Zarafa Packages For ARMv8 – Thanks Paul!

Today I’m glad to announce release of the new Zarafa packages for Archlinux on ARMv8 (aarch64) systems. Just follow the instructions for Arch Linux ARM.

This ARMv8 platforms are currently supported by archlinuxarm.org

Only the donation from a dedicated user made this release possible. So, please say thanks to Paul!

Security alert for zarafa-server-7.2.4-100 (beginning 2016-12-10)

Thanks to a very dedicated user (Mike) a serious security issue has been found in the default configuration. This bug allows user to access data of any known email account on your system.

Details
zarafa-gateway.service and ical.service are executed as zarafa user. This causes zarafa-server to answer any request as if it came from the administrator. In this case credentials are not checked and every access is granted.

Who is affected?
– Everybody who installed ‘>= zarafa-server-7.2.4-100’ (beginning 2016-12-10) and used the installation script, which installed the default configuration

– Everybody who uses ‘>= zarafa-server-7.2.4-1’ (beginning 2016-08-19), used the default configuration, exposed ical / gateway service (127.0.0.1 => 0.0.0.0) and left the run_as_user unchanged (run_as_user=zarafa)

How to fix?
1) Update zarafa-server to ‘zarafa-server-7.2.4.29-155’. The fix is done during installation.
OR
2) Fix it manually…

$ vi /etc/zarafa/ical.cfg
 run_as_user = nobody
 run_as_group = nobody

$ vi /etc/zarafa/gateway.cfg
 run_as_user = nobody
 run_as_group = nobody

$ vi /usr/lib/tmpfiles.d/zarafa-tmpfiles.conf
 d /run/zarafad 0777 zarafa zarafa
 d /var/run/zarafad 0777 zarafa zarafa

$ rm /var/run/zarafad/ical.pid
$ rm /var/run/zarafad/gateway.pid

$ systemd-tmpfiles –create
$ systemd-tmpfiles –clean

$ systemctl restart zarafa-gateway
$ systemctl restart zarafa-ical

MartiMcFly

Manage Zarafa- and Postfix-Users

Small office or home setups of Zarafa are not connected to LDAP, Active Directory or other enterprise user management systems. For this purpose Zarafa servers come with an integrated command line user management.

Unfortunately persons who are responsible for mailbox administration don’t always have technical skills or command line root access. On the other hand administrators have to manage their mail transfer agent like Postfix in parallel.

This gaps are filled perfectly by the Postfix Admin enrichment Zarafa Postfix Admin (ZPA).

Postfix Admin is a web based interface used to manage mailboxes, virtual domains, aliases and fetchmail for Postfix. ZPA extends its function so it manages accounts and aliases for Zarafa at the same time.

Quick Demo – Running on Raspberry Pi 2

Read on my next post how to install, run and access the Zarafa-Postfix-Admin.

Links

Upgrade please!

After my repository has been running low on memory I decided to upgrade to a big ssd drive. Badly my power supply didn’t agree with my decision. So downtimes went a bit longer than the night shift I reserved for this.

Now it’s three days ago I ordered replacement parts and I’m glad to announce that downtimes belong to the past, just like the old power supply 😉

Pietma repository is back online. Better than ever!

MartiMcFly

Zarafa packages for Arch Linux x64 and i686

Today I’m glad to announce release of the new Zarafa packages for Archlinux on x64 and i686 systems. Just follow the instructions for Arch Linux ARM.

The package has been renamed to zarafa-server and all posts have been changed according to this. The transition from zarafa-server-arm to zarafa-server package will be handled seamlessly by pacman.

Links