Re: [SOGo] Large deployments
On Fri, Dec 20, 2013 at 07:35:40AM -0500, Ludovic Marcotte wrote: > On 2013-12-20 5:41 AM, Albert Shih wrote: > >Well I try this, actually only manually, for example I just kill some sogod > >process who eat ~150:00:00 time (since yesterday) and that make sogo crash > >(no more connection on the web-gui, need a service sogod restart). > That's because you killed the parent process, and not one of its > child workers. You must never do that. > > There are a couple of things you should look at for under-performing > sogod child processes: > > 1. make sure your IMAP server is fast. Look at Cyrus IMAP Server or >Dovecot with indexes. Dovecot in high performance mode, with auth caching: http://wiki2.dovecot.org/LoginProcess http://wiki2.dovecot.org/Authentication/Caching > You might also want to use imapproxy in >between SOGo and your imap server For us we saw no benefit in using an imapproxy, rather a tiny performance decrease: http://dovecot.org/list/dovecot/2012-February/133544.html and then it's definitely not worth the hassle of having yet another service running. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Large deployments
On Fri, Dec 20, 2013 at 11:41:26AM +0100, Albert Shih wrote: > > > > We kill sogod's that has been running for more than 15 cpuminutes, as > > these are normally stuck in something. I believe your sogod's must > > be stuck.. > > Well I try this, actually only manually, for example I just kill some sogod > process who eat ~150:00:00 time (since yesterday) and that make sogo crash > (no more connection on the web-gui, need a service sogod restart). > > How you manage the kill ? We run this cronjob every 5 minute: --- #! /bin/sh - # # Kill sogo-processes that's been running too long. too_long=15 # 00-59 minutes ps -u sogo -opid,ppid,cputime | grep -v PPID | while read pid ppid time do # Don't kill main daemon. if test "x$ppid" != "x1" then minutes=$(echo $time | cut -d: -f2) if test $minutes -gt $too_long; then echo Killing $pid ps -fp $pid kill -9 $pid fi fi done --- > > Can I ask what linux you using ? RHEL6. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Large deployments
On Wed, Dec 18, 2013 at 05:32:01PM +0100, Martin Rabl wrote: > Am 18.12.2013 17:24, schrieb Jan-Frode Myklebust: > >On Wed, Dec 18, 2013 at 04:32:41PM +0100, Martin Rabl wrote: > >>Am 18.12.2013 16:28, schrieb Jan-Frode Myklebust: > >>Are you using clustered database servers? > >No, just a single active server, plus warm standby. > That single server holds all data for the 5 virtual machines (= 5 > SOGo servers?) and the instances use them together? > Yes. Single VM, with 16GB memory, 4 virtual cpus and ~30GB database. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Large deployments
On Wed, Dec 18, 2013 at 04:32:41PM +0100, Martin Rabl wrote: > Am 18.12.2013 16:28, schrieb Jan-Frode Myklebust: > >We have around 30.000 unique users daily. > > > >The sogo-servers are 5 virtual machines with 4 cpus and 8 GB > >memory each. > Are you using clustered database servers? > No, just a single active server, plus warm standby. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Large deployments
On Wed, Dec 18, 2013 at 04:46:02PM +0100, Albert Shih wrote: > > > > The sogo-servers are 5 virtual machines with 4 cpus and 8 GB > > memory each. Top output from one of these right now: > > So that's mean on one machine with same feature 4 CPU and 8 GB I should > easy to accept 500-1000 user pear day. Yes, definitively.. but beware that my usage is as a pure webmail-system. I have no idea about how the outlook/thunderbird integration affects resource requirements. > > How many sogod you launch ? I put : > > WOWorkersCount = 6; We have 90 on each server. > > and I put : > > more /etc/sysconfig/memcached > > PORT="11211" > USER="nobody" > MAXCONN="1024" > CACHESIZE="128" > OPTIONS="" I don't think we've tuned these..: PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="640" OPTIONS="-l localhost" > > do you think this configuration have anything to do with the performance > and decrease the load ? I seem to remember there were issues with having too few sogods / too low WOWorkersCount. Never understood why the defaults were so low. But remember to tune postgres max_connections to more than 2 x WOWorkersCount x number of servers. > > our imap and smtp servers are seperated and not on the sogo-server. Our > sogo server run sogo-webui and postgres-service. Do you think I need to > split that ? No, I think that should work fine as long as it's not starved of any resources. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Large deployments
On Wed, Dec 18, 2013 at 03:55:22PM +0100, Albert Shih wrote: > > > > We at the Universität Konstanz in Germany have more than 16000 users. > > > Can you describe your infrastructure ? How many server ? (hardware & > Virtual), what size (Ram, CPU) ? We have around 30.000 unique users daily. The sogo-servers are 5 virtual machines with 4 cpus and 8 GB memory each. Top output from one of these right now: top - 16:17:22 up 15 days, 15:54, 1 user, load average: 0.16, 0.09, 0.03 Tasks: 277 total, 2 running, 275 sleeping, 0 stopped, 0 zombie Cpu0 : 2.0%us, 0.7%sy, 0.0%ni, 97.0%id, 0.3%wa, 0.0%hi, 0.0%si, 0.0%st Cpu1 : 1.7%us, 0.3%sy, 0.0%ni, 98.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Cpu2 : 3.7%us, 1.0%sy, 0.0%ni, 94.6%id, 0.0%wa, 0.0%hi, 0.7%si, 0.0%st Cpu3 : 0.3%us, 0.7%sy, 0.0%ni, 98.7%id, 0.0%wa, 0.0%hi, 0.3%si, 0.0%st Mem: 8059428k total, 5849244k used, 2210184k free, 540264k buffers Swap: 2097144k total,26476k used, 2070668k free, 2298216k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 6580 root 20 0 273m 115m 3844 S 0.0 1.5 36:49.53 splunkd 7997 sogo 20 0 381m 62m 8796 S 0.0 0.8 0:44.65 sogod 6438 sogo 20 0 380m 60m 8108 S 0.0 0.8 0:55.09 sogod 2730 sogo 20 0 379m 59m 8708 S 0.0 0.8 0:42.99 sogod 6035 sogo 20 0 378m 59m 8568 S 0.0 0.8 0:44.89 sogod 6459 sogo 20 0 379m 59m 8164 S 0.0 0.8 0:51.07 sogod 17130 sogo 20 0 378m 59m 8672 S 0.0 0.8 0:46.98 sogod 13702 sogo 20 0 379m 58m 8600 S 0.0 0.7 0:43.08 sogod 6428 sogo 20 0 380m 58m 8356 S 0.0 0.7 0:51.75 sogod 25734 sogo 20 0 376m 57m 8896 S 0.0 0.7 0:42.47 sogod 8076 sogo 20 0 375m 56m 8616 S 0.0 0.7 0:38.01 sogod 2725 sogo 20 0 375m 56m 8336 S 2.7 0.7 0:35.36 sogod 2690 sogo 20 0 372m 55m 8388 S 0.0 0.7 0:38.71 sogod 14427 sogo 20 0 374m 55m 8620 S 0.0 0.7 0:36.37 sogod 8090 sogo 20 0 374m 55m 8552 S 0.0 0.7 0:36.86 sogod 23322 sogo 20 0 375m 54m 8244 S 0.0 0.7 0:28.58 sogod 13543 sogo 20 0 373m 54m 8448 S 0.0 0.7 0:25.63 sogod 9580 sogo 20 0 372m 54m 8584 S 0.0 0.7 0:34.44 sogod 28024 sogo 20 0 372m 53m 8780 S 0.0 0.7 0:33.48 sogod 7722 sogo 20 0 374m 53m 8640 S 0.0 0.7 0:35.03 sogod 8991 sogo 20 0 373m 52m 8272 S 0.0 0.7 0:23.42 sogod 8411 sogo 20 0 369m 50m 8496 S 0.0 0.6 0:34.35 sogod 6863 sogo 20 0 369m 50m 8016 S 0.0 0.6 0:32.21 sogod
[SOGo] (untested) configuration profile for iOS
