Iris
Release 24
Iris noun
From Greek mythology: Iris was the winged goddess of the rainbow and the messenger of the Olympian gods. [ Source: http://www.theoi.com/Pontos/Iris.html (2004-05-05) ]
Details of this update and their benefits to you
| Item | Type | Details |
|---|---|---|
| Spam Control | New | A number of new features have been implemented to reduce the amount of
spam accepted by the NetBox. The new spam control features available
are:
|
| SMTP Performance | New | The SMTP email server functionality of the NetBox has been completely restructured to provide significant performance gains. Users should notice increased SMTP responsiveness and throughput. This will especially be of benefit to high volume sites and sites performing bulk mailouts. |
| Web Cache Upgrade | Enhancement | The NetBox web cache has been updated to improve performance and correct access control related faults. |
Additions for Iris 24a
| Item | Type | Details |
|---|---|---|
| Hyphens in usernames | Enhancement | Hyphen's are now allowed in NetBox usernames and email aliases. |
| Encryption update | Enhancement | The SSL encryption module used for the NetBox management interface has been updated to improve security. |
| Email scanning log viewing | Fix | A problem with viewing of email scanning logs has been resolved. These logs are available under Administration > View Logs in the NetBox web interface. |
Additions for Iris 24b
| Item | Type | Details |
|---|---|---|
| Extensive software updates | Enhancement | Major upgrades of various code libraries have been made in preparation for the new email scanning and spam management functionality. Some obsolete code libraries have also been removed. |
| External POP3 pickup robustness | Enhancement | Handling of invalid sender addresses during external POP3 retrieval has been improved. Additionally, more message headers are now checked for use as sender addresses during SMTP injection. |
| Minor SMTP handling fixes | Fix | Small fixes have been added relating to the recent SMTP subsystem upgrades. |
Additions for Iris 24c
| Item | Type | Details |
|---|---|---|
| Manual virus definition updates | Enhancement | It is now possible to manually force virus definitions to be updated. Simply use the "Update" button the first Email Scanning page of the web interface. |
| Port forwarding screen supports TCP+UDP | Enhancement | The port forwarding screen now allows you to define a port forward for a TCP and UDP port in the one configuration item. This simplifies addition of port forwards for protocols that use both TCP and UDP on the same port number. |
| Log viewing end time rounding | Enhancement | The default end time on the log viewing screen (Administration > view logs) is now rounded up to ensure that all available log information is displayed. |
| Redirect fix in Webmail | Fix | A recent change caused mail that was sent via the Redirect feature in the Webmail system to be rescanned with the NetBox email scanning system. This has been fixed: email sent using the Redirect feature will NOT be rescanned now. |
Additions for Iris 24d
| Item | Type | Details |
|---|---|---|
| New email scanning subsystem | New | The email scanning subsystem has been redeveloped to allow
greatly improved flexibility and enhanced protection configuration. Some
of the new features now available are:
|
| TCP Test Tool | New | A testing tool now exists in the NetBox web interface that allows testing of arbitrary TCP connections. This is useful for diagnosing a variety of network problems including web proxy and email server connectivity. This tool can be found under Administration > internet tools in the web interface. |
| More detailed Email Monitoring | Enhancement | The level of detail logged by the Email Monitoring feature has been increased. All POP3 messages passing through the NetBox emails are now logged. Extended reason information is now given for messages blocked by the email scanning subsystem. |
| ClamAV Update | Enhancement | The ClamAV virus engine has been updated to improve detection capabilities and robustness. |
| SMTP Server options screen | Fix | The SMTP Server options screen is now available even if the NetBox is not configured with the Email Hosting and Gateway module. |
| Network Monitoring Reports | Fix | A time zone conversion problem with Network Monitoring reports has been fixed. |
| External POP3 retrieval handling | Fix | Problems with interaction between the external POP3 pickup process and the antispam features of the SMTP server has been resolved. |
Additions for Iris 24d.1
| Item | Type | Details |
|---|---|---|
| NOD32 Update | Enhancement | The NOD32 virus scanning engine was updated to the latest version. This provides improved virus detection ability for NetBoxes using the NOD32 engine. |
Additions for Iris 24d.2
| Item | Type | Details |
|---|---|---|
| Email Scanning Fixes | Fix | Minor faults with the Email Scanning module were fixed. |
| Email Monitoring Fixes | Fix | Minor faults with the Email Monitoring module relating to unicode handling were fixed. |
Additions for Iris 24d.3
| Item | Type | Details |
|---|---|---|
| SMTP Header Correction Turned Off | Enhancement | The header rewriting feature of the NetBox SMTP server was turned off to avoid incorrect changes triggered by invalid message headers. These invalid headers are generated by buggy SMTP servers and clients. |
| Email Scanning Fixes | Fix | Minor faults with the new Email Scanning module were fixed. |
Additions for Iris 24e
| Item | Type | Details |
|---|---|---|
| Sophos Support | New | The Sophos virus scanning engine is now supported by the NetBox for scanning of SMTP and POP3 messages. Please contact your NetBox reseller if you are licensed for Sophos and wish to use the Sophos engine on your NetBox. |
| Remote Sender Address Verification | New | The NetBox will now query a remote server (operated by NetBox Blue) to
perform Sender Address Verification (SAV) checks if it has an outbound
SMTP host configured. Until now, sites that used a outbound SMTP host could not do Sender Address Verification because this technique requires direct SMTP access to the server that owns the address being verified. Such sites will now automatically use this new Remote Sender Address Verification feature if SAV is turned on. This provides a significant new anti-spam tool for sites that use an outbound SMTP relay. |
| New Email Scanning Features | New | A number of new features have been added to the Email Scanning module:
|
| Redirect to SSL Option | New | It is now possible for the HTTP port of the NetBox web interface to automatically redirect connections to the HTTPS (SSL) port. This option can be set under Configuration > Web Interface > Enable HTTP web interface in the NetBox management interface. |
| Allow Traffic Between PPTP Clients | New | Traffic between PPTP clients connected to the same NetBox can now be optionally permitted. This can be set under Configuration > Remote Access > Allow access between PPTP clients in the NetBox management interface. |
| Web Filtering Enhancements | Enhancement | Minor changes have been made to the Web Filtering module to streamline handling of licenses and speed up the web interface. |
Additions for Iris 24f
| Item | Type | Details |
|---|---|---|
| Email Scanning: Spam URL Detection | New | The Email Scanning "Spam Detection" criteria now supports a new
feature to intelligently detect known spam related URLs in messages.
This technique has proven to be highly successful during testing. The
amount of spam received at most sites has been reduced to less than one
per day, with no false positives. To ensure you are benefiting from this new feature please ensure all inbound mail is being checked by the "Spam Detection" criteria with the spam URL detection feature enabled. Contact your NetBox reseller if you are unsure of how to do this. |
| Email Scanning: WMV Detection | New | The "Attachment Type Detection" Email Scanning criteria can now detect the commonly used Microsoft Windows Media Video (WMV) file type. This allows detection and management of these attachments within emails passing through the NetBox. |
| Email Scanning: Reset to Defaults | New | The Email Scanning engine now includes a reset feature to return all Email Scanning configuration items to factory defaults. This is useful for cleaning up the Email Scanning configuration if it has become unwieldly. |
| SMTP AUTH | New | The NetBox SMTP service now supports SMTP Authentication (SMTP AUTH). This allows users on the Internet to relay email via the NetBox if they have a account on the NetBox and avoids the need for multiple email configurations for remote users. SMTP AUTH is supported by recent versions of most popular email clients. There is no need to enable this feature on the NetBox. It is automatically available as part of this release. |
| SMTP Encryption | New | The NetBox SMTP service now supports SMTP encryption using the
Transport Layer Security (TLS) standard. When TLS is used all email
traffic between the client and the NetBox is transparently encrypted
providing greatly enhanced security and privacy.
The NetBox will automatically use TLS when receiving and sending email if the remote end supports it. This means that all SMTP traffic between NetBoxes will be automatically encrypted. SMTP over TLS is supported by recent versions of most popular email clients. It is highly recommended that TLS is used in conjunction with SMTP AUTH to avoid the possibility of password sniffing. There is no need to enable this feature on the NetBox. It is automatically available as part of this release. |
| NetBox VPN Compression | New | The NetBox site-to-site VPN module now supports traffic compression. This can provide signifcant benefits for busy VPN links by greatly reducing the amount of VPN traffic transmitted. The compression algorithms used incur a minimal latency overhead. VPN traffic compression can be enabled under Configuration > NetBox VPN in the web interface. |
| Custom Additional Routes | New | Additional routes can now be configured to support extra gateways. This is useful when integrating the NetBox with VPN or leased line routers or existing legacy systems. This feature is available under Configuration > Additional Routes in the NetBox web interface. |
| Routing Table Display | New | All active routes on the NetBox can be now be viewed to assist in network troubleshooting. See Administration > routing table in the web interface. |
| SMTP Access Control | New | Host based access control is now available for the SMTP server. This allows fine-grained control over which LAN IPs and networks may send email via NetBox. This feature is available under Configuration > SMTP Server > SMTP Access Control in the NetBox web interface. |
| Email Scanning: Minor Enhancments | Enhancement | A number of other minor improvments have been added to the Email Scanning module including logging of the message size in the Email Scanning logs and numerous online help updates. |
| Compression Library Upgrade | Enhancement | A compression library used on the NetBox has been upgraded to significantly improve performance and also to address a security issue. |
| External POP3 Retrieval Optimisations | Enhancement | The external POP3 email retrieval system has been restructured to improve delivery throughput and address error handling behaviour in certain boundary cases. |
| ClamAV Encrypted Zip Blocking | Fix | The ClamAV virus scanning engine was incorrectly blocking encrypted zip files. This has been rectified. |
Additions for Iris 24f.1
| Item | Type | Details |
|---|---|---|
| SMTP AUTH and Encryption (TLS) Settings | New | The new SMTP authorisation and encryption features can now be manually enabled or disabled. See Configuration > SMTP Server in NetBox web interface. |
| PPTP LCP Echos | New | The NetBox will now send regular Link Control Protocol (LCP) echos to connected PPTP clients to prevent Windows clients from automatically disconnecting when the link is idle. |
| Help Updates | Enhancement | Some online help sections have been corrected and updated. |
| Fixed IMAP Authentication Issues | Fix | Due to a recent change, the NetBox IMAP server was advertising authentication mechanisms that it did not actually support. This would cause authentication failures if an IMAP client attempt to use these mechanisms. This problem has been fixed. |
Additions for Iris 24f.2
| Item | Type | Details |
|---|---|---|
| Log Display Updates | Enhancement | Several internal improvements were made to log viewing functionality. |
| Help Updates | Enhancement | Online help articles were updated for a number of NetBox modules. |
Additions for Iris 24g
| Item | Type | Details |
|---|---|---|
| New Reporting Module | New |
This release introduces a new reporting module for all NetBoxes. The reporting module allows configuration of reports concerning many aspects of the NetBox. Statistics available include virus detections, spam block activity, Internet link usage and link uptime information. More report types will become available in future software releases. Reports include a mix of textual and graphical data and may be delivered by email or displayed on-demand through the web interface. A schedule can be configured so that reports are sent to specific email addresses on a periodic basis. Once this release is installed on a NetBox, a detailed report will be automatically configured and sent to the administrator alert address every week. The available reports can be configured under Reporting > reports in the web interface. The report schedule can be modified under Reporting > schedule. |
| Installed Modules Display | New | The currently available NetBox modules are now shown on the home page of the NetBox web interface. This shows the modules that are installed and other modules which may be available. |
| Quicker Apply | Enhancement | The Apply feature under Configuration in the web interface now resets the only parts of the NetBox system that are affected by the changes made by the user. This means that the apply process is generally much quicker and less intrusive. The Internet link will only reset if link configuration changes have been made. The option to do a full reboot is still available if required. |
| Network Monitoring FTP Data Handling | Enhancement | Special handling has been introduced for FTP data transfers so they are recorded in a more intuitive manner. FTP data traffic will always be logged on port 20 (FTP DATA) regardless of whether the connection was initiated locally or remotely (passive/active). |
| Email Scanning Updates | Enhancement | Many Email Scanning online help articles have been updated and a number of internal optimisations have been made. The handling of illegal NUL characters in message bodies has been improved. |
| Link Retry Display | Enhancement | The NetBox LCD display now shows more information when the link is down. The display will regularly indicate the time remaining to the next reconnection attempt. |
| Web Proxy Update | Fix | The NetBox web proxy service has been updated to address recent security concerns. |
| PNG Library Update | Fix | An internal library used to generate PNG images has been updated to address security concerns. |
| PPPoE Routing Fix | Fix | A subtle routing problem exposed when the Internet link type is changed from Ethernet to PPPoE (ADSL) without a reboot has been fixed. |
Additions for Iris 24g.1
| Item | Type | Details |
|---|---|---|
| Reporting Optimisations | Enhancement |
Parts of the Reporting module were optimised to improve report generation speed and increase data collection efficiency at busy sites. |
| Apply Changes for NetBox VPN | Fix |
A change in release 24g caused the Apply Changes screen to not register changes to the NetBox VPN configuration. This has been rectified. |
| Email Scanning Fixes | Fix |
|
Additions for Iris 24h
| Item | Type | Details |
|---|---|---|
| URL Filtering Module | New |
A new NetBox module is now available to allow for flexible web access policy creation and enforcement. Blacklists and whitelists can be created for specific networks and policies may be time and day-of-week based if required. Web content can be filtered by domain or through powerful URL matching expressions. This module is ideal for sites that wish to enforce a restricted view of the web or who wish to prevent access to specific web sites or types of web content. |
| New Email Monitoring Browse Screen | New |
The NetBox Email Monitoring browse interface has been redeveloped to provide a powerful and flexible query system for email statistics. It is now easy to find out for example, exactly what messages have been sent, who the biggest senders and recipients are and which messages have been blocked. A number of preset queries are available to allow quick examination of common statistics. |
| SMTP Sender Address Blacklist | New |
A sender address blacklist is now available. This list configures sender addresses and domains that the NetBox SMTP server will never accept. This blacklist can be accessed at Configuration > SMTP Server in the NetBox web interface. |
| New Logs Available | New | The NetBox web proxy and web management server logs are now available at Administration > view logs in the web interface. The web proxy logs can be useful for diagnosing web cache related problems. The web management logs can be used for auditing configuration changes made via the NetBox web interface. |
| Max SMTP Deliveries Limit | New | The maximum number of outgoing SMTP deliveries that the NetBox will attempt can now be limited. This can be useful for reducing the impact of large mail-outs on slower Internet links. This setting can be found at Configuration > SMTP Server > SMTP Maximum concurrent deliveries in the web interface. |
| Reporing Module Help | New | All online help for the Reporting module has been completed and is now available. |
| Log Viewing Enhancements | Enhancement | The NetBox log viewing functionality has been optimised so that log retrieval is now significantly faster. Additionally, logs are now available over a larger time range (ie. further back in time). |
| Dig Tool Options | Enhancement | The builtin DNS lookup tool (Dig) now supports query tracing and the ability to query TXT records. |
| Compression Library Update | Fix | A compression library used by various NetBox components has been updated to address newly discovered security concerns. |
Additions for Iris 24h.1
| Item | Type | Details |
|---|---|---|
| Scheduled Reboot | New |
Automatic reboots of the NetBox can now be scheduled. This is useful if you have made configuration changes and wish to have them take effect some time in the future (eg. out of business hours). Scheduled reboots can be set at Administration > scheduled reboot in the NetBox web interface. |
| Site Key Domain Name Can Now Be Actual Public IP | New |
NetBoxes that are behind a NAT firewall will typically set their site key dynamic DNS (DDNS) entry (eg. somewhere.safenetbox.biz) to their own IP rather than the public IP address of the NAT firewall through which they can be reached. To avoid this problem the NetBox can now detect its actual public IP and use this for its DDNS entry instead. To enable this functionality set the option under Configuration > Advanced > Set Site Key domain name entry to actual public IP in the NetBox web interface. |
| “None” connection type | New |
A new Internet connection type called “None” now exists. This is intended for NetBox configurations that don't have a Internet connection (eg. where the NetBox is acting as an email scanner only). |
| Database Engine Update | Enhancement |
The internal database engine used for storage of statistical data was updated to improve performance and provide new functionality required for future NetBox firmware updates. |
| Authentication Layer Update | Enhancement |
An internal system used for user authentication was updated to address newly discovered security concerns. |
| Email Scanning Fixes | Fix |
The following changes were made to the Email Scanning subsystem:
|
| Conflicting Routes | Fix |
It is now not possible to enter routes that conflicting with other internal or custom routes on the Additional Routes screen. |
Additions for Iris 24h.2
| Item | Type | Details |
|---|---|---|
| Sophos Definitions Update Fix | Fix |
A fix was made to the virus definition update subsystem to streamline the way updates are done for the Sophos scanning engine. |
Additions for Iris 24i
| Item | Type | Details |
|---|---|---|
| New Webmail Interface | New |
The NetBox webmail interface has been revamped to provide many new features and improved usability. New features include:
|
| 802.1q VLAN Support | New |
There is now an optional module to provide 802.1q compatible VLAN interfaces. These can be defined as part of the NetBoxes Advanced LAN configuration. This simplfies the integration of the NetBox into more complex network environments. VLAN interfaces behave just like any other NetBox LAN interface. VLAN interfaces can be configured at Configuration > Advanced LAN in the NetBox web interface. |
| SMTP Network Monitoring | Enhancement |
SMTP traffic relayed through the NetBox is typically not recorded by the Network Monitoring module because this traffic is sent to the NetBox and not through it. To solve this problem, the Network Monitoring module now handles SMTP traffic as a special case and can attribute it to the proper LAN user/IP. Both local and pass-through domains are supported. To enable this feature, go to Network Monitoring > config in the NetBox web interface. |
| Improved SMTP Rate Limiting | Enhancement |
The NetBox SMTP server's rate limiting functionality has been updated to provide better performance under high loads such as those caused by recent viruses and worms. |
| Schedule Power-Off | Enhancement |
The Scheduled Reboot feature has been extended to allow for power-offs as well. |
| Reporting UDP Ports | Enhancement |
The description of common UDP ports is now shown in the Network Monitoring reports. |
| PPPoE MAC Switching | Enhancement |
The NetBox internet connection manager will now automatically modify the MAC address of the ethernet interface when connection attempts repeatedly fail. This allows for quicker reconnection by working around problems with ADSL equipment at the ISP. |
Additions for Iris 24i.1
| Item | Type | Details |
|---|---|---|
| SMTP Access Changes | Enhancement |
The NetBox SMTP access controls at Configuration | SMTP Server | SMTP access control in the web interface now allow configuration of hosts and networks that are trusted. The NetBox will unconditionally accept email from IP ranges configured as trusted. These access controls are applied before the NetBox's builtin access control mechansims and so can be used to override the default behaviour. |
| Log Viewing Fix | Fix |
A fault introduced in the 24i release meant that most system logs were not available via the web interface. This has been fixed. This fault is display related only. There was no loss of actual logging information. |
Additions for Iris 24i.2
| Item | Type | Details |
|---|---|---|
| ClamAV Update | Enhancement |
The ClamAV virus scanning engine was updated to enhance detection abilities and address security concerns. |
| Compression Library Update | Enhancement |
An internal software component used by the NetBox software for compression was updated to address security concerns. |
| Web Proxy Update | Enhancement |
The NetBox web proxy was updated to address various security issues. Additionally, adjustments were made to the web proxy error pages to work around display faults in Internet Explorer. |
| Email Scanning Header Wrapping | Fix |
Email header wrapping was disabled during message rewriting in the Email Scanning module as wrapped headers are not correctly handled by some non-compliant email clients. |
| Webmail Fixes | Fix |
Minor fixes were made to the webmail system to account for unusual message and date encodings. |
Additions for Iris 24i.3
| Item | Type | Details |
|---|---|---|
| ClamAV Update | Enhancement |
Another update of the ClamAV virus scanning engine to address various bugs. |
Additions for Iris 24i.4
| Item | Type | Details |
|---|---|---|
| IMAP/POP3 Server Update | Enhancement |
A major update of the NetBox IMAP and POP3 server was done to address serious security problems. |
| Relaxed Web Proxy HTTP Header Handling | Enhancement |
The NetBox web proxy was modified to be less stringent when performing security checks on HTTP headers. This is required to work around serious problems with some Microsoft IIS servers. |
Additions for Iris 24i.5
| Item | Type | Details |
|---|---|---|
| Handling of Invalid Email Payload Encoding | Enhancement |
The base64 decoding routines of the Email Scanning module have been made more robust so that a wider range of incorrectly encoded message attachments may be decoded. The Email Scanning Invalid Message Encoding Criteria now has an option to detect messages with payloads that can not be decoded. This allows filtering of such messages. This setting is called "Check for attachment encoding errors" in the Invalid Message Encoding criteria. |