Release Notes CPS 5.5.0

Collax Platform Server
13.03.2012

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. In the administration interface go to System → System Operation → Software → System Update and read the information for version 5.5. Please note the information aboute the duration.
  2. Tick the checkbox Yes, I want to start the upgrade to version 5.5 if all preperations are made. Afterwards click on Start upgrade.
  3. Click Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  4. Click Get Packages to download the update packages. Important: If you download the packages over a slow connection (ISDN, analog, etc.), the browser may drop the connection to the administration interface. Note that, the download will continue in the background. If you get an error message, wait a few minutes and try again otherwise continue to the next step.
  5. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  6. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

Installation Notes

Updates for 32 Bit and 64 Bit Systems Available

From this version on all new Collax server are delivered in 64bit. Software updates are continued in 32bit for the installed base and for the new 64bit systems.

New in this Version

Security: Password Policies for System Users

This update adds optional password policies that can be applied to system users. The parameters that can be configured are: password length, password valid duration, number of special characters, number of capital letters and number of digits. Different Different policies can be applied on different users. The security of the system and the company can be increased by applying more strict, yet practical, policies to users.

Backup/Restore: Run Time Limitation for Backup Jobs

Occasionally it is useful for backup jobs to be skipped or canceled automatically. From this version four different Run Time Limitations can be set for backup strategies: Max start delay specifies the maximum delay between the scheduled time and the actual start time for the job. Max wait time specifies the maximum allowed time allowed for a job to wait for a resource, for example waiting for a tape to be mounted. Max run time specifies the maximum time allowed for a job may run, calculated from the time when the job actually starts. Max duration specifies the maximum time allowed for a job may run, calculated from the time when the job was scheduled to start. Each parameter can be set in the dialog Settings → System Configuration → Backup → General.

GUI: Installing Add-on Modules During Registration

To speed up and simplify the setup of a Collax server the registration wizard can now automatic installation all licensed modules directly after a successful registration.

Collax Communication: Notification when Fetching E-Mails

This update sends a notification to the administrator if an authentication error occurs when the system fetches emails via POP3.

Collax Mail Security: SenderBase® for Spam Filter

This update adds the SenderBase® reputation service to the existing spam filter stack. SenderBase® qualifies the IP address of an email sender via, so it can reliably identify spam emails.

Collax Mail Security: NiX-Spam for Spam Filter

This update adds the NiX-Spam reputation service to the existing spam filter stack. NiX-Spam is a filter project from iX magazine in Germany. It is based on qualifying emails in order to better identify spam emails.

www.nixspam.org

Collax Mail Security: DKIM for Spam Filter

This update adds DomainKeys Identified Mail (DKIM) to the existing spam filter stack. DKIM decides, by means of email signatures, if the sender is authentic or not.

Collax Mail Security: Spam Filter With Automatic Rule Update

The Collax spam filter is going to be updated to version 3.3.2. This means the more up-to-date and stricter rules will be implemented that may lead to different filtering characteristics. The rules can be updated automatically with the dialog Setting → Mail and Messaging → Mail Security → Spam. Due to the fact that the rules have changed and become stricter it is recommended that the email quarantine and/or the email queues are monitored. If necessary adjusted the quantitative thresholds that define which emails are spam or marked as possible spam.

Collax Mail Security: Tarp Emulation and SMTP Blacklists now in Menu Mail Security → Spam

From this version the settings Emulate Tar Pit and SMTP Blacklists are managed in the menu Mail Security → Spam. Also Black- and White Lists are mangaged in Mail Security → Spam White/Blacklist.

Collax Web Security: SSL Interception

Normally, the content of encrypted HTTP traffic (HTTPS) cannot be evaluated or filtered, as encryption is used between the Web server and the browser. In this update you can configure the new function SSL Interception that enables the Web proxy to intercept this encrypted traffic, e.g. to analyze the content for malware or unwanted contents.

Zarafa Groupware: Upgrade to Zarafa Collaboration Platform Version 7

In this update an existing Zarafa Groupware will be upgraded automatically to Zarafa Collaboration Platform Version 7. The new version offers the following new functions for Collax servers:

  • Easy Administration for Multi Server Setups
  • Usage of Remote MySQL Database Server
  • Set Permissions for Public Folder and Ressources via Collax GUI
  • GUI Management of orphaned User Stores
  • Public Folders for Training Spam and Ham
  • Administrative Folder for Virus and Spam Emails
  • Subfolder Management of Public Folders with Email Address
  • Indexer for Emails and Attachments
  • GUI Administration for Zarafa Plugins
  • UFT-8 Support for Groupware Objects

While updating to ZCP 7 the database will also be updated. The duration of this database update depends on the size of the database and the disk performance. It can take several minutes up to several hours. During this time do not perform any backup job or system shutdowns or shutoffs. Also emails won’t be delivered to the Zarafa users during this upgrade, but hold in the email queue.

From this update it is mandatory for all Zarafa modules to have a valid Collax license. This Zarafa license will be audited through Collax license status updates.

Zarafa Groupware: Automatic Update Of Zarafa Client Software

A new option can now be set for Zarafa Groupware. This option states if the Zarafa Client for Outlook is automatically updated on Windows Clients. It is available in the Zarafa Professional and Zarafa Enterprise editions.

Collax E-Mail Archive: Exclude Internal E-Mail from Archive

This update enables an exception to be set for archiving emails sent from a known email domain to a known email domain. This Option replaces the present**Internal emails only.The settings of the email archive should therefore be checked after this update. Settings should be corrected to meet companys requirements on a case by case basis.

Collax E-Mail Archive: Display Table

If more than one email domain is managed on a server it may be useful not to archive all emails on every domain. If different email domains are selected for archiving the result is shown in aa appropriate table within the administration web interface.

StrongSwan IPsec

From this version the new IPsec base system is StrongSwan.

IPsec with XAUTH

The extended authentication XAUTH can now be configured for IPsec VPN links in Collax servers. XAUTH can either act as a Server where incoming VPN requests will be authenticated by local group policies or act as a Client where outgoing VPN links are authenticated with a login ID and password by the remote gateway.

Certificates: Compatibility Of Certificates to OS X

From this update Collax servers are going to use the IP address as an attribute for certificates. This lets Mac OS X systems to read and use this cetificate for VPN links.

System Management: GUI Notification of System Jobs

The ease of use of the Collax administration GUI is based on, among other things, on triggering background processes which reduce the work of the operator. This update delivers an interface in administration GUI which visualizes background processes and their results.

System Management: Watchdog Timer Client for Collax Server

This update lets you control the device Intel 6300ESB (watchdog). The setting can be found in Settings → System Configuration → Monitoring → Watchdog Timer. The watchdog timer on a Collax server is a device that resets the system if the data partition can not be written to any more.

System Management: New Monitoring Options for DNS Hosts

Network services of a host can be actively monitored by a Collax server. From this update host-side services can also be monitored. This comprises of several network-based services such as DNS, HTTP, POP3, SMTP and additional system-internal functions/values such as CPU, RAM, swap, processes, running services, events and hard disks of the host.

Misc: Important System Components

This update will also install/update the following important system components:

  • apache2 2.2.21
  • bacula 5.2.3
  • bind 9.6
  • kernel 2.6.32.55
  • libc6 2.8
  • openldap 2.4.23
  • openssl 0.9.8k

Misc: MySQL Version 5.5.20

The database MySQL version 5.5.20 is now provided with this update. The default storage engine will also be changed. In the past if an application did not defined an engine to create a database, the MyISAM engine was taken as default. From this version the default will be the InnoDB engine.

Misc: MySQL Dialog

From this version the dialog MySQL will be shown on everey Collax product.

Misc: Extended MySQL Tuning Paramater

This version will make available a new tuning parameter for the MySQL database. This parameter can be split into percentages for the storage engines InnoDB and MyISAM. All tuning details will be displayed for the MySQL database.

Issues Fixed in this Version

GUI: Firefox and Focus in Tables

Previously, the table row focus did not work correctly in tables displayed in a section of a dialog with scroll bars. This error only occurred in the Firefox browser when there were scroll bars present. This update deactivates the qx.html.Scroll method is in the AJAX framework which will correct the table row focus in new browsers.

GUI: Popup Appears in the Wrong Place in the Dialog

When scrolling in dialogs and accessing pop-up objects such as list boxes or context menus, the pop-up objects were not displayed in the correct place. This update corrects the qx.ui.popup.Popup method ensuring correct display of all pop-up objects in dialogs.

Authentication: Start of LDAP and AD-Proxy

The start of a local LDAP directory could be delayed if the server was synchronising against an Active Directory. The reason for this was the large number of LDAP log files which had to be read while starting up the local LDAP. These log files are cleaned up with this update. This means the LDAP can start faster.

Authentication: Improvements of Active Directory Integration

In this update many improvements will be implemented for the integration of Active Directories. These improvements deal with email addresses, active monitoring of the AD proxy and clean up of imported AD objects when leaving an AD.

Collax Communication: SMTP Auth for User from Active Directory

If users are authenticated via Active Directory and emails are sent from an external network, like internet, with the SMTP Auth method, authentication failed because a PAM file in the system was incorrect. This file is now corrected in this update: User authentication via Active Directory with the SMTP Auth method will now work.

Collax Network Storage: Inotify Fills up Samba Logfile

If elements were addressed by Windows that were not supported by Samba the logfile could be filled up by the Inotify handler. Thereby the logging of the Inotify handler will be disabled from this update.

Collax Mail Security: Amavis stopps unchecked E-Mails

Even if no virus scanner was enabled emails could still be blocked. This was caused by an incorrect configuration of the Amavis interface. This update corrects the settings.

Security: ClamAV Pattern Update E-Mail Notification

If DNS was not working and the virus scanner ClamAV tried to run a pattern update the resulting email notification contained a note about a non existent log file. Now all necessary information is listed within the notification email if a pattern update fails.

Collax Web Security: Web-Proxy, Virus Scanner and wrong internal DNS

When using the web proxy with a virus scanner and if a reverse DNS lookup failed while browsing web sites, this can take longer than 1 minute. From this update the reverse DNS lookups via the web proxy is disabled.

Zarafa Groupware: High System Load When Sending An E-Mail To All Users

Emails sent to many users on a Collax system delivered by Zarafa Groupware caused high system loads and the Zarafa service to quit afterwards. This update changes the email delivery method in Zarafa to lmtp (local mail transfer protocol). This fixes the problem and emails can be delivered to all system users.

Collax E-Mail Archive: Mount E-Mail Archive, Comma in Password

The mounting an email archive found in a network share failed if the password of the share contained a comma.

Collax E-Mail Archive: Restore Data of Mail Archive Without Installed Module Collax Mail Archive

If data from the email archive was restored on a new Collax system and that system had not installed the Collax Mail Archive then specific owner permissions for /var/lib/mailarchive/volumes were not set correctly. That led to repeatedly creating email archive volumes. This is now corrected and the permission for the directory will be set when installing the Collax Mail Archive.

Collax E-Mail Archive: Encoding of Forwarded E-Mails

The character encoding of a forwarded email from the email archive was not correct. This update changes the encoding to UTF-8 and special characters and umlauts are displayed correctly within forwarded emails.

If a new link was added an error message was displayed within the dialog Monitoring → Status → Link Status because there was no performance data for that new link. This is now corrected.

SNAT Rule not set

If more than one SNAT firewall rules were set for the local networks of a VPN tunnel, specific rules were not set within the firewall system. This is now corrected and all SNAT firewall rules for local networks of VPN tunnels are now set up.

IPSEC_BLOCK Rule Was Not Deleted

When an IPsec VPN tunnel was closed not all firewall rules were deleted. Subsequently network packets were blocked when the VPN tunnel was rebuilt. This is now fixed.

Saving an IPsec link containing a RSA Key led to an error message within the GUI dialog. This was because of incorrect validation within the GUI backend. This validation method is now fixed, the RSA key setting is validated correctly and the link settings can now be saved.

Collax Advanced Networking: Script for Configurating Traffic Shaping creates Kernel Out Of Memory

The script shaper.gen went into an infinitive loop if a routing loop and bandwith management was set up. Thereby the kernel ran out of memory (OOM) and closed the processes. The script is now corrected to avoid loops and kernel OOM.

File: Inotify Fills up Samba Logfile

If elements were addressed by Windows that were not supported by Samba the logfile could be filled up by the Inotify handler. Thereby the logging of the Inotify handler will be disabled from this update.

System Management: Active Monitoring of LSI Megaraid Controller

This update corrects the monitoring and email notification for Megaraid-Controller from the vendor LSI. The active monitoring checks the status of Raid systems.

Misc: IP Address of Collax Server when in DNS Master Zone

In the past all local IP addresses of a Collax server were written to a zone file of a DNS master zone, even if the host element of the Collax server contained only one IP address. This is now corrected with this update. If a Collax server is set up as DNS host and is also a member of a DNS zone then only the set IP address of the DNS host is written to the zone file.

Wrong Note of Licence Status

The license status dialog displayed zero users. This is corrected with this updates. The license limits for Collax Virus Protection are now displayed correctly.

Notes

Security: Changing Password shows Error Message in Windows XP

Only if a Collax server is acting as a PDC and providing password policies: If a user password is changed with Windows XP a false-positive error message will be displayed even the password had been changed correctly.

Backup/Restore: First Backup Will As Full Backup

Because the backup system is going to be updated, the first backup scheduled after the update to version 5.5 will be a full backup. This will happen even if the next backup is meant to be an incremental backup.

Zarafa Groupware: Zarafa Update for Collax Server Version 5.0.32

From this version Zarafa Groupware is available as an integrated Collax module. This means that the Zarafa ISV application is replaced by the module. For this reason Zarafa Groupware is going to be registered with a Collax license. This update results in the upgrade of Zarafa to Groupware 7 automatically.

Zarafa Groupware: Zarafa Web Access Mobile cancelled in ZCP 7

From version Zarafa 7 the Zarafa Web Access for mobile devices is not available any more. To connect mobile devices to Zarafa, z-push can be installed and used.

VPN Tunnel with iPhone

To establish a VPN tunnel between a Collax server and an iPhone the link type PPTP must be used.

IPsec Proposals

The old IPsec proposal _old_cisco is going to be removed from this version. Also the encryption method DES (56Bit) and the Diffie-Hellmann-Group 1 can not be selected as an attribute for an IPsec proposal. Alternatively stronger encryption methods shall be chosen for IPsec links.

Aggressive Mode

Aggressive Mode is not available any more for IPsec links.

Table of Contents