Here's a simple (untested) CGI-script for publishing a configuration profile to an iOS device. Put the attached CGI-script in $WEBROOT/ios/SOGo.mobileconfig and add this to the apache config: Options +ExecCGI AddHandler cgi-script .mobileconfig then open http://website/ios/SOGo.mobileconfig?email@address in the browser, and hopefully a configuration profile should appear. A few hostnames needs to be customized, but hopefully this should work :-) HTH -jf -- users@sogo.nu https://inverse.ca/sogo/lists#! /bin/bash - # # Simple CGI-script for creating configuration profile for SOGo # services on iOS. # # Jan-Frode Myklebust ## Wash input EMPTY=$(echo -n "${1}" | tr -d '[:alnum:]' | tr -d '[:punct:]') if test -n "$EMPTY" then echo Content-Type: text/plain echo echo Bad characters in input. Aborting. echo $1 echo $EMPTY exit 1 fi EMAIL=$1 DOMAIN=${EMAIL##*@} REVERSE=$(echo $EMAIL | sed -e 's/@/\./g' | awk -F. '{ for (i=NF; i > 0; i--) printf "." $i }'|sed 's/^.//' ) # No idea if these needs to be different: UUIDprofile=$(uuidgen) UUIDcarddav=$(uuidgen) UUIDcaldav=$(uuidgen) UUIDmail=$(uuidgen) # Create signed profile: #cat << EOF | openssl smime -sign -signer server.crt -inkey server.key -certfile cert-chain.crt -outform der -nodetach # Create unsigned profile: cat << EOF Content-Type: application/x-apple-aspen-config; charset=utf-8 Content-Disposition: attachment; filename="SOGo.mobileconfig http://www.apple.com/DTDs/PropertyList-1.0.dtd";> PayloadContent CalDAVAccountDescription Altibox Calendar CalDAVHostName mail.altibox.no CalDAVPort 443 CalDAVPrincipalURL /SOGo/dav/${EMAIL}/ CalDAVUseSSL CalDAVUsername ${EMAIL} PayloadDescription ${EMAIL} calendar PayloadDisplayName ${EMAIL} calendar PayloadIdentifier net.altibox.sogo.profile.caldav.${REVERSE} PayloadOrganization ${DOMAIN} PayloadType com.apple.caldav.account PayloadUUID ${UUIDcaldav} PayloadVersion 1 CardDAVAccountDescription Altibox Contacts CardDAVHostName mail.altibox.no CardDAVPort 443 CardDAVPrincipalURL https://mail.altibox.no/SOGo/dav/${EMAIL}/ CardDAVUseSSL CardDAVUsername ${EMAIL} PayloadDescription ${EMAIL} contacts PayloadDisplayName ${EMAIL} contacts PayloadIdentifier net.altibox.sogo.profile.carddav.${REVERSE} PayloadOrganization ${DOMAIN} PayloadType com.apple.carddav.account PayloadUUID ${UUIDcarddav} PayloadVersion 1 EmailAccountDescription Altibox Mail EmailAccountType EmailTypeIMAP EmailAddress ${EMAIL} IncomingMailServerAuthentication EmailAuthPassword IncomingMailServerHostName pop.altibox.no IncomingMailServerPortNumber 993 IncomingMailServerUseSSL IncomingMailServerUsername ${EMAIL} OutgoingMailServerAuthentication EmailAuthPassword OutgoingMailServerHostName smtp.altibox.no OutgoingMailServerPortNumber 587 OutgoingMailServerUseSSL OutgoingM
Re: [SOGo] SOGo autoconfiguration for iOS and OSX
Never mind, this seems to cover my questions: http://www.rootmanager.com/iphone-ota-configuration/iphone-ota-setup-with-signed-mobileconfig.html -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo autoconfiguration for iOS and OSX
On Sat, Nov 09, 2013 at 05:43:47PM +0100, Marcel Waldvogel wrote: > > as it is integrated into WordPress without having to write it in PHP, > it looks pretty ugly and is very site-specific (Perl CGI and JavaScript > wrapping WordPress). I'm not asking you to publish sources, only asking if you could share a couple of hints for how you do it. I.e.: - Do you just generate a simple plist using string substitutions on a template, or is there a serverside tool to generate this? - The generated .mobileconfig seems signed by some SSL signing authority. Could you say something about how this is done? Any hints would be much appreciated, and will probably save me lots of time. > But you are free to link to it and pass > „?dom=tanso.net“ so it is easier for your users. If you want any > special feature that might also be useful for others, please let me know. Thanks, but unfortunately this won't work for us. I can't use a "random" internet site as configuration tool for all our users. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo autoconfiguration for iOS and OSX
On Thu, Jul 11, 2013 at 04:49:46PM +0100, Marcel Waldvogel wrote: > > I currently do not have any plans to open-source the code, as it requires > quite a bit of configuration around it and the code is not pretty. But the > best of it: you can perfectly well use it as a web service by passing it all > the parameters. I just stumbled over your blog post and configuration page, and very much would like to create something similar for our users. Could you please share a bit about what's happening behind the https://netfuture.ch/tools/autoconfiguration/ page? Are you using any standard tools for generating the XML? And how does the SSL signing work here? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Active Sync support in SOGo
On Thu, Sep 19, 2013 at 09:03:26AM +0200, Jan-Frode Myklebust wrote: > > it. That fee, would have to be paid to Microsoft directly. > > Do you have any ballpark estimates for what that fee would be? I'm > worried that such a per-mailbox fee might not scale very well to > ISP scale number of mailboxes. At a minimum it must be based on actual > ActiveSync usage, not total number of accounts. > Answering my own question.. Some example pricings: http://www.mailenable.com/pricing.asp ActiveSync 20 Mailboxes $199*USD ActiveSync 50 Mailboxes $345*USD ActiveSync 100 Mailboxes $649*USD ActiveSync 200 Mailboxes $998*USD ActiveSync 300 Mailboxes $1198*USD = $4-$10 per mailbox / year http://www.smartertools.com/smartermail/pricing.aspx 25 Mailboxes$199 50 Mailboxes$349 100 Mailboxes $499 200 Mailboxes $799 300 Mailboxes $1,199 Each Additional 100 Mailboxes $400 = $4-$8 per mailbox / year -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Active Sync support in SOGo
On Wed, Sep 18, 2013 at 05:22:50PM -0400, Ludovic Marcotte wrote: > > Since the addition of Active Sync support in SOGo would be a > server-side implementation, there would be a per-mailbox fee to use > it. That fee, would have to be paid to Microsoft directly. Do you have any ballpark estimates for what that fee would be? I'm worried that such a per-mailbox fee might not scale very well to ISP scale number of mailboxes. At a minimum it must be based on actual ActiveSync usage, not total number of accounts. > Evidently, if we start working on Active Sync support in SOGo, we'll > definitively drop Funambol support - which is probably even more > exciting then adding Active Sync support. :-) -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ActiveSync question
On Tue, Sep 03, 2013 at 10:54:52AM +0200, alge wrote: > > I'm not sure if my situation with ActiveSync beeing a show stopper for > deploying SOGo is generalizable enough, what do other people think of > it? Did I miss something? I completely agree (except we didn't let it stop the show). Configuring mobile clients without ActiveSync is too cumbersome, and my little exposure to z-push didn't convince me it was production ready.. Is there anything we can do to get Inverse to focus on ActiveSync support? Does it need funding? Is it a big difficult feature, or ..? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam & antivirus
On Wed, Aug 21, 2013 at 11:49:04PM +0200, Szládovics Péter wrote: > 2013-08-21 23:21 keltezéssel, Jan-Frode Myklebust írta: > >On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: > >>SOGo is not a mailserver. SOGo just an groupware extension for _any_ > >>mailserver backend. > >>So, the question is not the antivirus and antispam for SOGo. The > >>question is antivirus and antispam for mailserver. > >Antispam has a place in SOGo too. I'd like to have an interface for the > >users to select how strict the spam-filter should be by integrating > >with sieve-spamtest/rfc5235. > > > >Maybe a "block sender" function, that pushes out a sieve script to the > >server to drop/move-to-Spam messages from a given sender. > > > >Also it would be nice if the SOGo webinterface had a Spam/not-spam > >button that would move messages to/from the Spam-folder. This could be > >used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. > > Block senders? > How many senders need to block for correct spam filtering. > One node of one zombie network sends about 100 thousand spam emails > per day with randomly generated senders. Are you sure, you can > stopped them with this feature? I don't think so. Blocking sender is a helpfull feature against other kinds of spam than zombie networks.. F.ex. real businesses that picked up your email address during a website registration, and thinks that that's an invitation to be put on their advertising list. > Example. > My mail host gets about 250-300 clean, real mails per day (total > incoming mail traffic is about 2000 mails/day - yes, 80-90% of them > are absolutely spam). We deliver about 500.000 supposedly clean mails/day to our users inboxes, after virus/spam/greylisting/etc has done it's thing. > The SA drops 5-10 mails into the quarantine per day (newsletters, > advertisements, badly formatted mail contents - really spams, very > rarely few false positive good mails). On our scale, managing a single quarantine doesn't really work, so we rather deliver the suspect messages to the users Spam-folder and give them an opportunity to check for false positives. > All of others are back off to senders. Be careful with that, so you don't get on the backscatter lists.. > > The successful fight with spams there is at the gate, not at the mailbox. At the gate we can do general filtering, but we can't train a general filter to suit 100K's of users. A spam-filter individually trained (and customized) by each user can be much more effective. Training can be done by moving messages to/from Spam-folders, customisations can include blocking senders, or tuning spam-score. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam & antivirus
