06257 940 0
kki Webseitenheader: Nervenzelle mit Verknüpfungen

Release FirstClass InternetServices 11.165

Die FirstClass Division hat eine neue Version (11.165) OpenText FirstClass 12 Internet Services veröffentlicht. Ein Liste der Funktionen und Änderungen in dieser Version finden Sie weiter Unten im Produktbulletin.

FirstClass Server Betreiber mit gültigem ServiceVertrag erhalten dieses ServicePack im Rahmen Ihres Vertrages. Die Lieferung erfolt automatisch via Gateway an Ihren Server (FC Update Service).

Zusammen mit dem kürzlich veröffentlichen FirstClass 12 Mobile ServicePack können Sie Ihren Server nun soweit updaten, dass Sie die neuen FirstClass mobile Clients (FirstClass Go) die ebenfalls jetzt verfügbar sind, gegen Ihren Server verwenden können.

Für Fragen zur neuen Version und Ihrem ServiceVertrag setzen Sie sich bitte mit uns in Verbindung.

Mit freundlichen Grüßen
Yvonne Ewald

kki FirstClass Deutschland eK
Erlenweg 9 • 64665 Alsbach

Tel: +49 6257 940 0 • Fax: +49 6257 940 100
Web: www.kki.de • E-mail: yewald@kki.de
FC via IP: fc.kki.de Port 510

Offizieller Distributor für FirstClass und Third Party Zusatzprodukte
Diese Mail / dieses Fax wurde mit einem FirstClass Server versendet.
AG Darmstadt  HRA 6554
Inhaber: Andreas Kölsch


FirstClass Division Product Bulletin

Title: OpenText FirstClass Internet Services Update Release
Bulletin Number: 283
Version: 1.1
Date: July 18, 2014


This Product Bulletin is intended for distribution to FirstClass Divisions installed base administrators, Customer Support Center team, Business Development Center team, Account Managers, and Channel Partners.


The new product components are:

  • FirstClass Internet Services 12 Build 11.165

The version of the Internet Services executable included in this upgrade is designed to work with FirstClass Server 12.0 build 1303 or higher to take advantage of the calendaring fixes and changes.  However, Internet Services 11.165 will run with FirstClass Server 11.1 Build 1127.

This FirstClass Internet Services requires a 64-bit (x64) operating system.


FirstClass Internet Services 12 build 11.165 and components are distributed to existing customers who have a valid maintenance and support contract.

FirstClass Update Services will automatically download the files to your server. If your servers Update Services schedule is turned off, you may manually initiate an Update Services request to receive the update.

FirstClass 12 Internet Services 12 Build 11.165 components will be available for download from FCOL (fc.firstclass.com) in the following locations:

Windows server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 Windows Server Updates/

Mac OS X server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 OS X Server Updates/

Linux server
Conferences/Downloads/FirstClass 12 Product Updates/FC12 Linux Server Updates/

Please ensure that you have your server specific FirstClass 12 license, and review both the Release Notes and instructions accompanying the installers thoroughly before proceeding with the upgrade.

To renew or purchase your M&S contract, please contact your regional Sales Support Center listed at the end of this bulletin.

New Product Features and Changes

FirstClass Internet Services 12 Build 11.165

  • Filter out XSS attack vectors from the dAltBody HTML stream before sending it to the server.
  • Adjust level 3 logging so that when sending responses that fail are marked as such.
  • Changed the Stream closed log message to Stream closed by other end, to make it clear(er) who's at fault.
  • IMAP: Do async reporting in the NOOP command handler.
  • Handle ATOM dates in RSS 2.0 feeds.
  • Fixed Symantec scan engine error by not trying to send zero length chunks of data to be scanned.
  • Fixed crash processing Alt Body HTML.
  • Buffer data sent to the Symantec scan engine for better performance.
  • Fixed broken access to personal web pages via alias.
  • Fixed retrieval of encrypted S/MIME messages that haven't been decrypted on the way in.
  • Limit the amount of original message body (used for crash diagnostics) to 100MB, to avoid bogging the machine down.
  • Fixed SMTP crash.
  • Updated calendar invitation handling to better inter-operate with other calendaring systems, such as Google and Exchange.
  • Ignore mailto: in RCPT TO: addresses, as issued by Exchange.
  • The XSS sanitizer doesn't strip url() references to image files (.jpg, .jpeg, .gif and .png).
  • Replace newlines with spaces in the Location field to improve legibility.
  • When attaching a calendar event (instead of turning the message into the event), set the start date, duration, etc. (but not attendees).
  • The XSS sanitizing is now more surgical in what it removes.
  • XSS sanitizing can now be disabled/enabled in one of two ways. The first is via inetsvcs.cf:
        SET_DisableXSSSanitizing = 1
        The default value is 0.
  • The other way is via a new mail rules built in variable $DisableXSSSanitizing, which is read/write and can be set to 0 (zero) to enable sanitizing or 1 (one) to disable sanitizing.
  • FTP, HTTP, LDAP, POP3 and IMAP4 now support blacklisting IP addresses when they strike out due to too many bad logging attempts.
  • Bad password strike outs (including SMTP) are now controlled by the Abuse note level setting in Basic Internet Setup : UCE/Spam : Abuse.
  • Added a feature in the AddHandler document to return custom HTTP headers in the response to the HTTP client.
  • Syntax is Custom-Header: <contents of custom header>, defined in an <AddURLHandler> block, where <contents of custom header> are the complete header, which will be sent as is.
  • Implemented log log rollover on startup. Setting [Config] LogRollover = 1 in inetsvcs.cf will cause an existing InetSvcs.OLD (or fcisd.old) to be renamed xxxYYYYMMDD_HHMM.log before the .log file is renamed to .old.
  • Fixed a problem where the wrong value was used as the domain name for Android notifications when the service is started at the first push notification.
  • The Android push notification service is now enabled by default.
  • Fixed "Wrapping issue on inbound HTML message".
  • Fixed crash outputting very long text/calendar property.
  • Fixed crash accepting (or declining) a calendar invitation with an unexpectedly formatted ATTENDEE property (e.g. ATTENDEE:mailto:email@address.com).
  • Fixed another issue when there is an HTML part, no DESCRIPTION in the event and the event is not attached to a message.
  • Fixed problem where the multipart/alternative end boundary wasn't output, which causes Outlook 2007 (and possibly later versions) grief.
  • Fixed crash retrieving (via IMAP or POP3) a calendar event in the mailbox that has an HTML altbody message body instead of a plain text message body. Also fixed some related message generation issues.
  • Added some randomness to the IMAP CRAM-MD5 challenge string.
  • Fix for incorrectly interpreting 12:00 as midnight when processing the date in 24 hour format.
  • All 127.x.x.x addresses are loopback addresses, not just
  • When parsing text/calendar objects, don't set a 1 minute alarm when no alarm was set in the object.
  • Recognize the MIME type text/vCard in SMTP messages.
  • Fixed problems sending attached contacts that had message body.
  • Check for timezone changes once a minute.
  • Fixed some misparsing of text/calendar objects.
  • When parsing text/calendar objects, handle the X-ALT-DESC property (if it's HTML) if the DESCRIPTION property is missing.
  • When parsing text/calendar objects, handle the ATTACH property. Not yet implemented when the event is added as an attachment.
  • Output the site name and ID in the log file when starting up.
  • Set the IMAP show sent items per the form when applying config changes.
  • IMAP: Prevent crash processing parameters in parentheses when there is only an opening parenthesis.
  • Added support for Windows Phone and Android client push notifications.
  • All push notification services can be individually disabled via inetsvcs.cf settings in the [Config] section:
        SET_DisableApplePNS = 1
        SET_DisableBlackBerryPNS = 1
        SET_DisableWinPhonePNS = 1
        SET_DisableAndroidPNS = 1 (this is the default setting for this release)
  • The Google push notification API key and GCM Sender ID can be overridden in the inetsvcs.cf with these settings:
        GoogleAPIKey = "api key string"
        GoogleCMSenderID = "sender id string"
  • Fixed problems with some event cancellation messages not being sent, or incorrectly formatted.
  • Accept ATTENDEE values that start with http:// or https:// (as sent by Google calendar.)
  • Allow incoming messages with text/calendar parts to be turned into events if the METHOD parameter is missing.
  • Various improvements to outputting calendar events/tasks:
        - output task STATUS
        - output DURATION if no start date
        - output proper value for DTSTAMP
        - output COMPLETED date for tasks
        - output DUE date for tasks
        - output PRIORITY for events/tasks via CalDAV
        - don't output DTEND when there is no end date or duration
  • Fixed problem with some attendees receiving cancel event notifications instead of invitations.
  • Fixed problem with deleted attendees that required delivery retries.
  • Fixed problem where some calendar messages would be missing the event data.
  • Fixed issue where forwarded events would result in cancellation event notifications would be sent.
  • Fixed problem that caused all of a relayed message to end up in the smtp log.
  • Fixed problem where the $IsSpammer flag didn't work if set after the end of the headers.
  • Fixed typo when parsing header match enable webdav tokens (WevDAV_Basic).
  • Add a Date header if there is none in the message.
  • FTP: the RNFR (rename from) command now supports a path name, as per RFC 959.
  • Fixed issues in the IMAP APPEND handler that caused server crashes.
  • Improved fidelity when FETCHing APPENDed messages (IMAP).
  • Improved error/shutdown handling when handling inbound attachments.
  • Updated builtin OpenSSL library to 1.0.1h. Addresses security advisory CVE-2014-0224.
  • If the character set in an RFC 1522 encoded word is not recognized, leave the encoded word as is.

Contact Information


To purchase a FirstClass product or user licenses, please contact our Sales Department or your local FirstClass reseller.

Sales Support
To renew or purchase your M&S contract, contact your regional Sales Support center.

Customer Support
Site administrators should contact their regional customer support center, if technical assistance is required.