IPAD Upgrade

IPAD 4.0 New Feature List

There are many changes in IPAD 4.0 which include improvements in function, speed and reliability. Major advancements have been made to help fight spam and to make the IPAD more available for your legitimate email users with less maintenance time from you.

The following is a short list of the changes between IPAD 3.0 and IPAD 4.0. A more complete list including all of the details will be included with your IPAD 4.0 distribution documentation.

New 4.0 Features | Web Manager Changes | IPAD-OS Boot Loader
Bugs Fixed in version 4.00, 4.01, 4.02, 4.03, 4.04

NEW FEATURES

SMTP Email Server

• The mail server will now evenly spread all mail delivery retry attempts over the rescan period instead of all at once each rescan interval. This makes the overall flow of mail through an IPAD feel much smoother even when there are a lot of undeliverable messages. For this reason it is best to have the rescan interval set much higher than the scan interval.
• The IPAD's mail server is now much better about cleaning up orphan files which get stuck in the working directories. These can be partial files placed onto the mail server by external servers or even undeliverable bad mail. The files will eventually age out and be erased without any need for intervention on your part.
• The IPAD takes a much stricter interpretation of 5xx errors in SMTP. Prior versions required a 5xx from the last MX -- and tried all of them which may trigger the new anti-spam facilities at Yahoo! We now quit after the first 5xx error. The original behavior can be restored with a command line option.
• New back-off logic has been implemented in SMTP. Messages which have been retried four times go to an "extended hold" queue, which is retried on every fourth interval.
• Alternate SMTP port. Many Internet service providers, large dialup providers, DSL and cable providers are filtering port 25 (SMTP) to prevent trespass SPAM. The IPAD SMTP server will listen on port 25 (SMTP standard) and one optional extra port of your choosing. Virtually all e mail clients allow you to set the SMTP port to something other than the default, bypassing the port 25 filter at the local user connection.
• Added alternate SMTP port support to Multidrop and Mirrored-mail service. This allows the IPAD to connect to a remote SMTP server to send mail using a TCP port other than the standard port 25.
• When using a relay host, you may specify an alternate SMTP port number for outbound mail. This allows a Mirrored mail system to work when the bandwidth provider blocks traffic on port 25.
• POP before SMTP and SMTP-AUTH. This version supports both SMTP-AUTH and POP-before-SMTP authentication. Authentication deals mostly with relay permissions, not with normal incoming mail. When someone checks their mailbox via POP3, their email address is authenticated for a short period of time. The timer is reset on any SMTP and POP3 activity from their IP address. SMTP-AUTH authorizes the current IP for the current session plus a short time. Three authentication methods are supported: PLAIN, LOGIN and CRAM-MD5, chosen to cover the majority of available mail clients. The user name and password are taken from the user's POP3 statement in MAILAUTH. Authenticated users are exempt from DNSBL checking (which means you may use a DNSBL that lists dialup ports!). Authenticated users are exempt from IP-based relay permits (you may now use IP based relay permissions!). Authenticated users are exempt from Rate-Limiting (see below).
• Anti-SPAM Rate Limiting. To prevent "dictionary based" address trolling (and block SPAM directly), the IPAD can detect dictionary attack patterns of activity, and slow down the transfer of mail from the offending host. If this is legitimate mail, it will simply be slowed. On the other hand, address trollers and spammers will get "too busy" responses for all addresses, valid or otherwise. A "rate limited" counter appears on the console "stat act" command, and counters for graphing are exposed for MRTG and other SNMP packages.
• SMTP sessions on the IPAD console (and in STAT ACT CONSOLE) now show the anti-spam status on the session:
  • aSMTP fm -- authenticated during a prior session (probably POP3)
  • ASMTP fm -- authenticated via SMTP-AUTH
  • bSMTP fm -- blackholed (DNSBL'ed or local black listing)
  • rSMTP fm -- rate-limited (421 too busy)
  • Normal inbound sessions will show "SMTP fm"
    (This can be handy when looking at the IPAD console mail sessions, but the mail counters are not changing.)
• The SMTP received header now contains much more information from the SMTP envelope -- making it easier to analyze SPAM. The SMTP header now shows the reverse-DNS name and the envelope header on the first received line:
  Received from: <helo-name> (reverse-dns name [ip] envelope-from)
  The reverse DNS name will help identify spammers, and the envelope-from will give you the correct "REJFROM" to block future mail from this sender.
• Modified RSCAN logic to reduce system and connection loading even in the worst situations. Please note that for best performance, RSCAN should be at 4 hours or greater.
• Revised SMTP message numbers/file names: The SMTP file name space is now ten times larger for those who run busy mail systems.
• The IPAD is now much more aware of the file system limits and will gracefully shut down things like the mail server when the limits are very near. This will allow a very busy mail server to send out the mail already in the queue before accepting too much new mail.
• The DNSBL now has a new command called "SPAMHOST" which allows filtering inbound mail based on the reverse DNS name of the sending mail server. Rules can be applied to allow only a small amount of mail from the listed servers in a short period of time.
• The mail server now has the ability to drop mail sessions from unauthenticated sources when we start running low on connections. This allows the IPAD to preference our users over everyone else.
• The IPAD's mail server now supports "spam trap" mail addresses. This is very advanced detection logic which even allows using functional mailboxes like "postmaster" and "webmaster" as a spam trap address without blocking legitimate mail to those addresses. Each operator can set the level of sensitivity on each spam trap address to best fit their situation.
• The mail server will now reject mail from SMTP servers who flat out lie about their identity when establishing a connection to the IPAD.

DNS Server

• The IPAD's DNS resolver gets PDQ! This adds "Priority DNS Queuing" which improves DNS operation, and since everything else relies on DNS, will improve operation overall.
• Authoritative DNS zones no longer use the main RAM cache, they have their own cache in memory. This allows much higher performance for both the authoritative zones and the highly dynamic DNS cache. The new console command "DOMAIN CACHE AUTH" shows the authoritative caches.
• DNS "RP" records are now supported in zone transfers and secondary DNS hosting. These reference records are not editable in web manager in this version of the IPAD.
• When a DNSBL lookup "times out" or reports a server failure, that DNSBL will be disabled for a short time. This prevents a rather dramatic performance hit when heavy winds blow down the utility poles near a DNSBL operator's house. Status changes are logged in the mail log at the "normal" logging level.
• %ip% may now be used in DNSBL.CTL message strings -- inserts the remote SMTP server IP address. You'd use it something like this: DNSBLDOMAIN relays.ordb.org Open Relay, see:
  http://www.ordb.org/lookup/?host=%ip%
  See your DNSBL web page for the "lookup" URL. Note: all new features are supported in the web manager.
• The DNS resolver is now randomized a little more. This allows more even loading of the root servers and lets "round robin" tricks for load balancing to work a little better.

List Server

• The SMTP "Sender:" header is no longer processed in any special way by the List Server, you may now set it like any other added header, strip it out, or leave it unchanged. This is in response to mail clients that parse both the "sender" and "from" headers and display them together.
• List server enhancements: Mailing lists may now be password protected. If a password is set, it must appear on the first line of the subject, or the message will be discarded. Default is no password.
• An optional "bounce" message may be configured. If "accept all" is not checked and the sender's address is not on the list, they will receive the bounce message. Default is no bounce message.
• List manager messages now use the Errors-To: address if set, or postmaster@example.com to prevent mail loops and related problems.
• Default headers now match the list management header RFC, RFC-2369.
• List server now shows progress (in percent) on local screen and MAINT console.
• List server now supports footers on each message. The footers are freeform and can be anything you wish.
• List server now supports subject line tagging. This allows adding a specific tag or text to the subject line of every message posted to the list.

