Back to Community Threads
Build 9560 (Mar 5, 2026)
Question asked by kevind - 3/5/2026 at 7:27 PM
Unanswered
Share your experience with this new build.
Lots of fixes and a few security patches: Release Notes
J
J. LaDow Replied
3/5/2026 at 7:41 PM
FWIW - notes like this:

Security: Fixed a few obscure authentication bypass, privilege escalation, denial of service, and path traversal issues we found during our security audit.

These "fixes" being passed off as "obscure".

There's nothing about those vulnerability types that should ever be considered obscure. 

It really makes me wonder just how much of a ticking time bomb this experiment really is...
MailEnable survivor / convert --
Sébastien Riccio Replied
3/5/2026 at 8:57 PM
Security fixes... let's then upgrade right away... Crossing fingers that no new obscure issues appears.
Sébastien Riccio System & Network Admin https://swisscenter.com
Sabatino Replied
3/6/2026 at 2:02 AM
Yes, guys.
But here we're talking about escalation problems from IPs that have been whitelisted by Auth.

Honestly, if we whitelist an IP, it means we completely trust that IP. Otherwise, it would be exposing ourselves...
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Sabatino Replied
3/6/2026 at 2:08 AM
What I didn't understand was this:

Fixed: "From address must match authenticated address" when sending IP in auth bypass.

But if ip auth bypass is enabled, the authenticated address doesn't exist.
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
rick Replied
3/6/2026 at 5:42 AM
Can we make a separate thread called Whiners & Complainers and keep all the annoying posts in there? SMH
D
Dave Replied
3/6/2026 at 9:01 AM
Fixed: "From address must match authenticated address" when sending IP in auth bypass.

But if ip auth bypass is enabled, the authenticated address doesn't exist.
Yes and no. Without knowing what was actually fixed we can only guess. But I do have a few whitelisted IPs for offices that have copiers that are probably old enough to vote that still do scan to email but have no idea on how to authenticate. BUT, the PCs in the office and other equipment does and they do.

Edge case but I could see things like that.
Stefano Replied
3/6/2026 at 9:35 AM
Is there anyone brave enough to have installed this latest version? 😉
D
Dave Replied
3/6/2026 at 9:39 AM
Is there anyone brave enough to have installed this latest version? 😉

Did last night on 6 servers. No calls as of yet.
Daniele (TDBnet) Replied
3/6/2026 at 11:02 AM
All right here for 5 hours...
Upgraded from 9526.

Daniele
J
Jay Dubb Replied
3/6/2026 at 3:13 PM
8 hours, no calls.
 
B
Bruce Replied
3/7/2026 at 1:53 AM
24 hours, no issues reported so far.
Installed 6 hours ago, no issue so far
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
bong.sapasap Replied
3/7/2026 at 8:54 AM
I've installed it

webmail interface initially loaded
but the moment I logged in
It hangs
CPU and Memory spiked to 100%
J
J. LaDow Replied
3/7/2026 at 9:25 AM
@bong 

Was the version upgraded from relatively old?

Is the system still converting or re-indexing accounts?

Possibly try deleting all cookies and stored data from the browser cache and try again incase "local storage" is corrupted?

Anything in the log files? (Administrative / General Errors)
MailEnable survivor / convert --
bong.sapasap Replied
3/7/2026 at 10:18 AM
I've stopped the Smartermail Services and renamed the Archived directory
Restart the service and the Server was normail again.
Hence, the spike is caused by the Archiving process
Michael Replied
3/7/2026 at 12:50 PM
We had same issue CPU and Memory spiked to nearly 100% and SmarterMail service crashed.
We came up with the idea to delete the cookie for webmail that we had on the machine connecting to the admin. After deleting the cookie (without logging back in) the admin site appeared immediately. Memory and CPU went back to normal. Odd. 
echoDreamz Replied
3/8/2026 at 3:40 PM

We applied the update the evening of the 5th. Around 4:00 AM Mountain time this morning (8th), the SM service became unresponsive. The process was still running, but it was refusing connections (timing out). CPU usage was at 0%, memory usage appeared stuck, and the thread count was not changing, indicating the service had stalled.

When the service was stopped, it took nearly three minutes to shut down. During the shutdown, CPU usage spiked and memory usage increased significantly for about 30 seconds. Monitoring then returned to normal and the SM process terminated cleanly.

After restarting the service, it has been operating normally since. Very weird, havent had that happen in quite a long time.
Brian Replied
3/8/2026 at 7:40 PM
Missing all emails from AquaMail EWS (except one acccount shows a handful of emails from a bank with a daily balance). I personally have about 15 email accounts on various domains. They all seem to work fine using eM Client EWS and Outlook MAPI... but all of them on AquaMail via EWS show no messages (except the one account showing a few).
J
J. LaDow Replied
3/8/2026 at 9:01 PM
24 hours - no tickets - 

Features in use:
IMAP / SMTP / XMPP / Webmail

~100 domains / ~400 users
MailEnable survivor / convert --
D
Dave Replied
3/9/2026 at 6:10 AM
I take back what I said above. I just started to get some issues in this morning. Opened a ticket but am seeing a lot of these until that IP gets blocked. Once I unblock the IP all is good again.

