![](../images/logo.gif)
![](../images/nav_blank.gif)
Mercury/32 v4.01a (December 2003)
V4.0, while a long time coming, includes some of the
most powerful improvements we have ever made to Mercury,
and creates a significant roadmap for future versions. In
particular, the MercuryB web server protocol module heralds
the arrival of web-based management and services for Mercury,
and the inclusion of SSL support improves security dramatically.
- MercuryB HTTP server: this new protocol module
implements the HTTP protocol for web-based access using
a loadable service module approach to provide services.
MercuryB is not intended as a general-purpose web server
- it is specifically targeted at tasks specific to Mercury,
such as mailing list subscription management (included
in this release), remote administration and web mail
(in development).
- SSL/TLS support The MercuryS (SMTP
server), MercuryP (POP3 server) and MercuryI (IMAP4
server) protocol modules now have comprehensive, easy-to-enable
support for the SSL secure sockets protocol.
- Web-based mailing list subscription management
Using the new MercuryB HTTP server, mailing list
subscribers can now manage their list subscriptions
over the web. Subscribing, unsubscribing and managing
subscriptions is now as easy as using a web browser
and filling in some simple forms.
- Heavily improved spam filtering The
content control engine in Mercury/32 v4.0 has been heavily
enhanced with new tests and a new default rule set that
catches vastly more spam. We are also currently developing
auto-update mechanisms that will allow spam rule sets
to be updated automatically, allowing faster response
to new types of spam as it arises. The content control
engine now also has more options for adding headers
to messages and can generate diagnostic headers indicating
which rules contributed to the calculated weight for
the message. Mercury's autoreply engine has also been
changed so that any message getting a positive content
control weight will not receive an autoreply: this prevents
the server from sending autoreplies in the majority
of cases.
- Improved HTML and encoding handling in Content
Control Mercury's content control engine has
been retrofitted with improvements made in Pegasus Mail
v4.12, and now only checks textual components of messages.
When doing so, it now correctly applies BASE64 and Quoted-printable
decoding before applying its tests, and strips HTML
tags from HTML content (leaving only A, IMG and base
tags for later testing). Content control now has explicit
tests that check for lazy HTML (IMG tags with remote
references), IFRAME tags, and excessive numbers of comments.
The regular expression engine has also been extended
with a number of powerful new tests.
- Attachment filtering Mercury's general-purpose
filtering rule engine has been enhanced with the ability
to filter attachments within messages. Attachment filters
can work on the filename or extension of the attachment,
and can delete attachments from messages if required.
The filtering engine now also has an action that can
add a header of your choosing to any message as it is
processed.
- VERP support in mailing lists VERP
(variable envelope return processing) allows near-total
automation of error processing in mailing lists. Mercury/32
now includes three modes for handling mailing list errors,
two of which use VERP. For larger lists, VERP can substantially
reduce the amount of effort required to keep subscriber
lists up-to-date.
- Subscription passwords You can now
specify that a password be required for subscription
to a mailing list - this eliminates casual or unwanted
subscriptions to mailing lists and reduces moderator
workloads.
- MercuryI IMAP Server improvements The
IMAP4 server has been heavily overhauled and is now
much more robust than in previous versions. Sites using
stateless clients (such as webmail packages like Twig
or IMP) should notice performance improvements as well.
- Transaction-level filtering in MercuryS The
MercuryS SMTP server now supports filtering at the transaction
level - you can apply expressions to the SMTP EHLO command
and to the data of the message as it is actually received.
This is an incredibly powerful feature, particularly
for dealing with address harvesters and spammers who
attempt to relay via your server.
- Short-term blacklisting MercuryS now
supports the idea of short-term blacklisting, where
clients that breach too many compliance conditions or
match specific transaction-level filters can be blocked
from connecting to the server for a period of 30 minutes.
This is a powerful way of dealing with zombie systems
(computers that have been taken over by hackers or spammers)
and of protecting against denial-of-service attacks.
- Connection control overhauled The ability
of the Mercury server modules to control which machines
can connect to them based on IP address has been totally
overhauled. It is now possible to specify arbitrary
address ranges to which restrictions can be applied,
and each restriction can have specific attributes enabled
or disabled (so, for instance, you could create an "Allow"
entry that permitted a system to relay mail through
MercuryS but which was not exempt from transaction-level
filtering).
- Improved console output The various
Mercury server protocol modules now produce much more
detailed information on the console and in the log files
to show why particular actions occurred.
- Progressive backoff in delivery You
can now tell Mercury to use a "progressive backoff"
algorithm when calculating retries for mail jobs; this
tells Mercury to start with a relatively short retry
period, then use gradually longer and longer retry periods
the more retries occur. This can dramatically speed
the delivery of mail when one-off transient glitches
occur, and cuts down queue congestion caused by messages
with more significant delivery problems.
Click here
to go to the downloads page, where you can retrieve the
Mercury/32 v4.01 release archive.
[ Page modified 19 Dec 2003 | Content © David Harris
| Design by Technology
Solutions ] |