IPAD-OS Upgrade
IPAD 5.5 New Feature List
The IPAD-OS 5.5 version has many enhancements including noticeable improvements in function, compatibility, speed and reliability.
Some of these major advancements give you more power to fight spam and virus email attacks while at the same time making the IPAD services more available for your legitimate users and paying customers with less maintenance time from you.
The following is a short list of the changes between the IPAD 4.0 version and the IPAD 5.5 version. A more complete list including all of the details will be included in your IPAD 5.5 documentation.
New 5.5 Features | Web Manager Changes
NEW FEATURES
Domain Name Server
- The IPAD's DNS resolver is now able to fully resolve Internet domain names up to 1,000 times faster than previous IPAD versions. This makes everything that depends on DNS also feel much faster. The new IPAD is faster finding web sites, faster sending email and faster knocking out spam. Your users will love it.
- The old disk-based DNS cache has been replaced by a new RAM-based cache. This new cache is much more efficient and noticeably faster. This also lowers the demand on your IPAD disk storage and removes all possibility that a corrupted disk file will cause DNS problems for users on your IPAD.
- The DNS cache is very well protected against "poisoning" that is so common for many general purpose operating systems. This makes the cache very useful as an authoritative source for all of your DNS resolution needs even for DNS servers running on other operating systems on your network.
- The DNS resolver is now much better at resolving Internet domain names with "Lame Delegation" servers. As a result, the log entry for this situation has moved down to a lower detail level to help keep the log files smaller.
- The DNS resolver is now better able to detect DNS replies that are truncated due to UDP packet size limitations and will attempt a TCP connection to get the full answer.
- The DNS rule for "qualified" cache records has been improved. The IPAD now fully honors the "delegate level". This fixes problems resolving some in-addr.arpa domains that did not work correctly or fully with previous IPAD versions.
- The DNS resolver permissions logic has been improved for your users and customers with granted permission to use your DNS resolver. All other requests from users without permission will be much more quickly discarded saving IPAD resources for your paying customers and giving them a much better user experience.
- The IPAD multitasking kernel will now boot even if the DNS files are badly damaged. The DNS server will not run until the error is fixed, but this gives you the chance to remotely repair the problem if desired.
SMTP Email Server
- The IPAD's mail server now supports an automatic "OptiMAIL-lite" internally. This allows the IPAD to gracefully recover from incredibly huge email volumes without any external help. Mail processing directories will automatically recover to their normal performance levels in less than 24 hours after the mail volume returns to normal. This means less of your time is needed for maintenance and more of your time can go to your users and customers.
- The alternate SMTP port (587) is now enabled by default. You may freely change or disable this if you wish, but it provides a way for your users to reach your mail server when your primary SMTP port (25) is too busy with other mail or being filtered by an external ISP.
- The alternate SMTP port now requires all connections to be authenticated before any transactions are accepted. This provides 100% protection for the alternate SMTP port from abuse and absolutely no risk of the alternate SMTP port can be exploited by hackers or spammers. Your users will have 100% availability and noticeably higher performance sending their email.
- The alternate SMTP port has virtually no limit on the number of connections it can accept at the same time. This means you can now freely limit your primary SMTP port (25) to a much lower number of simultaneous connections and never limit your paying customers that are using the alternate SMTP port.
- All sessions on the alternate SMTP port are exempt from all DNSBL checks. This gives your users a much faster experience of sending mail through your IPAD and saves those system resources for blocking spam from external sources.
- The local console has a new "SubmFm" display to show users that are connected to the alternate SMTP port, also called the "Submit" port. This makes it easier to see what is happening on your system at a glance.
- The SMTP server is now much more aggressive at dumping unwanted connections as the mail load gets higher. This makes sure that there is always room for real mail to get through even when spam or virus volume is high.
- All DNS checks for inbound mail now wait until we know if the destination address is deliverable. This significantly limits spam and virus activity from using up the DNS resources on your system.
- Sending outbound SMTP mail is now tuned to avoid servers that timeout since these "cost" more of our time to retry. Preference is given to other mail servers and this improves overall delivery performance.
- The SMTP server is better able to handle mail storms due to undeliverable bounce messages. This makes the difference between a mail server that is impossible to reach and one that is simply very busy.
- The SMTP server is now better able to use the full range of message ID values. This expands the maximum number of messages that can be simultaneously processed and raises the bar for what is considered an extremely high volume mail server.
- The mail server now has the ability to detect and record (in the email log) email file attachment names. This is designed to work in combination with the new DNSBL command to block email with specific file attachment names such as spam and virus attachments. It also works to help those in corporate environments that need to track user activity for SEC and company policy compliance.
- The POP3 mailbox packing logic has been improved to make packing faster so the user session closes faster with less waiting.
List Server
- All list server messages support three new insertion parameters. This allows you to build footers or special messages that contain the email address of the list member receiving the mail or the message ID as generated by the SMTP server. You may have noticed this feature in the footer of the IPAD owners mailing list. These may also be used in custom header fields to help you track bounced list messages from servers that hide the original message recipient or body.
- The list server also has a new web CGI for sending list commands through a web browser using a special key unique to each list member. With this key you can build list headers or even list help messages with "one click" options to unsubscribe, subscribe or get help even if the original recipient address is hidden.
- The "From" header may be freely replaced with anything you wish. This allows you to build amazingly flexible mail duplication services using just a list server.
- The footer message now works for all lists even when the subject tag is not used.
DNSBL
- A very powerful Greylisting filter can now be used to detect and block virus and spam engines that do not fully support the RFC requirements for retrying mail. This helps lower the work load on your IPAD mail server while effectively blocking more of the junk not yet included on public black lists.
- The IPAD's SMTP server now supports selective exception of addresses from specific mail sources that would otherwise be blocked either by a black list or some local method such as a spam trap. This allows family and friends of your customer's to get through while keeping your ability to block the unwanted mail.
- The IPAD now supports URIBL (Uniform Resource Identifier Black List) with the ability to block mail from any source that contains a link that is known to be found in spam or virus email messages. This is amazingly effective at catching bogus email from systems that have been unknowingly hijacked through the use of "zombie" control programs to generate spam and virus messages.
- The IPAD now supports the ability to block mail with unwanted file attachments based on file name or a file mask which may include any combination of wildcards. This means blocking virus or any other undesirable email is much easier. If your company has a policy to block all ".SCR" (screen saver) file attachments, it is now very easy to implement this rule in the IPAD mail server.
- Mail attachment blocking is now selectively stronger in IPAD 5.1 so you can choose more strict blocking of known problem attachments even if they are addressed to an exempt account.
- The EXEMPT command now works more as expected to prevent all normal DNSBL checks on mail to exempted users.
- A new rule has been added especially designed to trap messages to and from accounts with the same domain name. If you select to enable this rule, all mail with the same domain name on both the To and From address must be from an authenticated connection. This prevents anyone from sending mail to your users claiming to be from "postmaster@yourdomain" or even from you.
- The IPAD now has the ability to look for the IP address in the reverse DNS of remote systems attempting to send mail. If all or part of the source IP address is found in the reverse DNS along with text you provide (e.g. "DSL" or "CABLE"), the IPAD can now reject that connection as a potential spam source because the connection is likely using a dynamic IP address consumer connection. This means no more problems with dynamic connections like dial-up lines and cable customers.
- There are new commands to force a reverse DNS check for the remote mail server before the IPAD will accept mail. If something stronger than a simple reverse DNS lookup is desired, this can be extended to make sure that the reverse DNS record also resolves back to the IP address attempting to connect. This prevents servers that claim through fake reverse DNS they are something they are not.
Routing/Firewall
- A fully functional DHCP (Dynamic Host Configuration Protocol) client is now supported on all IPAD models to automatically set the IP address on the Provider interface. This allows your IPAD to seamlessly work in environments with dynamic address requirements such as consumer grade DSL lines and cable Internet connections.
- The IPAD model 5000 firewall now supports Fail-over Passthru proxies. This allows you to host machines that may be less available than you may like with much higher availability to your users. The fail-over allows two servers to share the same public IP address and port. If one fails, the other automatically moves into place without any action on your part. This also makes it very easy to perform maintenance on one of the servers without any interruption in service for your users.