[2026.03.07] 02:41:01.190 [x.x.x.x] IMAP NtlmAuthenticate Login failed: Authenticate parse failed for <user@domain.com>.
[2026.03.07] 02:41:01.202 [x.x.x.x] IMAP Attempting to login user: user@domain.com
[2026.03.07] 02:41:01.202 [x.x.x.x] IMAP Login failed: Incorrect password for user [user@domain.com]
[2026.03.07] 02:42:16.362 [x.x.x.x] IMAP NtlmAuthenticate True IDS counting for NTLM failures over IMAP at this IP is throttled.
[2026.03.07] 15:36:18.093 [x.x.x.x] Login failed: Token has expired.
[2026.03.07] 15:37:12.551 [x.x.x.x] Login failed: Token has expired.
JerseyConnect Team Replied
3/9/2026 at 12:35 PM
A bit concerning to see several reports of CPU and memory issues with the SM service getting hung.
Sébastien Riccio Replied
3/9/2026 at 12:45 PM
Build up since a few days here, no support tickets or strange things detected for now. I feel lucky for once :)
Sébastien Riccio System & Network Admin https://swisscenter.com
D
Dave Replied
3/9/2026 at 3:30 PM
And....I just had the hanging issue.
Richard Laliberte Replied
3/9/2026 at 8:22 PM
So basically, wait to update lol
Nathan McKAy Replied
3/10/2026 at 12:06 AM
Encountered RAM ballooning issue in under a hour after update. Memory Demand exceeded assigned ram by 8+ GB. Issue persisted after service restart, machine restart, and another service restart. Ended up reverting to prior version with the IMAP fixes.

FYI, THE UPDATE IS BELIEVES ITS NON-REVERSABLE, be aware of the archived service setting trick if you want to try it, so you can revert if needed.

@Smartertools -- It would be appreciated to have that in notes, that if I update and decide to downgrade, its inadvisable. 
No issues so far. Memory is not ballooning at all.
J
J. LaDow Replied
3/10/2026 at 10:19 AM
We're seeing these now too:
 Login failed: Token has expired.
	Brute force attempts increased to 2 of 5 in 4320 minutes.
	Next clean available at 3/10/2026 10:03:44 AM
An expired token shouldn't be triggering IDS counts - failed logins should be - and there's no corresponding failed login with this entry. Additionally, this becomes a REAL issue when there are multiple users on a shared IP.
MailEnable survivor / convert --
Where?
J
J. LaDow Replied
3/10/2026 at 1:21 PM
Administrative log -- looks like it's from webmail interface --
MailEnable survivor / convert --
D
Dave Replied
3/10/2026 at 1:22 PM
Check the admin logs.
Not seeing anything that is related to tokens at all
D
Dave Replied
3/10/2026 at 1:28 PM
Do you have people using Outlook & IMAP?
All of them. All of the users are on MAPI. Not a single one on IMAP/webmail.
t
terry fairbrother Replied
3/11/2026 at 2:37 AM
I use IMAP at home and been getting a lot of lockouts, but this morning I'm bombarded with password requests from mapi users on a different server 
Scarab Replied
3/11/2026 at 8:22 AM
We had the 100% CPU & Memory Usage after upgrading from Build 9546 as well. Server could no longer be managed remotely as CPU0 was too busy to respond to RDP, PowerShell, SC, NET, Taskkill, PsService, PsExec, etc. (Lesson learned to set Smartermail.exe affinity to CPU1+ and not allow it access to CPU0 at all if running on bare metal without an iDRAC and can't easily be recovered like a VM or VPS.). Had to drive out to location at 3AM and reboot server in Safe Mode, disable the SmarterMail service, reboot, uninstall Build 9560 and reinstall Build 9546 as renaming \SmarterMail\Service\Settings\Archived_Data and restarting the service didn't remedy the problem for us as it did others.

I'm going to skip this version entirely and wait till the next version has been fully tested by others before upgrading again during Monthly Scheduled Maintenance.
JerseyConnect Team Replied
3/17/2026 at 12:15 PM
Is there anyone with a stable install on 9560 or has everyone had to downgrade eventually?
Running very stable here with all users on MAPI/EWS.
Michael Wallace Replied
3/17/2026 at 12:45 PM
Running stable here as well with Build 9560. Using Linux. Most users are on MAPI/EWS with a few using IMAP. CPU and Memory are all running normal.
I have 9560  for days, no issue...
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
J
Jay Dubb Replied
3/17/2026 at 2:32 PM
Still fine on 9560.  We've noticed slightly higher CPU utilization after updating (trend data shows approx 3-5% increase from prior builds) but nothing that causes us any concern.
 
J
J. LaDow Replied
3/17/2026 at 3:51 PM
We've been on since earlier post with no issues other than the IDS complaints we already have.
MailEnable survivor / convert --
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
SmarterTools Licensing InformationGeneral Topics
Email Migration Options to SmarterMail from an External MTA.SmarterMail > Installation and Configuration
SmarterMail, LDAP, and Active DirectorySmarterMail > Server Configuration and Management
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management