Jobs (DE)Terms of UsePrivacy PolicyImprint

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

End of beta test

The beta test for release 7.1 ends with this update. After the installation the system will have release 7.1-1.0 installed. Thank you for participating in the beta test and thank you for the valuable feedback we received.
Please note that the new features web client, S/MIME gateway and ActiveSync/CalDAV/CardDAV for the Groupware are subject to a fee, starting with this release. These components will stop working if no suitable license key has been installed yet.

Update of the Linux kernel

The new kernel improves the bugfix from the previous update. It also fixes the LED driver used on the "Eco server" hardware platform. The system stalled when restarting apps.

The "Read-only" option for VNC webclient connections was ignored

SNAT for webclient connections

Internally, the web client uses an IP address of its own. In previous releases this IP was masqueraded only when connecting with servers in the Internet. Now this IP is always masqueraded, so it is no longer visible.

Incorrect routing for IPsec tunnels with SNAT

In some situations it is necessary to SNAT the local sender address when forwarding connections into a certain IPsec tunnel. In these situations, manually configured routes had precedence, so that connections actually destined for IPsec might have been routed incorrectly.

No connection to mailservers possible that support encrypted connections with ECDSA only

Avira, F-Secure and Kaspersky antivirus engines

IDS/IPS signatures for systems without maintenance contract

URL filter database

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel

By sending specific TCP pakets, an attacker could have crashed the system or caused high system load.

Selectable sender addresses in the groupware

In the user administration a primary email address can be configured for each user. The groupware still uses this address as default sender address. Now alternative sender adresses may be available from which a user can choose while composing a new mail. Addresses will be offered which are directly associated with a user according to the current domain and user configuration.

Homepage docklet "Updates"

The new docklet checks if new system or app updates are available.

Background image and dark colour theme

The new dark theme is the default. You can disable it via the tools menu in the upper right corner.

Redesigned license menu

You can now view and change all kinds of license keys in this menu (base system, virusscanners, URL filter, apps).

Mail statistics and S/MIME gateway

The mail statistics counted most emails twice if the S/MIME gateway is enabled.

In 7.1-0.5 the LDAP user synchronisation via SSL didn't work on some systems

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel and CPU microcodes

The update contains mitigations against the Intel CPU security vulnerabilities subsumed under the term "Microarchitectural Data Sampling" (MDS). To exploit the vulnerability, an attacker would have to execute own malicious code on the system.
On virtual hosts, the vulnerability allows guest systems to access data of the host or of other guests. Please make sure that actions have been taken on the host to protect itself and its guests.
The system is fully protected only if Hyperthreading is disabled, but this has a significant impact on performance. We don't think this is really necessary, as normally only code from trusted source is executed on the system. Feel free to disable Hyperthreading in the BIOS yourself.

Macro detection for email attachment filter

The attachment filter can now quarantine attachments that contain an office document with a macro. The filter can distinguish between autoexec macros and macros in general. If the attachment filter is already enabled, this new feature will be enabled by the update automatically.
It still makes sense to quarantine office documents based on the filename, if the filename extension already indicates that the file contains a macro (docm, dotm, pptm, potm, xlsm, xltm). But those who filter the "classic" filename extensions by name (doc, ppt, xls) might consider to rely on the new feature instead, as it quarantines those documents only if they contain a macro.

Extended functionality of DNS IP objects

In addition to hostnames, you are now also able to resolve service (SRV), mail exchanger (MX) and name server records (NS) in IP objects.
The periodical update of DNS IP objects has been replaced by dynamic intervals based on the records' individual time-to-live (TTL), i.e. the period the IP may be cached.
The IP addresses associated with a hostname may change every few seconds when DNS-based loadbalancers come into play. But the same addresses re-occur when viewed over a longer period of time. With a new option you can keep old addresses for a while in order to reduce the number of configuration changes.

In 7.1-0.4 the reverse proxy, web proxy and web server statistics were not updated

Numerous software packages

Minor bugfixes and improvements


In version 7.1-0.3 it was not possible to create or restore backups.

Minor bugfixes and improvements

F-Secure malfunction

On the afternoon of 2019-04-10 the F-Secure antivirus scanner stopped working due to missing access permissions to a new library file which was installed as part of the signature updates.

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel

The new kernel includes a few less critical security bugfixes.

Two-factor authentication for access to administration interface

To better secure the administration interface, one-time-passwords (OTPs) may be enabled. There are separate settings for direct access and for access via reverse proxy. If OTPs are mandatory, users without OTP can no longer login. If "optional" an OPT is only required for accounts with enabled OTPs.

S/MIME gateway extensions

While verifying signed emails, a certificate revocation list (CRL) lookup can be enabled now.
If authentication is not possible when signing outbound emails, the "From" header has to be trusted. Previously there was just a checkbox, which turned all local IPs into trusted senders. Now there's a dedicates address list.
Please check the list after the update: It should either be empty or contain only IPs of internal mailservers which authenticate its clients and enforce correct "From" headers. The list should not contain whole networks, in particular not IP group "INTRANET".

S/MIME gateway signatures in Outlook

Microsoft Outlook reported an invalid signature for multipart mails.

Better groupware integration

The mail server now automatically processes mails from the groupware like internal mails, i.e. relayint into the Internet is allowed and now anti-SPAM measures will apply. If internal clients have to authenticate themselves for sending mails, SMTP authentication will be turned on in the groupware automatically. Finally the S/MIME gateway now trusts the "From" headers of the groupware, so "Send as" will work now.
If you have added the groupware IP or network to the list of local IPs in the mailserver administration after installing the groupware, you can now revert this change.

Update of the IPsec server

The new release fixes problems with IKEv2 re-keying.

Option to disable WLAN IP isolation

Minor bugfixes and improvements

Improved protection of container runtime environment

Apps will be running in a sandbox environment and without using privileged processes now.
As an exception all installed apps will be removed during the update in order to make the necessary changes. You will have to re-install the apps after the update. Of course all application data will be preserved.

S/MIME gateway tags signed mails sent "on behalf of"

Many mail clients don't mark emails sent on behalf of someone else. This will mislead the recipient into thinking, the mail was signed by the person on whose behalf the mail was sent and not the person who actually sent the mail. To prevent fraud, the email address of the actual sender will be added to the subject now: [SENT BY <...@...>].

Conversion of opaque signed mails by S/MIME gateway

Many mail clients don't support opaque signed mails, so these mails will be displayed either incorrect or not at all. If the S/MIME gateway encounters an opaque signed mail after decryption, it will automatically convert it into a "conventional" detached signed mail.

Email synchronisation between cluster nodes

The contents of the mail folders on clusters with local mail domains will now be synchronized.

User synchronization from ActiveDirectory

In release 7.0-4.7 and 7.1-0.0 the synchronisation fails on most sites.

F-Secure Antivirus

Since 2019-02-05 the scanner erroneously reports "Scanner test failed" and "F-Secure Linux Security out of function". The scanner is tested by scanning an EICAR test file. The test fails as the scanner output format has changed.
Despite of the messages the scanner works as expected.

Minor bugfixes and improvements


DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.


Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 15 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany