if you have any questions: BlueMind community forum


changelog 4.4.7 => 4.4.8

  • Chore: don't run expunge verticle that often
  • [mapi] Fix: don't abort when deleting an the same id multiple times
  • [dav] BM-16400 Fix: send static response from in-jar files only
  • [mapi] BM-16865 Fix: when message body is not a text, force it as an attachment
  • [mapi] BM-16629 Fix: sendAs if full delegation

changelog 4.4.6 => 4.4.7

  • [mapi] BM-16615 Fix: sendmail, check sendOnBehalf acl
  • Imp: performance improvement in SQL upgrade of t_calendar_series
  • BM-16794 Fix: fix tag container lookup

changelog 4.4.5 => 4.4.6

  • BM-14507, BM-16837 Fix: user management roles consistency (user mbox indexing, external id, user check and repair, mobile devices)
  • BM-16808 Fix: bad value may corrupt whole calendar
  • BM-16853 Fix: missing member in AD/LDAP incremental mode import
  • BM-16832 Fix: parallel imports from CSV may cause duplicates
  • REFLEX-168 Fix: ICS import vtimezone match failure
  • [mapi] Fix: deduplication of hierarchy tables was wrong
  • [mapi] Fix: ensure children() does not return duplicate folders
  • [mapi] BM-16805 Fix: lock during autodiscover template rendering
  • [mapi] BM-16741 Chore: missing Pid properties
  • [mail-api] BM-16851 Fix: inconsistent subtree display when a user is renamed
  • BM-16776 Fix: ES path error in restore config
  • BM-16842 Fix: vacations messages when user does not have a display name
  • BM-16838 Fix: prevent duplicate reminders

changelog 4.4.4 => 4.4.5

  • BM-16819 Fix: exchange-migration-tool error getting store owner email
  • [core] BM-16825 Fix: more aggresive image subsampling
  • [mapi] BM-16828 Fix: unknown boolean properties when decoding tagged property values
  • Chore: cleanup expensive logs
  • BM-16824 Fix: upgrade security broken by URL change
  • [mapi] BM-16833 Fix: intercept percent char in folder names and map it to a unicode variant
  • [mapi] BM-16834 Fix: bm-cli mapi tree will now use pagination to fetch hierarchies with more than 4096 rows (or > 32KB)

changelog 4.4.3 => 4.4.4

  • Chore: URLConnection.guessMime may return null instead of octet-stream
  • [mapi] WORTEKS-213 Fix: prevent duplication/deletion when an item written on behalf of someone is modified
  • [mapi] BM-16815 Imp: mime type guessing when outlook does not provide it
  • Fix: subject decoding with utf8 null chars rejected by PG
  • Chore: add German translations
  • FEATWEBML-1491 [Composer] Fix: add a line break when replying or forwarding, focus editor when expanding previous message
  • CUMAY-48 Fix: send ehlo before auth
  • [migration] BM-16521 Feat: ex-migration-tool command line utility

changelog 4.4.2 => 4.4.3

  • SB-1194, FEATBL-1230, FEATBL-1306, FEATBL-1308 Feat: users can choose default calendar notification type in their settings
  • FEATBL-1290 Fix: common read/unread flags for shared mailbox
  • BM-16736 Fix: ghost calendar in users views
  • [es] WORTEKS-212 Fix: elastic search process crashes right after startup
  • BM-16786 Fix: eas folder sync, parent folder not found in hierarchy
  • BM-16799 Fix: sanitize default alias and implicit email
  • FEATBL-1154 Feat: German settings
  • Imp: HSM migration from BlueMind 3.5
  • BM-16781, IEQ-2401, TCSCIT-303 Fix: upgraders collection and execution strategy
  • BM-16769 Fix: hollow issue after massive user deletion
  • [mapi] DATAXP-162 Fix: sync message with null subject
  • BM-16711 Fix: draft save failure because of signature encoding
  • BM-16751 Imp: LDAP connection error management
  • BM-16773 [RHEL Packaging] Fix: webserver not restarted after bm-mail-app is installed

