The main technological innovation of the release is the support for geoclusters — combining several geographically distributed clusters into a single system. As explained in "RuPost", thanks to this, organizations of any size will be able to build a unified mail infrastructure, and it will work as an integrated complex. In case of failure of individual sites, service continuity is maintained, as the load between regions is distributed in a balanced manner by separating users between the remaining sites, scaling occurs without interruption, and management remains centralized through a single panel and end-to-end monitoring.
To improve security, the developers have implemented support for Kerberos and OpenID Connect (OAuth 2.0) for the web client, which provides single sign-on (SSO). This eliminates unnecessary actions for users during authorization, and administrators get predictable access rights management and unified security contours.
With the new version of RuPost, it has become easier to administer mail policies and provide users with support services. It is possible to centrally manage auto-replies, create ready-made templates and assign expiration dates for them from the control panel. Corporate signatures are set as a group policy: unified auto-signatures with dynamic substitution of data from the address book (LDAP) are applied to selected categories of users.
The update added a flexible scheme for organizing and replicating storage: data is protected by "hot" and "cold" replicas, when integrating with storage systems using external synchronous replication, the system automatically switches to the current copy, and the administrator sets the start time for copying and selects synchronous or asynchronous mode.
Additional mechanisms have appeared to improve security and ease of use. Checking SPF records helps to identify sender spoofing, and requesting a read receipt helps to track the delivery and opening of emails. Quotas for mailboxes are now set with fractional values, LDAP domains support top-level names (TLD) and single-letter root mail domains, and the postscreen service can be disabled if filtering is performed by an external mail gateway.