't support UTF-7
  • Chg: High chars in codepage US-ASCII are converted using the local codepage of Windows
  • Chg: Outbound messages scheduler performs better when there are a lot of messages in the queue
  • Chg: Timeout for DATA set to the values of RFC 5321
  • Chg: Montenegro and Serbia added, Yugoslavia removed from country selection
  • Chg: Exploit ignores an identical double extension (file.pdf.pdf)
  • Chg: Greylisting default exclude for double-bounce@*, because this address is used in callback
  • Chg: Using Microsoft VCC rather then Watcom for 32bit application
  • Chg: In 64bit XWall, MBAdmin is a native 64bit application
  • Chg: Support for BATV adjusted to the latest draft
  • Fix: Image spam was not detected when the body text was not empty
  • Fix: MBAdmin removed trailing space from words
  • Fix: Blocking of header lines when the header had the same line more than once
  • Fix: Reassembling for html messages with a Content-ID that contains a equal sign
  • Fix: SSLv2 security flaw (SSLv2 is still in place or else SSLv3/SSLv2 clients can't auto-negotiate)
  • Fix: Faster shutdown when a lot of SSL connections are open
  • Fix: Possible numeric overflow of the TTL of the white list
  • Fix: parenthesis in Received: header line
  • Fix: Backscatter method was not able to detect its own message

v3.44 2009-02-20

  • New: Support for GBK (Chinese) codepage
  • New: Block outbound messages that are not from an internal domain (OutboundBlockAddressOnlyInternal=True)
  • New: Optional startup delay in the case the virus scanner or DNS server is not starting fast enough ( StartupDelayFresh=5)
  • New: XWall.ini allows comments using a semicolon
  • New: Comment for every list field
  • New: Send information message after startup (SendStartup=True)
  • New: Send information message when there was a warning after startup (SendStartupWarn=True)
  • New: Hide SLS service info in error message; needed for Trend Micro Reputation Service (InboundESMTPHideSLSInfo=True)
  • New: Warning when ini is read-only or no read-write ACL
  • New: Heuristic checks for text obfuscation with HTML tags in plain text
  • New: Verbose logging for disclaimer (VerboseDisclaimer=True)
  • New: The logfile shows which e-mail template was used to block an e-mail address
  • New: Recommended SLS/RBL b.barracudacentral.org
  • Chg: yahoogroups.com removed from default exclusion
  • Chg: Update of X-Mailer in Options->Blocking->Header
  • Chg: Files for disclaimer can be in any directory, default is XWall directory
  • Chg: UAC is requireAdministrator for MBSever.exe and highestAvailable for MBAdmin.exe
  • Fix: Ignoring MIME Content-Disposition header fields with longer value like "filenamexxx"
  • Fix: White List was not properly updated when the message was sent to more than one recipient
  • Fix: Exchange 2007 is not able to decode a MIME subject with more than 225 bytes word len
  • Fix: Disclaimer and S/MIME address with a star was not working as expected
  • Fix: Reassemble message uses codepage UTF-7 when the original codepage is US-ASCII, but the text contains non-ASCII characters
  • Fix: DNS validation is repeated several times in the case of a DNS error
  • Fix: Manifest and UAC elevation also for MBServer.exe
  • Fix: ESMTP AUTH LOGIN with Microsoft .NET Framework (Namespace System.Net.Mail)
  • Fix: non-delivery report for a message with a 4xx and 5xx error showed the reason for the 4xx rather then 5xx error

v3.43 2008-08-03

  • New: Detect Backscatter (Options->Spam->Backscatter)
  • New: Block DSN/NDR only for specific recipient e-mail address (Options->Blocking->DSN)
  • New: Support for Exchange 2007 X-Auto-Response-Suppress header line
  • New: Support for RFC 5064 Archived-At message header
  • New: RFC 3834 XWall adds the Auto-Submitted header line and sets DSN to NEVER for Out-Of-Office messages
  • New: restart.sig forces a restart of XWall
  • New: Setting DSN to NEVER for inbound Out-Of-Office and spam messages
  • New: Converting DSN NEVER to a NULL-Sender in the MAIL FROM command, because Exchange sends Out-Of-Office messages back even when DSN is NEVER
  • New: Each record in AdrOWL-A.dat (white list) has a human readable timestamp
  • New: XWall removes BATV from MAIL FROM address before checking the white list
  • New: XWall adds a header line to detect faked DSN
  • New: XWall connects to every IP address when the MX host is multi-homed
  • New: White List add/del sends back a confirmation message
  • Chg: Outbound messages with "auto" in the subject followed by a double dot are not added to the white list
  • Chg: A non-delivery report will be sent only when the first MX points to localhost, a backup MX that points to localhost is ignored
  • Chg: DNS queries use udp rather then tcp
  • Fix: NDR for phishing method shows the reason why the message was blocked
  • Fix: Workaround for the Cisco ESMTP-Fixup bug which sometimes fails to mask the ESMTP verbs
  • Fix: Failed to connect to the backup MX when the first MX returned a 400 error
  • Fix: Error after MAIL FROM with PIPELINING was not reading all data for the following RCPT TO
  • Fix: Wrong size limit was announced
  • Fix: Decreased DNS recursion because of problems with DNS resolution
  • Fix: Ignoring a space when checking for an exploit with double extensions
  • Fix: Omit ESMTP STARTTLS when a TLS connection is active
  • Fix: Decoding of HTML with hex notation
  • Fix: Detect proper HTML codepage when no codepage is defined
  • Fix: Admin had a problem reading the certificate list
  • Fix: Last line of a Unicode disclaimer file was corrupt
  • Fix: GB2312 to Unicode codepage had invalid characters
  • Fix: DNS queries with corrupt pointer result in a crash
  • Fix: ESMTP PIPELINING with several RCPT TO and all of them get a different error
  • Fix: EMSPT SIZE error was skipped
  • Fix: Transcript in NDR missed some information
  • Fix: Decoding of the attachment filename in an invalid Content-Disposition line
  • Fix: Block an outbound e-mail during the smtp session
  • Fix: Wrong error in non-delivery-report when MTA responds with 452 Too busy, please try later.
  • Fix: Duplicating outbound messages was on domain
  • Fix: Service dialog didn't show the correct service name
  • Fix: Decoding of Apple Mail with two different codepages for the body text
  • Fix: Decoding of messages with UTF-8

v3.42 2008-01-19

  • New: MBServer is now also available for both the Intel and AMD processors supporting EM64T and AMD64 architectures running on 64bit operating system like Windows 2003 64bit (x64)
  • New: Force the application to run in Admin Approval Mode when UAC (User Account Control) is enabled in Vista or Windows 2008
  • New: Block ecard / postcard (Options->Spam->Image)
  • New: Send statistic (Options->General->Statistic)
  • New: ISP Edition allows different settings for mark subject based on e-mail address or domain
  • Chg: Options->Spam->Envelope->Faked MX is no longer in use; use Options->Spam->SPF instead
  • Chg: Heuristic checks PQDN and PTR
  • Chg: SLS/RBL uses the first IP that is not on the server itself or the backup MX
  • Chg: Phishing handles obfuscated URL like http://www.microsoft.com@5342760458/
  • Chg: Exclude from detection of suspicious messages supports wildcards
  • Chg: Static route accept a wildcard for the domain
  • Chg: XWall no longer changes the codepage to iso-8859-1, because this conflicts with Cyrillic
  • Chg: If the subject has no codepage, the codepage of the HTML or body text is used
    (Outlook can't display a HTML message where the subject and HTML have a different codepage)
  • Chg: Reduced the size of CCS packets so that they better fit into a DNS query
  • Chg: Method internal From: automatically excluded for authenticated users
  • Fix: Inbound NTLM pass-through authentication on Windows 2003 x64
  • Fix: Unicode to ANSI conversion in csv file
  • Fix: Illegal ASCII characters are wrong encoded in quoted printable
  • Fix: Max worker thread count is exceeded
  • Fix: Query for non-existing domains when there is more than one DNS
  • Fix: DNS query using UDP with a very fast DNS server

v3.41 2007-08-10

  • New: Better support for x64 operating systems
  • New: Detect mail traffic spikes from a domain or IP address using senderbase
    (http://www.senderbase.org) (Options->Spam->Senderbase)
  • New: Block PDF spam in Options->Spam->Image
  • New: Block RAR-ZIP spam in Options->Spam->Image
  • New: Support delay between SMTP commands (Throttling)
  • New: Heuristic checks for stock offers
  • New: Manage the White List by send a message with an e-mail in the subject
    Options->Global Exclude->White List)
  • New: On startup XWall creates the directories for the statistic, the logfile and the history
  • New: History can be limited to inbound or outbound messages
  • New: History can be limited to specific e-mail addresses
  • New: Multi line SMTP banner
  • New: FQDN of the sender in the block statistic file
  • New: Support for converting an Exchange IMCEAFAX address to a eFax SMTP address
  • New: The logfile shows when processing a DomainKey or DKIM message
  • New: Image spam allows user defined size
  • New: SPF exclude can be limited to a list of e-mail addresses
  • New: SMTP authentication using a custom application
  • New: SMTP authentication proxy against the Exchange
  • Chg: XWall no longer uses the system TEMP directory,
    XWall creates a temp directory below the XWall directory
  • Chg: HTML   is now a word delimiter
  • Chg: DSN/NDR to Lotus Notes always includes the full message
  • Chg: Stack from 64KB to 32KB to minimize the memory footprint when running a lot of threads
  • Chg: Heuristic weighted a large subject with a higher value
  • Chg: Dropping the connection once the inbound max connection limit is reached
  • Chg: Heuristic for stock spam is less aggressive and ignores signatures
  • Chg: No non-delivery report is sent in response to a message
    where the subject starts with "Non delivery report:"
  • Fix: AOL sends WinWord doc files encoded as quoted printable with an extra LF in it
  • Fix: UDM method didn't delete all temp files
  • Fix: Spam and Exclude data for the Approve script are permuted
  • Fix: Purging statistic files
  • Fix: SPF in Phishing was not checked in a bad formatted HTML message
  • Fix: SLS/RBL test of the first Received: IP address when no Received: line was added
  • Fix: Phishing failed to compare an encoded URL
  • Fix: EHLO error string when ESMTP is disabled
  • Fix: The wrong record was selected in a sorted list in MBAdmin

v3.40 2007-02-19

  • Fix: invalid non-delivery report could result in 100% CPU usage

v3.39 2007-02-12

  • New: Block image spam (message with a background picture) in Options->Spam->Image
  • New: Automatically block IP addresses that send spam messages (Options->Blocking->Auto IP)
  • New: Any on-access virus scanner can be used to scan the messages (Options->Virus->On-Access Scan)
  • New: Global White List shared among all customers
    (Options->Global Exclude->White List->Global White List)
  • New: French, Italian and Spanish are now available, together with the previous English and German
  • New: XWall auto detects the language based on the language of Windows,
    but you can manually set it in Options->Advanced->Language
  • New: Each incoming messages gets a unique ID and the logfile shows the ID when the message is processed and sent
  • New: field UniqueID in SR*.csv
  • New: Exe are now digitally signed
  • New: XWall automatically disables ESMTP CHUNKING if the receiving server can't handle it
  • New: SURBL can use multiply services
  • New: Heuristic detects prose stock spam
  • New: Heuristic checks for large paragraphs
  • Chg: Moved Options->Blocking->Verify to Options->Session->Verify
  • Chg: Moved Options->Spam->Session to Options->Session->Session
  • Chg: Moved Options->Blocking->Recipient to Options->Session->Recipient
  • Chg: relays.ordb.org is out of business and should be removed from Options->Spam->SLS
  • Chg: DNS query also accepts a non-authoritative answer for missing MX records
  • Chg: The white list does no longer add e-mail address that coming in and immediately going out to prevent pollution from auto responders or Outlook rules
  • Chg: Block image spam ignores messages with a "href="http:"
  • Chg: S/MIME sign adds the whole certificate chain from the PEM file to the message
  • Chg: Remove HTML does no longer remove HTML on a meeting request
  • Chg: LDAPQuery.vbs searches the AD including child domains; new switch for Lotus Notes
  • Chg: Immediately send a non-delivery report when the recipient domain does not have a MX or A record
  • Chg: Exchange creates invalid MIME messages for a meeting request (vCalendar) and so XWall does not change anything on such a message
  • Chg: Delivery Status information is added to the text part of a failed DSN (non-delivery report)
  • Chg: Verbose logging for SURBL, Phishing and CTY more verbose and less confusing
  • Chg: ApproveAction.vbs can return a error level for not approving an action
  • Chg: Optionally the UDM method gets the parsed message data and attachments like the Approve method. To enable this add <DATAFILE> to the argument field. A sample UDM.vbs can be found in the Approve-UDM-Toolkit.zip
  • Fix: ApproveAction.vbs crashed when something prevented XWall from writing out all data files. XWall no longer calls the script when there is problem with the data files and also the script was updated to gracefully terminate when something is missing.
  • Fix: HTML decode with a large <body> definition followed by a <style>
  • Fix: Outbound HTML blocking used the strings of outbound text blocking
  • Fix: multipart/alternative and multipart/related messages had a empty boundary
  • Fix: a TLS outgoing connection was not terminated when the other side dropped the TLS in the middle of a session
  • Fix: Testing the name server didn't work when two name servers are defined and the first one was not responding
  • Fix: SR CSV was not written to the user defined directory