On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: > > SOGo is not a mailserver. SOGo just an groupware extension for _any_ > mailserver backend. > So, the question is not the antivirus and antispam for SOGo. The > question is antivirus and antispam for mailserver. Antispam has a place in SOGo too. I'd like to have an interface for the users to select how strict the spam-filter should be by integrating with sieve-spamtest/rfc5235. Maybe a "block sender" function, that pushes out a sieve script to the server to drop/move-to-Spam messages from a given sender. Also it would be nice if the SOGo webinterface had a Spam/not-spam button that would move messages to/from the Spam-folder. This could be used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Puppet
On Mon, Aug 05, 2013 at 09:29:06PM -0500, Pablo Carranza wrote: > Has anyone taken a stab at putting together a Puppet module to install > and/or manage SOGo? > > I'm trying to put one together, from scratch, and it's been a lng and > tedious process, thus far. It's probably not directly applicable to other sites, but this is what we use on out sogo backends: sogo/manifests/init.pp 8<---8<8<-8<8<-8<8<8<8<8<8<--- class sogo { realize( User["sogo"], Group["sogo"], ) $packages = [ "sogo", "sope49-gdl1-postgresql", "httpd", "sogo-tool" ] package { $packages: ensure => installed, } $sogodirs = [ "/home/sogo", "/home/sogo/GNUstep/", "/home/sogo/GNUstep/Defaults/", "/var/log/sogo", "/var/spool/sogo" ] file { $sogodirs: ensure => "directory", owner => sogo, group => sogo, mode=> 755, } file { "/var/run/sogo" : ensure => "directory", owner => sogo, group => sogo, mode=> 700, } file { "/home/sogo/GNUstep/Defaults/.GNUstepDefaults": owner => sogo, group => sogo, mode=> 600, source => [ "puppet:///modules/sogo/GNUstepDefaults-$fqdn", "puppet:///modules/sogo/GNUstepDefaults", ], notify => Service["sogod"], } file { "/etc/sysconfig/sogo": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/sysconfig_sogo-$fqdn", "puppet:///modules/sogo/sysconfig_sogo", ], notify => Service["sogod"], } # this kills sogod's that's been consuming more than 15m cputime: file { "/usr/local/sbin/sogo-watchdog.sh": owner => root, group => root, mode=> 555, source => [ "puppet:///modules/sogo/sogo-watchdog.sh-$fqdn", "puppet:///modules/sogo/sogo-watchdog.sh", ], } file { "/etc/cron.d/sogo-watchdog.cron": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/sogo-watchdog.cron-$fqdn", "puppet:///modules/sogo/sogo-watchdog.cron", ], } file { "/etc/httpd/conf.d/01-SOGo-local.conf": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/SOGo-local.conf-$fqdn", "puppet:///modules/sogo/SOGo-local.conf", ], notify => Service["httpd"], } file { "/etc/httpd/conf.d/02-SOGo-shared.conf": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/SOGo-shared.conf-$fqdn", "puppet:///modules/sogo/SOGo-shared.conf", ], notify => Service["httpd"], } file { "/etc/httpd/conf.d/SOGo.conf": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/SOGo.conf-$fqdn", "puppet:///modules/sogo/SOGo.conf", ], notify => Service["httpd"], } file { "/etc/httpd/conf.d/00-apache-server-status.conf": owner => root, group => root, mode=> 444, source => [ "puppet:///modules/sogo/00-apache-server-status.conf-$fqdn", "puppet:///modules/sogo/00-apache-server-status.conf", ], notify => Service["httpd"], } service { "httpd": ensure => true, enable => true, require => [ File["/etc/httpd/conf.d/SOGo.conf"], Package["httpd"], ], } service { "sogod": ensure => true, enable => true, start => "/usr/local/sbin/sogo-services.sh start", stop => "/usr/local/sbin/sogo-services.sh stop", require => [ File["/home/sogo/GNUstep/Defaults/.GNUstepDefaults"], Package["sogo"], Package["sope49-gdl1-postgresql"], File['/usr/local/sbin/sogo-services.sh'], ], } # Script to make sure all sogod's are dead before starting them.. Also manages keepalived daemon: file { "/usr/local/sbin/sogo-services.sh": owner => root, group => root, mode=> 755, source => [ "puppet:///modules/sogo/sogo-services.sh-$fqdn", "puppet:///modules/sogo/sogo-services.sh", ], } } 8<---8<8<-8<8<-8<8<8<8<8<8<--- sogo/manifests/skin.pp 8<---8<8<-8<8<-8<8<8<8<8<8<--- class sogo::skin inherits sogo { file { "/usr/lib64/GNUstep/SOGo/WebServerResources/altibox.js": owner => root, group => root, mode=> 444, source => "puppet:///modules/sogo/skin/WebServerResources/altibox.js", require => Pack
Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix
On Tue, Aug 06, 2013 at 09:52:46AM +0100, SOGo Noob wrote: > > After reviewing your advice I have begun the process of swapping from MySQL > auth back over to LDAP auth, and can see that functionality via LDAP seems > much greater. Cool. > > I have a quick question though, does SOGo have any user administration > methods without falling back to an LDAP management system? For example, our > clients normally have one user that would like the ability to create new > mailboxes and distribution groups etc - is there an easy way to accommodate > such control or do we need to look at another approach for this? I don't think SOGo has any user administration features. We do our user administration by internally developed self-care webpages for our customers. These just add/delete/modify ldap-users by talking "directly" with the directory server. (maybe not really directly, but by submitting a job to a queueing system that then talks with the directory server) All our mail provisioning is handled trough LDAP. If a new domain gets added to o=$domainname.com,o=ISP,o=example,c=com, this will automatically be used by postfix/dovecot/sogo, and users created there can immediately receive email and use the webmail. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix
On Fri, Aug 02, 2013 at 05:33:15PM +0100, SOGo Noob wrote: > > My plan is this: > We have a new cleanly installed Ubuntu 12.04 server for mail, and we've > opted to use MySQL for authentication and for basic storage. We will be > using Postfix and Dovecot for mail transport and imap/pop respectively. All > of which seems to make sense so far, and much of this is configured already. > > My issue is with choosing the correct password encryption. We need it to be > compatible with SOGo, Dovecot and Postfix, and we need mail client support > for all major platforms. I'm working for an ISP, running SOGo for webmail, postfix for SMTP and dovecot for LMTP/POP/IMAP -- for a little under 100 maildomains/1M-accounts. Earlier (before SOGo) we used MySQL for user-database, but have moved over to a LDAP (389ds) for holding the user-database. And I would strongly advice you to consider doing the same. All services are speaking directly to the ldap-servers. When users needs to authenticate, this is handled trough the ldap bind() operation, so that none of the services need to know anything about encryption schemes, and also they don't have access to read the users' hashes. LDAP/389ds gives you proper multi-master setup, so that you can easily configure a highly available environment, and also scale out if needed. > Obviously we need to administer the server too, > some clean cli commands to generate new passwords would be great. What > would the list recommend as an adopted password encryption that is simple > to deploy but at the same time secure? Lots of options for editing LDAP data.. ldapvi, ldapsearch, ldapmodify, apache directory studio and probably several web-based options exists. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Best practice of sogo system / user backup - suggestions?
On Wed, Jun 19, 2013 at 01:28:00PM +0200, Götz Reinicke - IT Koordinator wrote: > > I'd like to ask what is your best practice to backup & restore your sogo > system and/or user data? > > Should we do a e.g. database dump/backup of the mysql (what we already > do for other systems) and do a user based sogo-tool backup? We do both. Daily backup of the postgres-database, plus daily sogo-tool backups of all users that has been active the last 24 hours. That should give us the possibility of doing quick single user restore from the sogo-tool backup, and also quick full system restore from database backup. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Re: just gone live with sogo, and keep getting 100% cpu usage... :-(
On Thu, Apr 04, 2013 at 11:48:46AM +0200, Jan-Frode Myklebust wrote: > Probably also good to enable some debugging with: > > sudo -u sogo defaults write sogod SOGoDebugRequests YES > > and see if the sogod.log tell you something.. We've often seen problems with sogod processes getting stuck, eating cpu, so we've implemented a watchdog that kills sogod-processes that's been using too much cputime. Every 5 minutes we run the following script: 8<-8<--8<---8<---8<8<---8<--8<-8<-- #! /bin/sh - # # Kill sogo-processes that's been running too long. too_long=15 # 00-59 minutes ps -u sogo -opid,ppid,cputime | grep -v PPID | while read pid ppid time do # Don't kill main daemon. if test "x$ppid" != "x1" then minutes=$(echo $time | cut -d: -f2) if test $minutes -gt $too_long; then echo Killing $pid ps -fp $pid kill -9 $pid fi fi done 8<-8<--8<---8<---8<8<---8<--8<-8<-- This hasn't been triggering often with sogo v2, but we've had situations earlier where sogod would get stuck on unexpected data from the IMAP server. F.ex. sogod didn't like dovecot telling it the progress during IMAP searches and got stuck using 100% cpu whenever that happened. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Re: just gone live with sogo, and keep getting 100% cpu usage... :-(
On Thu, Apr 04, 2013 at 11:40:43AM +0200, mayak-cq wrote: > > sudo -u sogo defaults write sogod WOWorkersCount 32 Please remember to also increase the number of connections to your postgres database when changing the number of workers. postgresql max_connections > 3x WOWorkersCount -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Re: just gone live with sogo, and keep getting 100% cpu usage... :-(
Probably also good to enable some debugging with: sudo -u sogo defaults write sogod SOGoDebugRequests YES and see if the sogod.log tell you something.. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo 2.0.4
On Sat, Jan 26, 2013 at 1:15 AM, Francis Lachapelle wrote: > * renamed default SOGoForceIMAPLoginWithEmail to > SOGoForceExternalLoginWithEmail and extended it to SMTP authentication Oh.. I didn't know SOGo could do SMTP authentication as the logged in user. We only support SMTP authentication on the submission port (587/tcp) including TLS upgrade, or on the smtp over ssl port (465/tcp). Will this work with SOGo ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] IMAP Server
On Mon, Jan 28, 2013 at 9:35 AM, Valentin Bud wrote: >> >> We use cyrus here with approx. 15000 users. >> Just be sure to use a version 2.4.x one. >> > > That's impressive :-). We use dovecot with around 1.000.000 mail accounts :-) Around 10% of these are accessing their mail trough the sogo webmail interface... > > What OS do you use? RHEL5 on the 6 mail backend servers. > LDAP Authentication or other backend? LDAP bind(). > Do you use replication/murder configuration? Is it stable? We use a cluster filesystem (IBM GPFS) for the mailboxes, and dovecot director to spread the load over the backend servers. Because of the cluster filesystem, we don't care which backend a user hits -- only that it's fairly sticky. > Virtual machines or hardware ones? Hardware, because of need for direct SAN access for cluster filesystem. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo v1.3.16
On Fri, Jun 08, 2012 at 08:30:44AM -0400, Francis Lachapelle wrote: > > Enhancements > * new unique names for static resources to avoid browser caching when > updating SOGo How will this work with custom skins and SOGoUIAdditionalJSFiles ? Will it pick up generation timestamp from filesystem? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Vacation, cronjob and sieve filter
Completely agree that sogo should manage this without cronjob, but inverse needs to support Cyrus which doesn't implement the sieve date extention: http://www.sogo.nu/bugs/view.php?id=1530 -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo Slow Performance
On Tue, Feb 14, 2012 at 11:27:19PM +, Khapare Joshi wrote: > > > > Only guessing, but it sounds to me like a problem with your gnustepdefauls > > "bindDN". Is it a working DN/bindPassword combination? Or maybe your ldap > > server running out of connections? > > > > > yes it is working DN/bindPassword. running out of connection (is there a > limit ? where can I check in LDAP - i have fedora driectory server) > There's a "max number of file descriptors" setting in the Configuration-Performance tab in the management console. You probably need to have a higher "ulimit -n" in /etc/sysconfig/dirsrv. I don't quite remember, but think there's an "errors" file on the ldap-server that should show if you're running out of connections. You might also want to make sure that the fields sogo is searching for in ldap are indexed. I believe sogo will search for all fields mentioned in SearchFieldNames and bindFields, so these needs to be indexed. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo Slow Performance
On Tue, Feb 14, 2012 at 11:07:34PM +, Khapare Joshi wrote: > > > No, my database not yet too busy. I do not see much high load either. > however my > /var/lib/pgsql/data/postgresql.conf max connection is set to 100 > and changed the PERFORK to 70 That will fail under load. You need minimum 3 postgres connections per sogod = 3*70 = 210. > > however, I have tons of error in /var/log/sogo/sogo > Could not bind to the LDAP server ldap.hi.is (389) using the bind DN: > uid=test,ou=People,dc=test,dc=com > > but again I can access sogo and all. I am not sure about this error. It > could be thunderbird or iphone are trying to synchronize the event and > somehow sogo could not bind on that particular synchonization. Do you know > how to debug this ? Only guessing, but it sounds to me like a problem with your gnustepdefauls "bindDN". Is it a working DN/bindPassword combination? Or maybe your ldap server running out of connections? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo Slow Performance
On Tue, Feb 14, 2012 at 10:52:08PM +, Khapare Joshi wrote: > > > the sogo server and what are you guys doing for better performance for > > sogo > > > server, any sogo configuration parameter ? postgres indexing ? apache > > > config ? > > > > What IMAP server are you running? > > CYRUS IMAP murder Ok, I'm not familiar with cyrus.. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo Slow Performance
On Tue, Feb 14, 2012 at 10:39:30PM +, Khapare Joshi wrote: > > server, any sogo configuration parameter ? postgres indexing ? Is your postgres database busy? We were struggeling with high cpu usage on our databaseserver recently, and it turned out it was a problem with the session table growing and growing. We now run a daily deletion of all rows older than 24 hours: DELETE from sogo_sessions_folder WHERE extract('epoch' from current_timestamp)-c_lastseen > 86400; I believe there's also an index fix for this table in v1.3.12.. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo Slow Performance
