What's new in 4.7.0?

The following new features and enhancements are contained in the 4.7.0 version of the Clearswift SECURE Email Gateway. This includes updates since the release of version 4.6.0.

Detect Malformed Data content rule

The new Detect Malformed Data content rule enables you to block, hold or process documents or other selected media types that contain malformed data.

Previously, media containing malformed data was handled by the Message Processing Failure content rule. 

The processing failure rule has been streamlined to handle policy failures, while the Detect Malformed Data rule specifically detects and processes media containing bad data. For more information, see Detecting Malformed Data.

The default starter policy includes a new Detect Malformed Data rule on every policy route, above the processing failure rule.

This feature is enabled by default.

On upgrade, a new Detect Malformed Data content rule will be included above every existing Message Processing Failure content rule. This preserves the behavior of your policy on upgrade. Similarly, a global Detect Malformed Data content rule now exists alongside the global processing failure rule.

For more information on malformed data, see the concept topic Malformed Data.

Expanded Selection of Predefined Text Entities in Lexical Expressions

You can select predefined text entities from an expanded list, now including a number of European identity card and driver's license formats. Previously used entities are preserved on upgrade and behavior is not affected. For more information on creating Lexical Expressions and using text entities, see Create a lexical expression.

Adaptive Redaction of meta data in JPEG image files

Clearswift's Adaptive Redaction technology helps protect your organization against data loss by sanitizing the content or properties of documents. You can now remove meta data from JPEG images, including GPS location information, using the Sanitize Document Content rule. See About Sanitization for more information.

You can use JPEG as a selectable media type when working with the following content rules:

• Detect Lexical Expression
• Redact Text
• Sanitize Document Content
• Analyze Properties

For more information on how to use Adaptive Redaction with JPEGs and other document types, see Document Properties.

Support for MindManager Files

The Gateway now supports MindManager files (MMAP format) as a media type on the following content rules:

• Detect media types
• Run external command
• Detect Malformed Data
• Check Registered Data

Additional message queues

Two new message queues have been added to the Message Center Home page:

• SMTP Inbound
• SMTP Outbound

These queues offer additional areas where you can find messages being processed by the Gateway.

For more information, refer to Working with Queued Messages.

TLS inbound configuration

Mandatory TLS configuration is no longer enabled globally through System > Encryption > TLS Configuration; it is now configured on individual connection profiles. Consequently, the user interface options in System > Encryption > TLS Configuration and System > SMTP Settings > Connections have changed to accommodate the new mandatory TLS requirements. For more information, see Opportunistic and mandatory TLS and Manage SMTP Connections.

TLS outbound configuration

Configuration of outbound TLS is now applied to destination email domains instead of the IP address of the receiving server. The user interface options in System > SMTP Settings > Connections now include a separate Client Hosts and Sender Domains tab instead of a single Hosts tab. This enables you to define the Sender Domains to which the connection applies.

You can apply TLS outbound by selecting a connection profile when configuring mail routing to an email domain. For more information, see Specifying Routing of Email and Manage SMTP Connections.

Support for additional network interface controllers (NICs)

It is now possible to specify more than one IP address on NICs through the Clearswift Gateway user interface. The user interface options Change IP Address for the UI Service and Change Secondary IP Address for the UI Service are located in the Task Panel within System > Ethernet Settings. For more information, see Ethernet Settings.

STIGs compliance

Security Technical Implementation Guides (STIGs) contain technical guidance to "lock down" computer systems that might otherwise be vulnerable to a malicious computer attack. They are administered by the Defence Information Systems Agency (DISA) in the United States through the Information Assurance Support Environment (IASE). Clearswift SECURE Email Gateway is now compliant with a number of STIGs. This release includes updates to the Gateway that enhance the security of this system, and enable advanced compliance.

In addition other security guides are available through the open source OpenSCAP framework and associated policies.

Prior to installation or upgrade, you can access a whole-system report that details the compliance level of this release. To view this report, refer to the STIGs compliance report.

New DKIM signing option

If you have enabled DKIMDomainKeys Identified Mail signing on outbound messages in the SpamLogic Settings page, you can optionally choose whether to enable If the message sender is empty, sign using the key for the domain of the From address in the DKIM signing on outbound messages section. The DKIM signature is added per sender domain, which previously excluded out-of-office replies as the default, expected behavior. This new option now allows you to apply DKIM signing to out-of-office replies and similar messages that have empty message sender fields. For more information, refer to Configure Spam Policy and Configuring DKIM signing for outbound messages.