PreciseMail Anti-Spam Gateway Release Notes August 2007 This file contains the release notes for PreciseMail Anti-Spam Gateway V3.0. It describes any features, restrictions, changes, or additions made to the PreciseMail Anti-Spam Gateway software in this release. Revision/Update Information: This is a revised manual. Operating System and Version: OpenVMS VAX V6.1 or later OpenVMS Alpha V6.1 or later OpenVMS I64 V8.2 or later PMDF Version: PMDF V6.1 or later Software Version: PreciseMail Anti-Spam Gateway V3.0 Process Software ii Nopparthoflthisopublicationdmayabesreproduced,der the transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means electronic, mechanical, magnetic, optical, chemical, or otherwise without the prior written permission of: Process Software, LLC 959 Concord Street Framingham, MA 01701-4682 USA Voice: +1 508 879 6994; FAX: +1 508 879 0042 info@process.com Process Software, LLC ("Process") makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Process Software reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Process Software to notify any person of such revision or changes. Use of PreciseMail Anti-Spam Gateway software and associated documentation is authorized only by a Software License Agreement. Such license agreements specify the number of systems on which the software is authorized for use, and, among other things, specifically prohibit use or duplication of software or documentation, in whole or in part, except as authorized by the Software License Agreement. Restricted rights legend Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or as set forth in the Commercial Computer Software - Restricted Rights clause at FAR 52.227-19. MultiNet is a registered trademark of Process Software, LLC. TCPware is a trademark of Process Software, LLC. PMDF is a trademark of Process Software, LLC. All other trademarks are the property of their respective owners. _______________________________________________________ Contents _______________________________________________________ CHAPTER 1 NEW FEATURES AND BUG FIXES 1-1 _________________________________________________ 1.1 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V3.0 1-1 _________________________________________________ 1.2 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V2.4-3 1-4 _________________________________________________ 1.3 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V2.4-2 1-7 _________________________________________________ 1.4 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V2.4-1 1-8 _________________________________________________ 1.5 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V2.4 1-9 _________________________________________________ 1.6 NEW FEATURES AND BUG FIXES IN PRECISEMAIL ANTI-SPAM GATEWAY V2.3 1-16 iii Contents _______________________________________________________ CHAPTER 2 KNOWN BUGS AND RESTRICTIONS 2-1 iv _______________________________________________________ 1 New Features and Bug Fixes PreciseMail Anti-Spam Gateway V3.0 includes the following new features and bug fixes over earlier versions. __________________________________________________________________ 1.1 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V3.0 o The PMAS web-based GUI now allows for the automatic importation of address books to a user's allow list. The Allowlist page now includes a form to let users specify the name of a CSV (comma-separated values) file that contains the contacts to be added to the allow list. Most email clients are capable of exporting their address books to a CSV format. Once the file has been uploaded, another confirmation page is presented, allowing the users to control which addresses are actually added to the allow list. o Previous versions of PMAS would not process messages larger than 1,000 512-byte blocks-messages larger than that size were effectively ignored by PMAS. The reasoning behind the limit was that spam wasn't that large, and there was no point in scanning a message that wasn't likely to be spam. Unfortunately, these days, some spam is larger than that, so this limitation has been removed, and a new, site- controlled size limit has been implemented. 1-1 New Features and Bug Fixes A new configuration variable, MAXIMUM_SCAN_SIZE, can be defined to specify the largest size a message can be and still be scanned by PMAS. Unlike the old limit, the user and system allow/block lists are applied to the messages before the size is checked, providing more control over a a large message's disposition. If the variable is undefined or defined as 0, there are no message size limits enforced. o The PMAS web-based GUI has been enhanced to allow for searching the quarantine and discard without having to load the initial quarantine view. Search options have been added to the PMAS Start page. o The PMAS group support has been extended to allow for a group-shared allowlist file. If a user is a member of a group, PMAS will look for a allow/block file named PMAS_USERS:groupname.GROUP, in addition to the user's own file and the system allow/block file. Additionally, a file named $DEFAULT$.domain is also loaded, if it exists. You can create group and