Mercury/32 v4.52 / Mercury/NLM
v1.49, August 2007
Mercury/32 v4.52 is a security patch release, addressing
a serious weakness in the MercuryS SMTP server (specifically,
a buffer overflow vulnerability in the way the server processes
the AUTH command). All v4.x versions of Mercury earlier
than v4.52 are vulnerable to this exploit, and users should
regard the upgrade to v4.52 as mandatory. V4.52 also fixes
and extends the "Save attachment to file" filtering
rule action (the "Set" button now works correctly,
and you can now specify either a filename or a directory
as the destination for the rule), and corrects a problem
in the IMAP server where attempts to create folders using
characters outside the supported character set might cause
crashes. Please click here to go to the download pages and retrieve
v4.52. A patched version of MercuryS suitable for use in
Mercury v4.01b systems is available
here for sites who do not wish to upgrade to v4.5, but
we strongly urge making the move to v4.5 as soon as possible.
Otherwise, the feature set for v4.52 is the same as for
v4.51, the release information for which is shown below.
Finally, for those sites still running the NLM version
of Mercury, we have produced a patch for the NLM version,
which is available on our patches
Mercury/32 v4.51, June 2007
It's been a long time between drinks... At first blush,
not that much will seem to have changed between v4.01b and
v4.5, but looks, as they say, can be deceiving. A huge amount
of effort has gone into modernizing the internal Mercury
code, with real emphasis on robustness and reliability.
The most significant changes in this version are the following
(if you don't want to read through this feature list, you
can simply click here to go to the downloads page and download the v4.51 installer):
- Queue overhaul The
Mercury queueing mechanism (the part of the program
responsible for managing the queue of incoming and outgoing
mail) has been totally overhauled. The new version is
anything up to 100 times faster at traversing the queue,
which can have a really significant impact for sites
that handle large quantities of mail. The visible face
of this overhaul is the new queue indicators in the
core module window - these show the number of incoming
and outgoing jobs in the queue at any time, and give
you a general idea of the status of the queue in real
- Memory management overhaul
Far and away the biggest, yet least visible change
in v4.5 is the way it handles memory allocation internally.
Previous versions of Mercury have had memory leak issues
to varying levels, some of which have been very hard
to track down: the new memory allocation architecture
in v4.5 has made memory leaks both much less likely
and trivially easy to locate and fix.
- Public folder delivery
Mercury can now deliver directly into Pegasus
Mail public folders, making this feature extremely powerful.
Public folder delivery is handled by a new type of alias,
and is easy to set up. Click here for more information.
- Disclaimer and text insertion
rules An oft-requested feature for Mercury
is the ability to add disclaimer text to outgoing messages
- v4.5 can do this and more using a new filtering rule
action (meaning that you can insert text into both incoming
and outgoing messages, and you can do so selectively).
The process of inserting text into a mail message is
actually surprisingly complex, but the code in Mercury
is quite smart about it, handling all the most commonly-encountered
situations. Click here for more information.
- Filtering rules for outgoing
mail only You can now create filtering
rules that are only applied to messages being sent outwards
from the system. Primarily added in support of the new
disclaimer addition rule (see above), this also allows
you to fine-tune mail leaving your system.
- MercuryI IMAP server improvements
The MercuryI IMAP server has been heavily overhauled
to make it more robust and reliable. It now supports
the IMAP AUTHENTICATE command and the use of a wide
range of international characters in folder names (using
the IMAP "modified UTF-7" encoding scheme).
Performance should also be noticeably faster for many
sites, especially those using IMAP-based web mail front
ends such as SquirrelMail.
- SSL support in MercuryD and
MercuryC The MercuryD POP3 client and MercuryC
relaying SMTP client both now support SSL connections.
- Mercury Loader improved
We don't think Mercury/32 v4.5 will crash (of
course we have to say that)... But if it does, the loader
process that monitors it is now much smarter: it keeps
a log of restarts and is able to quarantine the Mercury
queue if it determines that a job with some error we
have not anticipated is causing repeated crashes. This
eliminates system down-time and reduces the likelihood
of any loss of mail due to queue errors to vanishingly
- Delivery Status Notifications
Mercury can now be instructed to send periodic
status messages to message senders when their mail is
delayed in the queue for whatever reason.
- Delivery failure reporting
improvements The MercuryC and MercuryE
SMTP modules now generate considerably better error
reports when problems are encountered during mail delivery.
- Mailing list editor improvements
The Mercury mailing list editor has been heavily
improved to make it more reliable when used on heavily
loaded systems. Some sites that previously reported
periodic crashes when trying to edit lists in the Mercury
GUI should now find these problems have gone. There
are also new options to create new lists using an existing
one as a template, and to adjust the order of moderators
in a list.
- Content Control editor revised
The Mercury Content Control editor can now handle
rule sets of any size, and supports multi-level undo,
find and replace and other standard text editing operations.
- SpamHalter, ClamWall and GreyWall included
Lukas Gebauer's proven SpamWall Bayesian Spam
Filtering technology has been renamed SpamHalter, and
is now included as a standard part of the Mercury distribution,
as is his ClamWall anti-virus filter interface and his
new GreyWall greylisting plugin. We encourage you to
support Lukas with donations at his web site if you
use these superb Mercury plugins.
- MercuryS deferred HELO processing
Many sites may wish to use Mercury's market-leading
SMTP transaction filtering capabilities to weed out
unwanted connections, but still allow users with no
choice of host to access the server. To do this, MercuryS
now allows you to apply filtering to SMTP HELO/EHLO
commands but defer the action until later: if the user
subsequently issues a successful AUTH command before
the action is taken, it is cancelled and the user is
allowed normal access.
- Many changes to Daemon processing
Mercury's Daemon (plugin) interface has been heavily
extended with a wide range of new capabilities.
What's NOT in this version
For a long time now, I have been saying that incorporating
a native webmail interface into Mercury is my highest priority,
and this is still true. Unfortunately, the process has proven
to be much less simple than I thought (and I was not being
over-optimistic). The problem is not the mail management,
but the HTML: designing a usable, attractive HTML-based
interface that will work with a wide range of browsers is
staggeringly complicated, and frankly, it's beyond the scope
of my personal skill set at this point.
Although I still intend in the strongest terms to have
a fully-integrated native webmail facility in Mercury/32,
it's clear that I'm going to need assistance from others
to produce it. In the short term, we will be concentrating
on putting together either installer packages or how-to
guides for one or more of the most commonly-used IMAP-based
webmail interfaces that are known to work well with Mercury
- please watch our web site, http://www.pmail.com and our
online knowledgebase, http://kbase.pmail.gen.nz for announcements
of availability on these packages.
Last year, one of my longest-standing testers and greatest
supporters passed away after a tragic illness. Mercury/32
v4.5 is dedicated with love and sorrow to the memory of
Merton Nickerson, a good friend, who is greatly missed.
Click here to go to the downloads page and download the v4.5x installer.
[ Page modified 13 May
2008 | Content © David Harris
| Design by Technology