The Checkup page is being enhanced with additional information and will now be internal, requiring a system administrator login.

As mentioned in some of our previous emails, we currently have many security companies thoroughly dissecting SmarterMail. This page was flagged in some instances because it exposes server health and version information, which could potentially be used in an attack.

This is unfortunate, because this page was heavily used by our support team to quickly understand a customer’s environment before responding. It allowed us to provide more detailed first responses, especially when a customer had not yet provided a license key for lookup.

For most customers, this change will not be an issue, as they were typically viewing this page while being authenticated anyway.

However, for those who were using this page in conjunction with a monitoring service and performing web or text lookups to check server health, this will no longer be available. Ironically, this is the very scenario we are trying to block in order to satisfy these vulnerability scans.

For our own SmarterMail server monitoring, we use a third-party tools that check standard protocols such as IMAP, EAS, and HTTP, and performs simple command and login page checks etc.  

This is the direction we are moving forward, and we believe you will like the improvements we will be adding to the new Checkup page now that it will require authentication.