N-able SpamExperts

This month, as well as the usual bundle of bug fixes and minor improvements, we’ve added the possibility to block the potential unwanted attachments separately for delivery and submission flows and we’ve created Hosted Cloud regional SPF hostnames.

Over the next three weeks we will be enabling a set of changes that all API / HTTP requests will be redirected to HTTPS.
The custom integrations using APIs should make sure that follows redirects.
The recommendation is to update according to the information from Integrations Update, 2022 Q4:
https://blog.spamexperts.com/2022/10/19/integrations-update-2022-q4

We’ve updated all of our control panel integrations to work with the latest upstream versions – cPanel, Plesk, DirectAdmin, WHMCS, and Zimbra.

This month, as well as the usual bundle of bug fixes and minor improvements, we’ve made it possible to include shared mailboxes in “all mailbox” Email Scout Reports (ESRs) and made the timestamp filter in ESRs far less confusing.

In 2014, we introduced an app for Android and iOS that allowed email users to do basic quarantine management (e.g. view quarantined messages and release them). Over the last few years, app usage has significantly decreased, and the indications are that the apps are not providing much value to partners or users.

The Android app was quietly retired a while ago, when Google deployed some changes to the Play Store. The iOS app stopped working a few weeks ago when we introduced some new security improvements.

We have decided to discontinue the app. The iOS app will be removed from the App Store soon – while it will still be available on iPhones that already have the app, we will not be fixing the issue recently introduced, so it should be removed, and the normal control panel interface used instead.

At this time, we do not have plans to develop a new Android, iOS, or iPadOS app. If you have opinions about this, we’d love to hear from you – please reach out to your account manager.

Note that the app is (and always has been) open-source. You’re welcome to update the app yourself if you’d like to have a custom one. Note that this will at minimum require changing the authentication mechanism, and the way that messages are accessed (to either our newer API, or directly via IMAP).

There are three upcoming changes that you should be aware of, and may require you to update your servers and/or integrations.

SMTP AUTH must use TLS (Outgoing Filter, HC & LC)

In May, we will start requiring all SMTP AUTH connections (ie. the outgoing filter where you use a username and password, rather than authorising all connections from an IP) to use TLS. This applies to both SpamExperts Hosted Cloud and SpamExperts Local Cloud. Using TLS ensures that anyone that has access to your network traffic is unable to read the SMTP AUTH credentials. If you are not already using TLS, please make that change as soon as possible.

Removing support for HTTP, adding HTTP Redirect (Control Panel & API HC & LC)

Later this year, we will be removing support for accessing both the control panel and the APIs using plain (unencrypted) HTTP. All HTTP requests will respond with a standard “301” redirect response to the HTTPS version. If you are not already using HTTPS requests, we recommend that you change to do so as soon as possible. While most software will automatically follow redirects, you may need to take particular care with any custom API integrations you have created.

We will provide specific dates for when this change will go live closer to the time, but we strongly recommend changing to only use HTTPS as soon as you can.

Hosted Cloud IP Change (LDAP Sync & Authorisation, Continuity)

The IP addresses used to do LDAP authorisation, LDAP syncing, and send messages through the “Continuity” feature of the app has changed. The new IP addresses are 130.117.251.9 and 2001:978:2:6::20:10 – login.antispamcloud.com (and similar names) resolve to these new addresses, but if you have the IP addresses in your firewall, you will need to replace the old addresses (95.211.160.147 and 2001:1af8:4500:a034:101::2) with the new ones.

This change is effective as of Sunday the 17th of April 2022. We apologise that we missed informing you of this change in advance.