[SOGo] BTS activities for Friday, September 16 2022
Title: BTS activities for Friday, September 16 2022 BTS Activities Home page: https://bugs.sogo.nu Project: SOGo For the period covering: Friday, September 16 2022 idlast updatestatus (resolution)categorysummary 5603 2022-09-16 10:20:50 updated (open) Web Mail Signatures not removed
Re: [SOGo] Bug in character display in S/MIME encrypted mails
With OpenSSL 3.x I get Error decrypting CMS structure 400755B1327F:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:../providers/implementations/ciphers/ciphercommon_block.c:129: If I swap cms for smime it changes to Error decrypting PKCS#7 structure rest of the error stays the same. For all I know it has to do with some kinde of deprecated stuff in OpenSSL 3.x so you'd need to add something to the comand to enable legacy stuff. Using OpenSSL 1.1.1n however doesn't change much: Error decrypting CMS structure 139958493545792:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610: The private key file is a PEM RSA key. Already checked that the reason can't be the wrong kind of line breaks (those Windows line breaks) inside the key file, since that was mentioned to be a possible reason. But the key file is as it's supposed to be. Regards Richard -- Richard Rosner Beauftragter für Vernetzung Studierendenschaft der RWTH Aachen University Fachschaft Materialwissenschaft und Werkstofftechnik Intzestraße 1 52072 Aachen Tel.: +49 241 80-95781 rros...@fsmuw.rwth-aachen.de www.fsmuw.rwth-aachen.de Am Freitag, 16. September 2022 19:51 CEST, schrieb "\"Frank Schmirler\"" (s...@schmirler.de) : Hi Richard, the basic openssl command to decrypt an S/MIME message would be something like openssl cms -decrypt -in EMLFILE -inkey PRIVATEKEYFILE Which error do you get when trying to decrypt your message with openssl? Regards, Frank Am Mittwoch, 14. September 2022 14:24 CEST, schrieb "\"Richard Rosner\"" (rros...@fsmuw.rwth-aachen.de) : > Hello together, > it seems I've found a bug when displaying an S/MIME encrypted mail. It seems > like characters aren't interpreted as UTF-8. At least some german "Umlaute" > don't display correctly. In Thunderbird, on the other hand, that same mail is > displayed correctly. Sadly, I haven't found a way to view the unencrypted > mail source code to verify if the text is indicated as UTF-8. Both OpenSSL > 1.x and 3.x are just throwing errors when trying to decrypt the eml file and > I don't know of any method to use either Thunderbird or SOGo to save the mail > as an unecrypted eml file. If anybody knows how I could better help to find > the bug, let me know. > > Using SOGo 5.7.1.20220912-1 on 64-bit Debian 10, straight from the > packages.sogo.nu repo. > > Best Regards > Richard > -- > Richard Rosner smime.p7s Description: S/MIME cryptographic signature
[SOGo] Additional e-Mail-Accounts/Identity and S/MIME
Dear SOGO community, Unfortunately I can't get any further with SOGO 5.7.1 with a certain problem and hope for help here. I would like to create a new e-mail account or better a additinal identity (with a different e-mail address) for a SOGO user under "IMAP accounts", which I have managed to do so far. Then I would like to store an S/MIME certificate for this e-mail account, but the "Security" tab is always grayed out and not accessible. The S/MIME certificate was stored in the "main account" without any problems. Is there any information or help on this? Did I not notice something? regards Juergen -- /¯\ No | \ / HTML |Juergen Bruckner Xin |microang...@microangelo.priv.at / \ Mail | smime.p7s Description: S/MIME Cryptographic Signature
Re: [SOGo] Send mail error
Am 16. Sep 2022, um 15:00:23 Uhr schrieb International Security Providers: > This is not really related to sogo.. as sogo is not a SMTP-Server but > needs a working SMTP (most likely postfix) --- Original Message > --- h...@hrmanagement.it schrieb am Dienstag, 13. > September 2022 um 9:37 vorm.: > > > Help. > > Contact hr@hrmanagement.i Do you already have an MTA in your network? You can just configure a local MTA like sendmail to use this existing SMTP server for all mails, called null client. It is rather easy to set up sendmail to do that.