On Tue, Feb 14, 2012 at 10:39:30PM +, Khapare Joshi wrote: > > My sogo server sometime response very very slow. I use improxy but my sogo > server is rather slow and this performance issue is random. I think > hardware spec of the server is fine. I added /etc/sysconfig/sogo > PREFORK=6. > > server memory looks 1G free > CPU utilization average is arond 3-4 % Assuming your backends are not the problem, maybe try increasing PREFORK a lot (and remember to also increase postgresql max_connections to match). We're currently running with PREFORK=60. It's seldom that that many processes are needed, but when the server has the resources for it we would rather use cpu than stall the users requests. > Rebooted server, restarted sogod daemon. But this is bugging me. Sogo > should be fast (:) and faster than squriell mail. What can I do to optimize > the sogo server and what are you guys doing for better performance for sogo > server, any sogo configuration parameter ? postgres indexing ? apache > config ? What IMAP server are you running? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Re: [Dovecot] IMAP-proxy or not with sogo webmail and dovecot backend
On Mon, Feb 13, 2012 at 11:08:48AM -0800, Mark Moseley wrote: > > Out of curiosity, are you running dovecot locally on those webmail > servers as well, or is it talking to remote dovecot servers? The webmail servers are talking with dovecot director servers which in turn are talking with the backend dovecot servers. Each service running on different servers. Webmail-servers -> director-servers -> backend-servers > I ask because I'm looking at moving our webmail from an on-box setup to a > remote pool to support director and was going to look into whether > running imapproxyd would help there. We don't bother with it in the > local setup, since dovecot is so fast, but remote (but still on a LAN) > might be different. Doesn't seem so to us... > Though imapproxyd seems to make (wait for it...) > squirrelmail unhappy (complains about IMAP errors, when sniffing shows > none), though I've not bothered to debug it yet. :-) -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] IMAP-proxy or not with sogo webmail and dovecot backend
We've been collecting some stats to see what kind of benefits UP/SquirrelMail's IMAP Proxy in for our SOGo webmail users. Dovecot is running in High-performance mode http://wiki2.dovecot.org/LoginProcess with authentication caching http://wiki2.dovecot.org/Authentication/Caching During the weekend two servers (webmail3 and webmail4) has been running with local imapproxy and two servers without (webmail1 and webmail2). Each server has served about 1 million http requests, over 3 days. server avg. response time # requests webmail1.example.net 0.3704111092386 webmail2.example.net 0.3742271045141 webmail3.example.net 0.3780971043919 imapproxy webmail4.example.net 0.3785931028653 imapproxy ONLY requests that took more than 5 seconds to process: server avg. response time # requests webmail1.example.net 26.048 1125 webmail2.example.net 26.2997 1080 webmail3.example.net 28.5596 808 imapproxy webmail4.example.net 27.1004 964 imapproxy ONLY requests that took more than 10 seconds to process: server avg. response time # requests webmail1.example.net 49.1407 516 webmail2.example.net 53.0139 459 webmail3.example.net 59.7906 333 imapproxy webmail4.example.net 58.167 384 imapproxy The responstimes are not very fast, but they do seem to support the claim that an imapproxy isn't needed for dovecot. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Why not move from Funambol to Z-Push? Many features will be obtained.
On Wed, Jan 18, 2012 at 10:14:38PM +0100, André Schild wrote: > >>the licensing agreement doesn't make me a happy, happy, joy man. > >Is z-push that much different of a threat than the Open^H^H^H^Hchange- > >replacement you seem to be doing in v2.0 ? > OpenChange has nothing to do with ActiveSync. > > OpenChange implements MAPI on the server, so (all) mapi compatible > can talk to the server > z-Push implements ActiveSync on the server, so all active sync > clients can talk to the server I see it as: z-push implements microsofts proprietary ActiveSync protocol. OpenChange implements microsofts proprietary MAPI protocol. > The current z-push sogo backend uses CalDav/CardDav to access Sogo > resources, > the Funambol client directly accesses the database Yes, I know. I tested the sogosync-version about a year ago, and it looked like a very nice solution that could be run as a completely separate service from the rest of sogo (pure caldav/carddav/imap-client). Funambol looked like a very intrusive solution, poking inside the sogo database directly, having it's own userdatabase (if I remember correctly). And probably introducing version dependencies between funambol server and sogo server. I'd much rather push my users towards installing a 3. party caldav/carddav client, and avoid the need for anything serverside. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Why not move from Funambol to Z-Push? Many features will be obtained.
On Wed, Jan 18, 2012 at 02:16:08PM -0500, Ludovic Marcotte wrote: > I would still very much like to open a discussion about this - ie., > Funambol (SyncML) backend vs. Z-Push (ActiveSync) backend. I'm struggeling with seeing why one would push Funambol/SyncML. It requires 3. party agent on all phones (except nokia), and then one could just as well use a 3. party caldav/carddav client. While activesync is supported on all (?) phones, with single config for mail/contacts/calendar. That's what we want! > > What I mostly fear about Z-Push is that we'll revisit all the device > synchronization bugs we had over the past few years with > Funambol/SyncML and we'll have to hack around like we did. This is > very valuable time and know-how here. Getting the Z-Push connector > up and running can be done in a snap, but refining it will take some > time. Also, having the Sword of Damocles on top of my head regarding > the licensing agreement doesn't make me a happy, happy, joy man. Is z-push that much different of a threat than the Open^H^H^H^Hchange- replacement you seem to be doing in v2.0 ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo v1.3.11
On Thu, Jan 05, 2012 at 12:13:51PM +0100, Martin Rabl wrote: > > * new experimental feature to force popup windows to appear in an iframe > > -- this mode can be forced by setting the cookie "SOGoWindowMode" to > > "single" > Nice feature - but I didn't understand how to enable it, because I > found no set cookie - any hints? > You need to set the cookie yourself. F.ex. trough apache mod_rewrite. I used this for testing: RewriteCond %{QUERY_STRING} testsogoiframe=([^/&]+) RewriteRule ^/SOGo/.* - [CO=SOGoWindowMode:single:::/SOGo/] and then add ?testsogoiframe=something to the URL to test it. You'll need to delete the cookie manually afterwards to get out of single window mode. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Backup only changed users ?
On Thu, Dec 22, 2011 at 03:10:58PM +0100, André Schild wrote: > The backup gives you flat files, > so your backup software can look if these have been modified Yes, I know, but the problem is that full sogo-tool backups are already taking about 8 hours, and stressing the backend db for this long unnessesarily when the users are mostly unchanged... We need to find a way of speeding the up soonish.. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Backup only changed users ?
