\nA new SEPPmail Appliance release has been published.
\n\nAdmin:
\n\nSystem Services:
\n\nClustering:
\n\nLogging:
\n\nMPKI:
\n\nOpenPGP:
\n\nRestAPI:
\n/mailsystem/template endpoint when adding templates/disclaimers /system/dns/localzones/{domainName} endpoint with the DELETE operation maximumEncryptionLicenses and maximumLFTLicenses settings Crypto/Keymaterial /mailsystem/manageddomain/{domainName}/group/{groupName} \nSecurity:
\nhashencrypt function, used by pwsend and cache mode, to use AES-256-CBC with PBKDF2 (CVE pending) \nWebmail (GINA):
\n\nPlease see the revision history and the extended release notes for further details.
\n"}],"inserted_at":"2026-05-30T13:45:18","updated_at":"2026-05-30T13:45:18","timezone":null,"service_ids":[27401,27403],"featured_from":"2026-05-30T13:33:24","featured_until":null},{"id":236411,"title":"Warning: Inbound/Outbound Mail Routing Issue (PowerShell Cloud Module v2.5.0)","url":"https://seppmail.statuspal.eu/info_notices/236411","updates":[{"id":500656,"type":"info","description":"###### Summary\r\nWe have identified an issue in the recently released PowerShell Cloud Module version 2.5.0. A regular expression (regex) failure in this version causes outbound emails to bypass the designated outbound connector, delivering them directly through Exchange Online (EXO) instead.\r\n###### Impact\r\nIf you have deployed or updated transport rules using version 2.5.0, your outbound mail routing may not be processing as intended and will bypass the seppmail.cloud secure gateway.\r\n###### Immediate Mitigation Steps\r\nIf you have already created or updated transport rules using version 2.5.0, you must correct the exception regex string to restore proper mail flow.\r\n###### PowerShell Fix (Recommended)\r\nConnect to Exchange Online PowerShell and run the following command to update the exception pattern on the rule:\r\n###### PowerShell\r\nSet-TransportRule -Identity '[SEPPmail.cloud] - 200 Route outgoing e-mails to SEPPmail' -ExceptIfFromAddressMatchesPatterns '^$|^<>$'\r\nNote: A permanent fix is being integrated into Release 2.5.1, which will be available shortly. If you have not yet updated to v2.5.0, we highly recommend skipping it and waiting for v2.5.1.","inserted_at":"2026-05-22T16:17:00","updated_at":"2026-05-22T16:17:00","posted_at":"2026-05-22T16:14:53","subscribers_notified_at":"2026-05-22T16:17:00","description_html":"\nWe have identified an issue in the recently released PowerShell Cloud Module version 2.5.0. A regular expression (regex) failure in this version causes outbound emails to bypass the designated outbound connector, delivering them directly through Exchange Online (EXO) instead.
\n\nIf you have deployed or updated transport rules using version 2.5.0, your outbound mail routing may not be processing as intended and will bypass the seppmail.cloud secure gateway.
\n\nIf you have already created or updated transport rules using version 2.5.0, you must correct the exception regex string to restore proper mail flow.
\n\nConnect to Exchange Online PowerShell and run the following command to update the exception pattern on the rule:
\n\nSet-TransportRule -Identity ‘[SEPPmail.cloud] - 200 Route outgoing e-mails to SEPPmail’ -ExceptIfFromAddressMatchesPatterns ‘^$|^<>$’
\nNote: A permanent fix is being integrated into Release 2.5.1, which will be available shortly. If you have not yet updated to v2.5.0, we highly recommend skipping it and waiting for v2.5.1.
\nA new SEPPmail Appliance hotfix release has been published.
\n\nUnfortunately, we had to release another hotfix release due to PGP encryption and decryption issues.
\nThe main problem was that many PGP keys are still in use that rely on obsolete algorithms marked as insecure, such as ElGamal or DSS.
\nThe newly included Sequoia GPG rejects these algorithms by default, which caused encryption and decryption problems.
\nFor now, we will allow Sequoia to use all algorithms that are supported by the original GPG.
\nIn upcoming releases, we will add warnings for these algorithms. Later, we will also add configuration settings to enable or disable their use.
\nPlease see the revision history and the extended release notes for further details.
\n"}],"inserted_at":"2026-05-11T18:17:32","updated_at":"2026-05-11T18:17:32","timezone":null,"service_ids":[27401,27403],"featured_from":"2026-05-11T18:09:46","featured_until":null},{"id":231866,"title":"UPDATE: SwissSign - renewal of S/MIME Silver certificates (On Prem)","url":"https://seppmail.statuspal.eu/info_notices/231866","updates":[{"id":491154,"type":"info","description":"In order to ensure that the automatic renewal of the SwissSign Silver Certificate revocation goes smoothly for the SEPPmail Appliances, we recommend the following setting changes to be in effect as soon as possible (and not later than 22.04.2026 at 15:00 GMT+2):\r\nUnder MPKI Settings, enable the following:\r\n* \"Automatically renew expiring certificates if validity days left less than\"\r\n* \"Automatically create certificates for active users without certificates\" : This will ensure that the Automatic Renewal Job, that takes place nightly, will be able to reissue the revoked SwissSign certificates.\r\n\r\nWe also highly recommend, that the \"Automatically renew expiring certificates if validity days left less than\" Option be set to 281 days. This is so that all of the certificates that are potentially marked for revocation are renewed before the revocation takes place. Therefore, there is no interruption of certificate services.\r\n\r\nThe setting changes mentioned above can safely be reverted starting 23.04.2026.","inserted_at":"2026-04-20T14:04:47","updated_at":"2026-04-20T14:04:47","posted_at":"2026-04-20T13:56:57","subscribers_notified_at":"2026-04-20T14:04:47","description_html":"\nIn order to ensure that the automatic renewal of the SwissSign Silver Certificate revocation goes smoothly for the SEPPmail Appliances, we recommend the following setting changes to be in effect as soon as possible (and not later than 22.04.2026 at 15:00 GMT+2):
\nUnder MPKI Settings, enable the following:
\nWe also highly recommend, that the “Automatically renew expiring certificates if validity days left less than” Option be set to 281 days. This is so that all of the certificates that are potentially marked for revocation are renewed before the revocation takes place. Therefore, there is no interruption of certificate services.
\n\nThe setting changes mentioned above can safely be reverted starting 23.04.2026.
\n"}],"inserted_at":"2026-04-20T14:04:47","updated_at":"2026-04-20T14:04:47","timezone":null,"service_ids":[27401,27402],"featured_from":"2026-04-20T13:56:57","featured_until":null}],"maintenances":[],"upcoming_maintenances":[],"current_status_type":null}