Igaware Version 13.3.1 released #Igaware #linuxsbs

New in Version 13.3.1 [ Jun 28 2017] ========================================

* New Features and Improvements *

  • Installed a new version of Sophos AV software
  • Updated the OpenSSL libraries
  • Modified the Rsync backup server config’ To allow multiple entries
  • Security hardened the Mail Server to only allow high strength ciphers
  • Web activity report search function has been re-written. Can now use | to separate multiple websites and * for a wildcard
  • New Anti-Spam rule added (IGA_RDNS_SPFERR). Triggers on both no RDNS and an SPF error

* Fixes *

  • Fixed a bug with the Desktop vacation message. It didn’t work properly for non ADS accounts
  • Added the secure flag for HTTP cookies ( for PCI compliance)
  • Completely re-written the hardware sensors health monitoring. Using IMPI and legacy sensors data. The CPU temps and FAN speed will now be as accurate as possible. Tailored for each unique hardware platform.
Posted in Linux Small Business Server, System Updates | Leave a comment

Cloud Computing – A Reality Check

Cloud Computing is where your data and applications are on a server that is in remote building and you access it over the Internet.

There are 2 cloud options:

Rented: Where you rent space and applications on someone else’s server.

Hosted: Where you have your own server hosted in someone else’s building.

Is it really practical?

If you don’t have an office, and all your staff work remotely then the fact is you have no-where to put a server.  You therefore have two options:

  • Buy a server and host it at someone else’s premises
  • Rent IT services running on some else’s server.

If you have an office, and most of your staff access your data from within the office it makes sense to hold your data locally for speed of access and security.

Pros of an On-Premise Server are:

  • Access to server by office staff even when broadband fails.
  • Fastest possible access speed to data and email
  • Data is secure. You know where your data is and you hold a physical backup.
  • If there’s an issue with your IT supplier; financial, contractual or whatever, your data is under your control.

Cons of an On-Premise Server:

  • Remote users can’t access data if office broadband fails.
  • Slow/congested broadband can make remote access to data slow.

Pros of the Cloud

  • Remote users can access data and email if office broadband fails.

Cons of a Rented Cloud

  • If broadband fails, office staff can’t access data.
  • Access speed is limited by local broadband connection.
  • Latency is an unavoidable issue accessing data over the Internet.
  • Internet usage is increased which can mean higher broadband costs or loss of service if ‘fair usage policy’ breached.
  • Users tend to store data on their local devices to negate latency and speed issues.
  • Increased cost of broadband to upgrade link to resolve slow connectivity (may not be available)
  • If hosted server fails you have no access to physical systems to resolve issues.
  • There is no option to backup locally and encrypt data.
  • Deleted files, emails cannot be easily retrieved from previous backups.
  • If service fails then downtime could be several hours as most cloud outages are serious.
  • Increasing costs as your data volume grows.
  • Migration is difficult and costly as all your email and data (hundreds of Gigabytes potentially) need to be transferred over the Internet. This normally take weeks and few organisations who are office based do this for this reason alone.
  • Your data isn’t held physically separate from other companies whose security policies could put your data at risk.

Pros and Cons of a hosted server are similar to the rented cloud only you can have the server hosted where you can get to it, you know where your data is and you can easily get a physical backup into your hands. It is also more secure as it isn’t on a hard disk shared with other companies.

The Cloud is rarely used for data because on-premise is more secure and makes data access and management easier.

Companies who have used exchange server for email, and are faced with high capital cost to upgrade email services on-site, often choose to use email in the cloud as this can be more cost effective for them. That said, managing exchange in the cloud has the same overhead to maintain security and administer as an on-premise server.

Support is another consideration. Cloud vendors provide support via a ticket system. You will no-longer be able to talk directly to someone who can immediately access you systems, diagnose and fix the issue.

What about Hybrid Cloud

To provide data access to remote staff if the office broadband fails, there is the option to synchronise data with a cloud storage provider. This is what’s known as a hybrid solution.

A hybrid solution would keep your data secure on your own local server giving fast access for local users, but also provide access to remote users to data if your Internet fails. Any changes on files remotely are synced back to the server. This is what’s known as a hybrid solution. This solution does provide access to data if office broadband is unreliable, but it isn’t as secure as holding data on-premise only.

Cloud providers frequently get hacked.

http://www.telegraph.co.uk/technology/2016/08/31/dropbox-hackers-stole-70-million-passwords-and-email-addresses/

Conclusion

On-premise remains the most secure and practical solution for office based businesses, and using Igaware remains more cost effective than the cloud as all services and support are fully inclusive with no hidden extras.

