Update Kopano packages and z-push and keep it updated regular. (Or use the Kopano repos)

Adding the z-push repos was already planned i believe (https://www.clearos.com/clearfoundation/social/community/kopano-basic-upgrade-to-8-4-5-0-and-webapp-3-4-2-available#reply-235341)

SASL authentication to the SMTP server - it's uncontionable there's no remote secure authentication for mobile devices! I have it working in a COS6 box but ...!

I use DuoCircle as the provider side of my mail (kopano) server, and I want passwords to be passed between mobile devices (iPhones etc), my SMTP server and DuoCircle's server encrypted! It used to be possible with a COS6/SMTP/Zarafa setup, so why is it broken in COS7??!! I purchased kopano as a direct replacement for Zarafa to upgrade my COS6 server - never for one second did I expect to be taking a massive step backwards(!) - so much so that I'm now actually thinking of sticking with the old server and asking for a refund on the kopano licence as -at the moment- it's completely useless if I can only RECEIVE emails securely, and not send them without risking sending unencrypted passwords over the net.

Needs looking at and fixing immediately. Yes I can go straight to the DuoCircle servers if everything is setup as IMAP/POP/SMTP, but the whole point of Zarafa/Kopano was to retain AirSync/ActiveSync access, and to leave those accounts with IMAP/etc access as they are and just accept new certificates. As it stands, I've got to go round a couple of dozen devices completely reconfiguring them.

Not particularly impressed at this point.

@RIchard, I agree authenticated relaying through an ISP or external SMTP provider should be available through the webconfig - especially as I use it.

Please can I suggest you open a thread with your issues as it should be possible to solve them through the command line. Relaying SMTP with authentication is a Postfix/SMTP function and should have nothing to do with Zarafa/Kopano as they use Postfix to send e-mails. If you could do it in 6.x the set up is the same in 7.x. See this HowTo.

It is easy to send e-mail from a mobile/external device securely. SMTPS is operational by default on port 465 and it is trivial to set up STARTTLS on 587 as well. See More anti-spam and e-mail defence measures.

It is possible to take things one stage further and implement Let's Encrypt certificates for Postfix and Kopano.

My wishes are scheduled for ClearOS 8.

My 2 big wishes are Podman/Docker support. Also some kind of overlay filesystem which merge directories together. With this I can convert my unRAID server to a ClearOS server.

Edit: OverlayFS is merged into the kernel at version 3.18. RHEL 8 use kernel version 4.18?

Based on Fedora 28 and the upstream kernel 4.18, Red Hat Enterprise Linux 8.0 provides users with a stable, secure, consistent foundation across hybrid cloud deployments with the tools needed to support traditional and emerg

Make the account manager plugin smarter and clearer

Same as with the "Plugins" you must add the "policy" button to the extentions
Something like this

@Patrick, not so easy, I think. App Policies are just groups so by going in by App Policies is a way of adding users to groups. The Extensions are not Groups and are separate sections in the User Manager, often with different configurable items. I'd guess each app with an extension would need a separate widget which presented, for example, a table with the username on the left then the configurable features of the policy across the top.

More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.

The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/

Eric Anderson wrote:

More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.

The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/

Thanks for your input.

As I understand it, OpenVPN currently routes and there is already an feature request to NAT at the click of a button.

Currently OpenVPN selects all LAN subnets (LANIFS) and anything in EXTRALANS in /etc/clearos/network.conf. What are you looking for? Are looking to be able to select the subnets routed? Or are you looking to be able to select the subnet OpenVPN uses for its own traffic?

Nick Howitt wrote:

@Patrick, not so easy, I think. App Policies are just groups so by going in by App Policies is a way of adding users to groups. The Extensions are not Groups and are separate sections in the User Manager, often with different configurable items. I'd guess each app with an extension would need a separate widget which presented, for example, a table with the username on the left then the configurable features of the policy across the top.

Hi Nick,

I think it can be easy.
Look at the other apps which you can enable or disable


When you check at the users page, you can enable of disable Kopano, Owncloud, etc...
So a check box in account manager can be linked to this (or some thing....)

The plugins just add users to groups and they all work the same way. Extensions are particular to each individual app. I would expect this to be somewhat more complex, but then I don't program this sort of stuff.

There is a (minor but important) bug in Kopano - ICALS is not enabled.
Line 26 in ical.conf needs changing to ...

# whether ssl connections can be made to the ical server

icals_enable = yes

Richard George wrote:

There is a (minor but important) bug in Kopano - ICALS is not enabled.
Line 26 in ical.conf needs changing to ...

