Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
2. In the administration interface go to Menu → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
3. Click Get Packages to download the update packages.
4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this version

Groupware Suite: Grommunio

Three months ago, we successfully launched our new groupware, powered by Grommunio. Today, we are pleased to announce the first update—packed with exciting new features and improvements. Many of the adjustments are based on practical feedback, which has helped us tailor the groupware even better to your needs. A new feature is a wizard for setting up the groupware. The new version offers the option of setting quotas. The connection to Active Directory has been improved. Internal emails between groupware users are now also archived in the Collax Email Archive. All mail aliases are now visible in Outlook. Data from orphaned Grommunio mailboxes, i.e., mailboxes of deleted users, can now be deleted via the administration interface. Further improvements have been implemented for the migration of public folders from Kopano to Grommunio.

System Management: Monitoring Multiple RAID Controllers

Starting with this version, multiple RAID controllers can be monitored in parallel. The megaraid_sas driver recognizes all controllers individually, and critical conditions are reported separately via Nagios.

Mail: Public folder structure visible only to authorized users

Previously, the names and structure of all public IMAP folders were visible to all users, although not the contents. For data protection reasons, this may be undesirable. From now on, each user will only see the folders for which they actually have access rights.

System management: Linux kernel 6.6.106

This update installs Linux kernel 6.6.106.

Security: Security-related and general updates

Various software packages have been updated in this release. In addition to security-related updates, general maintenance and servicing updates have also been carried out.

The updates and bug fixes affect the following packages:

• OpenSSL and GnuTLS encryption libraries
• SSH remote access
• MariaDB database
• Apache web server
• RoundCube web mailer
• Microcode for AMD and Intel processors
• Python and PHP programming languages
• ProFTPD FTP service
• Console tools sudo, wget, and curl
• rsync file synchronization
• Libraries libicu, glib, libxslt, expat, libmxl2
• Linux kernel including header files libc, libdlm

Issues fixed in this version

GUI: LDAP error message

During a new installation, after logging into the administration interface for the first time, a correct but unnecessary message appeared stating that the LDAP user database was not yet running.

Two-factor authentication: New behavior for 2FA tokens for unknown users

Keys for two-factor authentication for unknown (non-LDAP) users were no longer available on the administration interface – this issue has been fixed. Admins can now decide whether tokens for unknown users should be removed automatically or managed manually (new checkbox, e.g., for temporary remote users).

SpamAssassin: All rules now visible in the GUI

Previously, only rules with a description were displayed in the “Mail & Messaging > Spam Rule Customization” menu, which meant that not all rules, e.g., IMG_DIRECT_TO_MX, were available in the GUI. From now on, rules without an initial description will also be displayed correctly. In addition, the correct directories are now used for the German descriptions, so that changes made by sa-update are taken into account.

SpamAssassin: NiX spam removed

Unfortunately, the NiX spam service has been discontinued, so we have removed it.

Postfix: Correct local delivery with alternative host names

Previously, when using an “alternative host name,” the actual host name was not entered in mydestination. As a result, local delivery (mailLocalAddress in LDAP) did not work in some cases, e.g., when sending non-delivery notifications. From now on, the real host name will be added to the mydestination list so that local domains are resolved correctly.

Notes

Additional software: Bitdefender - Proxy for updates

The virus pattern updates are carried out according to a set cycle. It is currently not possible to use an http proxy for the pattern update of the Bitdefender virus and spam filter.

Additional software: Bitdefender - pattern update after commissioning

After starting up the Collax Antivirus powered by Bitdefender module, it may take a few minutes for the current virus patterns to be downloaded. If you click on Update Bitdefender in the virus scanner form during this time, you will receive an error message “Error connecting to server at /opt/lib/bitdefender//bdamsocket: -3”, because the background process has not yet been fully executed.

GUI: Sporadic hangs during running jobs

The progress of configuration jobs is displayed in the top right-hand corner of the web administration. In the case of extensive changes in the network area, especially with country locks (geo-ip), it can happen in rare cases that the job display hangs during activation. As of release 7.2.28, you will now receive the message “Network connection has been interrupted: Messages may be lost until the connection can be re-established.” informs you about such situations.

VPN: Fix for IKEv2 with Microsoft Windows crashes after 7.6 hours

VPN connections with IKEv2 and the on-board tools of Microsoft Windows are interrupted after interrupted after exactly 7.6 hours. The error occurs because Microsoft Windows proposes different algorithms during the IKE re-encryption than during the first connection. The problem can be solved with a registry fix by the value “NegotiateDH2048_AES256” under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters to 1 is set.

Under the following link you will find a REG file (registry entry) that adds the registry key. Collax accepts no liability for system errors resulting from this.