default allow/block list files using an editor or via the PMAS GUI by logging in as "groupname@GROUP" or "$default$@domain". o The initial loading of Sophos databases by the PMAS PTSMTP worker processes on OpenVMS is now staggered, reducing the load on the system when PMAS is first started. Previously, all the worker processes would try to load the databases at once, resulting in a noticeable performance hit on the system. o The DNSBL plugin has been modified to allow email address exceptions. For example, if example.com is listed in a DNSBL, an exception rule can be added to allow mail from particular example.com address. The new keyword DNSBL_ALLOW_EMAIL can be used in the PTSMTP_DNSBL.CONF file to specify the email address to allow. A complementary keyword, DNSBL_BLOCK_ EMAIL, has been added to allow you to explicitly 1-2 New Features and Bug Fixes block email from certain addresses, regardless of the DNSBL check results. o Filtering statistics are now stored in an SQL database, rather than CSV files. The bastats utility continues to be responsible for updating the statistics databases, and the adminreports CGI program generates graphical reports based on the SQL. The new stats_migrate program is run once to import any existing CSV statistics into the new SQL databases. stats_migrate is run automatically at the end of the PMAS V3.0 install process. o The first phase of the new Advanced Infrastructure module is part of this release. Advanced Infrastructure is a high-performance software clustering module designed to be more suitable for extremely large, high volume sites than the older Data Synch Cluster (DSC) module. In V3.0-Beta1, PMAS configuration files may be synchronized between multiple nodes. A future Beta release will contain support for synchronizing statistics between nodes. Support for full synchronization will continue to be added in phases over future releases. o The UNIX kits are now installed using a simplified process common across all operating systems. See the new UNIX Installation Guide for details. (The UNIX Installation Guide supplants the separate installation guides for each UNIX operating system that were previously included in PreciseMail.) o The email-based PMAS Processor has been modified to take additional steps to avoid mail loops between the Processor and other automated email responders. The following steps have been taken: o Mail from "postmaster" and "mailer-daemon" is ignored. 1-3 New Features and Bug Fixes o Mail with a Subject: line showing a PMAS reply subject or "out of office" is ignored. o Error messages generated in response to user email is now sent with a return address of "PreciseMail-NoReply" to avoid bounces from coming back to the PMAS Processor. o All email messages originating from PMAS now include an Auto-Submitted: header showing that they were automatically generated by software. The PMAS Processor ignores any mail it receives containing an Auto-Submitted: header that shows whether the message was "auto-replied" or "auto- generated". o The PCRE regular expression library used by PMAS has been upgraded to PCRE V7.0. o OpenVMS installations now use a shareable image for the PCRE library, resulting in lower memory requirements for PMAS (in particular, the PMAS PTSMTP worker processes). o The PMAS web-based GUI now uses the Thickbox package for all popups. Thickbox creates frames on top of the existing browser window instead of a separate popup window. __________________________________________________________________ 1.2 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V2.4-3 o PMAS has been enhanced to show the matching Allow rule for messages that are allowed by either a system or user allow rule. The X-PMAS-Allow: header that has always been added to such messages now shows the matching allow rule: X-PMAS-Allow: *@example.com 1-4 New Features and Bug Fixes o If an error occurs when trying to create a quarantine or discard file, the message is forwarded to the recipient. In previous versions of PMAS, the message was forwarded as-is. Such messages are now tagged (i.e, the Subject: line is modified) to show that the message is spam. o The PreciseMail Quarantine GUI has been enhanced to allow sorting using the From: column in the display table. o Chained TLS certificates are now supported by PMAS. o The pmasadmin utility now supports a rename command for renaming records. o A new eval test, check_for_bad_mime(), has been added to allow for testing of MIME messages that do not have valid MIME boundaries. o The PMAS PTSMTP anti-relay plugin (relayplug) has been modified in the following ways: o When checking local addresses, "+" subaddresses are now supported. o Authenticated SMTP connections (connections that authenticate using the ESMTP AUTH command) are now recognized and treated as internal connections (i.e, such connections bypass all of the anti-relay checks). Messages received from authenticated sources now reflect this in the X-PMAS-Internal: and X-PMAS-External: headers. which get a "-Auth" suffix added, making them X-PMAS-Internal-Auth: and X-PMAS-External-Auth: o Percent-hacked and UUCP-style bang (!) recipient addresses are now properly handled by the anti- relay plugin. Previously, such addresses were allowed through. 