I’m glad to announce the availability of zarafa-7.2.5 for Arch Linux ARMv7/x64/i686.
Thanks to a very dedicated user (Mike) a serious security issue has been found in the default configuration. This bug allows user to access data of any known email account on your system.
zarafa-gateway.service and ical.service are executed as zarafa user. This causes zarafa-server to answer any request as if it came from the administrator. In this case credentials are not checked and every access is granted.
Who is affected?
– Anybody who installed ‘>= zarafa-server-7.2.4-100’ (beginning 2016-12-10) and used the installation script, which installed the default configuration
– Anybody who uses ‘>= zarafa-server-7.2.4-1’ (beginning 2016-08-19), used the default configuration, exposed ical / gateway service (127.0.0.1 => 0.0.0.0) and left the run_as_user unchanged (run_as_user=zarafa)
How to fix?
1) Update zarafa-server to ‘zarafa-server-22.214.171.124-155’. The fix is done during installation.
2) Fix it manually…
$ vi /etc/zarafa/ical.cfg run_as_user = nobody run_as_group = nobody $ vi /etc/zarafa/gateway.cfg run_as_user = nobody run_as_group = nobody $ vi /usr/lib/tmpfiles.d/zarafa-tmpfiles.conf d /run/zarafad 0777 zarafa zarafa d /var/run/zarafad 0777 zarafa zarafa $ rm /var/run/zarafad/ical.pid $ rm /var/run/zarafad/gateway.pid $ systemd-tmpfiles –create $ systemd-tmpfiles –clean $ systemctl restart zarafa-gateway $ systemctl restart zarafa-ical
You’d like to try or use Zarafa-Postfix-Admin on Arch Linux? Awesome! So you’re at the right place to read on and bring it to life.
Small office or home setups of Zarafa are not connected to LDAP, Active Directory or other enterprise user management systems. For this purpose Zarafa servers come with an integrated command line user management.
Unfortunately persons who are responsible for mailbox administration don’t always have technical skills or command line root access. On the other hand administrators have to manage their mail transfer agent like Postfix in parallel.
This gaps are filled perfectly by the Postfix Admin enrichment Zarafa Postfix Admin (ZPA).
Postfix Admin is a web based interface used to manage mailboxes, virtual domains, aliases and fetchmail for Postfix. ZPA extends its function so it manages accounts and aliases for Zarafa at the same time.
Quick Demo – Running on Raspberry Pi 2
Read on my next post how to install, run and access the Zarafa-Postfix-Admin.
Is your Zarafa installation running for a while? I’m glad you made it! Have you ever wished for an easy way to update? Then you’re at the right place to read on.
After my repository has been running low on memory I decided to upgrade to a big ssd drive. Badly my power supply didn’t agree with my decision. So downtimes went a bit longer than the night shift I reserved for this.
Now it’s three days ago I ordered replacement parts and I’m glad to announce that downtimes belong to the past, just like the old power supply 😉
Pietma repository is back online. Better than ever!
Do you want to check whether you’re up to date, but to lazy to log-on to your server and check back with Pacman? Here’s a little overview of available Zarafa packages versions for Arch Linux.
Today I’m glad to announce release of the new Zarafa packages for Archlinux on x64 and i686 systems. Just follow the post for Arch Linux ARM and use its repository.
The package has been renamed to zarafa-server and all posts have been changed according to this. The transition from zarafa-server-arm to zarafa-server package will be handled seamlessly by pacman.
Is your Zarafa installation up and running? Great job! If you haven’t thought about changing the default settings yet, then you’ve come to the right place.
It’s been quite a while since I released Offline FreeDB. In the meantime I’ve been too busy to go more into detail. Here at last I’ll show to you how to implement the fast Offline FreeDB Java library to query the FreeDB database and find information for almost any disc or bundle of music files you’re looking for.