1. Home
  2. Knowledge Base
  3. Management
  4. News Letter January 2024

News Letter January 2024

We've decided it's important to keep you all informed with an occasional/quarterly news letter to cover some of the new features and important changes that might affect your systems.

You can unsubscribe by sending an email to newsletter-leave@netwin.co.nz or via https://netwinsite.com:7025/list/newsletter@netwin.co.nz

As per usual much of our focus has been on stability and reliability, and fullfilling customer requests, however most of these you don't need to know about as you get the improvements simply by updating.

Be sure to check the config checker page to see new features that can be enabled as new features are rarely enabled automatically (since we insist on 100% forward/backward compatibility). Lets hilight some important/useful items:


Basically this keeps track of links in email messages and any that it doesn't recognize as 'safe' it replaces with a link that goes 'through' your website, to first warn the user that they are following a link which may or may not be safe. It's a simple feature to greatly reduce the risk of users falling for phishing or other scams. (Please update to the latest release before using this!)


Many major email providers are now requiring DKIM/SPF so if you have not yet added your own DKIM/SPF settings you should. Essentially you need to turn on dkim signing, and add the DNS entries that surgemail then tells you to add (on the dkim config page). See: https://surgemail.com/knowledge-base/sending-email-to-avoid-spam-filters-best-practices/

Config Checker tests

On the main web page, and on the config test page you will now find some links to test your server for various common config issues. This helps you quickly assess if you have your PORTS/DKIM/SPF/DNS entries setup reasonably well or not.

Smtp Smuggling - Security issue

A new type of SMTP attack was recently discovered whereby a message can be hidden at the end of a normal email message, and the hidden message will be injected into the destination email server as if it was sent by the sending email server. SurgeMail was also open to this type of attack (because we implemented the same extension to line endings followed by other major systems for compatibility).

The end result of this attack is generally not particularly significant, as it only really allows an already trusted sender to send a slightly more hidden message that may be hard to trace. It's well worth closing this loophole so please update to version 77m currently in beta release: https://surgemail.com/beta-downloads/ when it's convenient.

SSL Updates

SurgeMail includes a version of OpenSSL, and we update it in our build once every year or two, if you are running a version of surgemail more than 12 months old then it's wise to consider upgrading to fix this.

Lets Encrypt

note: If you are still paying for SSL certificates, please be aware that you really don't need to, the built in LetsEncrypt code in SurgeMail can create genuine SSL certificates for all your domains at no cost. The only requirement is that the url in question does point to the SurgeMail server and is accessable on port 80.


You can unsubscribe by sending an email to newsletter-leave@netwin.co.nz or via https://netwinsite.com:7025/list/newsletter@netwin.co.nz

You were added to this list as a customer who has installed SurgeMail at some point in the last few years. We appologize if you are not currently interested and encourage you to unsubscribe.

Was this article helpful?

Related Articles