# whether ssl connections can be made to the ical server

icals_enable = yes

What is the criticality on this? is it that you don't want to use normal connections to the ical server or is it that normal connections do not work any more?

Normal (I assume you mean 'clear' or 'unencrypted') connections work (the port 8008 option), but the secure port (8443) as advertised on the app's configuration page (see pic) doesn't work because this option is disabled (the fix). Disabled incidentally, is the default. I discovered this back in C6/Zarafa days, but never raised the observation. I mention it only because you asked about 'bugs' - although I agree it's an arguable one.

As far as criticality is concerned, it can be argued that as the app gives this option, it should be enabled, but from a security viewpoint, I think it's an important consideration. Like I say, it's a one word change. I've already enabled it in my configuration, so all my back/forth between PC etc and server is encrypted.

For "normal" I was just using the terminology in the cfg file.

I agree that it is a bug as it is showing as configured in the Webconfig. I'll file an bug on GitLab.

Eric Anderson wrote:

More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.

The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/

Maybe a nice feature to add is : Routing all client traffic through the VPN on client side
https://forums.openvpn.net/viewtopic.php?t=21476

I've addded this option manually, but would nice if this was an option in the webconfig menu

Patrick de Brabander wrote:

Maybe a nuce feature to add is : Routing all client traffic through the VPN on client side
https://forums.openvpn.net/viewtopic.php?t=21476

I've addded this option manually, but would nice if this was an option in the webconfig menu

Already a feature request

Here is my list based on things I have done for people;

1. Out Of Office setting in email settable by the user.
2. Hardware RAID monitoring and email notification (ClearOS 5 had this).
3. 10gig network card support.
4. Web management of Virtual Servers.

With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.

I know it's a bit cludgy but it looks neater to the client if their fancy new server can eliminate the need for these old bits of hardware cluttering up the office.

Oh yes a vote for Docker but only if it's really simple from the front end like Marketplace.

Wayland Sothcott wrote:
4. Web management of Virtual Servers.

With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.
.

I've already got this on one of my COS7 servers (built specifically as a VM host) - I've got VirtualBox installed, and a website running phpVirtualBox; the server runs another COS7 VM acting as a mail server, a Windows 10 machine, an XP VM (for an oldish MS Office), and a couple of Linux VMs (the mail server is the only one running all the time and is configured to start up on host boot). I've also got the desktop installed to make registration of imported machines and addition of extensions easier. Work fine with no issues so far.

Wayland Sothcott wrote:

Here is my list based on things I have done for people;

1. Out Of Office setting in email settable by the user.

For that you need something which supports sieve rules such as Roundcubemail if you use cyrus-imap. I would expect Kopano to support it as well but I have not checked.

2. Hardware RAID monitoring and email notification (ClearOS 5 had this).

I've never tried it but what does app-raid bring you? It certainly has an e-mail setting. Also, coming soon, I hope, is app-storage, a storage manager. This is not finished and bits keep getting added and changed but I think it is reasonably stable. I think Patrick de Brabander is having a look at it. You can test it with:

yum install app-storage --enablerepo-clearos-updates-testing

It is also worth updating it every couple of working days or even daily in case there are changes.

3. 10gig network card support.

We get whatever the upstream kernel provides. Referring to your other thread, later kernels give greater support for new cards but can deprecate old ones. I can also make available anything from ElRepo, but these are generally deprecated drivers rather than the latest and greatest.

4. Web management of Virtual Servers.

Have you had a look at ClearGLASS? It has a couple of issues but can do all sorts of things. There is even a demo server you can try out at https://my.clear.glass:9443/. It is fully functional but best if your target servers are internet facing.

Richard George wrote:

Wayland Sothcott wrote:
4. Web management of Virtual Servers.

With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.
.

I've already got this on one of my COS7 servers (built specifically as a VM host) - I've got VirtualBox installed, and a website running phpVirtualBox; the server runs another COS7 VM acting as a mail server, a Windows 10 machine, an XP VM (for an oldish MS Office), and a couple of Linux VMs (the mail server is the only one running all the time and is configured to start up on host boot). I've also got the desktop installed to make registration of imported machines and addition of extensions easier. Work fine with no issues so far.

Or you could install libvirt/kvm in ClearOS.

Nick it looks like some of what I am after is available. I did not know what ClearGLASS was because it's name is not descriptive. ClearVirtual might have been better. It might be what I need or overkill.

The RAID monitor from the Market Place is just for MDADM not hardware. It used to monitor 3Ware cards in ClearOS 5 but nolonger. I reckon ClearOS 5 was the best one, I only switched because it's dated.