v3.38 2006-08-08

  • New: Block image spam (empty message with a picture) in Options->Spam->Image
  • New: New: Approve the method and action using an external program (Options->Spam->Approve)
  • New: Heuristic checks for a space in RCPT TO: command
  • New: Suppress disclaimer on reply and forward
    (Options->Transit->Disclaimer->No disclaimer on reply or forward)
  • New: At startup XWall checks if the name server can resolve a MX record
  • Chg: E-mail address blocking works now like any other method. If at least one e-mail address is blocked, then the action is performed. If there is least one exclusion and exclusions for e-mail are enabled, then the message is not blocked. As a result of this, a message sent to two recipients where one of them is blocked, blocks the whole message. Previously XWall removed the blocked e-mail address from the recipients list and delivered the message to the remaining recipients. To revert back to the previous behavior add the lines
    to XWall.ini
  • Chg: System messages (non-delivery reports) get a low priority
  • Chg: Heuristic does not longer detect empty messages with an image, use Options->Spam->image instead
  • Chg: .google.com excluded from Greylisting, because gmail.com uses it as the host domain
  • Chg: Statistic values are preserved between a restart
  • Fix: validate domain was not working when a smart host was selected
  • Fix: Options->Blocking->Verify->Verify the senders domain was grey when using a smart host
  • Fix: MBAdmin truncated a partial file name
  • Fix: Fix: Memory allocation on large HTML messages
  • Fix: Outbound e-mail blocking honors the global exclusions
  • Fix: SPF ignores the ip6 mechanism
  • Fix: Two static route to same host with different port after a restart
  • Fix: Tar pitting plain text authentication after some unsuccessful authentication requests
  • Fix: A low priority method with Mark Subject was preferred for a higher priory method with
    Mark subject and move to junk-e-mail folder
  • Fix: MRTG values are no longer reset at midnight
  • Chg: When the message is reassembled, the original header lines will come first
    and the new header lines at the end
  • Fix: Quoted-printable attachment always had had an CR LF at the end
  • Fix: Reject during the SMTP session even when the sender was on the white list on a white list master

    Note: In the case you are using XWALLFilter, you need to upgrade it to 2.0.7638.62 or higher

v3.37 2006-05-03

  • New: heuristic method checks for empty messages with a picture
  • New: Decoding of recursive encoded attachments like the one created by Nyxem-D, Generic Malware.a and MyWife.d virus
  • New: Reject the SMTP session for a blocked IP address (Options->Blocking->IP)
  • New: SPF blocks on softfail and optionally on neutral
  • New: Limit the amount of messages that are accepted in a single inbound connection
  • New: Session timeout to prevent an infinite connection with a honey pot or a faulty TLS session
  • New: ESMTP PRIO (priority) command
  • New: XWall processes messages based on priority
  • Chg: XWall no longer converts an invalid sender address to a NULL-address
    (to revert to the previous behavior add InboundESMTPConvInvalidReturnPathToBlank=True to XWall.ini)
  • Chg: Auto detecting the DNS server is more reliable when using more than one adapter
  • Chg: Excluding non-delivery reports from SLS/RBL
  • Chg: Heuristic pays attention to SPF softfail and neutral
  • Chg: Using DNS server queries even when all messages are relayed to a smart host
  • Fix: Get name of local ip addresses in Windows 2003 and XP
  • Fix: CCS packets are blocked by a Cisco PIX with DNS fixup enabled
  • Fix: Decoding of a corrupt TNEF attachment
  • Fix: NDR for CTY and CCS had the wrong description
  • Fix: A MX with a non-existing A record was incorrectly resolved
  • Fix: Adding a message header to a binary message corrupted the binary data
  • Fix: Unique file name in HIST folder
  • Fix: If the MAIL FROM was blocked using a 4xx error, the DATA was blocked with a 5xx rather than a 4xx error
  • Fix: Original-Envelope-Id in DSN
  • Fix: Slow outbound SMTP scheduler under heavy load
  • Fix: Orphaned txt files in MSG-OUT when restarting under heavy load

v3.36 2005-12-05

  • New: S/MIME signing and/or encryption (Options->Transit->S/MIME)
  • New: Block messages by country (Options->Blocking->Country)
  • New: Limit the amount of recipients for an inbound message (Options->General->Connections)
  • New: Optionally remove all characters from the subject that prevent OWA / IIS from opening the message (& % \ ./ ..)
  • New: Start/stop/install/remove XWall service from MBAdmin View->Service
  • New: Parsing of invalid Outlook addresses like "user@domain.com" <'user@domain.com'>
  • New: XWall immediately sends back a NDR in the case Exchange rejects the message with a 4xx error
  • New: Deleting multiply entries in a list box in Admin
  • New: postmaster@* is excluded from Greylisting, because Postfix uses this address to validate of a recipient exists
  • New: CCS ignores Yahoo standard attachment mails
  • New: Action "Forward to recipient" which does nothing than to log; useful for
    testing a method or for different customer configuration in the ISP Edition
  • Chg: a NDR is sent for a message to reaches the max attachment count
    (previously the message was discarded without an NDR)
  • Chg: Faster queue scheduling when sending messages to Exchange
  • Chg: Priority of CCS is now lower than the priority of attachment and exploit blocking
  • Fix: Empty record in datauser.dat cause XWall to hang
  • Fix: Faster importing of AdrOWL-A when the white list is full
  • Fix: Rescheduling of a message after a timeout in RSET
  • Fix: Decoding of a corrupt TNEF attachment

v3.35 2005-08-29

  • Fix: Domain translation was not working when there was user translation
  • Fix: Send NDR when Exchange blocks the recipient