Re: [SOGo] Bug in character display in S/MIME encrypted mails
Hi Richard, the basic openssl command to decrypt an S/MIME message would be something like openssl cms -decrypt -in EMLFILE -inkey PRIVATEKEYFILE Which error do you get when trying to decrypt your message with openssl? Regards, Frank Am Mittwoch, 14. September 2022 14:24 CEST, schrieb "\"Richard Rosner\"" (rros...@fsmuw.rwth-aachen.de) : > Hello together, > it seems I've found a bug when displaying an S/MIME encrypted mail. It seems > like characters aren't interpreted as UTF-8. At least some german "Umlaute" > don't display correctly. In Thunderbird, on the other hand, that same mail is > displayed correctly. Sadly, I haven't found a way to view the unencrypted > mail source code to verify if the text is indicated as UTF-8. Both OpenSSL > 1.x and 3.x are just throwing errors when trying to decrypt the eml file and > I don't know of any method to use either Thunderbird or SOGo to save the mail > as an unecrypted eml file. If anybody knows how I could better help to find > the bug, let me know. > > Using SOGo 5.7.1.20220912-1 on 64-bit Debian 10, straight from the > packages.sogo.nu repo. > > Best Regards > Richard > -- > Richard Rosner
Re: [SOGo] Sogo priting mail titel/attachments
This seems to happen just on Chromium-Browsers like Google Chrome. But not on Firefox. --- Original Message --- Christian Mack schrieb am Donnerstag, 15. September 2022 um 12:18 nachm.: > Hello > > Am 08.09.22 um 10:46 schrieb Test (hexagonprima...@gmail.com): > > > Greetings I got a question about Sogo.. > > > > If you want to print a mail conversation sogo usually makes a titel page, a > > blank page and a page with your > > > > attachments along the rest of the mails. > > > > Is there a way to print the titel along without it taking a whole page? > > > Which version of SOGo are you using? > > With SOGo 5.7.0 and 5.7.1-202209140439 I can not reproduce your problem. > It always prints the complete email (Date, Subject, From, To and > content) starting at page 1. > > > Kind regards, > Christian Mack > > -- > Christian Mack > Universität Konstanz > Kommunikations-, Informations-, Medienzentrum (KIM) > Abteilung IT-Dienste Forschung, Lehre, Infrastruktur > 78457 Konstanz > +49 7531 88-4416
Re: [SOGo] Send mail error
This is not really related to sogo.. as sogo is not a SMTP-Server but needs a working SMTP (most likely postfix) --- Original Message --- h...@hrmanagement.it schrieb am Dienstag, 13. September 2022 um 9:37 vorm.: > Help. > Contact h...@hrmanagement.it
[SOGo] Is there a way to programmatically add a 2nd user Account to Sogos Web-Interface?
Is there a way to programmatically add a 2nd user Account to Sogos Web-Interface? maybe somehow using "sogo-tool"? I would love to just define all the vars I would in the webinterface but using the CLI and it will automatically show up on the next login of the specified user. I could integrate this flow in my IAM.. BR you all
Re: [SOGo] Repeated socket shutdown
Thank you Christian, I will try. Best reagards David Kmoch Dne 16.09.2022 v 13:46 Christian Mack (christian.m...@uni-konstanz.de) napsal(a): Hello You have a user x with a lot of changes in his/her INBOX. To get all changes from the IMAP server, SOGo takes 69.209102 seconds. But Apache actively closes the connection before the result can be delivered. Therefore the web frontend tries to get the changes again, which breaks again and so forth. You have to increase your timeout on the apache side. Kind regards, Christian Mack Am 16.09.22 um 12:23 schrieb David Kmoch (david.km...@tul.cz): Hello, some users are able to completely block a sogo worker. I have no idea how they achieve this, but I would rather know how to prevent it on the server side (except blocking their IP), since it repeats over and over lasting from several hours to several days. Apache log: [proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error reading status line from remote server 127.0.0.1:2, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view [proxy:error] [pid 18588:tid 139754100205312] [client 149.255.xxx.xxx:55788] AH00898: Error reading from remote server returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view SOGo log: 14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri '/SOGo/so/x/Mail/0/folderINBOX/changes' 14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 72665 has been hanging in the same request for 1 minutes 14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute 14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> client disconnected during delivery of response for uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was shutdown The worker thread eats %100 CPU during that sequence. Running version 5.7.1 on RHEL8, LDAP auth, no EAS. Any idea what can be wrong or what to look for? -- David Kmoch Technical University of Liberec Studentská 2, 461 17 Liberec tel: +420 485 353 633 smime.p7s Description: Elektronicky podpis S/MIME
Re: [SOGo] Repeated socket shutdown