Getting the new 10gig network card to work is important. I am hoping when my test server picks up the latest kernal it will start working.

Wayland Sothcott wrote:

Here is my list based on things I have done for people;

1. Out Of Office setting in email settable by the user.

Kopano webapp is supporting this

Nick Howitt wrote:
Or you could install libvirt/kvm in ClearOS.

I did look into that, but the (in particular) Windows 10 VM was already in existance and I didn't want to go to the hassle of rebuilding it under a different Hypervisor - I had enough problems creating it as the licence isn't registered under my MS account so I spent hours on the phone getting it reactivated!

Ok, I now have a serious bug that needs fixing (only found it today). I'm unable to connect to Webconfig on port 81, and the graphics console is reporting "one or more installed addons cannot be verified and have been disabled". The Normal webserver appears to be ok, it's the sandboxed version that appears to have a problem. The only thing I've done that's changed anything is to install Let's Encrypt and tell Webconfig to use the certificate. SSH access is unaffected. A google hunt tells me that it's possibly a Firefox bug - it seems to be a common theme from the beginning of this month.

Please can you do a browser update (Help > About Firefox). This was fixed a week or two ago (and is nothing to do with ClearOS).

This is on the console (login & press F2); I can't get at anything! I'm presented with an error box saying 'can't connect the port 82' (?!) - if I click that, I'm presented with a blank screen.

Did you restart your system to see if it resolves the issue?

I don't think it's a bug in ClearOS but something is wrong with your particular install. There are no other reports.

Something like 4 times so far - last was after removing all the language packs (the server has the development environment in addition to being a straight file server).

I now know that -for some reason, the sandboxed apache has stopped running(!) - no idea why. I've two other C7 servers (one is a VM) that are working ok. Why this one has stopped is odd ATM, as it was running a couple of weeks ago (the last time I had cause to visit the config to check something). ATM, it won't start.

Fixed; problem was the earlier discussion re: Let's Encrypt behind a proxy (which TBW, can be fixed by using certbox with the DNS plugin rather than standalone) and the porting across of certificate. I'd deleted the certificates, forgetting that I'd configured webconfig to use them - and as they were no longer present, startup failed as the certificates were 'empty'. Somewhere in there, there must have been a restart in the background that killed apache.

Glad that you solved your issues!

Hi,

A small issue which makes the overview a bit more clear.

Within the Kopano-basic app there is an option for backup the malboxes. Here in you can choose the destination "Backup Destination Folder" and choose a flexshare location.
Perfect solution, but the backup of mailboxes are dropped in the root of the flexshare. Is it possible to group the mailboxes is a subdirectorie which is created by the app, for example a subdir "Kopano" or "Backup" and then store the mailboxes in this subdir

If the app must create directories for the backup locations I suppose it's out of the hands of ClearCenter then this is a feature request for the Kopano guys..

Marcel van van Leeuwen wrote:

If the app must create directories for the backup locations I suppose it's out of the hands of ClearCenter then this is a feature request for the Kopano guys..

It is a ClearOS app and you choose a location within this app.
Nothing to do with Kopano to my opinion

Your talking from within the Kopano app but I assume you mean the wrapper around Kopano thus what you see in the webconfig of ClearOS?

Marcel van van Leeuwen wrote:

Your talking from within the Kopano app but I assume you mean the wrapper around Kopano thus what you see in the webconfig of ClearOS?

Correct

Oh, my bad. I think that is a nice request! You can make a feature request on Gitlab but if you don't know how to do it I can do it for you.

I also want my own mail server. I have absolute no experience with Kopano. A good backup solution or enhancements are always welcome.

Marcel van van Leeuwen wrote:
Oh, my bad. I think that is a nice request! You can make a feature request on Gitlab but if you don't know how to do it I can do it for you.

If you can do this for me, would be great

I also want my own mail server. I have absolute no experience with Kopano. A good backup solution or enhancements are always welcome.

Working with ClearsOS/Zarafa for many years and now Kopano and it works great.
Kopano is grown up and the backup features are good.
Even outlook .pst restore works perfect

Okay I made the request for you! You can click this link to check.

I walking around with the idea to place a ClearOS server in a data center for mail and to host a website. I'm member of ColoClue.

Marcel van van Leeuwen wrote:

Okay I made the request for you! You can click this link to check.

I walking around with the idea to place a ClearOS server in a data center for mail and to host a website. I'm member of ColoClue.

Thanks.

Nice initiative, but also expensive.
My own server is running nicely at home with all ClearOS features.

Yeah, it's not cheap true!

I have a rack at home. I think I'm a bit addicted with everything what has to do with server stuff. I use the power of a six persons household.