v3.34 2005-08-03

  • New: Central Checksum Service (CCS) (Options->Spam->CCS)
  • New: Block messages by charset (Options->Blocking->Charset)
  • New: Block delivery-status-notification and non-delivery reports (Options->Blocking->DSN
  • New: User defined spam blocking method (Options->Spam->UDM)
  • New: Support for white list SLS/RBL (Options->Exclude->SLS)
  • New: XWall immediately sends back a NDR in the case Exchange
    does not accept the message after the DATA/BDAT command
  • New: SMTP greeting delay to protect against SMTP slammers
  • New: SMTP tar pitting / honey pot / teergrube to protect against a directory harvest attack
  • New: XWall decodes UUENCODE inside a MIME Content-Type: text/plain section
  • New: ISP Edition allows different settings for a e-mail address or domain (/doc/xwall_isp_edition.htm#ubs)
  • New: XWall converts a plain text or html with more than 4MB into an attachment
  • Chg: XWall no longer discards messages with a text or html size with more then 4MB
  • Chg: Changed priorty for action "Mark subject and move to Junk-E-Mail folder" and "Mark subject"
  • Chg: XWall verifies the TLS/SLL certificate at startup and
    disables TLS/SSL when the certificate is not valid
  • Chg: Pending messages are no longer rescheduled when XWall restarts
  • Chg: No SPF checking when the sender is excluded
  • Chg: removed "Verify that the sender uses an e-mail address",
    use Options->Blocking->DSN instead
  • Chg: The GUI for recipient checking is either static or dynamic, but not both
  • Chg: Inbound address translation takes place immediately
    after the address is received and before performing all other checks
  • Fix: Blocking a host name in the message header

v3.33 2005-05-04

  • Chg: White list synchronize uses port 12177 udp (alternate port 25 tcp)
  • Fix: Control chars are converted to a space before the screen is updated (else BEL beeps)
  • Fix: Decoding of application/x-pkcs7-mime messages without any subtype
  • Fix: Heuristic shows "text part missing" even on a non-MIME message
  • Fix: LDAP query failed when cache was disabled
  • Fix: McAfee does no longer find a variant of New Malware.b in
    MBAdmin when using the /ANALYZE switch
  • Fix: More checking of the error level of LDAPQuery.vbs
  • Fix: Outbound exclusion of exploits didn't work
  • New: /SILENT as argument for McAfee scanner
  • New: Exclusion for inbound and outbound virus scanning
  • New: German translation on a German Windows
  • New: Greylisting caches properly rescheduling servers,
    because there is no need to delay this hosts
  • New: Range checking for the Greylisting values in MBAdmin
  • New: SURBL scans the plain part of the message for an URL
  • New: XWall ISP Edition (unlimited amount of inbound domain and Exchange servers)

v3.32 2005-02-10

  • Chg: MBAdmin asks if XWALLFilter is installed in the case it can't detect it
  • Chg: Default action is Mark subject rather than
    Mark subject and move to Junk-E-Mail folder
  • Chg: Action Mark subject and move to Junk-E-Mail folder is only
    available when XWALLFilter is installed
  • Chg: Exclusion for authenticated users is now on by default
  • Chg: Blocking all attachments does no longer block a HTML or TNEF message
  • Chg: XWall will not longer send to a domain where the MX record points to
  • Chg: localhost is resolved without using name server
  • Chg: .cpl is an unsafe extension
  • Chg: Recipient tab is now in Blocking rather than in Spam section
  • Fix: SPF cache could be wrong when the sender used a different IP address
  • Fix: Remove HTML with a lot of tabs in each line
  • Fix: SURBL with question mark in the URL
  • Fix: Infinite loop in message decoding
  • Fix: No HTML signature is added when outbound HTML is removed
  • Fix: SPF of redirect mechanism (_spf.microsoft.com)
  • Fix: Quoting of VBScript when XWall is installed in a directory with a space
  • Fix: RFC 3462 defines text/rfc822-headers and not message/rfc822-headers
  • Fix: removing of the Bayes tag from the subject for outgoing messages
  • Fix: Decoding of plus sign in DSN ORCPT
  • Fix: Recipients server returns 4xx and 5xx and 2xx status in one SMTP session
  • Fix: Removed the dot at the end of a TMP file, because Sophos 3.29 can't find such a file
  • New: DNS resolution optionally uses UDP
  • New: Exclusions for Exploits
  • New: Heuristic method checks for corrupt messages generated by some spam software
  • New: Corrupt messages are automatically reassembled
  • New: Reject at the SMTP level is now an additional action in SPF, IP/Host and E-mail blocking
  • New: Logfile shows the type of the message (HTML, TNEF, DSN and so on)
  • New: Support for Korean ISO-2022-KR and EUC-KR messages
  • New: Negative SLS/RBL queries are cached for 4 hours
  • New: Optionally blocking of executable files
  • New: Check of MBAdmin and MBServer are the same version
  • New: Advanced configuration has a tab for ESMTP settings
  • New: Blocking Windows and DOS executables,
    even when they renamed and/or in zip files (exploit)
  • New: Virus count in MRTG (slot 29 and 30)
  • New: Greylisting optionally accepts all IP addresses from a Class C net
  • New: Triplet and status of Greylisting in the block statistic file
  • New: Mark subject with one text for all methods
  • New: LDAP query for validating the recipient (Options->Spam->Recipient)
  • New: The demo version sends a message to postmaster before it expires
  • New: Context specific help for the option menu
  • New: Checking of the message size immediately after the data was received
  • New: Exclusion for known mail servers that have a problem with Greylisting
  • New: Default Greylisting Exclusions

v3.31 2004-09-15

  • New: SURBL (Spam URI Realtime Blocklists, see http://www.surbl.org)
  • New: Greylisting (see http://projects.puremagic.com/greylisting);
    at present by far the best way to block spam, some 80% with nearly no false positive;
    Note: make sure the spammer do not bypass Greylisting by sending over your backup MX
    (use XWall or a server that can handle Greylisting on your backup MX)
  • New: XWall slows down the connection when the sending server sends a message to more than 20 invalid e-mail addresses ( honeypot, teergrube, tarpitting)
  • New: To prevent mail bombs files that are larger than 1 GB are no longer unzipped
  • New: Messages blocked after the RCPT TO are in the SMTP blocking statistic and in MRTG
    New: SPF results are cached for 8 hours
  • New: Support for vCard and vCalendar messages
  • New: User defined header lines that should be preserved when reassembling the message
  • New: X-XWall-SURBL: header line
  • Chg: Block at the SMTP level is now an additional action in SLS/RBL; for upgrade reasons SLS is disabled by default and you need to enable it again
  • Chg: sbl-xbl.spamhaus.org as new common in Options->Spam->SLS and sbl.spamhaus.org should be removed
  • Chg: The From: address of a DSN (non-delivery report) is now the postmaster from the first responsible domain
  • Chg: Outbound authentication is performed against the smart host
  • Chg: The default SPF record is used when the domain does not publish a valid SPF TXT record
  • Chg: Default SPF checks the subnet of the sender (v=spf1 ptr a/24 mx/24 -all)
  • Chg: MBServer restarts only when the configuration files can be locked
  • Chg: Verify the recipient does no longer block addresses that are the source of a translation
  • Chg: No SPF test for non-delivery reports
  • Chg: When reassembling the message all NULL chars are removed from plain text and HTML
  • Chg: HTML images are no longer flagged as attachments
  • Chg: If a message has a address translation or an e-mail forwarding then it is automatically excluded from the BCC blocking
  • Fix: Mark subject for heuristic couldn't be changed in MBAdmin
  • Fix: MBAdmin Virus options "Scanner needs to be serialized" and "Scanner supports EML message format" interchanged
  • Fix: unzipping files with some directories
  • Fix: XWall prevents sending a non-delivery message to an internal e-mail address for all methods
  • Fix: Removing of the HTML tag <a href></a> without adding some space
  • Fix: SPF with an include mechanism did not query for the included TXT record
  • Fix: Removing of HTML does not longer trash the previous decoded text when a second <body> is found

v3.30 2004-05-14

  • Chg: Encapsulate and forward a virus to postmaster removes the attachment
  • Chg: X-XWall-Heuristic: header line is added every time the heuristic value is more than zero
  • Chg: XWall now uses CIDR notation for all IP addresses (
    MBAdmin converts the old IP addresses automatically to CIDR when you change something.
    Make a backup of your XWall. ini in the case you want to use an older version of XWall.
  • Chg: Resolving of A records now goes through the defined name server
    and not through the TCP/IP stack of Windows.
  • Fix: RFC822 deep counting of a message
  • Fix: The action for an Exploit was not triggered in some configurations
  • Fix: Converting message date from UT to local time zone with a day boundary
  • Fix: Encapsulate and forward to postmaster didn't add the BCC for forwarded-reports
  • Fix: Zip files in TEMP directory was not deleted after decoding
  • Fix: Check for PTR honors the white list and authenticated users
  • Fix: Fixed stripping of "a href" html tags
  • Fix: Decoding of UUENCODE attachments with invalid digits in front of the filename
  • New: Blocking of attachments in zip files
  • New: A password protected zip files is handles as an exploit
  • New: X-XWall-Excl: header line which shows why the message was excluded
  • New: SPF (Sender Permitted From see http://spf.pobox.com)
  • New: Exclude messages that pass SPF (Sender Permitted From)
  • New: Support for KS_C_5601-1987(Korean) message decoding
  • New: Added /ARCHIVE to the default switches for F-Prot
  • New: The header of the original message are added to the DSN/NDR to
    aid debugging of the problem
  • New: Packing of the white list at midnight when XWall is idle
  • New: XWall prevents sending a non-delivery message to an internal
    e-mail address for a inbound message, because the e-mail address is faked
  • New: Blocking of blank sender and NULL e-mail address;
    this blocks all system and non-delivery reports and is not allowed by the RFC
  • New: XWall discards messages with a text or html size with more then 4MB,
    because they may slowdown XWall and Exchange
  • New: Support for F-PROT 3.x virus scanner (Windows version)
  • New: If XWall is bound to a specific IP address then it will use that IP address
    for outgoing connections too

v3.29 2004-02-05

  • Chg: Forwarded e-mail address is accepted even when the address is not valid on Exchange
  • Chg: New DSN error 5.9.8 for Bayes and Heuristic non-delivery reports
  • Chg: blackholes.easynet.nl is out-of-business and you
    should remove it from Options->Spam->Spam
  • Chg: Global e-mail address exclusion, white list and verify for internal From:
    checks the MAIL FROM: address and the From: address of the message
  • Chg: E-mail Address blocking checks the MAIL FROM: address and
    the From: address of the message
  • Chg: Static route for a specific e-mail domain has now an optional port
  • Chg: renamed global-addr to global-e-mail, addr to e-mail in mark subject, logfile and statistic
  • Chg: Calculating the Bayes value is now a lot faster
  • Fix: Rebuilding white list when separate user list is disabled
    (AdrOWL-B.dat was not correctly rebuilt from AdrOWL-A.dat)
  • Fix: Message date in statistic file when 4 digits are requested
  • Fix: Encoding of the marked subject
  • Fix: Not adding Bayes classify address to the white list
  • Fix: Action for exploit used the action from attachment blocking
  • Fix: TNEF attachments when message is reassembled without removing TNEF
  • Fix: Service could not be started when it was installed in a directory with a space
  • Fix: Test for faked MX didn't correctly detect the first host with domains
    with more than one A record
  • Fix: Plain text body is now created from the HTML in the case of a forwarded DSN message
  • Fix: Check for responding SLS waits on idle and stops all other threads
  • Fix: Check that server with a host name of localhost really has an IP of
  • Fix: Parsing of the IP address from an invalid Received: line
  • Fix: Statistic file may have wrong date around midnight under heavy load
  • Fix: Statistic file had the wrong virus description
  • Fix: Blocking a long word with a ? wildcard in a long text
  • Fix: MBAdmin allows wildcards for attachment blocking
  • Fix: Encoding of very long quoted printable lines
  • New: Using a honeypot for mailers that use the AUTH command to probe for valid users
  • New: Pack white list (AdrOWL-A.dat)
  • New: MBAdmin shows the logfile in real time in the main window
  • New: Remove TNEF and/or HTML format for outgoing messages
  • New: Validating of the directories in Admin can be disabled
  • New: Blocking of inbound message that use an internal domain as the From: address
  • New: number sign ("#") is a wildcard for one or more digits
    (to block ip addresses in html use http://#.#.#.#/)
  • New: "Mark Subject and move to Junk-E-Mail folder" for SCL in Exchange 2003
  • New: Heuristic spam blocking (commonly called as Spam Assassin)
  • New: Exclude messages sent from a mailing list
  • New: Exclusion for common addresses
  • New: Directory for the history files can be changed
  • New: Option to purge old history files
  • New: Support of Domain based Spam Lookup Services
  • New: Option that Bayes ignores common words while gathering
  • New: User-defined non-delivery reports can be UTF-8 to support foreign characters
  • New: New: SLS service and attachment type in statistic file
  • New: When the recipients server points to localhost then a
    non-delivery report is immediately sent to the sender

v3.28 2003-10-03

  • Chg: Workaround for Verisign Sitefinder service which captures all
    non-existing .com and .net domains and breaks the verification of non-existing domains
  • Chg: XWall ignores IP addresses that point to a top level wildcard A record
  • Chg: The IP address that a SLS/RBL returns must be 127.0.0.x or 127.1.0.x or
    else it will be ignored (in some configuration the name server did not work in
    the past and now due to Verisign Sitefinder service it now returns an
    ip address for every host)
  • Chg: A repeating e-mail address is added to AdrOWL-A.dat only after 2 days
  • Chg: By default the automatic white list does no longer exclude for
    blocked attachments and exploits
  • Chg: By default the global exlusion does no longer exclude for
    blocked attachments and exploits
  • Chg: Removed the fix in the DSN for the Exchange 2000/2003 public folder
  • Chg: A message with a lot of html comments gets a higher Bayes value
  • Chg: Removed all enhanced tabs from View->Options to make the tabbed dialog less confusing
  • Chg: Added enhanced checking of system messages to exclude them from the white list
  • Chg: relays.osirusoft.com is out-of-business and you should remove it from
  • Fix: Received header lines with a empty host name are now properly decoded
  • Fix: Local IP range is through and
    not through
  • Fix: Empty Bayes database was corrupted after an internal restart
  • Fix: Rebuild AdrOWL-B.dat from AdrOWL-A.dat when AdrOWL-B.dat does not exist
  • Fix: Manually adding an address without a timestamp into AdrOWL-A.dat
  • Fix: IP exclusion for SLS in the header is now checked against every IP address
  • Fix: A space at the beginning of a host name are no longer removed
  • Fix: TNEF attachments show up twice when message is reassembled without removing HTML
  • Fix: HTML to plain text convert added more lines break and spaces to make it better readable
  • Fix: 100% cpu with a SSL connection on some ISA servers
  • Fix: Timeout of a non-delivery message when the message had a BCC to an internal address
  • Fix: Auto disabling inbound SMTP connections because of Exchange connection failure
  • Fix: Decoding a message with a single carriage return at the beginning of a new line
  • Fix: Outgoing message that is blocked is now in the spam column of the statistic file
  • Fix: Unfolding of html code when converting to plain text
  • New: Support for Windows 2003
  • New: Optionally process a message independent for each recipient
  • New: Option to send back the whole message in a DSN, because Notes 6.0
    has a problem decoding a message/rfc822 with consist of only a header
  • New: Option to change the number of worker threads
  • New: Options to tell XWall which methods should be excluded by the automatic white list
  • New: Option to add the "mark subject" string on the left side rather
    than the right side of the subject
  • New: Column in the statistic file that shows the reason why a message was excluded
  • New: Logfile shows the reason why a message was excluded
  • New: Support for message/rfc822-headers
  • New: Support for automatic white list in a server farm
  • New: Exclude messages sent using a TLS/SSL connection
  • New: Exclude messages sent from authenticated users
  • New: Feeding Bayes with good messages by sending them to an e-mail address
  • New: Option to purge old statistic files
  • New: Manual feeding of Bayes gets twice the emphasis
  • New: Option to set the DSN RFC or Exchange conforming
  • New: Option to accept only messages for e-mail addresses that are valid on Exchange
  • New: IP address and host name added to the statistic file
  • New: Options to block all messages that are not excluded
  • New: Options to tell XWall which methods should be excluded by the global exclusion
  • New: Exclusion from address blocking; allows blocking of a
    whole domain and exclude specific e-mail addresses
  • New: blackholes.easynet.nl as a common SLS in in View->Options->Spam
  • New: Check SLS every 8 hours to make sure the SLS (Spam Lookup Services)
    are responding and return valid data
  • New: Extra timeout for non-delivery reports (default is 4 hours)
  • New: Support for MIME type disposition-notification
  • New: The From: address of the message is checked against the white list
    (useful for mailing lists)
  • New: The logfile shows the From: of the message and the return path
    (MAIL FROM:) in the case they are different

v3.27 2003-06-04

  • Fix: HTML as attachment is now removed from a forwarded DSN message
  • Fix: Reassemble of application/x-pkcs7-mime
  • Fix: Parsing of Received: line with fakes hostname
  • Fix: Inbound pipelining sometimes missed the QUIT command at the end of the SMTP session
  • Fix: Blocking of an e-mail address with "*something*"
  • Fix: TNEF attachments show up twice when message is reassembled without removing TNEF
  • Chg: XWall accepts no MX records coming from a forwarding DNS
  • Chg: Messages in the history folder are now longer byte stuffed
  • Chg: Format of Bayes-B.dat and Bayes-G.dat
    (automatic conversation from the old to the new format)
  • Chg: The Spam column of the statistic file shows the type of spam
  • Chg: Block Text scans the text AND the html part of the message
    (html tags are removed before scanning)
  • Chg: Block HTML scans the raw html part (html tags are not removed)
  • Chg: Mark subject [adr] to [bcc] , [faked-from] and [addr]
  • Chg: A message that triggers the Bayes action is goes now into the Bayes bad word list
  • Chg: orbs.dorkslayers.com is dead and you may want to remove it from
  • New: Optionally delete invalid header lines that confuse Exchange 2000
  • New: Support for Content-Encoding: binary
  • New: Global exclusion based on subject, note text, html text, IP or host
  • New: MBAdmin does not longer overwrite xwall.ini
  • when the file was changed manually or through MBServer
  • New: Common spam phrases for subject, text and HTML blocking
  • New: Common header lines for spam x-mailer blocking
  • New: SLS/RBL/MAPS groups (the ip must be listened at each member service)
  • New: User-defined field delimiter for the CSV file
  • New: Automatic white list; every outgoing e-mail address is
    added to the white list and will bypass the spam filter
  • New: Bayes column in the statistic file
  • New: sbl.spamhaus.org as a common SLS in in View->Options->Spam