Even with data moved off-site, if you still have a central office you will still require network security; firewalling, and web filtering, are included as part of the Igaware solution and these would still be required to protect your local network.

If remote connectivity is an issue then that is where attention should be focused. Users may not be setup correctly to access data. SSL VPN is a far more robust and secure method to access files rather than PPTP, which users may still be using. Or users can use webaccess to files on the server via https which is easily done by logging onto the Kopano Webapp or Deskapp.

If broadband is seems unreliable then get your network tested. Maybe there’s an issue with a network switch, a wireless access point, a router, or indeed the broadband itself. Maybe a second Internet connection should be considered so you can take advantage of the Igaware’s ability to failover to another connection if one fails. And with a second Internet connection, data load can be balanced across the two connections with one being reserved for remote users, and the other for local users.

Unless the cloud enables you to do something that you can’t do in your own office, then avoid it. It is unlikely to solve any issues, but is sure to give you lots of new ones.

Office 365 – Known Issues:

https://kb.wisc.edu/page.php?id=33784

Almost three quarters (71.4 per cent) of corporate Office 365 users have at least one compromised account each month.

https://telecomreseller.com/2017/01/17/son-of-a-beach-an-office-365-account-breach/

Igaware Cloud Options

 Where the cloud is the right solution .i.e. most staff work remotely, we can provide:

Hybrid Solution
Data can be synchronised to OwnCloud. Owncloud is compatible with Kopano  Groupware making files easily accessible via the web or deskapp, or via OwnCloud app on smart phones, tablets and desktop computers.

Hosted
Your Igaware Server can be hosted in our secure data centre.

Posted in Cloud, Linux Small Business Server | Leave a comment

Don’t get held to ransom – keep your data safe and secure #igaware #utm

There are many threats to your business and personal data, and the first step to keeping important data safe and secure is to be aware of what the threats are and what steps you can take to protect your data. This blog article considers the main threats and how to protect against them.

Malware: This term is applied to software programs that have been designed to damage or do other unwanted actions on a computer system.There are different types of malware:

  • Viruses
    A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software.
  • Worms
    Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.
  • Trojan Horses
    A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.
  • Spyware
    Spyware can gather data from a user’s system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.
  • Ransomware
    Ransomware is an advanced type of malware that encrypts your data files until you pay a ransom fee.  This fee can be a few hundred pounds to several thousand.

How to protect against malware

  • Update your software
    Malware generally exploits weaknesses in the code of your computer’s operating system or that of programs running on your computer so it is VERY important that you ensure you have the latest software updates installed on all the computers used to access your data. This may of course include personal computers used by staff from home which is why staff should be made aware of their responsibilities in keeping your data safe.
  • Install a UTM (Universal Threat Management) on your network and Anti-Malware on your computers
    There are many holes and vulnerabilities in software that remain unplugged, so preventing them reaching computers and devices on your network using a UTM is VERY important.  A UTM is a ‘supercharged’ firewall that not only protects against unauthorised access to your network from the Internet, but also filters out malware from emails and prevents malware being downloaded from the Internet.A UTM will also allow you to prevent staff from downloading executable files and installing them. Executable files can do literally anything on a computer, so having control on what people download and install is VERY important.

Phishing Emails
Phishing emails encourage you to visit the bogus websites. They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.

Scams

  • USB Scam
    This is a simple and effective scam whereby a USB drive is dropped in an office car park and when someone finds it they connect it to their computer to see what’s on it. kaboom – they infect their company network. It’s a good idea to disable USB ports on PCs.
  • IT Support
    Someone phones you saying they are from IT support and they need to make an update to your computer. They ask for your Teamviewer user name and password and then access your data and email, maybe emptying the company bank account while they’re on. Staff should never be told what teamviewer credentials are and certainly shouldn’t give them to anyone who phones up.

Password Hacks
One of the easiest ways to have your systems compromised is to use a weak password. A typical weak password would be a name with the first letter as a capital followed by a number. These types of passwords can be cracked in seconds (using software).

Hackers have successfully obtained databases of millions of passwords that people have used by hacking corporate servers, be they Sony, Linked-in, Tesco Bank….Dropbox lost 68 million passwords! By using these known passwords, chances are they’ll crack yours unless you have got a VERY strong password.

A STRONG password:

  • Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
  • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
  • Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
  • Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

And if one of your accounts somewhere gets hacked, ensure you change the password wherever it is used elsewhere. Obviously you should use different passwords for all your accounts (I bet you don’t, and so do the hackers).

