SmarterMail Release Notes

2026

Build 9560 (Mar 5, 2026)

  • Changed: Added error handling with eM Client XMPP server connections.
  • Changed: Added the ability to specify the port number to mach the other gateways for domain forwards.
  • Changed: Copyright text now conforms to other projects.
  • Changed: Gateway settings were refactored and modified for ease of use, understanding, and configuration.
  • Changed: Updated Froala to version 5.0.0.
  • Fixed: "From address must match authenticated address" when sender IP in auth bypass.
  • Fixed: [API] Integration APIs for eM Client not working when the account has 2FA enabled.
  • Fixed: [HA] [HUB] An incorrect message is displayed when removing the weight value in RBLs and URIBLs.
  • Fixed: [HA] [HUB] ClusterAdmin Logout of hub improvements to revoke refresh token.
  • Fixed: [HA] [HUB] Spam checks do not display correctly the first time saved and re-opened.
  • Fixed: [HA] Added action to force a node to failover immediately through the Hub.
  • Fixed: [HA] Adding a hub by hostname (instead of IP address) results in targetHub using 127.0.0.1 as its IP.
  • Fixed: [HA] Antispam Greylist Filters shows a blank entry when entering a letter in an IP address.
  • Fixed: [HA] Antispam Spam Checks do not save when values are too large or small.
  • Fixed: [HA] Antispam Spam Checks do not validate the weight with blank rule name.
  • Fixed: [HA] Detaching large domains (50,000+ users) from nodes results in a malformed timeout error toast.
  • Fixed: [HA] Network isolation of a hub could result in having more than one leader.
  • Fixed: [HA] Password resets fail to present password reset form.
  • Fixed: [HA] Suspend and Restore for hubs doesn't always work correctly.
  • Fixed: [HA] Toast notifications display "Action Succeeded" instead of "Success".
  • Fixed: A small memory leak when encrypting/decrypting strings.
  • Fixed: Adding a calendar resource to an appointment doesn't call the appropriate JS method.
  • Fixed: Admin accounts without impersonation rights are logged out when trying to create a new user or alias.
  • Fixed: An issue when converting from Windows to Linux.
  • Fixed: Dismissing a reminder for an appointment in Mac Calendar [EWS] clears the response data for all attendees.
  • Fixed: Entering a space to a new password results in broken error/validation message.
  • Fixed: Force Password Reset errors could hint at a user's existence on a server.
  • Fixed: Message ID is not added for authenticated messages that have no local deliveries.
  • Fixed: Modifying an existing system event action can duplicate it.
  • Fixed: Online Meeting ending time can be off in different time zones.
  • Fixed: Online Meetings between different networks does not always show video or audio.
  • Fixed: OnlyOffice WOPI access tokens occasionally rejected with 401 after an upgrade to Build 9546.
  • Fixed: Outlook on Mac [EWS] is not showing user availability.
  • Fixed: Sent message icon does not go away when an email is moved from Sent Items.
  • Fixed: SmarterMail occasionally attempts to access files on a detached domain.
  • Fixed: Some recipients are listed with the display address of an alias recipient in Outlook [MAPI].
  • Fixed: Turn servers are not functioning in rare circumstances.
  • Fixed: When adding comma-separated values to the IP blacklist from the interface can sometimes duplicate entries.
  • Fixed: When renaming a domain, the service needs to be restarted before the new name is displayed.
  • Fixed: When responding to a message sent from SmarterMail using MAPI, Outlook Mac [EWS] adds “On Behalf Of” in the generated header of the original email.
  • Fixed: When trying to accept a new proposed meeting time, the server can sometimes return a 500 code.
  • Fixed: XMPP over SSL fails on port 5223.
  • Efficiency: [HA] HubConnection more gracefully detects when the connection is closed by the hub.
  • Efficiency: Thread usage during nightly cleanup tasks improved to limit resource usage.
  • Security: Fixed a few obscure authentication bypass, privilege escalation, denial of service, and path traversal issues we found during our security audit.