Others

• The IPAD now has Long File Name support! This version supports full Windows 98-style long file names in the FTP server, web-lite server, DNS server and the console dir command. Warning: this version does not support long file names in the SMB/CIFS server. Long file names are not supported when defining an FTP site or WWW site (i.e. defining the site root) as this does not add any utility to the server and can actually negatively impact system performance. Long file name support requires the IPAD-OS Boot Loader, and you should be well prepared when upgrading from MS-DOS or Win9x-DOS. Note that Win9x-DOS does not support long file names outside the Windows GUI. IPAD 4.0 runs fine with DOS 6.22 and with Win9x-DOS, without long file name support.
• The IPAD WhoIs client has been enhanced to handle more top-level domains including international domains which do not resolve correctly from the root WhoIs servers hosted in the USA.
• The IPAD's POP3 client (the one where it goes to another server and picks up mail) now has the ability to detect local user activity and check the remote POP3 mailbox more often. Two different polling intervals can now be set on the IPAD. One for when local users are actively checking email on the IPAD, and one when they are not.
• The IPAD is more file-aware with respect to the total number of files open at any one point in time. This is visible at the bottom of "stat files" report. The IPAD is more graceful about shutting down mail service when too many files are open which will prevent many of the false file corruption problems reported in the past.
• Over the years, the number of internal timers has increased which caused some noticeable things like the clock on the local console "skipping" once in a while. The IPAD can now handle timers much more efficiently. This may show in several ways, but the most noticeable will be an overall smoother feel to the whole system.
• The POP3 Server now suppresses the mbox-format From_ command. This helps some versions of MS-Exchange get along better with the IPAD.
• Log Cycling: at midnight, the IPAD renames all of the active log files and starts new log files. The previous day's files will have a .001 extension, two-day-old files will be .002, etc. By default, 50 days of history are kept. You can change the default by using a command line option. This will allow any IPAD to run unattended and not fill the local disk with log files.
• Our old-friend the on-screen display has been enhanced. If you don't have a monitor on your IPAD, you won't notice much difference. :-)
• The IPAD supports both domain.tld and www.domain.tld for ip-less web servers. (define servers as www.domain.tld for this to work).
• RFC-1948 compliance (harder to spoof connections)
• New Simple Network Management Protocol (SNMP) Management Information Base (MIB) variables: ipadFiles, ipadFilesMax, ipadNatCircuits, ipadMaxNatCircuits, smtpSessionsIn, smtpSessionsOut, ipadZero. This allows using human-readable names to reference information inside the IPAD kernel.
• The IPAD now uses a more compatible DHCP response method. DHCP responses were unicast if the "flags" didn't call for a broadcast response. Microsoft DHCP servers generally broadcast all responses even if the flags say they can unicast. We now use the same rules.
• Easier to use MRTG! In the IPAD group, added ipadUpTimeI and ipadCpuTimeI -- these are the same as ipadUpTime and ipadCpuTime but the result is reported as an integer. Many SNMP managers, including MRTG, graph integers, not time. This will allow MRTG to be used without modifying BER.PM in MRTG. Other new Objects:
  • smtpMsgsSent "Number of SMTP messages sent."
  • smtpMsgsRcvd "Number of SMTP messages received."
  • smtpMsgsDNSBL "Number of messages DNSBLd."
  • smtpMsgsHacked "Number of messages Rate-limited for hacking."
  • smtpPop3Sessions "Number of POP3 sessions."
  • dnsQueries "Number of DNS server queries."
  • dnsResponses "Number of DNS server responses."
  • dnsAuthLookups "Number of Authoritative Cache lookups."
  • dnsAuthHits "Number of Authoritative Cache hits."

Using the latest MRTG (at least in 2.9.18pre9), and probably earlier, you can: Start with CFGMAKER and let it find the interfaces. Once that works: Load the eSoft MIB with the following line:
LoadMIBs: c:\esoft.mib (correct path to file)

Then you can track variables by MIB name, not OID (which is much easier).

Example:

Target[MAIL-SMTP]: smtpMsgsSent.0&smtpMsgsRecd.0:public@192.168.1.3 MaxBytes[MAIL-SMTP]: 500 Options[MAIL-SMTP]: growright, nopercent, perminute

• Directory listings on the IPAD are now much faster. The speed improvement really shows on directories which are very full.
• Incoming FTP files now use a temporary file name until the upload is completed. This provides much more protection from potentially corrupted or incomplete uploads due to unreliable connections.
• Traceroute is now more compatible with the TCP communication methods commonly used in the Internet even when they differ from the published standards.
• Small TRACEROUTE fix: TRACERT is now a valid IPAD console command (and in MSUPV> mode).

BUGS FIXED

• Directory options now show the correct disk size and free space up to the maximum allowed under the FAT32 disk format.
• The IPAD is now able to detect "stuck" TCP sessions and remove them. The process is not fast, but it is thorough.
• If the BOOT.NAM file had critical errors on startup, the IPAD could refuse to boot or crash. The IPAD now will start but disable the DNS server until the critical problem has been fixed.
• Fixed an initialization bug that crashed some IPADs on startup under rare situations.
• Sometimes the IPAD didn't properly recognize POP3 size limits allowing more than the allowed mail into a mailbox. This is fixed.
• A malformed FTP "port" command could crash the IPAD in some situations. This was perhaps sent by a virus that is currently in the wild. This has been fixed.
• ARP PROXY DEFAULT= is now saved correctly from the web manager.
• "DOMAIN RELOAD ALL" has been updated to work more consistently and to force a reload of all secondary zones at the same time.
• Zone transfers used to use the appropriate (or not) interface port, it now uses the IPAD's primary IP address. This makes it easier for the Primary DNS hosts to permit your IP.
• HTTP "Cache control:" header added to Web Manager (Fixes Netscape 7.x flaw).
• Log flush logic moved from the timer thread to a separate daemon. This will keep the system running smoothly even when a lot of log activity is happening.
• Subscribing or unsubscribing from a list caused a crash in some cases if there was no errors-to address defined for that list, this has been fixed.
• A mailing list could not be changed by the web manager while the list was actively sending, now it can be changed at any time.
• Changing the DNSBL control file on a busy IPAD could cause a crash. This has been fixed to be more robust to user changes. It is still strongly recommended to rename control files before editing them on a live system.
• The POP3 UIDL command didn't always return unique message IDs, now it does. This fixes a problem downloading messages when the mail client uses UIDL instead of LIST and RETR.
• TCP values in the web manager (and IPAD.CTL) now show as the correct unsigned values, even though they were handled correctly in previous versions.
• Fixed a problem when an incoming packet could trigger the H.323 proxy when a web server Passthru should have been used instead. This occasionally caused the router to hang.
• The firewall now classifies DNS activity as higher priority than before. This will allow a system which is overloading the available bandwidth to feel faster to end users.
• List servers were supposed to be "destinations" under IP based relay permits. This now works correctly. (also in IPAD 3.02)
• A memory leak in the list manager has been plugged (also in IPAD 3.01)