Hello You have a user x with a lot of changes in his/her INBOX. To get all changes from the IMAP server, SOGo takes 69.209102 seconds. But Apache actively closes the connection before the result can be delivered. Therefore the web frontend tries to get the changes again, which breaks again and so forth. You have to increase your timeout on the apache side. Kind regards, Christian Mack Am 16.09.22 um 12:23 schrieb David Kmoch (david.km...@tul.cz): Hello, some users are able to completely block a sogo worker. I have no idea how they achieve this, but I would rather know how to prevent it on the server side (except blocking their IP), since it repeats over and over lasting from several hours to several days. Apache log: [proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error reading status line from remote server 127.0.0.1:2, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view [proxy:error] [pid 18588:tid 139754100205312] [client 149.255.xxx.xxx:55788] AH00898: Error reading from remote server returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view SOGo log: 14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri '/SOGo/so/x/Mail/0/folderINBOX/changes' 14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 72665 has been hanging in the same request for 1 minutes 14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute 14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> client disconnected during delivery of response for uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was shutdown The worker thread eats %100 CPU during that sequence. Running version 5.7.1 on RHEL8, LDAP auth, no EAS. Any idea what can be wrong or what to look for? -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
[SOGo] Repeated socket shutdown
Hello, some users are able to completely block a sogo worker. I have no idea how they achieve this, but I would rather know how to prevent it on the server side (except blocking their IP), since it repeats over and over lasting from several hours to several days. Apache log: [proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error reading status line from remote server 127.0.0.1:2, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view [proxy:error] [pid 18588:tid 139754100205312] [client 149.255.xxx.xxx:55788] AH00898: Error reading from remote server returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: https://webmail.tul.cz/SOGo/so/x/Mail/view SOGo log: 14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri '/SOGo/so/x/Mail/0/folderINBOX/changes' 14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 72665 has been hanging in the same request for 1 minutes 14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute 14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> client disconnected during delivery of response for uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was shutdown The worker thread eats %100 CPU during that sequence. Running version 5.7.1 on RHEL8, LDAP auth, no EAS. Any idea what can be wrong or what to look for? -- David Kmoch Technical University of Liberec Studentská 2, 461 17 Liberec +420 485 353 633 smime.p7s Description: Elektronicky podpis S/MIME
Re: [SOGo] How to configure MFA for SOGo
Hello There is no additional documentation from SOGo. You can deactivate 2FA for USER_A on the servers command line with: /usr/sbin/sogo-tool user-preferences set defaults USER_A SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}' I assume, that one of the seeds from attribute "General" is used, but I didn't check this in source code. You can get that with: /usr/sbin/sogo-tool user-preferences get preferences USER_A General Kind regards, Christian Mack Am 15.09.22 um 16:25 schrieb Randall Sargent (rrsarg...@pilotcat.com): Unfortunately, that didn't work. It's rejecting my one-time code now. Is there any documentation out there? -Original Message- From: users-requ...@sogo.nu On Behalf Of Christian Mack Sent: Thursday, September 15, 2022 1:50 AM To: users@sogo.nu Subject: Re: [SOGo] How to configure MFA for SOGo Hello SOGo implements its own TOTP 2FA. That only protects access to the web frontend. You have to log into the web frontend in order to activate it. Then activate in "Preferences" --> "General" --> "General" tab option "Enable two-factor authentication using a TOTP application". SOGo will now display a QR-Code below that option. You have to scan that with your prefered TOTP app on your smartphone. Then save the activation of 2FA in SOGo web interface by clicking on the diskette symbol on green circle at the top right corner. From now on, SOGo will ask for the security code when logging in to the web frontend after the login page. Kind regards, Christian Mack Am 14.09.22 um 20:30 schrieb Randall Sargent (rrsarg...@pilotcat.com): Hello, I am looking for documentation on how to implement MFA/2FA on SOGo, specifically DUO, but any will do. Thank you -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature