Firma Fortinet, udostępniła najnowszą aktualizację dla produktu FortiMail, oznaczoną numerem wersji 7.0.8. Aktualizacja rozwiązuje problem z nieprawidłowym działaniem mechanizmu SPF, który teraz funkcjonuje bez zakłóceń. Dodatkowo, usunięto błąd powodujący odrzucenie wiadomości e-mail z kodem SMTP 421 4.7.0 oraz komunikatem błędu „milter_write(mailfilterd)”. Wraz z wersją 7.0.8 usunięto również podatność związaną z CVE-2024-6387, zapewniając większe bezpieczeństwo użytkownikom tego oprogramowania.
Wspierane urządzenia:
| FortiMail | 200E, 200F, 400E, 400F, 900F, 2000E, 2000F, 3000E, 3200E, 3000F |
| FortiMail VM |
|
Rozwiązane problemy:
Antispam/Antivirus
| Bug ID | Description |
|---|---|
| 1004244 | Fails to parse Base64 escaped UTF-8 strings. |
| 1026973 | In some cases, domain block list entry for *@* is added automatically. |
| 1019455 | In some case, SPF check does not work properly. |
| 993340 | In some cases, the SPF records cannot be resolved properly. |
| 987126 | Click protection with FortiIsolator occurred when its URL rating category was configured, even though CDR was not enabled in the content profile. |
| 985249 | Fail to submit the email to FortiSandbox when the attachment ends with „.” (such as „test.htm.”). |
| 993514 | Large dictionary with wildcards may cause high CPU usage and email rejection. |
| 1036933 | Email may reach one recipient but not another due to incorrect DMARC checking. |
| 1061270 | Content profile detects HTML attachment but fails to block it. |
| 1060851 | DMARC check fails because the DKIM signature passes and fails for the same record. |
Mail Delivery
| Bug ID | Description |
|---|---|
| 982592 | Message ID is the same for email that is sent to original host and released from system quarantine. |
| 976027 | Some email was incorrectly rejected with SMTP code 421 4.7.0 and mail event error message milter_write(mailfilterd). |
System
| Bug ID | Description |
|---|---|
| 1020012 | Extended DSN does not work. |
| 1011246 | IBE reactivation notification uses wrong Mail From address. |
| 926899 | Fails to respond to IPv6 requests in some cases. |
| 995799 | Incorrect replacement message information for email sent in HTML or Rich Text Format. |
| 993319 | In HA mode, the personal quarantine folder is automatically removed after some time on the secondary unit. |
| 984713 | 4096-bit DKIM key import is not supported. |
| 992801 | LDAP synchronization for address book in server mode does not work properly. |
| 955065 | PKI admin login with non-ASCII characters does not work. |
| 1062629 | In some cases, FortiMail returns „RSA verify sign-failed” error. |
| 1012948 | No search result for quarantined messages. |
| 1034247 | Abnormal high CPU usage when certain files are received. |
| 1062734 | In some cases, users cannot add entries to their block/safe lists. |
| 1065609 | Abnormal high CPU usage in some cases. |
| 1069702 | FortiMail broadcasts with destination port 8014. |
Log and Report
| Bug ID | Description |
|---|---|
| 1012390 | TLS minimum version enforcement log is incomplete. |
| 1001596 | Mail statistics report doesn’t work as expected when there are multiple-level protected domains. |
Admin GUI/Webmail
| Bug ID | Description |
|---|---|
| 1006119 | When filling the name in the „To” filed that contain Cyrillic, the results are not displayed correctly. |
| 1040096 | Newly created DKIM key does not show up on the GUI promptly. |
| 973645 | Webmail logins are redirected when mail migration is configured but „Enable mail migration” is disabled. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | Description |
|---|---|
| 1051927 | CVE-2024-6387: regreSSHion: RCE in OpenSSH’s server, on glibc-based Linux systems |
| 985989 | CWE-1395: Dependency on Vulnerable Third-Party Component |
Notatki producenta: FortiMail 7.0.8
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
