09-06-2007 06:31 PM
UPDATE: 2008-2-26 5.5.1-014 releases:
This release includes a number of fixes:
* Fixed: Appliances Are Not Generating SNMP Traps
* Fixed: Leftover Files Are Deposited in scanning_temp_files Directory
* Fixed: DNS-Related Memory Issues Delay Acceptance of Incoming Mail
UPDATE: 2007-12-17 5.5.1-011, 5.1.2-011, 4.7.2-005 releases:
This release includes a number of updates and fixes:
* Fixed: 35715,38152,38531,38532 Consolidated LDAP fixes
* Fixed: 38506,38527 Certain malformed messages can severely degrade performance
* Fixed: 38274 IronPort Spam Quarantine alias consolidation issues with Active Directory
* Fixed: 38248 Clustered SafeList/BlockList incorrectly prompts for login
About Earlier Builds of AsyncOS for Email
38527 is also present in earlier builds of AsyncOS for Email. Due to the potential severity of this issue we have also patched the earlier versions listed below, customers who are not ready to upgrade to 5.5.1-011 are encouraged to upgrade to one of these builds:
5.1.2-011
4.7.2-005
UPDATE: 2007-11-28 5.5.1-010 releases:
This Hot Patch release contains the following feature and stability fixes
* New: PCI, HIPAA, GLB and SOX dictionaries preloaded for use in content and message filters
* 37711 Logging into the IronPort Spam Quarantine generates error
* Fixed: 37971 LDAP can slow delivery after log subscription update
* Fixed: 37772 LDAP routing host is ignored when the routing address matches the original address
* Fixed: 36408 application fault in smtpauth
IronPort Systems is pleased to announce the release of AsyncOS 5.5.1-010 for Email for all C-Series and X-Series Email Security Appliances. This release includes all of the powerful new tools for integrated Data Loss Prevention and Encryption released in AsyncOS 5.5.0 as well as critical security patches. IronPort recommends all customers to upgrade to 5.5.1.
* New Feature: IronPort PXE Encryption
* Enhanced: Content Scanning capabilities for Data Loss Prevention
* Enhanced: LDAP Capabilities
* New Feature: DKIM Authentication
* New Feature: End-User Safelists and Blocklists
* Enhanced: Reporting
* Enhanced: Web User Interface
* Updated: Brazilian DST
* Fixed: Double-Byte character rendering in IronPort Spam Quarantine
* Fixed: Performance optimization of disabled content filters
* Fixed: Virtual gateway delivery to host with invalid DNS entry may disrupt mailflow
NOTE: For customers running pre 5.5.0 releases, there is no requirement to upgrade to 5.5.0 first. If 5.5.1 appears as an available upgrade customers are encouraged to upgrade directly to 5.5.1.
Customers running older builds who are not ready to move to 5.5.1, are encouraged to upgrade to our current patched builds:
- 5.1.2-014
These builds provide out latest stability fixes.
Webinar for Selected New 5.5.0 Features
We are pleased to offer a webinar that presents information about Safelist/Blocklists, Smart Identifiers and DKIM. You can download the webinar from the Support Portal:
http://tinyurl.com/2o28uw
Preparing to Upgrade
As a best practice, IronPort recommends preparing for an upgrade by taking the following steps:
1. Save the XML configuration file off of the appliance.
2. Suspend the listeners.
3. Drain the mail queue and the delivery queue.
4. Re-enable the listeners after you upgrade.
09-11-2007 09:47 PM
I have an additional reason:
We have planned the upgrade for next week. Our change management procedure forces us to plan (non blocking/high risk) changes with a two week anouncement period.
Since our devices are working fine at the moment we need to respect this timeframe.
09-12-2007 09:32 PM
Yet another reason: I read the vulnerability description and decided that we don't meet the conditions required for the vulnerability to be exploited. We don't have any message or content filters which use BCC().
In actuality, I upgraded almost immediately because I had the time to do so and we had gotten a few revs behind anyway. But had I been pinched for time, then I would not have hesitated to skip this update entirely because we weren't vulnerable.
10-18-2007 10:14 AM
Chris,
What are the bugs fixed between the 5.1.2-005 and 008 builds?
James
10-18-2007 02:40 PM
008 was a maintenance release, targeted to our Brazilian customers.