Build 9546 (Feb 19, 2026)

  • Fixed: An issue with Outlook (IMAP) not properly syncing folders with names containing non-ASCII characters.
  • Fixed: An issue with the legacy SOAP API and obfuscation.

Build 9543 (Feb 16, 2026)

  • Fixed: IMAP clients sending large emails can trigger IDS blocks.
  • Fixed: Sending large emails via IMAP/SMTP clients results in an exception related to command length.

Build 9540 (Feb 13, 2026)

  • IMPORTANT: [SECURITY] Changed how the command-line is utilized across various areas.
  • Added: [HA] Trusted Senders are now synchronized across a split domain.
  • Added: SmarterMail codebase is now obfuscated.
  • Changed: [HA] [HUB] Improved handling of impersonate and manage node errors when pop-ups are blocked by a browser.
  • Fixed: [HA] [HUB] Impersonating from the accounts grid gives a 401 error.
  • Fixed: [HA] [HUB] When logging into a hub you will sometimes see a `Fetch Error` instead of the server health grid details.
  • Fixed: [HA] An issue where certificates can fail to renew for a cluster.
  • Fixed: [HA] An issue with TypeNameHandling.
  • Fixed: An EWS push notification issue.
  • Fixed: An issue where a user is logged out when opening the Reports area.
  • Fixed: An issue where authenticated users could have the server issue an HTTP request to an arbitrary URL.
  • Fixed: An upgrade from SmarterMail 15.x to latest fails to detect existing XML configuration files.
  • Fixed: Certain HTML messages Do not Render Correctly in Webmail.
  • Fixed: Checking 2FA code is not thread safe.
  • Fixed: External document servers (e.g., Collabora) fail to load files in email attachments but work for File Storage files.
  • Fixed: SmarterMail's EXAMINE implementation does not comply with RFCs (IMAP).
  • Fixed: SmarterMail's EXAMINE implementation for IMAP does not comply with RFCs.
  • Fixed: Successfully used 2fa tokens are not always cleared from memory correctly.
  • Fixed: Successfully used 2FA tokens are not always cleared from memory correctly.
  • Fixed: Users can get logged out of webmail intermittently.
  • Fixed: Using TAB to move cursor when composing new message in webmail is off.
  • Security: [HA] Fixed a potential JSON deserialization issue.
  • Security: Added access restrictions to a system with compromised RSA key.
  • Security: API access now follows the user whitelist/blacklist as well as System Administrator IP Restrictions for authentication.
  • Security: Hardened various protocols against complex memory exhaustion issues.
  • Security: Hardened various syncing protocols against complex entity expansion issues.

Build 9526 (Jan 30, 2026)

  • Changed: Revised restrictions for file and folder name validation.
  • Fixed: [API] Users may be able to be impersonated by system administrators who do not have impersonation permissions.
  • Fixed: [HA] Password Reset CAPTCHA now works as expected.
  • Fixed: [HA] Refresh token fails length validation.
  • Fixed: A system administrator's password cannot be reset if they have 2FA enabled.
  • Fixed: Administrative logs indicate a password was successfully reset even when the reset failed.
  • Fixed: Birthdate showing wrong date with UTC +01:00 in Outlook (EAS) on Android.
  • Fixed: Multipart/alternative e-mails not rendering HTML correctly.
  • Fixed: POP Timing Attack on APOP MD5 Hash Comparison.
  • Security: Fixed a BIMI SSRF vulnerability.
  • Security: Fixed a scenario where CAPTCHA might not expire within alloted time.
  • Security: Fixed an issue where EWS can be used to spoof email addresses despite AuthMatch being set to email address.
  • Security: Fixed some API endpoints that had improper security scope
  • Security: Hardened JWT tokens.
  • Security: Hardened password reset tokens.
  • Security: Hardened Simpleauthcontroller.
  • Security: Removed Command Line Action from Routing Rules.
  • Security: Resolved a cross site issue with MAPI requests.

Build 9518 (Jan 22, 2026)

  • IMPORTANT: Critical security fixes. It is strongly recommended that all users update to this release.
  • Changed: Online Meetings need to support Authenticated Users' timezone IDs.
  • Changed: Redesigned the Diagnostics area, making it an actual page for system administrators, and including additional information.
  • Fixed: [HA] Translation error when blacklisting an IDS block.
  • Fixed: Blocked Domains modal has title "Blocked Senders".
  • Fixed: Mailing Lists do not validate the throttling card when adjusting Outbound Throttling.
  • Fixed: Newly created users can generate 'password encrypted is null' errors.

Build 9511 (Jan 15, 2026)

  • IMPORTANT: Critical security fixes.
  • Changed: "Block files without an extension" on Extension Blacklist for Uploads now includes email attachments.
  • Changed: About/checkup page now restricted to authorized (local network) IPs.
  • Changed: Update the "Someone muted you." toast in Online Meetings.
  • Removed: [API] System Admin -> CreatePrimarySystemAdmin.
  • Removed: [API] ValidateRemoteInstances as an API endpoint.
  • Fixed: [HA] Error proxying secure TCP sessions to the nodes.
  • Fixed: [HA] Unable to export whitelists from the security tab.
  • Fixed: Clicking on a task from the Calendar view opens a new task window instead of the task details.
  • Fixed: Creating a scheduled meeting that schedules an Online Meeting shows the Online Meeting start date with the UTC offset.
  • Fixed: It's possible to delete File Storage root folder which breaks File Storage.
  • Fixed: MailService.dll is being flagged as a false positive with VirusTotal.
  • Fixed: The REST API isn't setting a catch-all value when retrieving domain details for gateways.
  • Fixed: When a domain administrator changes a user's password, the administrator's 2FA application passwords are reset instead of the user's.

Build 9504 (Jan 8, 2026)

  • Added: Feature to prevent file uploads with no file extensions.
  • Changed: Added additional default file extensions to the Extension Blacklist for Uploads setting.
  • Changed: Redesigned file uploads across SmarterMail.
  • Changed: Updated and improved API documentation.
  • Fixed: [HA] [HUB] QC cluster failover shows Standby Node twice when activating.
  • Fixed: [HA] [HUB] Routing Rules and Gateways pages don't point to the proper Help pages.
  • Fixed: [HA] [HUB] The 'Notification Interval' values in Hub Notifications configuration area should be plural.
  • Fixed: [HA] ClamAV error message does not display correctly.
  • Fixed: [HA] ClamAV Setting Timeout Seconds does not reach the maximum value before giving an error.
  • Fixed: [HA] Profile image will not appear in the GAL.
  • Fixed: Client-side rules in Outlook are not being applied on message arrival.
  • Fixed: Content filter stores encoded folder names instead of Unicode folder names.
  • Fixed: Disposable Addresses added to Inbox are showing "undefined" for the folder name.
  • Fixed: Disposable Addresses for Drafts, Sent Items, and Scheduled folders don't display any buttons.
  • Fixed: Enable VRFY/EXPN notification text has a misspelling.
  • Fixed: Exception thrown when generating bounce message for specific sender email.
  • Fixed: File Storage URL is not changed with the update of the URL setting under the General option.
  • Fixed: Forwarding or replying to an external message from Outlook (MAPI) doesn't include the sender's email in the header for original message header.
  • Fixed: Image previews do not display properly in webmail chat.
  • Fixed: Importing Spam Settings (spamConfig.json) does not restore all the previous settings.
  • Fixed: MAIL FROM command (SMTP) accepting non-compliant addresses in some cases.
  • Fixed: Message count displays incorrectly when using French language in webmail.
  • Fixed: No validation when exceeding user throttling messages or bandwidth.
  • Fixed: Routing Rules initial selection of "Enable wildcards" fails to save on first save.
  • Fixed: Signatures do not display None or Domain options despite using them.
  • Fixed: Throttling logic is using the wrong settings to determine throttle action.
  • Fixed: Translation Error in File Storage for All Files.
  • Fixed: Turkish character rendering in the Move dialog is broken.
  • Fixed: Webmail isn't setting the correct font when composing a new message.
There are no release notes that match your search criteria.
Download All Release Notes