Summer is already here and we have been up to quite a bit over the last few months. In this blog post, we highlight the most important updates from Q2 2017. For a comprehensive list of new features and improvements, please visit the changelog in our knowledgebase.
Outgoing Filtering Service
Central page for locking & unlocking users and accounts
A common problem when filtering multiple users or hosting accounts via an outgoing smarthost user account, is that a single user can potentially break the email for other users when it is sending out spam or viruses. To solve this, SpamExperts has an “identity feature”, allowing you to configure our system to recognize the different sending entities which are sharing the same outgoing account. When outgoing spam or viruses are detected, rather than locking the entire outgoing account affecting all users, you can (automatically) lock the spamming identity only, whilst leaving the clean users unaffected.
We have added a new control panel page that allows super-admins, admins, and domain-level access users to manage their outgoing users and “identities”. A link to this new page is available in the dashboard and sidebar in the outgoing filtering section.
It allows you to see a list of all users who have been identified via the identification method configured on the “outgoing users” page. The system allows for user filtering, manually locking or unlocking an identified user, and resetting the number of times the user has been automatically unlocked.
Additionally, admins can still manually lock or unlock users via the log search and outgoing reports pages in the web interface.
Automatic identity locking
We have also added a new option which allows to easily identify outgoing email users (“identities”) by the envelope sender, or looking for a custom header, etc. The automatic locking functionality has been extended so that the “auto locking” system can be used at this identity level as well.
The log search and report pages in the web interface still allow you to manually lock and unlock identities, including unlocking identities that were automatically locked.
Improved export of archived email
Email archiving product users are able to export all messages for a domain within a specified time range. We’ve adjusted the system so that the download is done directly in the browser, rather than via email, to better handle the large size of the export. Users are still able to export selected messages via the log search page as well.
Enhanced web interface filtering features
The number of filtering options has been significantly increased on the IP Blacklist, IP Whitelist, and Brute-force Blacklist pages. You are now able to granularly filter the results by multiple criteria (for example, only whitelisted IPs that have greylisting skipped, or only blacklisted IPs that have “DDoS attempt July 2015” in the reason field). Longer queries can be built as well, if needed (for example, brute force attempts with a count higher than 10, against filtering server mx1.example.com, for user firstname.lastname@example.org).
To narrow down the results, the “new rule” button can add a new condition or the “x” will remove any previously set conditions. The “reset rules” button will revert back to a sensible default for each page, or users can remove all the rules to get every possible match. Users can also change the rules to “match any” rather than “match all” (for example, any whitelisted IP that has “added by Alex” or “added by Sam” or “added by Jo” in the reason field).
Web interface authentication via OAuth
We’ve added a fourth method of authentication to the web interface. In addition to the standard username/password option, the “auth tickets” API, and authentication against an LDAP server, customers are now able to authenticate using OAuth2 and OpenID Connect. OAuth is an open authorisation standard that is used by many websites to securely confirm that a user should have access to a system. OpenID Connect is an authentication layer on top of OAuth2.
OAuth authentication is available for customers with a private or premium private label. In the “Private Label” section in the interface, a new “Auth Settings” page has been created to enable OAuth and to enter the OAuth/OpenID settings (available from the client’s provider).
Improvements to the Email Scout Report
As communicated in our previous updates, we are in the process of replacing our protection report system with a new, more flexible and powerful system named Email Scout Report which will include a lot of other types of information and advanced customization (such as selection of email types, frequency, timing, updated report template, etc).
In addition to the existing “row based” template of the Email Scout Report, we have just added a second “column based” template that is better suited for reports with a larger number of messages and/or a larger number of columns to display.
Deprecating HTTP support
In a couple of months, HTTP support will be deprecated in favor of HTTPS. Because of this, for certain pages in the Control Panel a valid SSL certificate may already be required.
Thank you for reading! Until our next quarterly technical update, stay safe and spam-free. We invite you to drop us a comment in the section below.