Release Notes CSG 5.0.20
Collax Security Gateway
26.10.2010
Installation Notes
Auto Reboot
A new kernel is going to be installed and a reboot of the system is necessary. The output of the installation can be disrupted before the reboot is initialized.
Note: Please wait, until all software packages are installed. The reboot of the system will then be initialized automatically and the server is going to be available after a few minutes.
New in this Version
E-Mail: Alternative SMTP Server Name Setting
If an MX record exists for a Collax SMTP server, a valid DNS host name is required for the server. Previously, the host name for the Collax SMTP server was identical to its own FQDN. To enable more flexible settings for the internal infrastructure or for the external SMTP communication, it is now possible to specify an alternative SMTP server name.
Backup/Restore: New Version of the Backup Software Bacula
This update updates the backup software of the Collax servers to version 5.0.3.
Note: Within a Collax backup server/client environment, all involved server or clients should be updated to the latest version.
Misc: Grace Period for License Exceeding
As of this update, a grace period of 4 weeks is granted if license limits are exceeded. Previously, it was not possible to activate configurations via the Web administration when the license limit was overstepped. This is now possible within the grace period. The grace period applies exclusively to the permissions in the dialog System -> System Operation -> Software -> Licenses and Modules, thereby facilitating the hardware migration of a server. Information on the remaining grace period is displayed in the Web administration. Overstepping of the runtime is not permitted; the restriction for system updates remains.
Issues Fixed in this Version
E-Mail: Size Limit Not Identical for Incoming and Outgoing E-Mail
If the e-mail size limit was changed for outgoing e-mail, this value was not automatically set for the fetchmail process. This has been corrected with this update.
Certificates: CSR and Certificates Signed by Official CA
Previously, the import of certificates signed by an official CA did not work, as the signature by the official CA changes the value of the subject. This issue has been corrected with this update. Certificates signed by an official CA can now be imported.
Backup/Restore: Backup to SMB Share Includes IMAP Folder Admin.Virus
Previously, the backup element “Mailboxes” also contained administrative folders like Admin.Virus or Admin.Spam, which is used for storing virus-infected incoming e-mail for review by the administrator. This caused problems when the mailboxes including the Admin.Virus folder were stored as data backup to a SMB share monitored by a virus scanner. As of this update, the administrative folders are separated from the backup element “Mailboxes”.
Misc: Dynamic DNS Does Not Work with DHCP (Cable Modem)
The objective of dynamic DNS is to address hosts with dynamic IP addresses over a fixed name. When DynDNS was selected with the connection type DHCP (cable modem), an empty configuration file was generated, and the DynDNS name of the server could not be updated. This issue has been corrected with this update.
Security: Read Access to Collax Web Access File Lists without Authentication
Previously, the system directory of the Collax Web access could be accessed without authentication in a browser. The form, CSS, and image directories of the Web access were listed, and it was possible to view the files. As of this update, the Collax Web Server denies read access to this directory.
Notes
Collax SSL-VPN: Behaviour change of objects
With the new version of SSL-VPN the network permissions of all objects will be checked. Thus, the corresponding networks should be added to the group permissions. The port or interface for the SSL-VPN service does not have to be configured with this version.