1-5 New Features and Bug Fixes o The PMAS PTSMTP DNSBL plugin now allows mail sent to "postmaster" and "abuse" from DSNBL-listed clients to adhere to the RFCs. A new PMAS configuration variable, PTSMTP_DNSBL_ALLOW_POSTMASTER, can be used to disable this feature. o The PreciseMail Quarantine CGI script now removes spurious carriage-return characters in From: addresses. Messages containing such headers previously caused errors in the Javascript used by the quarantine display, resulting in a blank table. o A debug line in the PMAS PMDF channel master program would result in access violations when processing messages with very long headers when debugging was turned on. This problem has been corrected. o The system quarantine threshold is now used when a user quarantine rule matches and the user's preferences specify that the system threshold should be applied. Previously, the user threshold was always used, resulting in a threshold of 0 for all such cases. o The run_nightly.sh script for UNIX systems has been modified to allow for directory mtime updates caused by deleting quarantine messages. Previously, empty directories were sometimes left behind longer than they should have been. o The run_nightly.sh script for UNIX systems has been modified to use -follow when looking for quarantine and discard files. Previously, symlink directories were not supported. o The PMAS milter program for UNIX systems has been modified to correct a segmentation fault that occurred when processing messages that had lines longer than 1,024 characters. o A problem detecting Daylight Savings Time when creating Date: headers for SMTP messages generated on UNIX systems has been corrected. 1-6 New Features and Bug Fixes o The "rule" rules did not properly support the ENVELOPE_TO_ALIAS (an access violation resulted when such rules were executed). This problem has been corrected. o The ClamAV engine shipped with PMAS PTSMTP for UNIX has been upgraded to version 0.90.1. __________________________________________________________________ 1.3 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V2.4-2 o The PreciseMail email-based processor did not preserve rule rules in user allow/block lists when allow and block entries were added or removed using the email interface. This problem has been corrected. o Memory optimizations made in the handling of PMAS alias files for PMAS V2.4 on OpenVMS resulted in extra processing time, which caused unacceptable slowdowns for sites with many thousands of PMAS aliases. The pre-V2.4 processing algorithm is now used for everything except the PMAS_COMPILE image, which benefits from the memory optimizations versus processing time. o Under certain conditions, Javascript errors were reported when using the preferences page in the PMAS GUI. These problems have been corrected. o The PMAS_START.COM procedure has been updated to correct a problem with the automatic generation of configuration files when TLS is enabled for the PMAS PTSMTP proxy server. o SMTP pipelining caused problems for sites using only the Sophos plugin for the PMAS PTSMTP proxy server (and not the PMAS plugin). The SOPHPLUG image has been modified to disable pipelining, just as PMASPLUG always has. 1-7 New Features and Bug Fixes o When adding allow or block entries via the PMAS GUI, addresses containing an equal sign were rejected as being invalid. The Javascript code for these pages has been modified to allow an equal sign in addresses. o Internet Explorer did not properly handle the popup windows created by PMAS logins to multiple systems. The Javascript handling the popup windows has been modified to work around the Internet Explorer problem. (Firefox and Opera did not exhibit the problem; the fix works for all browsers.) o The login failure page for the PMAS GUI did not include a full path reference to the stylesheet used by the page. This problem has been corrected. __________________________________________________________________ 1.4 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V2.4-1 o Some browsers send unexpected binary characters when saving allow, block, and rule lists via the GUI. The PMAS CGI scripts have been modified to ignore those characters. o (UNIX only) The PMAS images have been modified to use a lowercase domain name when looking up the "$default$" user database records. The behavior now matches the behavior on OpenVMS. o When modifying rule lists via the GUI, backslashes in regular expressions would "disappear" in the browser display. This problem has been corrected. o When adding a reject rule, the SMTP status text wasn't saved properly. This problem has been corrected. o (OpenVMS only) PMAS_START.COM was modified to properly create the plugins file for the anti-relay plugin support. 1-8 New Features and Bug Fixes o The PMAS CGI scripts were modified to work around a CSWS (Apache) V2.1 problem on OpenVMS by adding a secondary linefeed to redirect replies. o (OpenVMS only) allow_from rules containing wildcards were effectively ignored when the compiled rules global section was in use. This problem has been corrected. __________________________________________________________________ 1.5 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V2.4 o New user-defined rules are supported to grant users more control over allowing, blocking, and quarantining messages. See the PreciseMail Anti-Spam Gateway Management Guide for details. o The PMAS PTSMTP Proxy SMTP Server no longer complains about TLS not being configured. It previously generated OPCOM warnings, even if you didn't intend to run TLS. o The PMAS PTSMTP Proxy Server now supports RHSBL (Right-Hand Side blacklisting). See the PreciseMail Anti-Spam Gateway Management Guide for details. o The PMAS rule file can now be "compiled" into a global section on OpenVMS. The compiled rules load significantly faster than the uncompiled rules, which will result in better message throughput for the PMAS PMDF channel. A new image, PMAS_EXE:PMAS_COMPILE.EXE, creates the global section, named PMAS_DATA:PMAS_COMPILED_ DATA.DAT, from the various .CF files in PMAS_ DATA:. The autoupdate batch job has been modified to automatically compile the rules whenever new rules are downloaded. The PMAS_DATA:ALIASES.TXT file is also included in the compiled data global section. 1-9 New Features and Bug Fixes o PMAS rule file lines can now be continued by ending a line with the backslash character "\". Leading whitespace on the continuation line is not ignored, so caution should be used when continuing a line in the middle of a regular expression. o Users can now opt to not receive positive-results email acknowledgements from the PreciseMail email- based processor. o The PMAS web-based GUI interface has been updated. o The system-wide allow/block lists can now be managed via the web-based system administrator's GUI. o Users can now choose to have web-based popup windows for various actions performed from the Quarantine View web page. If enabled, small popups are displayed when releasing messages, adding senders to the allow and block lists, and forwarding messages to the administrator. The use of popups preserves the quarantine view in the main window, instead of requiring that the user go back a page to return to the quarantine view. o Clicking on a link to leave the allowlist or blocklist page now results in a check for changes and a prompt to save the changes before going to the new page. Previously, any changes made were lost if the user did not explicitly save them before leaving the page. o The 5-second delay pages when logging in and logging out have been removed. o When deleting messages from the quarantine view, the quarantine view is now simply refreshed instead of going to a page that tells how many messages were deleted. 1-10 New Features and Bug Fixes o The user preferences page has been redesigned to make it easier for users to change their preferences. o A preferences page for the PMAS_ADMIN account that controls the quarantine view when viewing the quarantine for all users has been added. o The allowlist and blocklist entries can now be sorted by domain or by username, making it easier to manage the lists. o Addresses entered into an allow or block list are now more thoroughly checked for syntax errors. o The allowlist and blocklist pages now allow for an optional description to be added for each list entry, making it easier to manage the lists. When adding an address to your allowlist after releasing a message from the quarantine, the personal name from the From: header is now added as the optional description. o When entering a search string on the quarantine view page, you can now also choose which date to search without having to load that day's messages first. o Any errors that occur when releasing messages are now displayed. Previously, errors were shown only in the debug log files. o When messages are fowarded to the administrator from the pmas_admin account, the ADMIN_EMAIL_ ADDRESS address is now used as the envelope From: address. o When errors occur releasing messages, the error messages are now displayed in the GUI. o When adding addresses to allow lists after a release, the personal name from the email is now stored as a description for the address. 1-11 New Features and Bug Fixes o When authenticating against POP3 and IMAP4 servers, "/virtual" can be specified after the server host name to indicate that the server provides virtual domain support and that the entire email address should be used for authentication instead of just the username portion of the address. o The PMAS startup now correctly creates the necessary TLS configuration files for STARTTLS support in the PMAS PTSMTP Proxy SMTP Server. Previous versions of PMAS allowed TLS support, but only via a designated TLS port. The following new configuration variables have been added: PTSMTP_ENABLE_STARTTLS, PTSMTP_TLS_ PUBLIC_CERT, and PTSMTP_TLS_PRIVATE_CERT. o The following new configuration variables have been added: o GATHER_STATS - Specifies whether or not the PreciseMail Stats batch job should be run every hour. o PTSMTP_BASE_PRIORITY - Specifies the base priority for the PTSMTP Controller process. o AUTOUPDATE_TIMES - Specifies times the PMAS AutoUpdate batch job should be run, if you don't want it to run hourly. o The PMAS quarantine notification job now converts 8-bit characters to "." in the message body to avoid problems with character-cell displays. o The PMAS quarantine notice email message can now be completely customized, including specifying the layout of the message rows. Several new variables are supported now to make the customization as flexible as possible. 1-12 New Features and Bug Fixes o The reloading of Sophos data files by the PMAS PTSMTP proxy SMTP server worker processes is now staggered, reducing the performance and I/O load on the system after an update is downloaded. Previously, it was possible for all the worker processes to reload the data files at the same time, resulting in a severe performance hit for the system. o The PMAS filtering engine now ignores invalid quoted-printable encoding when processing message body parts. In previous versions, an invalid encoding resulted in that body part being ignored in all of the rule tests. o The Dynamic URI filtering code now ignores "cid:" URIs. o A new feature for dynamically testing URI reputations has been added to PMAS. Like the Dynamic URI filtering, the URI Reputation filter calls out to a Process Software system to consult a database to determine the URI reputation. PreciseMail proactively analyzes websites for pornographic, phishing, and drug content. The results of the analysis are used for URI reputation filtering. By comparison, Dynamic URI filtering only consults a few URI blacklists. o User action reports are now available. These web- based reports provide information on the number of users performing specific actions such as user GUI logins, quarantine views, allow/block list updates, releasing messages, previewing messages, deleting messages, etc. These reports give administrators information on how PreciseMail is being used by their organization. o The PMAS reports web pages now display statistics for DNSBL-rejected messages. 1-13 New Features and Bug Fixes o PreciseMail Anti-Spam Gateway SMTP proxy integrates with Clam AntiVirus on UNIX platforms. Clam AntiVirus is an open source anti-virus filter which includes a flexible and scalable multi-threaded daemon. For more information about Clam AntiVirus, go to http://www.clamav.net/. o A programmable interface to the PMAS user database is now available. See the PreciseMail Anti-Spam Gateway Programming Guide for more information. o The DNSBL plugin has been modified so that multiple DNSBL rules for a particular DSNBL server do not result in multiple DNS calls to that server for a single connection. o The PMAS_START.COM procedure has been modified to correctly create the PTSMTP plugin configuration file when the DNSBL file is created or updated. o PMAS Reports web page now includes DNSBL-rejected statistics o The PMAS user database API has been added to the VMS kits. Example files can be found in PMAS_ ROOT:[DOC.API.USERDB] on VMS. o The following configuration variables have been created to specify timeouts for various connection attempts: o VMF_CONNECT_TIMEOUT - Connect timeout for VMF queries o DYN_URI_CONNECT_TIMEOUT - Connect timeout for dynamic URI queries o REP_URI_CONNECT_TIMEOUT - Connect timeout for reputation URI queries o UPDATES_CONNECT_TIMEOUT - Connect timeout for PMAS rule updates o POP3_CONNECT_TIMEOUT - Connect timeout for POP3 authorization queries 1-14 New Features and Bug Fixes o IMAP4_CONNECT_TIMEOUT - Connect timeout for IMAP4 authorization queries They all default to 30.0 seconds, except for UPDATES_CONNECT_TIMEOUT, which has a default value of 120.0 seconds. Support for all of these variables has been added to the PMAS admin GUI pages. o The quarantine and discard CGI programs now remove any bogus carriage-return characters in the From:, To:, or Subject:. Previously, an embedded carriage- return resulted in a Javascript error when trying to view the quarantine or discard. o The RFC822 address parser has been modified to ignore any extraneous carriage-control characters. o For VMS, the rule update procedure now includes any PMAS_COMPILE error in the update status report mailed to the administrator. o For sites using source-route addressing, the source routes are now removed for VMF queries. o The PMAS admin GUI now includes support for the GUI_ DELETE_UPON_RELEASE variable. o A new configuration variable, GUI_RENAME_UPON_ DELETE, has been created. If defined as "yes", files deleted using the PMAS GUI are not actually deleted, but are instead renamed to a "_delete" extension. They no longer show up in the quarantine or discard display, but the files themselves are still physically present on the system and are visible to the administrator by selecting "Show deleted messages" on the quarantine and discard pages. This allows administrators to recover quarantined messages accidentally deleted by users. The PMAS admin GUI also supports this new variable. 