- The IPAD model 5000 firewall now supports Load Balancing between two servers that share the same public IP address and port. Special logic is used to ensure that users connect to the same server so state-aware functions like web shopping carts still work transparently.
- The IPAD router now supports bandwidth management through selective limiting based on any interface, IP address and/or port. This also includes a selectable grace period where full bandwidth is available for the time you specify allowing "bursty" traffic to happen quickly and potentially complete without any limit.
- Outbound proxy connections through the IPAD firewall now check to see if a public IP address is associated with the user's private IP source address. This allows public traffic to appear from the public source you set rather than the IPAD's primary IP address. Things like VOIP can now work correctly for as many different services as you have public IP addresses.
WEB MANAGER CHANGES
- The IPAD's web manager interface has been nearly 100% reworked from the inside out. It still has the same comfortable look and feel you love, but the structure behind the scenes is much cleaner, more efficient, and noticeably faster. This will serve as a very solid foundation for the future.
- A brand new section has been added to give you full access to all of your favorite command line functions like PING, TRACEROUTE, NSLOOKUP, DOMAIN RELOAD and even a simple Netcalc. Virtually all of the commands that used to require access to the local console command prompt or a supervisor telnet access can now be used through your web browser. All of the new web manager commands include expanded help that is not available through the command prompt interfaces.
- The help system has been expanded to include more examples designed to make it easier to understand even the most technical topic. The actual RFC numbers are also given in the help text for those wanting to read more about the rules and standards for Internet services hosted on or through the IPAD.
- All of the input fields have been expanded to fit the modern common use. This means things like domain name fields now accept much longer domain names than previous versions.
- Acronyms found in the web manager's help system now have a full expansion of that acronym given by hovering the mouse over the word. A dotted underline is used to signify this to the user so you never have to guess what an acronym means and knowledgeable users don't need to constantly read the long form of these terms.
- The web manager now has an extra layer of protection against accidentally deleting data. This means the delete button is less dangerous and more forgiving.
- Because JavaScript is now used for more internal functions, the web manager now detects the lack of script support and will display a message with some help explaining how to enable scripting in most popular browsers.
- Log files can now be "cycled" (renamed) on demand. This forces the logs to cycle like the nightly event. Instead of simply erasing a log file to get a fresh start, you can now keep a backup.
- Many parts of the web manager interface that were similar, like the log file display and setting pages, are now much more consistent. This makes it easier for you to quickly navigate and use these sections.
- The buttons that control most pages have been moved to locations that make more sense for the average user. This helps avoid clicking the wrong button and makes the web management interface more compatible with a wider range of screen display resolutions.
- More of the sections that use "Standard and Advanced" pages have been combined into one page with all of the settings. This means less navigating to reach the place you want and faster access to exactly the control you need.
- The DNSBL.CTL file is now fully editable (including comment lines) through the web manager and has a help system with a complete list of all commands and syntax, including all of the new commands.
- The Filter editor has been improved to the point that hundreds of filters can be added and edited smoothly without any need to ever reset the IPAD.
- Adding a new filter is easier because all of the fields are now populated with the most common default values.
- The Passthru editor has been improved to the point that hundreds of Passthrus can be smoothly added and edited. This also supports the new Fail-over and Load Balancing Passthru functions.
- Compatibility has been greatly improved for hand-edited control files that did not work with older web manager versions.
- FTP account creation and editing has been improved to make it easier to quickly do what you want without having to choose all of the account permission flags.
- Adding DNS records is now much faster and easier. This dynamically uses information from your own IPAD settings to suggest context sensitive defaults.
- A lot of time was invested to make the web manager much more compatible with the published web standards for HTML (hypertext markup language), Javascripting and CSS (cascading style sheets) and as a result is more compatible with a wider range of web browsers on a wider range of operating systems. This includes making the user interface display "gracefully degrade" for older web browsers. For the best user experience and highest security we strongly suggest using a modern web browser, preferably one with the new Gecko rendering engine.
- A new HTML compression technology has been used to lower the physical size of the web manager interface. This makes the web manager use less bandwidth and display faster on your screen than previous versions while retaining 100% compatibility with all popular web browsers on any modern operating system.
- And much, much more...