WEB MANAGER CHANGES

• The IPAD's web manager interface has been redesigned to use industry standard cascading style sheets. This allows much more control over the look of the interface on very different systems and even end user control. If you need large fonts, there is only one file to change. If you need higher contrast colors, change one file and the whole interface changes to follow.
• Removed almost all of the default font sizes for those who do not or can not use the style sheets (older browsers). The default font sizes are now selected by your web browser making everything the same size for those who don't have style sheets enabled. This gives more control to the end user.
• Added a "default" choice to all of the Setup Wizard pages. This will allow pressing the Enter key to advance to the next page in the IPAD Model 1200 and 2500 setup wizard sequence just as if the Next button was clicked.
• Fixed problem where model 2500 users could not change the directory path of an FTP account through the web manager. The 2500 was incorrectly placed with the model 1200 logic which does not allow changing of the user directories.
• Changed help wording for rescan value to expand a little more on the reason behind the need for higher than minimum settings.
• Completely populated the STYLE.CSS file in the WWWMAN directory. This file should control just about everything to do with the look of the web manager interface. You are free to distribute your custom style sheet files as "skins" to other IPAD 4.0 owners. The IOA may provide a place on the web site to display your work if needed.
• Fixed some errors in the icon menu navigation which would show the wrong label. For example the "Time" option in the System icon menu showed the word "Console".
• Updated the ESOFT.MIB file in the web manager to the current version. This file is linked from the web manager SNMP page to allow access to the MIB even if the user does not have SMB/CIFS or FTP access to the IPAD.
• Changed language text for Forms / Advanced / Message body help to be more explicit about the "email" tag location.
• Changed the "+" and "-" for full list expansion to a table to allow better positioning in all web browsers.
• Added default file name for list bounce message file name.
• Added default file name for list subscribe message file name.
• Fixed the missing % in the MSGS.HTM file which caused some result messages not to display.
• Fixed JavaScript error in all of the Icon (Right) menus. This would cause some versions of Internet Explorer to report an error when clicking on links in the center box.
• Removed references to the IPAD manual from the IPADLANG file until the manual is ready.
• Added an update check to the web manager version display screen. This will link to a page on the IOA web site for the specific Web Manager version running on the IPAD and allow for downloading updates as they are released.
• All main menus have more links which will shorten the number of clicks to get to any part of the Web Manager interface.
• Changed location of the Settings and Reset button to be at the bottom of the log display forms isolated from the navigation buttons.
• Added links from MIRRORED and Multidrop mail pages to SMTP page to allow full configuration of SMTP server functions when the IPAD is set to pick up mail from a remote POP3 server.
• Changed formatting and layout to support screen resolutions up to 2048 pixels wide. This is double the resolution of previous versions.
• Fixed bug with list moderators that would unsubscribe (suspend) all members who were turned into moderators.
• Added Subscribed field check box to the list member form.
• Added 2 minute and 24 hour options to the POP3_CLIENT poll interval pick list. Note: 2 minutes is only for rare situation when email response time is more important than being polite to your ISP and should not be used for a default setting.
• Completely reworked the Setup Wizard on the 1200 and 2500 models to better match the current look and feel of the Web Manager.
• Fixed HTML error on many check boxes which mistakenly used value="ON" instead of "CHECKED" to show a default checked mode.
• Several of the time related pick lists which jumped directly from 6 hours to Unlimited now have a new option of 12 hours. This should help give a little more control to things like the maximum length of FTP connectivity, POP3 polling frequency, and supervisor telnet timeout.
• Added the FTP user account startup path and suspend check box to all IPAD models. This was incorrectly only available in the model 5000 version when the standard and advanced screens were combined several versions ago.
• Corrected text for "Sequence Error" language entry which was a duplicate of the field above it in the IPAD language file.
• Combined the Accounts/ Email/ Edit button page to combine the standard and advanced pages into one.
• Fixed bug in Accounts/ FTP tab/ edit button page which prevented the user from changing the idle and max connect time out values.
• Reworded "Cache Wait" help text to better explain the negative results of values which are too high or too low.
• Added "SQL:1433" to the Passthru pick list.
• Reformatted table structure in server/lists/mem.htm to allow display on very low resolution (640x480) web browsers without wrapping in odd ways.
• Fixed error in server/lists/form-1ma.htm which had a source code comment line in the HTML part of the code. This caused strange results in some browsers.
• Fixed error in server/lists/memr.htm and server/lists/mem.htm which included one too many internal fields preventing unchecking the moderator check box.
• Major cleanup on the Servers/ E-mail/ Server tab page. This combines the Standard and Advanced pages into one page and grouped like commands together in hopes of making it easier to locate the desired option. This should also allow all of the fields to be displayed on one form very little or no need for scrolling on most browsers.
• Updated Ethernet interface Stats page to reflect the new lean display format.
• Corrected help links on Frame Relay stats page so all now work as they should.
• Corrected ISDN issue with model 1200 which would forget the INIT string when unrelated ISDN fields changed.
• Reworked the dial-up/dial-out statistics page to make better use of the screen real estate. This should eliminate the need for scrolling in most screen resolutions.
• Added "10 minutes" as an option to dial-out inactivity pick list.
• Repaired many locations in the language file where spaces between words could be suppressed making things appear to run together in odd ways.
• Fixed all locations of double open font tags in every ISDN reference in the language file.
• Changed MIME "Extension" field to 12 characters to match the new ability to handle long file names with IPAD-OS. Please note that if you are not using IPAD-OS only the first three characters of this field will be valid.
• Expanded MIME "Type" field to handle some of the longer types which are showing up. It was always possible to add these types in the past, but now it is possible to see the whole length on one screen.
• Expanded language entries for MIME Extension and Type fields to hopefully better explain the function to the user.
• Fixed alignment issue with folding menus where direct links like "Accounts" and menus like "Servers" did not line up like they should.
• Expanded the help text for both the ECHO and DISCARD servers to clear up common misconception that these control ICMP (PING) traffic. (They do not.)
• Added more to the Web Lite Forms page help tags. This should help to explain the needs of each field a little better.
• Changed the System/ Routing/ Filters/ Interface page to list filters in normal font weight instead of bold. This along with the added forced padding between the table cells and the nowrap tag will allow those with larger fonts to display filters in a clean and logical way. If the local font is too large to display all of the information on one screen, scroll bars will appear. All of this is done without use of any forced font sizes to allow the user to retain control over the display.
• Repaired several mismatched font tags which had a single open tag with multiple close tags. While this should not change the display of the pages, it will be kinder to the browser trying to make sense of it all.
• Combined several places where the font face and size were specified in different tags but enclosing the same block of text. This should make it more efficient for the browser's rendering engine to figure things out and display the screen.
• Removed the Blink tag from the System/ Routing/ Firewall/ Firewall page. This was used for any error messages and made them harder to read.
• Corrected HTML format error in Strict Enforcement language message.
• Changed the top frameset from 25% of the total screen space to a static size of 150 pixels. This should be plenty to display all of the messages without being too cramped while making more screen real estate available for the rest of the functions.
• Changed the "Server" buttons to the more consistent "Standard" label on the navigation button at the bottom of the following pages: Servers/ DNS/ Server tab/ Resolvers Servers/ DNS/ Server tab/ Root Servers/ DNS/ Server tab/ Zone Transfer Permits Servers/ DNS/ Server tab/ DNS Resolve Permits
• Corrected default action for "Enter" key on SMTP bounce message form.
• Changed wording for Passthru "not continuous" warning to better explain what it really means.
• Added another set of navigation buttons to the bottom of all log file display pages.
• Changed model 1200 log file display pages to follow the display methods used by the other models. All IPAD models should now have the same look for log file display.
• Totally reorganized the List server Management page. This should be a little easier to understand logically and should fit comfortably on most browser pages.
• Added 25k choice to mailing list max size select list. This adds one size smaller than the previous list allowed.
• Fixed a long standing, but hard to track down font error which only showed up on some Internet Explorer versions when the Georgia font was not installed and the default serif font was not in the Times family. This caused different parts of the web manager, most noticeably the ICON menu, to display boxes in place of the characters for the link words. This fix should allow all Mac, Linux and Windows users to display the link fonts correctly.
• Repaired the DHCP check box which was always forced to the existing state of either checked or unchecked no matter what the user did.
• Added FAVICON.ICO to the web manager. This will make an icon show up in the location bar and bookmark list of most modern web browsers. IE seems to want to have the page added to the Favorites list before the icon will show up. Netscape and other Mozilla-based browsers show the icon right away. This icon may be freely edited by the end user to help distinguish one IPAD from another when managing multiple systems.
• Added a special user-editable graphic to the root of the web manager directory named MSGBACK.JPG. This file may be edited or replaced with any JPG format graphic the user desires so the web manager may be uniquely identified. This helps when managing more than one IPAD.

IPAD-OS Boot Loader

• IPAD 4.0 includes a new IPAD-OS Boot Loader. This removes all need for other boot operating systems such as MS-DOS or compatibles.
• IPAD-OS Boot Loader has a professional development team dedicated just to keeping this part of the IPAD up to date, high performance and bug free. This is their only job, and they are good at it with many years of experience.
• IPAD-OS Boot Loader provides full support for Long File Names (LFN) in IPAD servers. IPAD 4.0 has LFN support enabled in the FTP server, Web Lite server, DNS server and internal IPAD system backup functions. Other services will become LFN enabled in future releases.
• IPAD-OS Boot Loader has support for single disk volumes larger than 8 Gigabytes. This allows almost any modern hard drive to be used in any combination of single or multiple partitions as desired.
• IPAD-OS Boot Loader has full native support for FAT32 format disk volumes. This brings much more efficient storage of files and helps reduce the need for disk de-fragmentation to almost Zero when running on an IPAD. The IPAD-OS Boot Loader combined with the new IPAD kernel will cause fewer fragmented disk files providing higher performance for you and your users.
• IPAD-OS Boot Loader is fully compatible with all existing IPAD support tools. This means the programs and utilities you are already using will work the same. Note that some of the tools may need updates to be fully aware of long file names and FAT32 disk partitions.
• IPAD-OS Boot Loader allows room for new abilities in the IPAD kernel to better deal with disk performance issues such as sub-directories containing very large numbers (thousands) of files.
• IPAD-OS Boot Loader is much more efficient in how it utilizes memory allowing more room for the new features in the current IPAD kernel and future growth.
• The most important benefit is that IPAD-OS Boot Loader is fully licensed to allow resale of new IPAD-OS based machines without having to pay additional royalties above the existing IPAD license. This can save up to 10% or more of the software cost for value added IPAD resellers.

MINOR FIXES IN 4.01

• Limited the web server inbound buffer to 16k bytes. This fixes a possible Denial of Service attack from very long URLs.

MINOR FIXES IN 4.02

• DNSBL flow control has been improved by 200%. This performance improvement is most noticeable under heavy spam/virus email attacks.
• The mail server now always advertises SMTP-AUTH availability. This addresses an authorization issue for Outlook Express on Macintosh.
• The Web Manager now correctly creates TXT records in DNS zone files. This is useful for adding SPF and Microsoft Caller ID records. Previous versions appended an erroneous trailing period to the data field.
• A potential crash in the screen display code has been fixed. This makes the IPAD even more stable and graceful under the most heavy loading.
• A potential crash in the anti-spam logic has been fixed.
• Anti-Spam DNS activity limited to 10 simultaneous DNS queries to prevent local resolver saturation. This limit does not apply to reverse DNS queries.
• The Web Manager now has a dynamic "Check for update" function that tests for the current available version of the IPAD-OS, the IPAD Boot Loader, the Web Manager and the language files. This is found by clicking on the IPAD logo, then "Check for update" link.
• The mail server directory scan always started from the top of the directory, even when the directory being scanned was quite full. Now it continues using the same directory list until it reaches the end. Only then will it start over at the top. This significantly improves throughput performance on mail servers with extremely large mail volumes (more than 5,000 simultaneously active messages).
• New logic in the SMTP server tracks and skips servers that are unreachable. When the IPAD fails to connect to a remote SMTP server, the IPAD will now remember the IP address and temporarily skip further connection attempts. Unreachable servers are remembered as "unreachable" for the SMTP connect delay period (default of 5 minutes). If they are still unreachable after 15 minutes, the address is changed to "probation" status for 1 hour. An IP address on probation will be allowed only one session every 6 minutes to check if the server is available yet. This brings a big increase in sending large volumes of mail when a major mail destination is down.
• Fixed a web server memory leak introduced in 4.01.

MINOR FIXES IN 4.03

• Improved the SMTP server to make it even more resistant to virus and spam attack. In previous version 4.0x systems, a rare and specially malformed SMTP packet could cause the server to restart. There was never any security issue. This free patch simply provides a performance and reliability improvement in an unusual situation. It is strongly recommended that every IPAD 4.0x version upgrade to 4.03 immediately to prevent this bug from being exploited on your system.

MINOR FIXES IN 4.04

• Fixed a potential web manager crash when Passthrus are not defined contiguously. Note, the True IP Address Expansion firewall logic will "own" all of the addresses between the first and last defined Passthru. This significantly improves firewall routing performance for systems that use contiguous Passthrus.