Blogs

AMaViS, SpamAssassin, roundcube and mySQL – a wedding story

Some time ago I blogged about fighting spam with amavis for the Kolab community. Now the story continues by means of the roundcube integration with amavis.

As earlier mentioned spamassassin is able to store recipient-based preferences in a mysql table with some settings in its local.cf (see spamassassin wiki)

# Spamassassin for Roundcubemail
# http://www.tehinterweb.co.uk/roundcube/#pisauserprefs
user_scores_dsn DBI:mysql:ROUNDCUBEMAILDBNAME:localhost:3306
user_scores_sql_password ROUNCUBEMAILPASSWORD
user_scores_sql_username ROUNDCUBEMAILDBUSERNAME
user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC

However, accessing this with amavis is a real bis problem for many users. Amavis has it’s own user-based configuration policies, but email-plugins as the roundcubemail plugin sauserprefs often only use spamassassin and not amavis. Originally, SA was only called once per message by amavis and therefore recipient-based preferences were not possible at all. This has changed. Now you can use the options @sa_userconf_maps and @sa_username_maps to perform such lookups. Unfortunately these options are still poorly documented. We use them anyway.

The values in @sa_userconf_maps define where amavis has to look for the user preferences. I use mySQL lookups for all recipient addresses.

Andreas Cordes's picture

Kolab 3.3 now available for Raspberry Pi

Hi,

now I finished compiling all the +Kolab.org packages for the +Raspberry Pi . Just a short note that you can update your groupware on your Pi pto the most recent version of +Kolab.org .

Greetz

Kolab 3.2 for Gentoo is ready to rumble

Just in time for the official Kolab 3.3 release, our Gentoo packages for Kolab 3.2 became stable and ready to use. This will clear the way for the upcoming release of Kolab 3.3 for Gentoo. Altough this release won't bring any major changes, it prepares the ground for upcoming developments and new features in Kolab 3.3. Further, with Kolab 3.2 we introduced an upgrade path between Kolab releases for Gentoo and we will try our best to keep updates as consistent and comfortable as possible.
Read more ...

tobru's picture

Kolab 3 Vagrant box with Puppet provisioning


Contents

Kolab has released it’s first beta of the upcoming version 3.3.
To test it on Debian I’ve created a Vagrantfile and a small Puppet module which provisions Kolab into a Debian VM. It’s available
on Github.

How to use it

Make sure you have the latest Vagrant version installed. Please see the official documentation.
Clone the git repository with git clone https://github.com/tobru/kolab3-vagrant.git and change into this directory.
Then run vagrant up and wait a while until Vagrant and Puppet have done their jobs. When it’s finished you’re good to enter the VM with vagrant ssh.
To have a working Kolab installation, setup-kolab needs to be called as root (hint: sudo su) once. It configures the Kolab components.
The Kolab Web Admin Panel is now reachable under http://localhost:8080/kolab-webadmin and Roundcube under
http://localhost:8080/roundcubemail.

For more information about how Vagrant works, have a look at the official Getting Started guide.

Chose the Kolab version

By default Kolab will be installed from the development repository where all the latest (and maybe broken) packages are located. To install
a different version, just change the version parameter in manifests/default.pp to the desired version.

Andreas Cordes's picture

Updating from 3.2 to 3.3 beta1

Hello,

I just finished the compiling of all modules and performed an upgrade to 3.3 beta1 on +Rasperry Pi .

For all impatient:

deb http://kolab.zion-control.org /

Changes I adopted to my installation :

/etc/kolab/kolab.conf

[wallace]
modules = resources, invitationpolicy, footer 
kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:zion-control.org, ACT_MANUAL
Andreas Cordes's picture

Kolab 3.3 beta1 released

Hi there,

+Kolab  just released the 3.3 beta1 version of kolab. (
My +Raspberry Pi is currently downloading and compiling all the packages.
Because of all the dependencies I solved during the first compile phase, I expect not so much errors during this installation.
Hope to tell you more tomorrow or even on friday.
Greets Andreas
roundcube's picture

Update 1.0.2 released

This is the second service release to update the stable version 1.0. It contains
some bug fixes and improvements we considered important for the long term support
branch of Roundcube.

It’s considered stable and we recommend to update all productive installations
of Roundcube with this version. Download it from roundcube.net/download,
see the full changelog here.

Please do backup before updating!

Kolab - SSL certificate authentication (web-based interface)

I have spent some time this weekend investigating SSL certificate-based authentication and implementing it in Kolab web-based user interface.

This topic is very interesting, but definitely too broad to be briefly described in a single blog post, so do not look at it as complete solution, but treat it only as a proof of concept.

Table of contents

Certification Authority

Apache

Kolab - Web-based user interface

Notes

Prepare Certification Authority

At first you need to create Certification Authority on an off-line and secured system.

I have already created required shell scripts (miniature-octo-ca) to ease the whole operation, so just clone the following repository and move it to the CA system.

$ git clone https://github.com/milosz/miniature-octo-ca.git
Cloning into 'miniature-octo-ca'...
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 10 (delta 2), reused 10 (delta 2)
Unpacking objects: 100% (10/10), done.

Please remember to change working directory before executing any available shell script.

$ cd miniature-octo-ca

Configure Certification Authority

The next step is to configure CA by using common-ca-settings.sh configuration file.

Kolab - SSL certificate authentication (web-based interface)

I have spent some time this weekend investigating SSL certificate-based authentication and implementing it in Kolab web-based user interface.

This topic is very interesting, but definitely too broad to be briefly described in a single blog post, so do not look at it as complete solution, but treat it only as a proof of concept.

Table of contents

Certification Authority

Apache

Kolab - Web-based user interface

Notes

Prepare Certification Authority

At first you need to create Certification Authority on an off-line, and secured system.

I have already created required shell scripts (miniature-octo-ca) to ease the whole operation, so just clone the following repository and move it to the CA system.

$ git clone https://github.com/milosz/miniature-octo-ca.git
Cloning into 'miniature-octo-ca'...
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 10 (delta 2), reused 10 (delta 2)
Unpacking objects: 100% (10/10), done.

Please remember to change working directory before executing any available shell script.

$ cd miniature-octo-ca

Configure Certification Authority

The next step is to configure CA by using common-ca-settings.sh configuration file.

HOWTO: CalDAV+CardDAV-iRony-Subdomain NGINX

Apple Clients work best if you create a virtual host for them.

In CentOS create the file /etc/nginx/conf.d/irony.cf

server {
    listen                      443 ssl;
    server_name                 caldav.example.org;



location /
{
    client_max_body_size 30M; # set maximum upload size
    # Make Apple Calendar.app and Contacts.app happy:
    rewrite ^/.well-known/caldav / last;
    rewrite ^/.well-known/carddav / last;
    include fastcgi_params;
    fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php-fpm/kolab.example.org_iRony.sock;
    fastcgi_param SCRIPT_FILENAME /usr/share/iRony/public_html/index.php;
}

}

Edit /usr/share/iRony/config/dav.inc.php or /etc/iRony/dav.inc.php

changes:

// Log DAV requests to <log_dir>/davdebug
$config['base_uri'] = '/';

Restart nginx and choose try manual setup in your Apple Calendar with your virtual host caldav.example.org.