Is it possible to see which users has logged in the last 24 hours or so, so that we can backup only these instead of ALL in the nighly sogo-tool backup job? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Cleaning up /tmp or SOGoMailSpoolPath
We were just running quite low on space for /tmp, where SOGoMailSpoolPath defaults. Could someone advice for how safe it is to clean up by running tmpwatch as user "sogo" ? tmpwatch --nodirs --nosymlinks 6 /tmp/ Or will it cause problems with f.ex. references to files in memcached ? Also, what's the intended use of /var/spool/sogo ? Should we point SOGoMailSpoolPath here, or to a subdir of /var/spool/sogo? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] X-Forward header and mod_proxy
We use mod_proxy_balancer in front of our SOGo servers, so by default outgoing emails from sogo will have a X-Forward header with the address of our loadbalancer. | frontend server 1,2 (apache mod_proxy_balancer) | backend server 1,2,3,n (standard sogo-configured apache and sogod) | I suppose the fix for this should be to change on the backend sogo-servers: RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT] to rather use the X-Forwarded-For that mod_proxy sets: RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{X-Forwarded-For},PT] I've been sniffing the network traffic to verify that X-Forwarded-For is set on the incoming requests to the backend servers, but the X-Forward header isn't included in outgoing messages.. Any idea what I'm doing wrong here? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Online translation tool -- Transifx
On Mon, Nov 14, 2011 at 04:16:08PM -0500, Francis Lachapelle wrote: > > Once registered, request a new team for your language : > > https://www.transifex.net/projects/p/sogo/teams/ > > Once authorized, you'll be able to start/continue translating SOGo in your > language. > > For the initial import, it was necessary to ignore all strings that were > identical to the English translation. Therefore, even if your translation was > considered completed in version 1.3.9 of SOGo, you may need to add some > missing strings (example: if the translation of "email" in your language is > also "email", you'll need to add it back). I've signed up as team lead for no_NO and nb_NO, but none of these show any existing translations. Everything is listed as 0% done. But when looking at https://www.transifex.net/projects/p/sogo/r/all-resources/ there is a Norwegian which is 90% done. This is the version I want to work on! :-) Am I missing some routine to copy this over to no_NO/nb_NO or is something wrong with the setup for Norwegian ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Customize a tad of SOGo
On Sat, Nov 12, 2011 at 06:57:12PM +0100, Jan-Frode Myklebust wrote: > > modifying wox-templates. Customizing anything below > /usr/lib*/GNUstep/SOGo/WebServerResources/ needs to happen there, as > these are not served trough sogod but rather served by apache directly. I just realized that the WebServerResources/ could work the same as wox-templates in /home/sogo/GNUstep/Library/ with a little mod_rewrite hack: RewriteCond %{REQUEST_URI} ^SOGo/WebServerResources.* RewriteCond "/home/sogo/GNUstep/Library%{REQUEST_URI}" -f RewriteRule ^(.+) /home/sogo/GNUstep/Library/$1 [L] RewriteRule ^ - [PT] Untested, and I never get these right without some trial and error, but you probably get the idea. Based on: http://httpd.apache.org/docs/current/rewrite/remapping.html#multipledirs -jf -- users@sogo.nu https://inverse.ca/sogo/lists
IMAP-proxy or not? Was: Re: [SOGo] SOGo+perdition+Dovecot
On Sat, Nov 12, 2011 at 12:35:26AM +, Ed W wrote: > > Quick question: What does perdition buy you versus not having it? > > The dovecot author suspected that logins were so fast that a persistent > proxy would likely have little performance advantage - do you measure > otherwise? Interesting... as I seem to experience slow initial connect (getting the body of the first message I select after logging in takes seconds) when using up-imapproxy, but everything seems quick afterwards. If I have sogod talk to the imap-servers directly (still trough dovecot-director), everything is quick always. But I've been the only sogo user active when testing thism and am worried that this might change once we put heavy load on it.. I've also noticed there is a NGImap4DisableIMAP4Pooling setting which is disabled by default, but I haven't found any documentation for it other than the bugrapport which seems to indicate it should be used if one is not using an imapproxy: http://sogo.nu/bugs/view.php?id=1243 and the "NEWS" entry: - IMAP connection pooling is disabled by default to avoid flooding the IMAP servers in multi-process environments (NGImap4DisableIMAP4Pooling now set to "YES" by default) I don't understand what "multi-process environments" is referring to here..? Does anybody have any comments for if imapproxy is needed or not for dovecot backend, and if one should use IMAP4Pooling in sogo when not using an imapproxy? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Customize a tad of SOGo
On Fri, Nov 11, 2011 at 09:32:27AM -0500, Francis Lachapelle wrote: > > > I see the post here: > > http://www.sogo.nu/english/nc/support/faq/article/how-to-customize-the-html.html > > about how to keep changes between versions but that seems not current any > > more. Also I am not sure this is what I would want anyways. Any pointers? > > This FAQ entry is still valid. Valid, but still a bit unclear -- at least to me. It would be good if it was specified if/that sogod needs to be restarted whenever wox-templates are changed, and also mention that the entry is just about modifying wox-templates. Customizing anything below /usr/lib*/GNUstep/SOGo/WebServerResources/ needs to happen there, as these are not served trough sogod but rather served by apache directly. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Update to 1.3.9 on Centos5
On Sun, Oct 30, 2011 at 09:12:22AM -0400, Ludovic Marcotte wrote: > That's probably a sign of having old SOPE packages around after > proceeding with the SOGo update. Make sure you update all SOPE > packages to the latest version and restart the SOGo service after. Yes, looks like you had some packages in the v1.3.9 yum-repo with version numbers that rpm/yum would interpret as newer than the new ones for sogo v1.3.9-2. Those who had upgraded to v1.3.9-1 will probably still be running on wrong sope49-cards and sope49-gdl1-contentstore after upgrading to v1.3.9-2. [janfrode@webmail2 ~]$ rpm -q sope49-cards sope49-gdl1-contentstore sope49-cards-1.3.9-2.centos6.x86_64 sope49-gdl1-contentstore-1.3.9-2.centos6.x86_64 [janfrode@webmail2 ~]$ sudo yum update Package Arch Version Repository Size Updating: sope49-cardsx86_642.0_20111018-1.el6.0 sogo 161 k sope49-gdl1-contentstorex86_642.0_20111018-1.el6.0 sogo 54 k Transaction Summary Upgrade 2 Package(s) $ rpmdev-vercmp Epoch1 : Version1 :1.3.9 Release1 :2.centos6 Epoch2 : Version2 :2.0_20111018 Release2 :1.el6 :2.0_20111018-1.el6 is newer The reason this was hitting us is that I sync'ed in your packages to our local repository, since our servers aren't allowed to talk openly on the internet, and I hadn't noticed that these needed to be deleted from the repo.. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] HELP !!! /etc/init.d/sogod: line 73: /usr/GNUstep/System/Library/Makefiles/GNUstep.sh: Aucun fichier ou répertoire de ce type Restarting SOGo: /usr/GNUstep/System/Tools/Admin/sogod: error w
On Fri, Oct 28, 2011 at 11:05 PM, Ludovic Marcotte wrote: > > That has been fixed. We were building packages on SL Linux but it looks like > they recently broke binary compatibility with RHEL/CentOS 6. We're > rebuilding them with CentOS 6. > What about RHEL-6.1-latest ? Centos seems to be lagging quite a bit behind RHEL6 these days... -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] HELP !!! /etc/init.d/sogod: line 73: /usr/GNUstep/System/Library/Makefiles/GNUstep.sh: Aucun fichier ou répertoire de ce type Restarting SOGo: /usr/GNUstep/System/Tools/Admin/sogod: error w
Could you post the output of "rpm -qi gnustep-make" ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Status on SOGo v2.0.0