changelog 4.4.1 => 4.4.2

  • [settings] BM-16770 Fix: error in vacation sieve filter
  • Fix: update API clients
  • FACTORFX-441 Fix: upgrade failure
  • FEATWEBML-1479 Fix: nonexistent replaceAll in some browsers
  • [mapi|lmtp] FEATBL-1286 Feat: winmail.dat decoding is delegated to the mapi server and winmail.dat is retransformed to a fresh eml before delivery
  • BM-16714 Fix: could not save mail
  • FEATWEBML-1476 Fix: mail expedition failure and no draft saved
  • [directory] BM-16768 Fix: round robin placement of mailboxes when multiple imap servers are available
  • BM-16711 Fix: can't save mail draft because of signature
  • [mapi] Chore: speed up & simplify mapi contexts / sessions handling
  • [tbird] ACMS-363 Fix: thunderbird connector not ready
  • FACTORFX-442 Fix: error on invitation message
  • WORTEKS-204 Fix: AD import conflict
  • BM-16757 Fix: split domain and third-party routing issue
  • BM-16747 Feat: allow to force PG pool size using bm.ini dbpoolsize property
  • BM-16749, BM-16750, BM-16660 Fix: group administration issues
  • BM-16725 Fix: webmail double scroll
  • FEATWEBML-1177 Fix: bold on unread messages
  • COAX-676 Fix: can't access BlueMind webmail
  • BM-16748 Fix: can't login after upgrade
  • BM-16661 Fix: can't have dot chars in new email

changelog 4.4.0 => 4.4.1

  • [mapi] BM-16738 Fix: handle message confidentiality
  • BM-16709 Fix: google invite not handled properly on ICS external calendar
  • Fix: WriteStream end(AsyncResult<>) must always send a Result
  • BM-16733 Fix: TCP zombie connections
  • Chore: ensure caffeine is available with bm-cli as mapi plugin needs it
  • Fix: do not search for an empty or null prefix in hollow
  • [mail-api] BM-16727 Imp: timeout when moving a lot of messages between folders
  • BM-16734 Fix: can't send message to external user
  • [mapi] EORIS-121 Fix: cleanup of parts in /var/spool/bm-mail/bodies when converting outlook messages to eml
  • Imp: ex-migration-tool: use domain default alias when trying to construct an email
  • BM-16728 Fix: can't forward message with remote images
  • [cli] Chore: add -f, --force to bm-cli setup upgrade
  • FEATWEBML-1454 Imp: attachment text placement in preview

BlueMind 4.4.0

New features

New Beta webmail!

BlueMind is happy and proud to present its very own mail client, available for testing from version 4.4!

Entirely designed by our team, this webmail adapts to all supports (smartphone, tablet, PC, etc.) and all screens, big and small.

Counter proposal for meeting time/date

This new feature lets you respond to a meeting invitation with a counter proposal when the proposed time/date isn't convenient.

This feature is available for Outlook over MAPI, the web calendar and Thunderbird!

The web calendar

Every time you are asked to respond to a meeting invitation (yes/maybe/no), the interface has been modified to include the following responses: * maybe, but I'd prefer another time/date * no, but I'd prefer this time/date

In the list of invitations

In quick preview

Then, the timeslot selection window lets you propose a time/date:

Proposal via free-busy

The preview now includes a new marker showing that a proposal has been made:


When an invitee sends a new proposal, an email notification is sent to the organizer who has the option to accept the proposal (and notify all invitees) or decline it.

In mail

Proposals are summarized in quick preview:

Proposals shown in quick preview

The organizer can see and respond to proposals in edit meeting mode:

Proposals in edit meeting mode

In Outlook

The invitee and the organizer can use Outlook's classic workflow to send/accept/decline proposals:

Access to proposals

To select a new timeslot:


In Thunderbird

TODO Screenshot of organizer's accept buttons in mail?

Double-bottom trash

The double-bottom trash can is a feature that lets users recover deleted emails. It uses a buffer area and delay on the server side that keeps deleted emails for a set period of time. Emails deleted by users can therefore be retrieved either by users themselves in Outlook or by an administrator from the server without having to access backups. This feature will be rolled out in our new webmail soon.

Command line support for double-bottom trash

When an email is deleted, the Cyrus mail server doesn't delete the message immediately. The email is marked as deleted and isn't available anymore. IMAP clients can run the "expunge" command to delete messages immediately (e.g. "empty trash"). Also using "expunge", Cyrus can add a delay between the moment the user requests the "expunge" and the deletion is final.

The new bm-cli command uses the functionalities of the Cyrus "expunge" function and can be used to retrieve messages marked for deletion and expunged but whose deletion hasn't been made final.

Example: ```

> bm-cli mail unexpunge --days 1 --authn tom@devenv.blue partage@devenv.blue

Folder has 1 deleted message(s) Recovering messages less than 1 day(s)) old +-----+---------+---------+------------------------------+ | id | subject | preview | last-modification | +-----+---------+---------+------------------------------+ | 203 | Coucou | XMen | Thu Nov 19 15:22:34 GMT 2020 | +-----+---------+---------+------------------------------+ Checked 1 deleted item(s), will restore 1 item(s) ```

The bm-cli command is needed because the Cyrus "unexpunge" command that seemingly does the same thing doesn't return enough information for the replication protocol and breaks the link between Cyrus and BlueMind. This means that the Cyrus "unexpunge" command must never be used on its own because it will return incoherent restoration data (index, etc.).

The maximum delay between an "expunge" command and "unexpunge" recovery is configured in Cyrus /etc/cyrus.conf under the "delprune" command, parameter -X.

The default delay is 7 days.

Double-bottom trash on the Outlook/MAPI side

Video showing the feature

Default domain-wide time zone

A time zone can be added for a specific domain.

timezone by domain

Proxy support

In several scenarios such as external calendar queries, some installs require an http proxy server.

The proxy feature lets you configure an HTTP Proxy server in the admin console. External queries made by BlueMind use the proxy as appropriate.


Email submission ports must now use TLSv1.2 at least (ports TCP 465 and 587)

Modification of the display domain name

Since version 4.3 of BlueMind, to help administrators upgrade their domains, new domains are created with an automatically-generated unique identifier ("XXXXX.internal").

In version 4.3, the admin interface showed the first alias as the domain name and the internal identifier remained present in most windows.

The domain now has an identifier (.internal), one or several aliases, and one default alias -- this default alias can be changed in the admin console in the "Edit Domain" section.

Email address creation windows have been adapted and simplified to use the default alias.


Support of HTML replies

HTML content is now supported in automatic out-of-the-office replies.

You can now choose an HTML out-of-the-office message in addition to a text format message. This feature is available in Outlook only.

MAPI Test Suite

A test suite has been added to BlueMind for protocol purposes in order to improve our testing tools and provide an implementation that matches Microsoft's protocol even more closely.

Updated dependencies

- OpenJDK 8u282
- Chronograf
- Telegraf 1.17.0
- Kapacitor 1.5.7
- InfluxDB 1.8.3
- PostgreSQL 12.5
- ElasticSearch 6.8.12
- Guava 30
- Hazelcast 3.12.10
- HikariCP 3.4.5
- Kafka 2.7
- Netty-4.1.56
- PostgreSQL JDBC 42.2.18

TICK statistics

New dashboards have been added to the TICK admin console: * The "ElasticSearch" dashboard is used to monitor the use of ElasticSearch by querying the cluster's status and activity.

  • The "ElasticSearch Mailspool" dashboard is more specific to BlueMind mail and is used to diagnose balancing issues with the distribution of users in the indexes.

  • The "PostgreSQL" dashboard is used to monitor the status of the PostgreSQL cluster.


  • BM-16588: Support of categories imports during ICS calendar imports.


  • BM-13837: Improved performance during the retrieval of contacts in the Core. Uses ElasticSearch rather than the database.

  • Use of the Caffeine library, more powerful than Guava Cache, for all BlueMind internal caches.

  • Several changes designed to limit the use of String.format in the critical parts of the application.

  • BM-16501: Management of the Linux kernel parameters on bm-pimp start-up. net.ipv4.tcp_syncookies=0 net.ipv4.tcp_max_syn_backlog=10000 net.core.somaxconn=10000 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000 net.netfilter.nf_conntrack_generic_timeout=120 net.ipv4.netfilter.ip_conntrack_max=204800 These parameters should be adapted to large and small installs alike. Parameters can be surcharged by editing the configuration file /etc/sysctl.d/01-bm.conf

  • Optimization of the automatic clean-up of orphan messages. BlueMind keeps a reference of each email in a "t_message_body" table. This table must be cleaned when no message references the original message (Messages are deduplicated).

    The new procedure calculates the messages to be deleted as soon as they are deleted from the t_mailbox_record table to save time on the regular purge process, thus reducing database server load.

  • The communication between java bm-metrics-agent and BlueMind applications no longer use the network layer which saves resources in this critical component.

  • Reduces the amount of "ping" requests from web applications by limiting transmission to one per browser as opposed to one per tab previously. The transmission interval has been doubled to ~240s.

Update tool

  • Improved SQL updates log messages

Admin Console

  • BM-15981: "mailshare" accounts can now be repaired.
  • The "Monitoring Console" page now shows TICK alerts. Monitoring Console

Migration from BlueMind 3.5

  • BM-16646: Upgraded script for "HSM" archived messages to BlueMind 4:

    • lets you migrate multiple users simultaneously
    • lets you prioritize one or several groups of users to migrate first

    Example of use: ``` Spawning 32 workers, migrating 32 users simultaneously: ./bm-hsm35-migrate-4.sh -w 32

    Users in the group "vip" will be handled first. -g can be specified multiple times. ./bm-hsm35-migrate-4.sh -g vip ```

  • Improved migration speed thanks to the TRUNCATE command instead of DELETE when copying the unique schema to the separate data schema.

  • In the case of migrations involving pre-replication, the pre-replication data is cleaned from the "directory" (bj) database (t_message_body).

  • BM-16429: Corrects an issue when address book ids are too long. (org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 1: id is too long, must be no longer than 512 bytes but was: 517)


Adds support for Java products from the "Sentry" error reporting system. Upgraded error reporting -- those containing stacktraces are sent to the Sentry error reporting system.

