Mercury/32 v4.52 Released

Mercury/32 v4.52 / Mercury/NLM v1.49, August 2007

Mercury/32 v4.52 is a security patch release, addressing a serious weakness in the MercuryS SMTP server (specifically, a buffer overflow vulnerability in the way the server processes the AUTH command). All v4.x versions of Mercury earlier than v4.52 are vulnerable to this exploit, and users should regard the upgrade to v4.52 as mandatory. V4.52 also fixes and extends the "Save attachment to file" filtering rule action (the "Set" button now works correctly, and you can now specify either a filename or a directory as the destination for the rule), and corrects a problem in the IMAP server where attempts to create folders using characters outside the supported character set might cause crashes. Please click here to go to the download pages and retrieve v4.52. A patched version of MercuryS suitable for use in Mercury v4.01b systems is available here for sites who do not wish to upgrade to v4.5, but we strongly urge making the move to v4.5 as soon as possible. Otherwise, the feature set for v4.52 is the same as for v4.51, the release information for which is shown below.

Finally, for those sites still running the NLM version of Mercury, we have produced a patch for the NLM version, which is available on our patches page.

Mercury/32 v4.51, June 2007

It's been a long time between drinks... At first blush, not that much will seem to have changed between v4.01b and v4.5, but looks, as they say, can be deceiving. A huge amount of effort has gone into modernizing the internal Mercury code, with real emphasis on robustness and reliability. The most significant changes in this version are the following (if you don't want to read through this feature list, you can simply click here to go to the downloads page and download the v4.51 installer):

  • Queue overhaul  The Mercury queueing mechanism (the part of the program responsible for managing the queue of incoming and outgoing mail) has been totally overhauled. The new version is anything up to 100 times faster at traversing the queue, which can have a really significant impact for sites that handle large quantities of mail. The visible face of this overhaul is the new queue indicators in the core module window - these show the number of incoming and outgoing jobs in the queue at any time, and give you a general idea of the status of the queue in real time.
  • Memory management overhaul  Far and away the biggest, yet least visible change in v4.5 is the way it handles memory allocation internally. Previous versions of Mercury have had memory leak issues to varying levels, some of which have been very hard to track down: the new memory allocation architecture in v4.5 has made memory leaks both much less likely and trivially easy to locate and fix.
  • Public folder delivery  Mercury can now deliver directly into Pegasus Mail public folders, making this feature extremely powerful. Public folder delivery is handled by a new type of alias, and is easy to set up. Click here for more information.
  • Disclaimer and text insertion rules  An oft-requested feature for Mercury is the ability to add disclaimer text to outgoing messages - v4.5 can do this and more using a new filtering rule action (meaning that you can insert text into both incoming and outgoing messages, and you can do so selectively). The process of inserting text into a mail message is actually surprisingly complex, but the code in Mercury is quite smart about it, handling all the most commonly-encountered situations. Click here for more information.
  • Filtering rules for outgoing mail only  You can now create filtering rules that are only applied to messages being sent outwards from the system. Primarily added in support of the new disclaimer addition rule (see above), this also allows you to fine-tune mail leaving your system.
  • MercuryI IMAP server improvements  The MercuryI IMAP server has been heavily overhauled to make it more robust and reliable. It now supports the IMAP AUTHENTICATE command and the use of a wide range of international characters in folder names (using the IMAP "modified UTF-7" encoding scheme). Performance should also be noticeably faster for many sites, especially those using IMAP-based web mail front ends such as SquirrelMail.
  • SSL support in MercuryD and MercuryC  The MercuryD POP3 client and MercuryC relaying SMTP client both now support SSL connections.
  • Mercury Loader improved  We don't think Mercury/32 v4.5 will crash (of course we have to say that)... But if it does, the loader process that monitors it is now much smarter: it keeps a log of restarts and is able to quarantine the Mercury queue if it determines that a job with some error we have not anticipated is causing repeated crashes. This eliminates system down-time and reduces the likelihood of any loss of mail due to queue errors to vanishingly small levels.
  • Delivery Status Notifications  Mercury can now be instructed to send periodic status messages to message senders when their mail is delayed in the queue for whatever reason.
  • Delivery failure reporting improvements  The MercuryC and MercuryE SMTP modules now generate considerably better error reports when problems are encountered during mail delivery.
  • Mailing list editor improvements  The Mercury mailing list editor has been heavily improved to make it more reliable when used on heavily loaded systems. Some sites that previously reported periodic crashes when trying to edit lists in the Mercury GUI should now find these problems have gone. There are also new options to create new lists using an existing one as a template, and to adjust the order of moderators in a list.
  • Content Control editor revised  The Mercury Content Control editor can now handle rule sets of any size, and supports multi-level undo, find and replace and other standard text editing operations.
  • SpamHalter, ClamWall and GreyWall included  Lukas Gebauer's proven SpamWall Bayesian Spam Filtering technology has been renamed SpamHalter, and is now included as a standard part of the Mercury distribution, as is his ClamWall anti-virus filter interface and his new GreyWall greylisting plugin. We encourage you to support Lukas with donations at his web site if you use these superb Mercury plugins.
  • MercuryS deferred HELO processing  Many sites may wish to use Mercury's market-leading SMTP transaction filtering capabilities to weed out unwanted connections, but still allow users with no choice of host to access the server. To do this, MercuryS now allows you to apply filtering to SMTP HELO/EHLO commands but defer the action until later: if the user subsequently issues a successful AUTH command before the action is taken, it is cancelled and the user is allowed normal access.
  • Many changes to Daemon processing  Mercury's Daemon (plugin) interface has been heavily extended with a wide range of new capabilities.

What's NOT in this version

For a long time now, I have been saying that incorporating a native webmail interface into Mercury is my highest priority, and this is still true. Unfortunately, the process has proven to be much less simple than I thought (and I was not being over-optimistic). The problem is not the mail management, but the HTML: designing a usable, attractive HTML-based interface that will work with a wide range of browsers is staggeringly complicated, and frankly, it's beyond the scope of my personal skill set at this point.

Although I still intend in the strongest terms to have a fully-integrated native webmail facility in Mercury/32, it's clear that I'm going to need assistance from others to produce it. In the short term, we will be concentrating on putting together either installer packages or how-to guides for one or more of the most commonly-used IMAP-based webmail interfaces that are known to work well with Mercury - please watch our web site, http://www.pmail.com and our online knowledgebase, http://kbase.pmail.gen.nz for announcements of availability on these packages.

Finally...

Last year, one of my longest-standing testers and greatest supporters passed away after a tragic illness. Mercury/32 v4.5 is dedicated with love and sorrow to the memory of Merton Nickerson, a good friend, who is greatly missed.

Click here to go to the downloads page and download the v4.5x installer.


[ Page modified 13 May 2008 | Content David Harris  | Design by Technology Solutions ]