Security alert for zarafa-server-7.2.4-100 (beginning 2016-12-10)

Thanks to a very dedicated user (Mike) a serious security issue has been found in the default configuration. This bug allows user to access data of any known email account on your system.

Details
zarafa-gateway.service and ical.service are executed as zarafa user. This causes zarafa-server to answer any request as if it came from the administrator. In this case credentials are not checked and every access is granted.

Who is affected?
– Anybody who installed ‘>= zarafa-server-7.2.4-100’ (beginning 2016-12-10) and used the installation script, which installed the default configuration

– Anybody who uses ‘>= zarafa-server-7.2.4-1’ (beginning 2016-08-19), used the default configuration, exposed ical / gateway service (127.0.0.1 => 0.0.0.0) and left the run_as_user unchanged (run_as_user=zarafa)

How to fix?
1) Update zarafa-server to ‘zarafa-server-7.2.4.29-155’. The fix is done during installation.
OR
2) Fix it manually…

$ vi /etc/zarafa/ical.cfg
 run_as_user = nobody
 run_as_group = nobody

$ vi /etc/zarafa/gateway.cfg
 run_as_user = nobody
 run_as_group = nobody

$ vi /usr/lib/tmpfiles.d/zarafa-tmpfiles.conf
 d /run/zarafad 0777 zarafa zarafa
 d /var/run/zarafad 0777 zarafa zarafa

$ rm /var/run/zarafad/ical.pid
$ rm /var/run/zarafad/gateway.pid

$ systemd-tmpfiles –create
$ systemd-tmpfiles –clean

$ systemctl restart zarafa-gateway
$ systemctl restart zarafa-ical

MartiMcFly

Manage Zarafa- and Postfix-Users

Small office or home setups of Zarafa are not connected to LDAP, Active Directory or other enterprise user management systems. For this purpose Zarafa servers come with an integrated command line user management.

Unfortunately persons who are responsible for mailbox administration don’t always have technical skills or command line root access. On the other hand administrators have to manage their mail transfer agent like Postfix in parallel.

This gaps are filled perfectly by the Postfix Admin enrichment Zarafa Postfix Admin (ZPA).

Postfix Admin is a web based interface used to manage mailboxes, virtual domains, aliases and fetchmail for Postfix. ZPA extends its function so it manages accounts and aliases for Zarafa at the same time.

Quick Demo – Running on Raspberry Pi 2

Read on my next post how to install, run and access the Zarafa-Postfix-Admin.

Links

Upgrade please!

After my repository has been running low on memory I decided to upgrade to a big ssd drive. Badly my power supply didn’t agree with my decision. So downtimes went a bit longer than the night shift I reserved for this.

Now it’s three days ago I ordered replacement parts and I’m glad to announce that downtimes belong to the past, just like the old power supply 😉

Pietma repository is back online. Better than ever!

MartiMcFly

Zarafa packages for Arch Linux x64 and i686

Today I’m glad to announce release of the new Zarafa packages for Archlinux on x64 and i686 systems. Just follow the post for Arch Linux ARM and use its repository.

The package has been renamed to zarafa-server and all posts have been changed according to this. The transition from zarafa-server-arm to zarafa-server package will be handled seamlessly by pacman.

Links

Billoader – just one step

Like any customer, I have to download my bills from my bank-, energy- and mobile-services. This becomes very annoying as they are published on different dates and in various areas on the service websites.

It’s a monotonous task, which can and should be automated. This is what Billoader is going to do for you.

First alpha release

The first alpha release is already full functional and contains

  • Portable application – with Java 7 (no installation needed)
  • Very simple user interface
  • A couple of services you can download statements from – 1blu, DKB, Sparkasse Gf-Wob, Unitymedia, Comdirect, Netcup

Screenshots

Please report issues on the responsible issue tracker.

Downloads

Links

Zarafa packages for Arch Linux ARM / x86 / i686

Lately someone asked me for help with his Zarafa-Server on his RaspberryPi 2 (ARM). He tried to build an installation package with my MAKEPKG file from Archlinux User Repository. But shortly I realized that it’s a pain compiling with gcc 5 on his system.

So that nobody else has to go through this, I decided to create a package repository for Arch Linux ARM. There you’ll find the latest build of Zarafas installation packages for Odroid and Raspberry Pi 2 devices.

Since I’m using this packages on my own, I can tell it’s working by the day it’s created. Future versions will be released as soon I proved them working integrated with the other Zarafa related packages.

Quick Demo – Running on Raspberry Pi 2

So what’s in there?

  • zarafa-server => Server with database, settings and locally trusted certificates
  • zarafa-libical => Libical with zarafas patches
  • zarafa-libvmime => Libvmime with zarafas patches
  • zarafa-webapp => Modern WebClient
  • zarafa-webapp-clockwidget => Clock for dashboard
  • zarafa-webapp-contactfax => Create mail with contacts fax number
  • zarafa-webapp-delayeddelivery => Schedule mails
  • zarafa-webapp-filepreviewer => Viewer for attachments
  • zarafa-webapp-files => OwnCloud / WebDAV integration
  • zarafa-webapp-folderwidgets => Mailfolders for dashboard
  • zarafa-webapp-gmaps => Show contacts address on google maps
  • zarafa-webapp-mdm => Mobile Device Management
  • zarafa-webapp-oauthlib => Create API classes with OAuth authentication
  • zarafa-webapp-passwd => Change your password from WebApp
  • zarafa-webapp-pimfolder => Quickly move your mail to another folder
  • zarafa-webapp-quickitems => Create items from dashboard
  • zarafa-webapp-smime => S/MIME integration
  • zarafa-webapp-spellchecker => Spellchecker
  • zarafa-webapp-titlecounter => Unread messages counter for browser tab
  • zarafa-webapp-webappmanual => Link to manual in toolbar
  • zarafa-webapp-webodf => Viewer for attached WebODF documents
  • zarafa-webapp-xmpp => XMPP based chat client
  • sabre-zarafa => CardDAV
  • z-push => ActiveSync

Read on my next post how to install, run and access the server.

Links

How to recognize music content?

Having a glimpse at my media made me realize it’s hard to distinguish anything. Some files are poorly named and have no tags inside. Some files were named after their track title but without track numbers. Seems like I should have done a better job organizing my music 🙂

At least each folder only contains one disc! But listening through them all is no solution. I mean maybe for once, but each time I’m looking for an album? That would drive me crazy!

So this sent me to the internet in search of a solution. Well, there’s a whole bucket of tools, including Mp3Tag and MusicBrains. Each uses FreeDB – more or less.

For already-sorted albums, Mp3tag was awesome. But I met its limits very quickly. There is no way to look for unsorted files nor does it allow searching by unprecise tracks. For example shorter track lengths come into play, when programs cut off silence.

That’s why I decided to create my own tool. I had following requirements:

  • Offline
  • No query limits
  • Lookup unsorted tracks
  • Lookup with adjustable tolerance
  • Fast response (less than 1 second each disc)
  • Little memory usage

Try the outcome!