Increase Web Client Performance with Memcache

Memcache is a protocol to access a simple key-value store, that is memory-backed, over a network socket. The memcached server does not perform any form of access control and is optimal for certain caches used in the Kolab web client (and associated HTTP-based access interfaces), by avoiding superfluous login, access control, and other such software policy considerations, as well as disk I/O.

This article outlines the installation and configuration of a single memcached server for use with the Roundcube web client for Kolab.

Continue reading

New Update: Roundcube Security Fix

An update is available for the roundcubemail packages that ship with Kolab Enterprise 14 (version series 1.1) and Kolab 16 (version series 1.3).

Among minor bug-fixes, this update contains the fix for CVE-2017-16651, an authenticated remote file disclosure vulnerability.

Installation Instructions for Kolab 16 on RHEL 7 on Power 8 with Advance Toolchain

This article outlines the installation procedure for Kolab 16 on Red Hat Enterprise Linux 7 for Power 8 architectures that have elected to use Advance Toolchain.

Please note subtly different instructions apply to different installations;

Installation Instructions for Kolab 16 on RHEL 7 on Power 8

This article outlines the installation procedure for Kolab 16 on Red Hat Enterprise Linux 7 for Power 8 architectures.

Please note subtly different instructions apply to different installations;

Redundant Firewalls with High-Availability & Load-Balancing

This article is a guide to setting up redundant firewalls using Red Hat Enterprise Linux 7, that services high-availability and load-balancing requirements for the firewalls themselves as well as the services in networks behind it.

The base architecture of the network consists of at least 1 subnet on the outside of the firewalls, facing the Internet, and multiple subnets on the inside. The internal networks are supposed to use private IP space. This article does not concern itself with additional DMZ considerations, nor specific Internet connectivity or customer edge router requirements, nor hypervisor network configuration and provisioning techniques.

Continue reading

Changing the Cyrus Administrator or Kolab Service Account Password

Changing the Kolab Service account password can be cumbersome business, since most services are configured to use the account to bind to LDAP and be able to read the entries. Examples of such services include Postfix, the Kolab SASL Authentication Daemon, the Kolab Synchronization Daemon, Cyrus IMAP, Roundcube, Chwala, Wallace, iRony, the Kolab Web Administration Panel and Syncroton.

Changing the Cyrus Administrator password can be equally cumbersome, albeit it is used in fewer locations — these services are still critical.

This article provides a step by step guide to a smooth transition between the old password and the new password.

Continue reading

Why does the Files app in the Web Client not work?

When the Files application in the web client appears to “not work”, the symptoms may include;

  • An empty left-hand side list of folders,
  • Inability to save attachments to the cloud,
  • Inability to attach files from the cloud,
  • An error displayed upon loading the application.

Resolving the Empty Folder List, Inability to Save/Attach to/from Cloud

If you are not a server administrator, please relay this article to someone who is.

The implementation of the Files application in Kolab requires that the server be configured with a canonical location to the File Cloud API (chwala). There is normally one configuration setting configured in /etc/roundcubemail/kolab_files.inc.php;

$config['kolab_files_url'] = '/chwala/';

For a web client session against https://kolab.example.com/roundcubemail/, this will cause the user’s browser to use the File Cloud API at https://kolab.example.com/chwala/. Unless otherwise configured, the server-side application will use the same URL to contact itself. This implies the server must be able to resolve the kolab.example.com hostname to a valid web server that serves the File Cloud API at/chwala/api/.

To troubleshoot the server, please issue the following command on it:

$ host kolab.example.com

Should this command show that the hostname does not resolves back to the server itself (or another server that serves the File Cloud API), then either this name resolution problem must be resolved, or the configuration needs to be adjusted; In /etc/roundcubemail/kolab_files.inc.php, add the following setting to an end-point that does serve the File Cloud API:

$config['kolab_files_server_url'] = 'https://chwala.example.com/';

An Error is Displayed

The common cause is the non-existence of a (default) personal Files folder, or said folder not being subscribed to.

Users can check their folders using the web client “Settings” page, under “Folders”. If no folder exists that is of type File, create one and ensure it is subscribed.

Administrators can verify the user’s folder subscriptions with the Kolab command-line:

$ kolab list-user-subscriptions john.doe@example.com
$ kolab list-user-subscriptions john.doe@example.com --unsubscribed

Should the Files folder or folders indeed be unsubscribed, use the following command to subscribe the user;

$ kolab add-user-subscription john.doe@example.com Files

Should no Files folder exist, use the following commands to create one, and subscribe the user;

$ kolab cm user/john.doe/Files@example.com
$ kolab set-mailbox-metadata user/john.doe/Files@example.com /shared/vendor/kolab/folder-type file
$ kolab set-mailbox-metadata --user john.doe@example.com Files /private/vendor/kolab/folder-type file.default
$ kolab add-user-subscription john.doe@example.com File

Create a Catch All Email Address

A catch-all email address is used to accept all email traffic to an entire domain, no matter the validity of the envelope recipient address.

While catch-all addresses are prone to spam, they are often used to;

  • lure in spammers, and let them waste their time, potentially reducing spam sent to valid targets,
  • ensure that messages to previously valid email addresses are not bounced as undeliverable,
  • etc.

Continue reading