v3.26 2003-03-28

  • Fix: crash with blocked header when the message has two "x-mailer" lines
  • Fix: Bayes Robinson more than 100
  • Fix: Writing of the Bayes dat file even in lean mode
  • Fix: Decoding of quoted printable pdf files sent by Exchange 5.5
  • Fix: HTML is also removed from a forwarded DSN message
  • Fix: Timing-based attack on SSL/TLS
  • Fix: When Exchange blocks an address at the SMTP level,
    then only a non-delivery report for this address is sent and all others are delivered
  • Chg: Bayes Robinson spam value from 60 to 70
  • Chg: The SMTP HELO and the greeting shows the name of the IP address to which XWall is bound to and not the main machine name
  • Chg: Decoding of a filename which is longer than 256 bytes
  • Chg: XWall will not longer send to a domain where the MX record point to localhost
  • Chg: Exploits are now an extra section and do no longer use the action of blocked attachments
  • Chg: XWall no longer uses an authoritative name server answer
    to detect if a domain is not existing
  • Chg: XWall no longer supports the old file based registration method
  • New: X-XWall-Spam: header line with a list why the message was spam
  • New: more actions for SLS and Bayes handling
  • New: FQDN of XWall can be changed
  • New: Blocking of files with double extension (filename.exe.txt)
  • New: Feeding Bayes with spam messages by sending them to an e-mail address
  • New: Outgoing spam in the statistic file
  • New: XWall stops messages exceeding the limit as early as possible
  • New: Block messages with external attachments (message/external-body)
  • New: Message with the recipients address as From: address is
    considered to be a Faked From: address
  • New: Blocking by IP address or hostname
  • New: more actions for blocking addresses
  • New: Wildcards are now allowed in IP addresses, e-mail addresses and host names
  • New: A string with a * in it can be blocked by
    escaping the * with a second * (to block "f*ck", use "f**ck")
  • New: Blocking of messages that are not originated by the MX of the sending domain
  • New: Decoding of yEnc, Deflate-8bit and Deflate-Base64
  • New: Support for 8BITMIME (RFC 1652)
  • New: XWall removes comments like in "Horn<!19656>y" before scanning the HTML text
  • New: XWall encodes strings like "2%30%30.1%358.%39.4%32:8080/some.htm"
    before scanning the HTML text

v3.25 2003-01-16

  • Fix: Encoding BIG5 messages a temp file was not deleted
  • Fix: Option forward to admin without warning with attachment
    was also sending to the original recipient
  • Chg: Speeded up Bayes by app. 65%
  • Chg: Speeded up outgoing messages under heavy load
  • New: Different algorithm in Bayes (Robinson or Graham algorithm)
  • New: Blocking of header lines
  • New: More actions when blocking BCC and faked From

v3.24 2002-12-04

  • Fix: Typo in a delivery status notification
  • Fix: Sometimes the non-delivery report for blocked subject/text/HTML
    showed the wrong string
  • Chg: XWall allows a CNAME as an MX records;
    this is prohibited by RFC 1713 and 2181, but a lot of sites use it
  • Chg: Renamed "message loop" to "suspicious message",
    because it's not always a looping message
  • New: XWall stops accepting messages when the disk has less then 20MB free space
  • New: /PROGRAM as argument for McAfee scanner
  • New: Verify FQDN only when the user is not authenticated
  • New: MRTG and statistic values for the count of blocked and spam messages
  • New: statistic values for the format of a message (HTML,TNEF,DSN,SIGN,ENCRYPT)
  • New: Exclusion by IP and e-mail address for SLS, Bayes,
    dns verify, remove format and envelope
  • New: XWall shows now the name of the virus as long as the scanner
    is able to give back this information

v3.23 2002-10-16

  • Fix: Encoding of foreign display name when body text is plain ASCII
  • Fix: HTML decoding is done before a check for a blocked string in the text
  • Fix: In a non-delivery report the header and the body text was sent back
    rather than only the header
  • Fix: Contacted the authoritative name server of a domain even
    when the local name server provided an authoritative answer
  • Fix: Decoding of Big5 HTML messages
  • Fix: Rotation of the logfile at midnight
  • Chg: ESC value for blocked text and blocked html from 5.7.0 to 5.9.7
  • New: Block a sending host with an invalid FQDN
    (full qualified domain name) in the HELO/EHLO
  • New: Block a sending host if no reverse lookup of the IP address exist (missing DNS PTR)
  • New: Block all attachments
  • New: Check of the name server at startup to make sure it is working
  • New: Dump Mark Subject data to the logfile
  • New: More actions when detecting a SLS/RBL/MAPS message
  • New: More actions when text blocking a message
  • New: The logfile and the NDR now shows the SLS service and
    the IP that blocked the message
  • New: XWall writes the SLS/RBL/MAPS blocking database and the IP address
    of the sending host to the header of the message so that this information
    is quickly available in Outlook
  • New: Block partial attachments (message/partial)
  • New: Field in the statistic file to indicate spam mail
  • New: Support for ISO-2022-JP (Japanese Characters)
  • New: Wildcards can be used for blocking attachments, text, HTML and subject
  • New: The logfile and the non-delivery-report now shows the line in
    which a blocked string was found
  • New: Logging to screen is disabled when XWall runs as a service
  • New: Statistical approach with the Bayesian filter to filter out spam messages

v3.22 2002-08-09

  • Fixed domain validating when a relay host is defined
  • Fixed adding a disclaimer to a message/report
  • Fixed a timeout problem with SSL/TLS
  • Fixed decoding of an Unicode tnef attachment name
  • Changed the handling of a SSL/TLS connection when the target host has no CN
    (common name)
  • Added a check at startup to make sure the SLS (Spam Lookup Services) are responding
    (to prevent timeouts when queries a not working SLS)
  • Added the option to mark the subject for faked From: addresses
  • Added the option check the IP of the message header against SLS/MAPS
  • Added the IP address to the message that will be shown to the
    sending server when blocked by MAPS/SLS
  • Added the option to define the temp path without changing the TEMP environment variable

v3.21 2002-05-30

  • Fixed html parser for <style> tag
  • Fixed decoding of utf-7 messages
  • Fixed a bug when a disclaimer with no blank line at the
    beginning was added to a empty note text
  • Fixed a extra char problem when adding a disclaimer to a html message
  • Fixed a special html char problem when adding a disclaimer to a html message
  • Changed the handling of a SSL/TLS connection when the target host
    has not CN (common name)
  • Added support for nested digest messages
  • Added a statistic file for spam blocking and virus

v3.20 2002-05-03

  • Fixed blocking of attachments with an extension of .eml
  • Fixed HELO when ESMTP is disabled
  • Fixed html remove so that it works better with Exchange 5.x
  • Fixed deleting of the xxxx.tmp files after a invalid BDAT transfer
  • Changed the removing of the HTML formatting; making it more human readable
  • Added the option to mark the subject for BCC messages
  • Added the option to block e-mail addresses
  • Added the option to exclude e-mail addresses from blocking
  • Added the option to reassemble the messages for
    protection against badly formatted messages and viruses
  • Added the option to block files with a dot as the last char (file.vbs.)
  • Added the option to add a disclaimer to outgoing messages
  • Added the option to remove the TNEF part of a message
  • Added a check for an on-access virus scanner at start

v3.19 2002-02-27

  • Fixed the announcement of authentication in inbound ESMTP
  • Fixed the multiply host name announcement in ETRN
  • Fixed html remove with signed messages
  • Fixed auto detect of dns server when running under a user account
  • Added diagnostic logging for the virus scanner
  • Added a more verbose logging when blocking a message
  • Added support for RFC 2480
  • Added more verbose logging when blocking an IP address by using SLS
  • Added support for virus scanning in the EML message format
  • Added support for blocking files with a CLSID extension
  • Added support for SSL / TLS encryption

v3.18 2001-11-29

  • Fixed detection of Aliz virus
  • Added the option to perform an online check for a new program version
  • Added the option to notify the postmaster in the case a new program version is available
  • Added the option to exclude e-mail addresses from html/text/subject blocking
  • Added the option to exclude IP addresses from SLS/MAPS blocking
  • Added the option to remove the HTML part of a message

v3.17 2001-10-18

  • Fixed setting of the expiration time of a message when XWall restarts
  • Fixed the decoding so that it does not take forever to normalize a message with a very large body text
  • Changed definition of MAPS, because MAPS is now a pay service
  • Added user defined Spam Lookup Services
  • Added support for Sophos Anti-Virus 3.x

v3.16 2001-08-10

  • Fixed SMTP authentication with servers that announce only AUTH and PLAIN
  • Fixed a problem decoding the attachments of a multipart/related message
  • Fixed a bug when an out-of-range SMTP DATA command crashes XWall
  • Changed the default charset for non-deliver-messages from ISO-8859-1 to UTF-7
  • Removed support for the ORBS spam list, because the list is no longer working
  • Combined MAPS RBL, DUL and RSS into one lookup
  • Added inbound and outbound SMTP authentication
  • Added inbound SMTP authentication using NTLM
  • Added an option to relay messages for authenticated users
    (allow XWall to act as a relay for POP3 clients)
  • Added infinite message loop detection
  • Added the option to manually define spam dns lookup services
  • Added the option to show real time statistic using MRTG (Multi Router Traffic Grapher)
  • Added "mark subject" as an action when a message is blocked
  • Added the option to automatically BCC every message to a specific e-mail address
  • Added the option to CC every blocked message to a specific e-mail address

v3.15 2001-06-07

  • Fixed decoding of messages with more than 40000 Content-Type definitions
  • Fixed console screen buffer handling when running on Windows 2000/2003
  • Changed that no error is generated when the Exchange does not allow authentication
  • Added a check for an on-access virus scanner, because the scanner will block XWall from accessing its files
  • Added additional checking when reading queued messages from disk
  • Added checking of the senders domain as an optional spam check

v3.14 2001-05-04

  • Fixed detection of Magistr virus
  • Changed the parsing of the header of a message to
    accept only a blank line with CRLF as end-of-header
  • Added the option to scan embedded TNEF (WINMAIL.DAT) for viruses

v3.13 2001-04-11

  • Changed the logfile to use UTF-8 rather than ASCII
  • Changed the .dat and .ini files to use ANSI and UTF-8 rather than ASCII
  • Changed the orbs blocking to use the new outputs.orbs.org
  • Changed the maps blocking to use the new dialups.mail-abuse.org
    and blackholes.mail-abuse.org
  • Changed the blocking of the subject to scan for strings rather than comparing from left to right
  • Changed the default action for a blocked inbound attachment to "discard"
  • Fixed the DNS query for the MX record to stop after the first server in the case a domain has no MX
  • Fixed the DNS query for the MX record to query for an
    A record even one of the DSN servers is down
  • Added support for messages encoded in UTF-7 and UTF-8
  • Added blocking based on string in the html part of a message
  • Added support for KOI8-R (Russian) and Big5 (Chinese) message decoding
  • Added support for code page 1255 (Hebrew) message decoding

v3.12 2001-02-10

  • Added support for RFC 2554 (SMTP AUTH LOGIN)
  • Added support for RFC 2595 (SMTP AUTH PLAIN)
  • Added support for RFC 2195 (SMTP AUTH CRAM-MD5)
  • Added support for SMTP AUTH NTLM
  • Changed the default SMTP connection limit to 100 concurrent connections

v3.11 2000-12-21

  • Fixed virus scanning with the newer versions of F-PROT
  • Added support for blocking based on ORBS spam list

v3.10 2000-10-27

  • Fixed handling of yahoo multipart messages where a blank line is missing
  • Added a switch to allow relaying for client from an internal IP address
  • Added support for command pipelining (RFC1854)
  • Added support for message chunking (RFC1830)
  • Added support for virus scanning of html pages
  • Fixed relaying for domains with a static route when a smart host was specified

v3.09 2000-09-11

  • Fixed handling of a message with contains hundreds of sub messages
  • Added option to also deliver to the original e-mail address after forwarding
  • Added a workaround for servers that deny the RSET command
  • Added support for F-PROT 3.x anti-virus scanner
  • Added support for blocking a normalized subject
  • Added blocking of a message by message text
  • Added option to define static routes for specific e-mail domains

v3.08 2000-07-18

  • Added the option to send a NDR when blocking an inbound attachment or subject
  • Added the option to check for a blocked subject case sensitive and case insensitive
  • Added support for CHUNKING (RFC 1830) for better sending to an Exchange 2000
  • Added authentication for secure sending to an Exchange 2000
  • Added complete support for RFC 1891 (Delivers Status Notification)
  • Added signal to send the current logfile to postmaster
  • Added option to purge old logfiles
  • Updated option to remove return-receipt for the new Exchange 2000 read receipt

v3.07 2000-05-08

  • Added blocking of a message by subject to block viruses like "ILOVEYOU"
  • Added blocking of an outbound message by attachment name
  • Added From: address to DNS messages

v3.06 2000-04-27

  • Fixed name server Auto Detect in Win2000

v3.05 2000-02-25

  • Added support for forwarding to a group of addresses and for recursive forwards
  • Fixed console screen when running as a interactive service
  • Added workaround for Win2000 which reports an error when shutting down the service

v3.04 2000-01-08

  • Fixed forwarding of e-mails with viruses to go to the address postmaster@xxxxxx.xxx

v3.03 1999-12-02

  • Removed Norton Anti Virus from the supported scanner options,
    because it does not return a proper errorlevel in the newest versions
  • Added support to limit concurrent connections
  • Added user defined message size limit
  • Added message compression when sending to another XWall (30 - 80% depending of the attachments in the message)

v3.02 1999-09-27

  • Fixed quoting in CSV file
  • Added optional removing of Return-Receipt-To: for inbound and outbound messages
  • Added dialup, SOCKS, ETRN and relaying
  • Added address translation to translate e-mail domains,
    mailboxes or a complete domain to one single address

v3.01 1998-08-06

  • Released
©1991-2022 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
2022-02-16 / Phone
2022-02-16 / Tablet
Changed: 2022-02-16
Copyright ©1991-2022 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
Fax: +43 (1) 4120051