System Hacks

Remote systems that have been compromised by malware can access your systems through open ports (doors) to get to your computers. You may need some of these ports open, such as port 25 to receive email but others perhaps should not be open. Every port left open is an opportunity for your systems to be penetrated. Ensure you have a good quality firewall, that you have it continuously updated and get it tested on a regular basis.

You should also close outgoing ports that computers on your network can use. If a laptop comes into your office that has been infected with malware, you don’t want it sending out thousands of spam emails through your office broadband connection. If this happens you will likely be blacklisted by email servers around the globe and prevented from sending email for quite sometime. Closing outgoing email ports will prevent this. Firewalls should control not only what comes in, but also what goes out.

What else should I do?

Backup your data
As well as the horrors lurking on the Internet there are some fairly simple risks closer to home such as theft, physical system failure or maybe a fire. Ensure you have your data backed up, ideally to an external hard drive that can be taken off-site.

You may also wish to consider an offsite backup solution providing your data is going somewhere VERY secure. And if your data is in the cloud, make sure you have a local copy of your data just in case you fall out with your cloud provider, or their systems get compromised.

Encrypt your data
If your are working on MOD contracts you may need to ensure your data is held on an encrypted file server, and backups of that data are encrypted.

Use secure software
Microsoft software is the main target for malware and hackers. And what compounds the security vulnerabilities in Microsoft is their approach to security – Security Through Obscurity.

Security Through Obscurity is the idea that by hiding your software code no-one can find holes in it. It’s akin to burying your money under a tree. The only thing that makes it safe is no one knows it’s there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you. Open source software such as Linux uses the principle that the code is visible to all making it easier to identify and plug security vulnerabilities faster.

Where possible avoid using Microsoft web browsers and email programs such as Outlook. It may mean you need to learn to use a different email client but security should be your priority.

This is especially pertinent following the actions of the NSA in the USA. The NSA documented vulnerabilities in Microsoft software through which they could access systems for the purposes of surveillance.  Unfortunately the vulnerabilities are now known to the hacking community following the leak of over 8000 documents via Wikileaks (https://wikileaks.org/ciav7p1/). The recent Wannacry Ransomware used exploits leaked from the NSA.

Take care using Out of Office
If you use out of office, just let people know that you are unavailable and give them an alternative contact. Try and avoid telling potential thieves you are on holiday for the next two weeks! Be aware that information in your message could be used to scam third parties….’As you know Bob, Jane is away in Greece for the next couple of weeks and she has asked me to update your computer. Can I have your teamviewer password?’

The rule of thumb is: if you wouldn’t tell a room full of strangers don’t put it in your out-office-reply.

Finally, don’t lose you shirt in the Cloud
Cloud computing is the buzz word that major vendors pushing. Vendors want you to give them your data and email to look after, with the promise of it being cheaper. The problem is that it isn’t reliable or  secure. When things go wrong your data is where exactly, and with whom?

Local computers and servers may crash but when that happens all your confidential information isn’t going to Eastern Europe to be used by criminals. You know the headline “SIXTY EIGHT MILLION user accounts stolen!”

Unless the cloud enables you to do something that you can’t do in your own office, then consider avoiding it.

Almost three quarters (71.4 per cent) of corporate Office 365 users have at least one compromised account each month. These can be very costly https://telecomreseller.com/2017/01/17/son-of-a-beach-an-office-365-account-breach/

Posted in Email Filtering, Internet Security, Uncategorized, UTM, Web Filtering | Leave a comment

Should we be worried about WCRY/WannaCry Ransomware? #WanaCry #ransomware

To date, no Igaware customers have been victims of any ransomeware, including the latest WCRY outbreak.

To ensure you are protected, make sure that Windows machines have the relevant Microsoft patch – MS17-010 (SMB RCE). This was release in March 2017. See https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

This will stop the ability to install the backdoor on the windows machine that can then be exploited.

It’s thought that the backdoor is distributed via a phishing email. You will be protected by Igaware Email Filtering if you are using Igaware as your email server.

Any versions of windows XP should have file sharing disabled / or disconnected from the network as there is no patch currently available.

Posted in Uncategorized | Leave a comment

Kopano Deskapp #Kopano #linuxsbs #Igaware

The Kopano Deskapp replaces the need for MS Outlook while delivering enhanced communications options including file sharing and video conferencing.