The Sentry reporting system can be enabled using the command:



bm-cli sysconf set -v https://[dsnsentry] sentry_endpoint


bm-cli sysconf set -v "" sentry_endpoint ```

Sentry is disabled by default.


  • FEATBL-1220: Adds a bm-cli server tag / untag / add command which enables adding servers automatically and server tagging actions (e.g. mail/imap).

  • FEATBL-857: The bm-cli index info command no longer counts deleted messages.

  • BM-16581: Adds a bm-cli main reindexpending command that reindexes the "mailspool_pending" index.

  • Replaces the airlift library by the picocli library. This library upgrades the bm-cli tool, in particular --help support.

    For example: ``` bm-cli mail --help

    The old method still works

    bm-cli help main ```

  • Color schemas have been improved and all error messages are now sent to the standard error stream.

  • Command progress information is now always sent to the standard error stream (stderr). As a result of this change, json data is generated directly for the commands concerned, e.g.: bm-cli user get test.lan | jq

  • FEATBL-854: Adds the possibility to import/export messages from Cyrus archives.

  • FEATBL-1203: The bm-cli contact import command now handles VDF imports from domain address books as well as the reset function.

  • The bm-cli contact reset command now also resets domain address books.

  • BM-16497: Adds the possibility to sent the admin0 password on installation. E.g.: bm-cli setup install --admin0-pass SuperSecurePassword [...]


  • FEATBL-1228: Improved ElasticSearch storage. Reduces the amount of data saved in ElasticSearch -- some fields were unnecessarily stored multiple times. To benefit from reduced data storage, reindexing is required.

  • Upgrade of the "mailspool_pending" schema whereby you can choose not to index documents from mailspool_pending. For example, with 339,315 documents, the space used goes down from 741MB to 267MB while reducing the CPU load needed.

  • The ElasticSearch cluster status can switch to "red" when disk space is running out. When disk space is added, the cluster now automatically switches to "green", thanks to a Kapacitor alert.

    Alerts are lifted when disk space reaches the levels configured by default in Elasticsearch.


  • BM-16386: Automatic out-of-the-office messages are no longer sent if the recipient is noreply@xxx or no-reply@xxx.

  • BM-16624: Very rarely in new installs, an error "cont hierarchy 'container_flat_hierarchy_XXXX_at_XXXX.internal' is missing" may occur due to the hidden shared mailbox creation used to monitor the Cyrus replication being run too early.

  • BM-16648: "Hoster" subscription usage reports are now sent every 7 days instead of 14.

  • BM-16633: More robust calendar, address books, etc. repairs. In some cases, related containers that were not found would hinder repairs. Missing containers are now ignored and the repair can continue.

  • BM-16488: Adds a configuration variable that embeds BlueMind in an IFrame for a domain other than the BlueMind server.

    This feature disables "CSRF" security rules and is therefore not included in the admin console. To enable this, you have to use the command line:

    bm-cli sysconf set -v [true|false] allow_bm_embed

  • BM-16363: Corrects an issue with domain deletions if organizational units are present on said domain.

  • BM-16592: Corrects an issue with the interpretation of attachments with a specific content type "Content-Type: =?windows-1252?q?application/pdf;" BlueMind now recognizes this Content-Type.

  • BM-16551: Adds users' "Display Name" in the "from" field for automatic replies generated by BlueMind. Previously, only the email address was sent.

  • BM-16586: Prevents the creation of external users with an existing BlueMind address.

  • Enhanced display for calendar changes sent by email. The origin of changes are now displayed instead of "internal-system".


  • Cyrus: Adds debug symbols for RedHat platforms (CentOS/RHEL).

  • FEATBL-1160: Adds a German translation for the webmail application.

  • Debug: Adds the possibility to save traffic received by bm-milter by creating the file /etc/bm/milter.record.

LDAP/Active Directory import

  • BM-16454: Adds the "formatedName" attribute management in Active Directory or LDAP import when available.

  • BM-16123: Improved query results on paged address books.


  • BM-16603: PostgreSQL: Moves automatic bm-pimp settings parameters to the file /etc/postgresql/[version]/main/postgresql.conf.pimp.

    This change lets you surcharge the parameters automatically managed by bm-pimp in the local configuration file: /etc/postgresql/[version]/main/postgresql.conf.local.

  • BlueMind packages no longer require systemd to be running during the installation of the package. Systemd is always required for BlueMind to work.

    This change lets you install BlueMind packages in a podman container.


  • BM-16626: "ByteArray" data wasn't properly encoded and caused a serialization error.

  • FEATBL-1197: Adds a defaultAlias field on the Domain object. Adds the setDefaultAlias method on the public IDomains API.

Next-gen email and collaboration

for any questions, please contact us!

+33 (0) 5 81 91 55 60