1-15 New Features and Bug Fixes o The interactive PMAS.EXE image on VMS now inhibits the displaying of the final status message. PMAS exits with a status code indicating the final outcome of the message (forwarded, quarantined, etc.). Some of the status codes correspond to VMS access violation errors, which caused DCL to display a false access violation error message. The messages are supressed now, though the final $STATUS variable still reflects values from 1 through 12. o The DNSBL plugin for the PMAS PTSMTP proxy server now temporarily caches DNSBL responses to prevent unnecessary multiple DNS queries. o The default value for DISCARD_THREWHOLD has been raised to 50.0. __________________________________________________________________ 1.6 New Features and Bug fixes in PreciseMail Anti-Spam Gateway V2.3 o LDAP- and disk-backed groups of users are now supported. This feature allows sites to set group- based PMAS preferences and threshold settings. o The PMAS reports now list messages for users who have opted out of PMAS scanning separately. Previously, such messages were grouped with "forwarded" messages. o LDAP-over-TLS is supported by the user authentication module. o The REBUILD_INDEX utility has been updated to work with the current quarantine index file. o Dynamic URI filtering is supported. If enabled, the PMAS filtering engine will query a Process Software server for each URI in a message's body. URIs known by the server to be spam-related can be scored as such. See the PreciseMail Anti-Spam Gateway Management Guide for details. 1-16 New Features and Bug Fixes o A new command-line utility, PMASADMIN, allows system administrators to perform several user and group management functions from the command line. If you run PMASADMIN without any arguments, a help message with all available commands will be displayed. o The PMAS_DELDIR program, which is used to delete old discard and quarantine files, now ensures that the file protections will allow for deletion, whether or not BYPASS is enabled for the account that runs RUN_NIGHTLY.COM. o A problem in the PMAS engine's handling of the HTML SPAN tag has been corrected. o PMAS now allows system adminstrators to view discarded messages from the PMAS admin GUI web interface, as well as the quarantine and discard for all users at one time. Index files are now maintined for discarded messages, in addition to the quarantined message index. PMAS system administrators can choose to make discarded messages visible to users via the PMAS GUI. If the configuration variable GUI_ALLOW_ DISCARD_VIEW is set to "yes", a new link to the discard view will be displayed on the quarantine view page for users. The RUN_NIGHTLY.COM and RUN_NOTIFY.COM command procedures have been updated to manage the discard index files, if they exist. o The quarantine and discard view pages of the PMAS GUI have been redesigned for easier reading. o The PMAS version, system name, and current date and time are now displayed on all the PMAS GUI pages. The exception is the main INDEX.HTML file, as that is a static file. 1-17 New Features and Bug Fixes o A search capability has been added to the PMAS GUI quarantine and discard view pages. Quarantined and discarded messages can be searched via the From: and Subject: headers, allowing users to quickly locate particular messages in a large quarantine or discard. o When a user releases a message from the quarantine or discard, a list of sending addresses is presented for possible addition to the user's allowlist. That list of addresses now includes a wildcarded version of each address, allowing the user to easily allow all messages from a particular domain. o If duplicate addresses are checked for the allow list on the message release page, only one instance is actually added to the allow list now. o The PMAS administrator GUI now offers the ability to peruse the quarantine and discard for all users at once. o The HTML portion of quarantine notification messages now includes links to release each message, in addition to the link to view the message. The message release link does not require that users be logged into the PMAS GUI to effect the release, saving users from that extra step. o The program that generates the hourly statistics reports now properly ignores messages for which no rules are triggered (allowlisted, blocklisted, opted-out) when generating the rule hits data. In prior versions of PMAS, opted-out messages were counted, resulting in an entry in the CSV file with no rule name, but with a rule count. o A new variable is now available for the tagging of messages. The text sequence "%SCOREINT%" can be used to include only the integer portion of a score in the modified Subject: header. 1-18 New Features and Bug Fixes o The PMAS installation procedure now automatically runs the PMAS_UPDATE program to automatically download the current PMAS and Sophos rule sets, as needed and desired. o The PMAS CGI scripts produced an HTTP redirect header that wasn't completely compliant with the HTTP protocol. This was only known to cause a problem with old versions of WASD, but the scripts have been modified to produce the proper redirect header. 1-19 _______________________________________________________ 2 Known Bugs and Restrictions This chapter describes the known bugs and restrictions of PreciseMail Anti-Spam Gateway V3.0. There are no known bugs or restrictions at this time. 2-1