The Kopano Deskapp has the same familiar interface as Outlook so it’s a painless transition, and more painless when you factor in that the Kopano Deskapp is more responsive, secure and free!

kopano-deskapp

To get started with the Kopano Deskapp you’ll need;

  • Igaware user name and password
  • Server address e.g. mail.mydomain.com

Once you have these details to hand you are ready to download the Deskapp which is available in 3 flavours;

  1. Windows 32 bit
  2. Windows 64 bit
  3. Mac OS

Download from here: http://www.igaware.com/support/

If you’re not sure if your Windows OS is 32 or 64 bit then this article should help: https://support.microsoft.com/en-us/help/827218/how-to-determine-whether-a-computer-is-running-a-32-bit-version-or-64-bit-version-of-the-windows-operating-system

When you launch the DeskApp it will ask you to enter a profile name. This can be what ever you want e.g. Work, Bob.etc. Next enter you email address and your user name and password. For the Webapp address enter https://serveraddress/webapp/  *note* don’t miss off the ending / . And ensure ‘serveraddress’ is your server address e.g. https://mail.mydomain.com/webapp/

If you are unsure if your user credentials used to login to your computer are the same as your Igaware user name and password then don’t tick ‘use system credentials’.

Check ‘Set as default profile’ and then save and login.

That’s it. You should be up and running.

Posted in Kopano, Linux Small Business Server, Outlook | Leave a comment

Igaware Version 13.2.11-1 released #Igaware #linuxsbs

New in Version 13.2.11-1  [ Mar 31 2017]
=======================================

* New Features and Improvements *

  • Updated the cryptography libraries ( openssl) to the lastest version for security reasons.
  • Updated the Zarafa supporting libraries. This provides speed improvements.
  • Added HTTP v2 support to the Apache web server. This provides bandwidth reduction and speed improvements.
  • Improved the speed of the Apache web server. Moved the scoreboard file to shared memory.
  • Added HTTP v2 support to the Apache web server.
  • Updated Nmap to version 7.40. Nmap is a utility for network exploration and security auditing.
  • The FTP server now has a built-in ls command. This allows directory listings for Shares.
  • Updated the XML library (libxml2) to version 2.9.
  • Updated NTFS related programs to the latest version. Mainly used for NTFS filesystem backups.
  • Added the option – “Force use of high security SSL ciphers”  – for the Zarafa (POP/ IMAP) gateway.
  • Disabled the “ADS Realm” field if the Igaware server is already provisioned as an Active Directory server.

* Fixes *

  • Squashed a bug with the new version of Zarafa. When sending to a mal-formed email address the bounce message would contain foreign characters for the failed recipient.
  • SSL VPN. Fixed a typo in the config file.
  • Added a one-off call to z-push-admin -a fixstate. This is to fix and/or upgrade the z-push ( active-sync) profiles.
  • Allow selected boxes to use an older version of PHP. This is until Horde is upgraded.
  • Failed local email delivery will now be queued instead of being delivered to the users default mail folder.
  • Set backend for z-push to BackendZarafa if Kopano is not being used.
  • Fixed the firewall init’ script for the fail2ban server.
  • Fixed a bug with the Health status for the PPPOE network watchdog.
  • Squashed a bug with the Letsencryt.org certificate renewal.

New in Version 13.2.10-3  [ Mar 22 2017]
========================================

* New Features and Improvements *

  • Fixed z-push ( active-sync) state data for 13.2.10-3
  • Several features and fixes addedd for 13.2.10-2
  • Updated the Linux kernel to version 4.4.36-64.
  • Installed fail2ban to block remote access from persistent “script kiddies”.
  • Updated the Zarafa system to the latest version of 7.2.5. This fixes a memory leak that slowed the server down over several weeks.
  • Re-compiled Zarafa 7.2 with new Gsoap, tcmalloc and vmime libraries. This removes a memory leak.
  • Major update for PHP software to v5.5 from v5.3
  • Added “Don’t allow insecure plain-text login for POP or IMAP” option for Zarafa IMAP/ POP.
  • Added a “RELAY:” option to the “SMTP Relay” page for the user entered domain list. The “Relay” host will be able to relay through the mail server. This will never normally be required.
  • Updated the tcpdump program ( network packet tracing) to the latest version.
  • Updated the libpcap network libraries.
  • Added a charset alias for glibc iconv. /usr/lib/gconv/gconv-modules – added “alias   KS_C_5601-1987//EUC-KR//”. This is to handle Korean character sets in MIME Email.
  • Removed the libiconv libraries. Was causing confusion and is not required – support is in glibc.
  • Recompiled all binaries relying on the old libiconv libraries – rsync, clamav, lm_sensors, Zarafa.
  • Updated the hard disk untility program – hdparm – to the latest version.
  • Re-compiled gperf-tools ( tcmalloc) to create new .la ( libtool linker) files. To reference new compiler libstd++ file location
  • Added a “within subnet” sanity check to the WAN gateway address.
  • Updated the “checkin” web page with the real hardware product data, up-time and RAM information.
  • Updated the hardware sensors ( for temperature and fan speed). Installed IPMITOOLS for sensors.
  • Updated Zarafa Search with a new configuration  file.
  • Modified “default email domain” in Email=> General to include forwarded domains.
  • Installed new self-signed SSL certificates for sendmail . You should use the letsencrypt certificates, if possible.
  • Updated the FTP server software.
  • Updated the IMAP/POP email server software.
  • Updated the Fing network scanning software to v3.0
  • Update the Z-Push active-sync software to v2.3
  • Updated the cifs-utils software used to mount remote SMB shares for backup.( mount.cifs)
  • The incoming SMTP mail server now also listens on port 587.
  • Updated the Nmap network scaning software to v7.
  • Updated System_Daemon php scripts
  • Changed default dhcp lease time to 3 days from 1 month
  • Updated  the DHCP server software to the latest version.
  • Removed root user access for FTP server.

* Fixes *

  • Fixed ifup-aliases. Now ignores the main WAN ip and does not duplicate it.
  • Fixed Zarafa for Korean charset display problem.
  • Patched the GSOAP libraries with Zarafa patches ( memory leak) . Compiled as shared libraries. Looks like previously it was static.
  • Fixed some console system status health scripts. Now stores time of last fail. Reboot status now shows all reboots in history.
  • Brain-dead Zarafa servers issue a kill(0,) which sends a kill to all process group members. Kills init.d script and affects console_health. Added trap ” SIGTERM to init.d script for Zarafa.
  • Removed the loading of SIP VOIP helper modules on all machines. (rmmod sip helper modules in rsyncittemp)
  • Fixed the email alias user list for file share access. For ADS users use the sAMAccountName as the key for write-read access list.
  • Changed the sendmail MTA CA certificate bundle to ca-bundle ( STARTLS can now verify incoming SSL connections)
  • NOTE: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge  causes lost interrupt and poll mode for bad performance !!!
  • Make sure that the Realtek r8168 driver is installed if the card is a 8168 chipset. The Linux default r8169 will not work at gigabit speeds !!
  • DHCP server config – don’t allow “/” in machine names.
  • Fixed display issues with “Lan Devices” pages. Did not remember interfaces option and defaulted back to LAN if LAN2 was selected.
  • Enabled LOOSE_PROVISIONING for Z-push ( active-sync). Android update requires it.
  • Permissions and owner of mail spool file are now checked and set for users.
  • Fixed a problem with Zarafa Out of Office.
Posted in Linux Small Business Server, System Updates | Leave a comment

Setting up Outlook 2016/2013 with Kopano (Zarafa)

Zarafa is being renamed Kopano and Igaware customers will see the Zarafa name change in the coming weeks.

Outlook 2016 will be supported by Kopano via ActiveSync. This is a significant improvement:

Previous versions of Outlook required a MAPI connector to work with Zarafa. This was problematic in so far as Microsoft updates used to break the MAPI connector. With ActiveSync this won’t happen.

Older versions of Outlook can still use the Zarafa MAPI connector but updates to the plug-in will cease from April 2017. We recommend you update to Outlook 2016 or disable automatic updates for older Outlook versions so that the plug-in isn’t broken by any future updates from Microsoft.

Setting up Outlook 2016 on Windows

Before installing Outlook 2016 please check with Igaware support that your installation is running the latest Kopano server software.

Outlook works natively with Kopano via ActiveSync, accessing email directly, as opposed to via a third party plug-in. To enable collaborative features such as shared folders, global address book, calendars etc. there is the Kopano Outlook Extender (KOE) that extends the functions possible via ActiveSync. It won’t be broken by Microsoft updates as it uses ActiveSync.

To setup Outlook 2016 under Windows go to ‘Control Panel’ and select ‘Mail (Microsoft Outlook 2016)’. Create a new mail profile and setup a new email account selecting ‘Manual setup or additional server types’ and then select ‘Exchange ActiveSync’ and enter server credentials.

1 3

Now install the Kopano Outlook Extender (available from http://www.igaware.com/support/). Once installed you can launch Outlook and find a Kopano tab where you can take advantage of extended features with the Kopano server via ActiveSync.

4

Setup initial folder permissions using the Webapp.