5.1.2-008 contains the updated Brazil Daylight Savings Time schedule, as well as several bugs fixes, the biggest of which are:
1) 36666 Cluster Commits can disrupt ethernet connectivity. This is a rarely seen issue affecting customers running the C350/C650/X1050 platform (Dell 2950) in clusters of 6+ boxes under very high message volume.
2) 36518 Handle new Sophos error code. The latest Sophos engine introduced a new error code '0x80040237', meaning "The scan has been terminated due to the Virus Engine reaching its storage recursion limit (e.g. files nested
inside other files)." With this fix we properly set this to INFO level (like all the other unscannable alerts).
As always, the complete list of fixes can be found in the release notes.
regards.
10-19-2007 08:45 PM
> As always, the complete list of fixes can be found in the release notes.
Which begs the question: how does one view the changes build-to-build from the Release Notes? The Release Notes for 5.1.2 are cumlative; I don't see any breakout per build. Or is there another document available to see these changes (ala version history)?
- Michael
10-24-2007 09:18 PM
I haven't upgraded to 5.5.0 yet, but I was very excited to learn about end-user whitelists and blacklists, which is something we'd been pushing for since we bought our Ironports. Unfortunately, it looks like it's being implemented in a way that makes it impossible for me to deploy at this time.
We have two C350s, and would need the whitelists and blacklists to appear on each box. It appears that I could do this by exporting the database from one machine, transferring it to the other, and then importing it. However, this appears to ONLY be able to be done via the GUI.
This is a showstopper for me, because I do not want to have to log into the Ironport every day to import and export the databases - I would want to automate it. I talked to technical support, and it appears that there is no way to do this via the CLI.
My feature request is this: please consider adding a command that would allow me to remotely force the database to be dumped, and another command to import the database.
Ideally, it would be something like:
safelistconfig dump
safelistconfig import
If that was available, I would make my users a lot happier with this feature.
10-25-2007 11:02 PM
Brian,
There is a way to have a centralized SL/BL. IronPort has an M-Series Security Management Appliance (SMA) that allows customers to do both Centralized SL/BL and centralized IronPort Spam Quarantine (ISQ). Coming towards the end of this year, the M-Series will also offer centralized reporting and centralized message tracking (AsyncOS for email 6.0).
You might want to ping your sales contact to see if an M-Series would be a good fit.
cheers.
10-25-2007 11:10 PM
BrianS: Centralized Management should get you what you need.
Oops, strike that. Too bad BBCode doesn't have a strikethrough tag.
Chaag is right, you can only sync the SL/BL via an M-Series unit.
So what's with the huge delay (up to two hours!) synchronizing the SL/BL between units? Given that the delay is known precisely enough that you've actually got a table documenting it for each model of appliance, it must be something that was done deliberately. I'm curious to know why.
Thanks,
10-29-2007 12:47 PM
IronPort Systems is pleased to announce the release of AsyncOS 5.5.0-430 for Email for all C-Series and X-Series Email Security Appliances. This major release provides IronPort customers with powerful new tools for integrated Data Loss Prevention and Encryption.
10-31-2007 05:04 PM
BrianS: Centralized Management should get you what you need.
So what's with the huge delay (up to two hours!) synchronizing the SL/BL between units? Given that the delay is known precisely enough that you've actually got a table documenting it for each model of appliance, it must be something that was done deliberately. I'm curious to know why.
Thanks,
11-05-2007 09:19 PM
My feature request is this: please consider adding a command that would allow me to remotely force the database to be dumped, and another command to import the database.
Ideally, it would be something like:
safelistconfig dump
safelistconfig import
11-07-2007 03:15 PM
Is there any way to dump the SLBL via the CLI?
11-22-2007 04:55 PM
Hi,
in the Update Doc for a Cluster its necessary to disconnect the machines from it (cuz different versions wont work in a Cluster), Is there a way to avoid this, so the Emailservices are aviable during the update process?
How is your way to update all machines in a Cluster or whats the usual way to do this?
I have two c100 in a Cluster with AsyncOS v5.1.1-003
thx and bye
11-22-2007 05:39 PM
Bender,
Disconnecting the cluster does not shut down the individual members. They continue to operate. The only thing you can't do is make configuration changes and expect them to take effect everywhere. But that's easy to avoid by simply not making any configuration changes during the upgrade process. So what you do is disconnect the cluster, upgrade each member individually (which involves a mandatory reboot), and then reconnect the cluster. You never have an outage so long as your cluster is sufficiently well provisioned to handle your mail load during the few minutes when each node reboots.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: