IOA-IPAD

Version 3.00 Features and Fix List Unveiled!!!

New Features in V3.00

While no software will ever be bug-free, the IOA coding team has attempted to track down and eradicate all issues that have been documented to exist within the IPAD package since the release of V2.52 over two years ago. We have paid special attention to finding and removing memory leaks. Radius performance and stability has been dramatically increased and we have also discovered that due to weaknesses in the radius reporting protocols that accounting will never be 100%. The web manager has also been totally re-written to cover new features as well as speed it up and make it more intuitive to use. To list each and every memory fix, minor issue and "one-in-a-million" crash scenarios we resolved would turn this into a novel.

So, I now present to you a brief summary of the more relevant items contained in IOA-IPAD V.3.00

These function upgrades apply to the 1200, 2500 & 5000 Series IPAD's

• The WHOIS command will now parse the initial response for the "WHOIS Server:" string in a response that delegates to another registrar. If this string is present, it will automatically query that WHOIS server to get the full WHOIS information.
• Changed SYNC_PPP port operation during negotiation. This change causes the port to retry on a downed connection forever, so it will always see when the link comes up (in 2.52, after a few minutes the link would go down and stay down until there was manual intervention).
• To make life better for those in Europe, a European DST rules switch on the IPAD control line. If you do "IPAD -e" in your batch file, then daylight savings time will start on the last Sunday in March rather than the first Sunday in April to follow the European rules.

In addition, the RFC822 date print now properly ADDS an hour to the time offset when the TZ is +nnnn instead of -nnnn so it works right in Europe.

• New SNMP eSoft MIB variable to list the free memory and Lowest Memory in K. This is added as some SNMP managers seem unable to handle large values in the byte-oriented variables. The original variables are left unchanged.
• New selective debug trace command to track more problems easily.

The new command syntax is:

debug <iface> tcp|udp <src> and|or <dst> [<file>]

• New Anti-spam tools allowing internal and external control over acceptance of e-mail including:
  
  - The usage of DNS Black List systems such as MAPS, ORDB, ORBZ, etc Multiple RBL’s may be accessed and tested against before accepting email. Counters on each block show activity on each filter.
  
  - DNSBLDOMAIN - one or more services that provide spam checking. One command line for each one used. If a positive match is found your [message] is returned]
  
  - Explicit ACCEPTFROM by IP address or IP block is included. Email from this server will be accepted no matter what its status is. (acceptfrom n.n.n.n[/bits]
  
  - Explicit BLOCKFROM n.n.n.n[/bits] [message] Reject no matter what. Similar to old method of blocking port 25 in the filter list for spam only this is much more CPU efficient.
  
  - EXEMPT command to allow email through from a blacklisted server to a specific email address or domain. Wildcard rules are the same as in Mailauth.ctl file.
  
  - Added "STAT SPAM" command (console/maint prompt) to monitor DNSBL rejects and give the total number of messages each RBLDOMAIN and BLOCKFROM line in DNSBL.CTL rejected
  
• DNS security improvements including restricting zone transfers (transfernets).
  
  - Increase default "retry" from 5 to 30 minutes when no backup zone file is available.
  
  - Change to be more "BIND 8.X" compatible on DNS zone transfers when an IPAD is secondary to a bind 8.X server.
  
  - Added PERMIT= to control what IP addresses can access your DNS resolver. This will allow you to block unwanted people from using your DNS resources.
  
  - XFERNET= to controls AXFRs of domain info. If you aren't in a specified block, you can't transfer a zone.
• Performance improvements and SMTP services:
  - In the LISTSERVER: code has been optimized to leave SMTP sessions open for other email clients thereby not fully loading down the server.
  - increased the number of default interrupt memory blocks from 4 to 8.
• TOTALLY re-written web manager that is up to 90% faster, quicker, and organized to better increase your productivity within it, based on a LOT of feedback from users.
• IP-less web hosting for up to 255 domains per IPAD web-lite server now supported.
  
• SECURITY ITEMS
  - Various memory leaks and issues related with direct and in-direct attacks fixed.
  - Fully implements SOA "retry" value whenever possible.
  - Attempt to make triple-faults less painful. Only time will tell if this helped.
  
• Some of those naggy spelling errors, missing help command files and typos have been fixed! (No telling how many new ones we will introduce)!
  
• Added startup "Beep" codes to all models. If present at the IPAD during boot-up you will have audible notifications as to how far is has progressed. This has always been a feature in the 1200 and 2500 models.
• Proxies are now a bit faster (quicker search algorithm) when under high load.
  
• Bounced message text is now limited to a maximum of 50 lines of original message body text.
  
• Total re-write of the IPAD dump file and dump file analyzer to allow IOA coding team to be able to "see" a crash IPAD to the point of re-creating the control screen at the time of the crash/dump.
  
• Added access to more of the console commands from the remote telnet session console.

Bug Fixes (applies to all models)

• Fixed problem where receipt of a TCP "listen" on port 53 lost 128 bytes of memory. This was the port 53 secondary attack that has been discussed.
• Fixed memory leak in DNS. If the incoming binary DNS record being converted had no data field 3/4 k would be lost.
• Fixed a memory leak in DNS which would occur if there were more than 64 pending requests queued.
• Fixed memory leak in SMTP email client whenever a message was failed on the scan.
• Fixed an issue in SMTP where if a message would under some circumstances, get date stamped with Jan, 01, 1970 (the birth date of Unix).
• Fixed a memory leak which only occurred when memory was already low enough to cause the router to discard an IP packet instead of queuing it.
• Fixed three problems with email RESPONDers:

1. The MSGID <> line in the header would always show the IPAD's host name, even if the responder had a FROM=address. Now it uses the FROM=address. Minor, but cosmetically correct.

2. The responder failed to add the "From xxx@yyy date" line as if received from the FROM= machine, so if the target of the responder was an IPAD email address the message would appear to be from "MAILER-DAEMON@host" instead of the responders "sending" address. This now is done.

3. If a PASSTHRU responder also had a FROM= address, that address would not be honored (the message always came from the IPAD's HOST domain name). Now this parameter is properly used for Passthru responders.

• Fixed problem where some mal-formed email messages could cause the system to crash when logging.
• Fixed a problem where when multiple Passthrus were defined on the same IP address the WWW manager would incorrectly return the "Passthru list is not contiguous" error message.
• Fixed problem where email server configuration through the WWW Manager would only ADD new DEF statements to the mail authority file instead of replacing the old DEF statement.
• Fixed problem where if the $ORIGIN line in an authoritative file had nothing after it, the IPAD would crash. This occurred primarily through secondary transfers where the data was mal-formed, but could be done by a bad manual entry as well.
• True Y2K fix in the Web Server FORMS command where forms submitted in the year 2000 showed year 100. Only affected year 2000 itself, by 2001 all was well again.
• Fixed Y2K bug where files created in the year 2000+ would appear as 100 101, etc. in FTP directory listings and also the local console "dir" command listings.
• Fixed a problem with IPAD 2.52, on dial-up accounts, an equal sign became an illegal character for IPAD-style account names. This fixes that issue by restoring the "=" character as a legal character for account names.
• Fixed a problem where a RADIUS server could crash on authenticating if RADIUS authorization was used on locally connected dialup serial lines.
• Fixed problem in RADIUS where if you modified a user on a RADIUS only system, the server would crash on the next RADIUS lookup.
• Added logic for "Expires:" http tag (RFC-1945, see 10.7) for web manager pages. This will stop "problematic" caching.
• Fixed several problems where interrupt memory leaked under high load (Code Red worm).
• Fixed a DNS problem where "AA" flag was not set if querying NS records only. This means you can register .net.au domains now.
• Fixed a SMTP crash generally associated with auto-responders.
• Fixed a problem where DOMAIN RELOAD command would hang if the IPAD was checking secondary zones.
• Crash when using IP-based relay permissions, large MAILAUTH file when a message was received and the MAILAUTH file was reloading is fixed.
• Fixed ListServer to handle messages with header lines longer than 254 characters. Also, body text is kept intact in original form.
• Fixed RFC-822 header "wrap" on long headers plus "chopping" of text by inserting new lines into body of message if lines were longer than 256 bytes.

1200/2500 Specific Bug Fixes

• Fixed problem in mirrored email retrieval where the IPAD sent the TOP command with no parameters. In the RFC this is the equivalent of "TOP 1" but apparently many email servers disagree.
• Fixed a problem with mirrored email retrieval where if the remote server failed to process the APOP command, even though it indicated that it could, the IPAD could never pick up email.
• Fixed a problem with mirrored or multi-drop email where if the master POP3 server immediately dropped the connection instead of allowing another login attempt the system could never retrieve mail.
• Fixed a problem in the 1200/2500 Setup Wizard where under certain conditions configuring the Frame Relay interface through the Setup Wizard could crash the system.