For a full KOE manual follow this link: https://kb.kopano.io/display/WIKI/Setting+up+the+Kopano+OL+Extension

Posted in Kopano, Linux Small Business Server, Outlook, Zarafa | Leave a comment

Igaware Version 13.2.10 released #Igaware #linuxsbs

New in Version 13.2.10 [ Feb 23 2017]
======================================

* New Features and Improvements *

  • Updated the kernel to version 4.4.36-64
  • Installed fail2ban to block remote access from persistent “script kiddies”.
  • Updated the Zarafa system to the latest version of 7.2.5. This fixes a memory leak that slowed the server down over several weeks.
  • Re-compiled Zarafa 7.2 with new Gsoap, tcmalloc and vmime libraries. This removes a memory leak.
  • Major update for PHP software to v5.5 from v5.3
  • Added “Don’t allow insecure plain-text login for POP or IMAP” option for Zarafa IMAP/ POP.
  • Added a “RELAY:” option to the “SMTP Relay” page for the user entered domain list. The “Relay” host will be able to relay through the mail server. This will never normally be required.
  • Updated the tcpdump program ( network packet tracing) to the latest version.
  • Updated the libpcap network libraries.
  • Added a charset alias for glibc iconv. /usr/lib/gconv/gconv-modules – added “alias KS_C_5601-1987// EUC-KR//”. This is to handle Korean character sets in MIME Email.
  • Removed the libiconv libraries. Was causing confusion and is not required – support is in glibc.
  • Recompiled all binaries relying on the old libiconv libraries – rsync,
    clamav, lm_sensors, Zarafa.
  • Updated the hard disk untility program – hdparm – to the latest version.
  • Re-compiled gperf-tools ( tcmalloc) to create new .la ( libtool linker) files. To reference new compiler libstd++ file location
  • Added a “within subnet” sanity check to the WAN gateway address.
  • Updated the “checkin” web page with the real hardware product data, up-time and RAM information.
  • Updated the hardware sensors ( for temperature and fan speed). Installed IPMITOOLS for sensors.
  • Updated Zarafa Search with a new configuration file.
  • Modified “default email domain” in Email=> General to include forwarded domains.
  • Installed new self-signed SSL certificates for sendmail . You should use the letsencrypt certificates, if possible.
  • Updated the FTP server software.
  • Updated the IMAP/POP email server software.
  • Updated the Fing network scanning software to v3.0
  • Update the Z-Push active-sync software to v2.3
  • Updated the cifs-utils software used to mount remote SMB shares for backup.(mount.cifs)
  • The incoming SMTP mail server now also listens on port 587.
  • Updated the Nmap network scaning software to v7.
  • Updated System_Daemon php scripts
  • Changed default dhcp lease time to 3 days from 1 month
  • Updated the DHCP server software to the latest version.
  • Removed root user access for FTP server.

* Fixes *

  • Fixed ifup-aliases. Now ignores the main WAN ip and does not duplicate it.
  • Fixed Zarafa for Korean charset display problem.
  • Patched the GSOAP libraries with Zarafa patches ( memory leak) . Compiled as shared libraries. Looks like previously it was static.
  • Fixed some console system status health scripts. Now stores time of last fail. Reboot status now shows all reboots in history.
  • Brain-dead Zarafa servers issue a kill(0,) which sends a kill to all process group members. Kills init.d script and affects console_health. Added trap ”SIGTERM to init.d script for Zarafa.
  • Removed the loading of SIP VOIP helper modules on all machines. (rmmod siphelper modules in rsyncittemp)
  • Fixed the email alias user list for file share access. For ADS users use the sAMAccountName as the key for write-read access list.
  • Changed the sendmail MTA CA certificate bundle to ca-bundle ( STARTLS can now verify incoming SSL connections)
  • NOTE: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge causes lost interrupt and poll mode for bad performance !!!
  • Make sure that the Realtek r8168 driver is installed if the card is a 8168
    chipset. The Linux default r8169 will not work at gigabit speeds !!
  • DHCP server config – don’t allow “/” in machine names.
  • Fixed display issues with “Lan Devices” pages. Did not remember interfaces
    option and defaulted back to LAN if LAN2 was selected.
  • Enabled LOOSE_PROVISIONING for Z-push ( active-sync). Android update requires it.
  • Permissions and owner of mail spool file are now checked and set for users.
  • Fixed a problem with Zarafa Out of Office.

New in Version 13.2.10-pre20 [ Jan 21 2017]
============================================

* New Features and Improvements *

  • Updated the “Powered Off” System Status monitor. All reboots are now recorded properly and available on the System Status and System Check-in Pages.
  • Added an option to the IPSec connection screen to allow the definition of the Source WAN IP address.
  • Updated the iSCSI SCST mods and progs to latest version to support kernel version 4.
  • Updated the hardware sensors config files.
  • All devices will update to the new Linux Kernel version on next reboot.
  • Installed the latest CA SSL certificates.
  • Added a menu option to create free SSL certificates from letsencrypt.org for the Igaware server. This will automatically create and install trusted SSL certificates for HTTP, IMAP/POP, SMTP STARTLS and Zarafa IMAP/POP. Menu option is at System => SSL Certificates. This is BETA.
  • Added Explicit Congestion Notification (ECN) for TCP network connections when requested by incoming connections.
  • Email Filtering – Blocked WordPress email exploits.
  • Installed the latest version of irqbalance. This distributes interrupt requests between processors.
  • The “Scan LAN Network” device discovery feature has been completely re-written. Five different methods are now used to discover devices on the network. New options are provided to deal with network discoveries. Give it a whirl.
  • The DHCP server now makes sure that static DHCP leases – those devices listed on the “LAN Devices” pageare not handed out to other devices. Previously, if a device did not respond to a PING echo request, then it’s lease could be handed out to another device. This can not happen now. Also, if a device is deleted from the “LAN Devices” page, the DHCP lease is removed from the lease file.

* Fixes *

  • The ISCSI subsystem was not shuting down on reboot.
  • IP alias now ignores the main WAN IP address and does not duplicate it.
  • Fixed a problem with email routing based on sender address( smarttable)
  • Fixed a problem with the Zarafa IMAP SSL certificates.
  • Fixed some bugs with the new letsencrypt.org SSL certificate install.
  • Fixed permission issues with SSL certificate install.
  • Several USB disks were not detected properly with the new kernel running. Loaded the UAS ( USB Attached storage) kernel module.
  • Installed a new Linux kernel version 4.4.36. This fixes a rare CPU lockup problem.
  • Small bug fixes with letsencrypt SSL certificates for sendmail.
  • Added fullchain SSL certificate to mail server.
  • Various small bug fixes.

New in Version 13.2.9 [ Nov 16 2016]
=====================================

* New Features and Improvements *

  • Added an option to change the destination port to 2525 for Email Recipient Address Verification. Microsoft Exchange > 2013 requires this. Please read the on-line help for this option to explain how to set up MS Exchange for this.
  • Updated the libboost libraries to v1.49 for Zarafa.
  • Loaded new CPU microcode for buggy Intel processors.
  • Updated identiy files for PCI and USB devices.
  • Installed a new version of cifs-utils. This allows mounting of remote Windows Shares. ( mount.cifs)

* Fixes *

  • The Anti-Virus daemon is now not reloaded if there have been no changes to the AV signature database. This caused problems if the database reload took too long.
  • Removed a race condition if the AV database was reloaded and the Mail Scanner detected that the AV server was not responding in time.
  • Removed the Samba winbind seperator from smb.conf. Did not work – removing the definition does work and gives ‘\’ as the seperator.
  • Fixed the username authentication for the SSL VPN server. ( patch has been temporarily removed)
  • Patched kernel to stop a spinlock problem. ( in af_unix.c)
  • Fixed a problem with the DHCP server config file. Machine names with a : character would stop the DHCP server. (dhcpd.conf. Removed : & ) from machine names)

New in Version 13.2.8 [ Oct 13 2016]
=====================================

* New Features and Improvements *

  • Added several new Anti-Spam rules to filter out the new Porn related Spam.
  • The Desktop vacation shortcut now authenticates with AD users.
  • Fileserver shares can now easily be moved to a different RAID disk pair. Previously, this was difficult to implement.
  • Installed the latest RAID disk untility – mdadm v3.4
  • The Zarafa Server memory cache is now perioicaly cleared down to improve performance.

* Fixes *

  • New Zarafa libraries caused the web server to stop responding.
  • Fixed location of netlogon and sysvol shares for the AD Server.
  • Squashed bugs in the Email “vacation” desktop shortcut.
  • Fixed the email vacation “reply to” address when the recipient user is an AD user.
  • Fixed the backup catalog listing. The /home/zarafa/ directory was being traversed for no reason.
Posted in Linux Small Business Server, System Updates | Leave a comment

Igaware Version 13.2.6 released #Igaware #linuxsbs

New in Version 13.2.6 [ Sep 28 2016]
=====================================

* New Features and Improvements *

  • Added MAX protocol option to NT4 PDC config. This allows Windows 10 machines to connect properly to the NT4 PDC
  • Added JAR file name to “block by filename” email filtering.
  • Improved Email Spam detection score.
  • Enabled the ZEN Spamhaus DNSBL list.
  • Added an option to the Advanced Anti-Spam page to enable the blocking of spoofed local domains. With this option enabled, incoming Internet Email is blocked if the sender address is spoofed to be from a local domain. This option is on by default. This should further reduce Spam levels.
  • SMB Leases are now enabled by default on new fileserver shares. It’s a good idea to enable this on existing shares as it greatly reduces network latency.
  • Upgrade to Zarafa 7.2 is now complete.
  • Installed the latest version of the Samba server. This is a major upgrade from v 4.1 to v 4.4. It improves support for Windows 10 clients both with RSAT config and file sharing.
  • Updated the Anti-Virus scanner to the latest version.

* Fixes *

  • Fixed a problem if the email delivery failed to the old MBX mailbox format. The error would be silently ignored.
  • Zarafa version 7.2 startup. Under some circumstances the server would not start properly. Modified startup scripts.
  • Reduced memory usage of the Email Scanner on low memory systems.
  • Fixed the Samba file sharing “Badlock” Vulnerability.
  • Fixed Zarafa CalDav support for Zarafa version 7.2
  • Changes in Windows Services settings could interfere with the operation of the Active Directory Server.
  • Many other small fixes.

New in Version 13.1.0 [ Aug 14 2016]
=====================================

* New Features and Improvements *

  • Installed Zarafa major version 7.2. This provides many improvements, such as the new Zarafa search indexing service.
  • Installed Zarafa Web Services ( Zarafa WS). This allows connection via Exchange Web Services for the Mac Mail client amongst others.
  • Re-compiled Python with 32 bit Unicode support. Required for the new Zarafa search indexing server.
  • Re-compiled SAMBA with the new python 32 bit Unicode.
  • Updated Z-push ( Active-Sync) to the latest version. Provides Outlook Active Sync support.
  • Changed MailScanner.conf to add headers to the top – for DKIM
  • The Web Cache/ proxy now uses shm shared memory. This improves performance.
  • Updated Zarafa to v 7.2.4.28. mem leaks
  • Zarafa-Python fully implemented now.
  • Upgraded Python to version 2.7.11
  • Renewed the SSL certificates for the Zarafa Server and Gateway.
  • Upgraded Swig to the newest version.
  • The ADS user “description” field is now shown in the old “comment” user field.

* Fixes *

  • ADS provsioning now copies all user values, such as Vacation message, email forwarding, etc.
  • Fixed bugs on UPS status page.
  • Fixed the Ipsec connection monitor. The ipsec up call now works. Squashed bug that stopped it working.
  • Fixed the Zarafa gateway startup when secure pop/imap ports are used by xinet.
  • High system load experienced with Fileserver Shadow Copy feature.
  • Fixed the Internet Speed Test for the new Python version.
  • Internet Speed Test now shows WAN PPP interfaces.
  • Fixed the Active SSL VPN display in Network Connections.
Posted in Linux Small Business Server, System Updates | Tagged , | Leave a comment

Igaware Version 13.0.4-btrfs released #Igaware #linuxsbs

New in Version 13.0.4-btrfs [ Apr 13 2016]
==========================================

* New Features and Improvements *

  • Added a Time Zone feature. The system Time Zone can now be set to reflect the customer’s geographical location.
  • Updated the Linux Kernel to support the new BTRFS file system.
  • Installed supporting software for the BTRFS file system.
  • Installed a new LZO compression library, for new file system compressing operations.
  • Updated several Linux utility programs.
  • Removed the MultiViews option from the Web Server configuration. This speeds up web server requests.

* Fixes *

  • Network aliases script fixed for use with new glibc libraries.
  • ifup-aliases script fixed for new glibc libraries.
  • Fixed a bug in the network down script for PPP connections with IPSec VPN. The PPP connection didn’t always come back up.
  • Fixed a bug with SSL VPN and multiple LAN networks. The network routes were not pushed to the client device.

New in Version 13.0.3-glibc [ Mar 21 2016]
==========================================

* New Features and Improvements *

  • Updated the Anti-Virus engine to catch zero hour viruses.
  • A major update of the GLIBC libraries has been released to fix several security vulnerabilities that have been identified, namely; CVE 2015-7547 ( Buffer overflow) and CVE-2015-0235 ( GHOST vulnerability)

* Fixes *

  • After the recent security updates, Outlook users would sometimes be refused connection to the Zarafa server. This has been fixed.
  • PPTP VPN. A bug with a recent BASH update prevented some users from accessing devices on the server’s LAN.
Posted in System Updates | Tagged , | Leave a comment