On Fri, Oct 07, 2011 at 11:19:12AM -0400, Ludovic Marcotte wrote: > > Also, if anyone would volunteer some help regarding packaging Samba > 4 and OpenChange for RHEL (v5 and v6), In RHEL6 both samba4 (4.0.0-23.alpha11) and openchange (0.9) is available in the rhel-x86_64-server-optional-6 channel. Are these usable with sogo 2.0? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] performances & best practices
On Sun, Apr 17, 2011 at 07:05:38PM +0200, DAVIDE VAGHETTI wrote: > > Is there anything else I can do to speed things up? We use these apache optimizations: # Compress text-type content: AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript # Don't use inode in ETag, in case we're running on a cluster # where static file inode numbers will be different between the # nodes FileETag MTime Size # Add far future expiry headers to static content. Reduce these # to much shorter (1 hour?) before you plan on any upgrades to # SOGo, to be sure clients quickly will pick up new versions of # any content. ExpiresActive on ExpiresDefault "access plus 1 week" ExpiresActive on ExpiresDefault "access plus 1 week" # Point this at your SOGoFaviconRelativeURL ExpiresActive on ExpiresDefault "access plus 1 week" -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] How to disable spellchecker
I'm wondering what kind of agreement SOGo/inverse has with spellchecker.net. Is it really a free for all service, or will we get into trouble if we run SOGo in a large commercial setup? Is it possible to use the "WebSpellChecker: Licensed Version" running on our own servers for spellchecks in sogo ? http://www.spellchecker.net/v3/products/wsclicensed.html -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Dovecot quota indicator bar
On Mon, Feb 21, 2011 at 10:26:15PM -0600, Kevin C. Smith wrote: > > > I'm guessing SOGo only checks before logon? I don't think so. Here's my before-login capabilities: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. and after login: a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in and I do have the quota indicator in sogo. (Dovecot director v2.0.9 proxying to v1.2.16 on the backends.) -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Script
On Fri, Feb 18, 2011 at 02:02:50PM -0500, Wolfgang Sourdeau wrote: > > Overal, I think the idea of a structured file-format is a good one. > Perhaps the missing step to "UNIX-compliance" would be to enable > the use of a conf file in the /etc/ hierarchy. This would be quite > easy to do and you just need to ask ;) > Woha, yes, could we please have that! :-) Also, would it be possible to separate out the templating from $HOME (to f.ex. /var/www) and make the sogo-user a non-interaktive account. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Alternate theme proposal
On Sun, Feb 13, 2011 at 07:12:56PM +0100, Corrado Fiore wrote: > > == HOW DOES IT LOOK? == > Any thoughts, suggestions or comments are welcome! It looks a lot better, thanks! And especially thanks for giving me a pointer for what we need to look at changing to give it our corporate look whenever we start that job. For the mail view I would have also liked if something was done to the pane between message list and message content. It's taking way to much space, it's duplicating information that's already shown in the selected message in the "message list", and there's too much blank space on the right hand size. I think most of the duplicate information should be removed, and whatever information is left should be squeezed into two data fields per line. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo v1.3.5
On Thu, Jan 27, 2011 at 08:44:34AM -0500, Francis Lachapelle wrote: > > > > filter="(|(givenName=janfrode*)(mail=janfrode*)(cn=janfrode*))" > > > > even though my SOGoUserSources doesn't contain givenName: > > > >SearchFieldNames > > > >mail > >cn > > > > > > but things seems to be working much better. > > The constructed LDAP filter includes the fields from SearchFieldNames, > MailFieldNames and CNFieldName. Does givenName is defined as your CN? Yes, so that's were it's from: CNFieldName givenName Thanks! -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo v1.3.5
On Thu, Jan 27, 2011 at 11:35:29AM +0100, Jan-Frode Myklebust wrote: > > > > Enhancements > > * the new parameter SearchFieldNames allows to specify which LDAP fields > > to query when filtering contacts > > > > I'm having problems getting this working. I have configured it with: > > defaults write sogod SearchFieldNames '("mail", "cn")' RTFM.. page 18, this is in the SOGoUserSources setting.. and now it works much better. It's still searching for a bit more than I told it to: filter="(|(givenName=janfrode*)(mail=janfrode*)(cn=janfrode*))" even though my SOGoUserSources doesn't contain givenName: SearchFieldNames mail cn but things seems to be working much better. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ANN: SOGo v1.3.5
On Wed, Jan 26, 2011 at 01:30:29PM -0500, Francis Lachapelle wrote: > > === Changes from the previous release === > > Enhancements > * the new parameter SearchFieldNames allows to specify which LDAP fields to > query when filtering contacts > I'm having problems getting this working. I have configured it with: defaults write sogod SearchFieldNames '("mail", "cn")' and also have: defaults write sogod SOGoLDAPQueryLimit 100 defaults write sogod SOGoLDAPQueryTimeout 10 On my directory server I see my search as: [27/Jan/2011:11:30:08 +0100] conn=6164752 op=1 SRCH base="o=isp,o=example,c=com" scope=2 filter="(|(givenName=janfrode*)(sn=janfrode*)(displayName=janfrode*)(telephoneNumber=janfrode*)(mail=janfrode*))" attrs="objectClass givenName mail mail title company o displayName modifyTimestamp mozillahomestate mozillahomeurl homeurl st region mozillacustom2 custom2 mozillahomecountryname description notes department departmentNumber ou orgunit mobile cellphone carphone mozillacustom1 custom1 mozillanickname xmozillanickname mozillaworkurl workurl facsimileTelephoneNumber facsimileTelephoneNumber telephoneNumber mozillahomestreet mozillasecondemail xmozillasecondemail mozillacustom4 custom4 nsAIMid nscpaimscreenname street street postOfficeBox homePhone cn cn givenName mozillahomepostalcode mozillahomelocalityname mozillaworkstreet2 mozillausehtmlmail xmozillausehtmlmail mozillahomestreet2 postalCode zip c c pager pagerphone mail sn sn mozillacustom3 custom3 l l birthyear serialNumber calfburl proxyaddresses uid" I also tried: defaults write sogod SOGoSearchFieldNames '("mail", "cn")' but same result. (And yes, sogod and memchached was restarted after "defaults write"). So what am I missing ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] iphone + caldav-settings
For the carddav service, we have configured an apache virtual host listening on port 8843/ssl, and proxypass'es: ProxyRequests Off SetEnv proxy-nokeepalive 1 ProxyPreserveHost On ProxyPassInterpolateEnv On ProxyPass /principals http://localhost:2/SOGo/dav/ interpolate ProxyPass /SOGo http://localhost:2/SOGo interpolate ProxyPass / http://localhost:2/SOGo/dav/ interpolate this makes the carddav configuration on the iphone very easy, only username/password/hostname needed to be typed in, while the caldav configuration that go directly at the sogo webmail-host requires special "advanced" options with port settings and long URL to be typed in.. Is it possible to set up a similar virtual host for caldav as for carddav, that remove the need for specifying port and long URL in the iphone client ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Trying to run SOGo on a openSUSE x64
On Thu, Jan 06, 2011 at 02:45:24PM +0100, Stefan Fuhrberg wrote: > > > That fixed the Adaptor Message, rest of the log looks still the same. > RequestHeader set "x-webobjects-server-port" "443" RequestHeader set "x-webobjects-server-name" "sogo" RequestHeader set "x-webobjects-server-url" "http://sogo"; x-webobjects-server-port should likely be "80" for an http url. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Status on sogosync
On Wed, Jan 05, 2011 at 06:02:55PM +0100, Bo Simonsen wrote: > > Unfortunately ActiveSync is not stateless. The server stores information > about which objects that is already synced. One could use NFS to handle > this, however I would prefer a mysql based solution. I should definitely > implement that.. A mysql-based solution would probably be a bit worse for us, as we know how to run fully redundant cluster filesystems -- but don't really know how to make mysql (reliably) highly available.. As (AFAIU) SOGo can use repcached, could maybe also SOGoSync use the same? Or some other replicated db that voids the single point of failure a normal relational DB would be. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Status on sogosync
On Sun, Jan 02, 2011 at 10:57:18AM +0100, Bo Simonsen wrote: > > It could be in SOGOsync however, this would require database backend, > and administration interface. The great thing about SOGOsync currently > is that it doesn't not depend on any configuration which is user > specific. Can you propose a more simple solution? That would be > appreciated. :) I agree, SOGOsync running completely on top of WebDAV/IMAP/SMTP is great. Makes it very easy to run the SOGOsync service on another (set of) server(s), without exposing any database to SOGOsync. One thing I'm wondering about though.. The SOGo-servers are (AFAIK) completely stateless -- it doesn't matter which instance in the server farm a client connects to, so we can easily scale out by adding more servers. Does that also apply to SOGOsync ? I've noticed there is a /state/ directory which I don't quite know what is, and which makes me worried maybe SOGOsync will not handle running on more than one server ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Secured session cookies
On Wed, Dec 29, 2010 at 09:04:28AM -0500, Ludovic Marcotte wrote: > On 10-12-28 7:55 PM, Ludovic Marcotte wrote: > > [snip] > >For 3 and 4, we could as you suggested store a SHA (or whatever) > >version of the cleartext password in memcached that we would have > >got during the very first call and then, upon subsequent calls, > >compute again the deduced value and compare those hashes instead > >of going to the LDAP server (or SQL server if using SQL-based > >authentication). > > Done. And since 1&2 didn't have any plaintext passwords in SOGo, all plaintext storage of passwords are now gone ? Wow, great! Thank you! -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] cache static content
It looks to me like this should work fine, all POSTs seems to go to /SOGo/so or /SOGo/connect, and I see no parameters in any GETs. So I would suggest adding something like the following to the default apache config (SOGo.conf): # Compress text-type content: AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript # Don't use inode in ETag, in case we're running on a cluster # where static file inode numbers will be different between the # nodes FileETag MTime Size # Add far future expiry headers to static content. Reduce these # to much shorter (1 hour?) before you plan on any upgrades to # SOGo, to be sure clients quickly will pick up new versions of # any content. ExpiresActive on ExpiresDefault "access plus 1 week" ExpiresActive on ExpiresDefault "access plus 1 week" # Point this at your SOGoFaviconRelativeURL ExpiresActive on ExpiresDefault "access plus 1 week" -jf -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] cache static content
Are there any recommendation for what can and can't be cached in SOGo? i.e. the login page takes 27 http requests / 422KB, inbox take 61 requests / 605KB, calendar 49 requests / 609 KB. A lot of this seems to be javascripts and images living in /SOGo.woa/WebServerResources/. Would it be OK to tell the clients they can cache these for long periodes trough mod_expires ? Something like: ExpiresActive on ExpiresDefault "access plus 1 month" Would this be OK ? If so, any other Locations need the same treathment ? (1 month is maybe a bit long.. might need to be sync'ed a bit with maintenance windows/upgrades). -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Secured session cookies
On Tue, Dec 28, 2010 at 06:41:37PM -0500, Ludovic Marcotte wrote: > On 10-12-28 4:19 PM, Jan-Frode Myklebust wrote: > >So maybe save a salted hash of the password in memcached for this > >comparison instead ? > That password needs to be known by SOGo - because it needs to push > its cleartext version to the IMAP server. OK, guess I don't understand the details well enough.., it just feels so bad to store plaintext passwords anywhere. My assumption was that when SOGo needs the password for IMAP, it could either be generated by via the "secured session cookies" or for non-cookie-based authentication it would be provided in plaintext (basic auth) from the client. > The password could be hashed using a string shared across all SOGo > cluster members - that would buy a false sense of security for a > little while. I suggested keeping a (salted) hash of the plaintext password used with basic auth in memcached for avoiding having to validate passwords by ldap bind every time. Not using a reversible hash function that would allow sogo to recover the password. But if my assumtions of all clients sending plaintext password, or secured session cookie on every request, are not true, then I see that this woun't work. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Secured session cookies
On Tue, Dec 28, 2010 at 03:46:14PM -0500, Ludovic Marcotte wrote: > On 10-12-28 3:42 PM, Jan-Frode Myklebust wrote: > >Couldn't this also be the same string as is stored server side for the > >secured session cookie, and xor'ed when checking validity ? > Yes but that wouldn't work with other authenticators - like the > proxy one (for WebAuth or Apache authentication) or the DAV one (for > all DAV clients, like Thunderbird, Apple iCal / iPhone, etc.). So maybe save a salted hash of the password in memcached for this comparison instead ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Secured session cookies
On Tue, Dec 28, 2010 at 02:37:15PM -0500, Ludovic Marcotte wrote: > > The password is still stored unencrypted in memcached for > SOGoCacheCleanupInterval seconds. This is avoid doing a bind on the > LDAP server for _each_ request coming in, in order to check the > validity of the password. Couldn't this also be the same string as is stored server side for the secured session cookie, and xor'ed when checking validity ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Secured session cookies
Do I understand the code correctly if I read that you're now using the session key as a one-time-pad to encrypt/decrypt the password, and the password is never stored un-encrypted anywhere ? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo and Openchange
On Sat, Dec 18, 2010 at 10:26:18PM +0100, Bo Simonsen wrote: > > I would appreciate any feedback. I've been working on it all day today > on getting push imap working and fixed a lot of bugs.. I've currently no > open bugs of which i found my self... I just started testing your SOGoSync today, and noticed a few issues.. PHP Fatal error: Call to undefined method BackendCombined::getDeviceRWStatus() in /var/www/z-push/request.php on line 941 I'm not quite sure what this was, but it looked like it wasn't necessary for imap/contacs/calendar sync, so I commented out that if-block to get rid of this message. It's unclear to me how sending email is supposed to work. It seems to me like sending email means to upload it to the imap folder defined by SYNC_FOLDER_TYPE_OUTBOX.. but that has no meaning to our IMAP backend servers. It would be great if all unused configurations were commented out from the default config.php. Now it's quite unclear to me if the BackendLDAP_Contacts_config or BackendFileStorage_config has any meaning ?? -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] INBOX/Drafts folder isn't being created initially during first save
Do you know the sets of configurations for a dovecot backend also ? . list "" "*" * LIST (\HasNoChildren) "." "INBOX.Drafts" * LIST (\HasNoChildren) "." "INBOX.Sent" * LIST (\HasNoChildren) "." "INBOX.Spam" * LIST (\HasNoChildren) "." "INBOX.Trash" * LIST (\HasChildren) "." "INBOX" . OK List completed. It looks like that should be: defaults write sogod SOGoDraftsFolderName INBOX.Drafts defaults write sogod SOGoSentFolderName INBOX.Sent defaults write sogod SOGoTrashFolderName INBOX.Trash which kind of works, but in the webui I see: u...@example.com Inbox - Drafts - Sent - Spam - Trash Drafts Sent Trash The duplicates point to the same imap folder, but it would be nice to not have them duplicated... -jf -- users@sogo.nu https://inverse.ca/sogo/lists