Note that SOAP auth with the zimbra account by itself isn't a sign for an attacker on your system. Some Carbonio cronjobs use this, too, see crontab -e as zextras and compare the times with the occurrence of SOAP auths as zimbra. In my case, this explained daily zimbra auths at 2:15, 22:00 and 23:45. Plus, the cmbackup script I'm running uses this authentication for several auths starting at 1:30 on my server. Moreover, during the upgrade process today and probably for the recommended LDAP backup, too, there were several auths today.
However, I had accesses I'm not sure about shortly after 3am at Jan 1st, 3rd, 5th, and 9th that are so regular that I'm wondering if that isn't some cronjob, too, and irregular accesses on Jan 5th at 1:44 and 11:41, on Jan 7th at 12:46, and on Jan 9th on 3:52. Plus, PreAuth keys had been set for all my domains, and I can't remember having set those myself.
Otherwise, I haven't yet found any irregular activity, so I hope that the hackers that seem to have visited my server have just paved the way for future campaigns and now won't be able to do anything as I have deleted the PreAuth keys and changed the LDAP account password.
I'd be happy if somebody could tell me what the attacker theoretically could have done with the access they had so I can have a look if really everything is in order.
Plus, PreAuth keys had been set for all my domains, and I can't remember having set those myself.
Otherwise, I haven't yet found any irregular activity, so I hope that the hackers that seem to have visited my server have just paved the way for future campaigns and now won't be able to do anything as I have deleted the PreAuth keys and changed the LDAP account password.
I'd be happy if somebody could tell me what the attacker theoretically could have done with the access they had so I can have a look if really everything is in order.
What does zimbraPreAuthKey look like?
What does it look like if there are no PreAuth keys? Only "# name" and the domain name?
Thanks for the help
//Sigtrap
@sigtrap Yes, if there are none set, there's only the #name and the domain name. In my case, long hex keys were also shown.
Another note: I also had to change the LDAP password in /etc/carbonio/carbonio-prometheus-openldap-exporter/carbonio-prometheus-openldap-exporter.yml in order not to get error messages in the logs. The system itself ran without problems, though.
Hi @zottel,
Note that SOAP auth with the zimbra account by itself isn't a sign for an attacker on your system. Some Carbonio cronjobs use this, too, see crontab -e as zextras and compare the times with the occurrence of SOAP auths as zimbra. In my case, this explained daily zimbra auths at 2:15, 22:00 and 23:45.
...
You are correct that provisioning commands executed from the CLI typically use the zimbra account for authentication. However, in such cases, the originating IP address (ip or oip) logged in the audit.log should correspond to localhost or an internal IP address (e.g., one within your trusted network range).
If you notice any Auth commands using the zimbra account with an external or unexpected IP address, it indicates a potential unauthorized access or misuse.
Best regards,
Luca
Hello everyone,
The Zextras crew is delighted to present Carbonio Community Edition 25.3.0 with various improvements and new features.
Features to highlight:
Enhanced Virtual Room Management
Managing virtual rooms is now more intuitive and efficient with several usability improvements. Users can seamlessly interact with more moderators and active participants, while enhanced icons for Join, Rejoin, and Start actions provide better clarity. A new "More Options" menu allows quick access to Copy Link, Edit Details, and Delete Room functions. Additionally, users can now edit room names and modify member lists through a refined update process.
Quick Access to Appointment Details from Reminders
Users can now open appointments directly from reminders, making it easier to review important details such as the agenda, links, and references. The reminder pop-up includes an expandable section for quick access to appointment notes, along with a direct link to open the full appointment. This enhancement improves efficiency by reducing navigation steps and ensuring users have the information they need immediately.
Easier Email Communication with Meeting Participants
Users can now send emails to all attendees directly from the meeting details screen, eliminating the need to manually copy and paste email addresses. When composing an email, the "To" field is automatically populated with all participants, and the subject line is pre-filled with the meeting title.
Support for Folders in Contact Groups
The Contact Groups feature is enhanced to allow users to create and manage contact groups within their personal accounts, offering greater flexibility and usability. Users can now organize contact groups into folders, edit or delete them. This update caters to power users and those in organizations like small municipalities or schools, where managing multiple groups is essential.
Enhanced Email Deletion Behavior in Search Results
When deleting an email from the search results, the email now automatically updates to reflect the deletion, either by being removed from the list or marked as trashed, without requiring the user to manually refresh or modify the search parameters. This ensures a smoother, more intuitive user experience when interacting with emails in search results.
Enhance "Active Participants" and "Other Moderators" Layout in Virtual Rooms
This update aims to improve the visual presentation of active participants and moderators in the virtual room card. The goal is to make this information more visually impactful and easier to use, enhancing the overall user experience.
Notify Users of Reactions on Their Messages
This feature will notify users when others react to their messages by displaying a badge on the message, providing a clear indication of new interactions and keeping them up to date on engagement with their messages.
Allow Users to Modify, Add, or Remove Message Reactions
This feature enables users to easily change a previously applied emoji reaction by selecting a different one. Additionally, users can add their reaction to an existing one by clicking on the emoji bubble, providing a quick and intuitive way to interact. Users can also remove their reactions by clicking on the bubble element, allowing them to undo their actions with ease.
Allow Users to Choose from All Available Reactions
This feature allows users to select any available reaction from the system, beyond just the default ones. Users will have access to a broader range of emojis to express their feelings and reactions in messages, enhancing customization and interaction.
and many more improvements!
Check out the full changelog to know the whole list.
How to upgrade
To upgrade your Carbonio CE, follow the simple instructions in the official Carbonio CE Upgrade Documentation.
We are grateful for your honest and useful feedback; it is a key factor in our success. We are open to any ideas, comments, or proposals for improving our services, and we eagerly await hearing from you.
For more information read the Carbonio CE documentation.
Subscribe to this thread to stay informed of future releases.
Cheers!
Hi guy,
I am trying to enable the cbpolicyd feature following the instructions here:
https://community.zextras.com/restricting-sending-and-receiving-emails-for-users-in-carbonio-community-edition-carbonio-ce/
However, when I restart the service, I encounter the following error:
Additionally, I don't see any .log file being created for this service.
I would appreciate any help. Thank you!
hello!
is it planned to support installation on ubuntu 24.04?
thanks for your work 🙂
Yes, we do have plans to support Carbonio CE installation on Ubuntu 24.04 LTS. We will share an official announcement regarding Ubuntu 24.04 support once all preparations and testing have been completed.
Please stay tuned to the forum for updates on the Carbonio CE release with Ubuntu 24.04 compatibility.
Hello everyone,
The Zextras crew is delighted to present Carbonio Community Edition 25.6.0 with various improvements and new features.
Features to highlight:
Enhanced Search with Multi-Word Token Support
Users can now search for entire phrases in the main search bar, improving accuracy and efficiency in finding emails and events. This update allows both exact phrase searches and word-by-word searches, eliminating the need for advanced search for common queries. A clearer search experience helps users quickly locate relevant content without unnecessary filtering.
Improved Calendar Visualization for Appointment Statuses
The Carbonio CE Calendar now uses distinct visual styles to represent different appointment statuses, making it easier for users to interpret availability at a glance. Free, Declined, Tentative, and Placeholder appointments are visually differentiated, helping users plan meetings and avoid scheduling conflicts.
Picture-in-Picture Mode for Seamless Video Calls
The new Picture-in-Picture (PiP) mode lets users continue viewing video calls, including speakers and screen shares, while multitasking in other windows. This feature automatically activates when switching tabs or screens and can be easily moved, resized, or hidden based on user preference. Available for both 1:1 and group video calls, PiP improves productivity by allowing users to stay engaged in conversations without disrupting their workflow.
Enhanced Forwarding Experience in Chats
When forwarding a single message, users are now automatically directed to the destination chat after completing the action. This streamlined process eliminates extra steps, improving the user experience and saving time.
Improved Speaker Identification in Meetings
The user experience is enhanced by integrating the a widget into both grid and cinema modes, making it easy to identify the speaker even when their tile isn't visible. This feature ensures users can always stay connected to the conversation, regardless of the layout or number of participants.
Improved Full-Screen Layout in Meetings
The Full-Screen layout now adapts intelligently based on the active view:
In Cinema mode: both sidebar and carousel are hidden.
In other views: only the sidebar is hidden.
This ensures a cleaner, distraction-free full-screen experience.
Granular Feature Controls for Domain Admins
Domain admins can now manage feature availability at both CoS and individual account levels.
Notifications for Shared Items in Files
Users will now be informed when:
New items are added to shared folders.
Folders/files are shared or removed.
A notification badge appears, with blue highlights marking new events. Notifications refresh automatically and persist even if source data changes
Configurable Maximum Upload Size in Files
Admins can now define the maximum file upload size in the Files module by configuring the max-uploadable-size-in-mb key in Consul. This enforces organization-wide upload policies effectively.
Access Code Protection for Public File Links
Users can now secure public download links with an access code. Features include:
Code generation
Regeneration
Copy options
A modal prompt for recipients to enter the access code before accessing the content.
Internal Upload Endpoint for System Integrations
A secure internal API endpoint has been introduced for file uploads without user tokens. It uses AccountId headers and is limited to trusted internal services via Consul, supporting future integration use cases.
Visual Cue for Empty 'To' Fields in Emails
When a message is sent only to CC or BCC recipients, the label [Empty 'To' Field] now appears in the message list and viewer. This improves message visibility and aligns search/filter behaviors.
and many more improvements!
Check out the full changelog to see the whole list.
How to upgrade
To upgrade your Carbonio CE, follow the simple instructions in the official Carbonio CE Upgrade Documentation.
We are grateful for your honest and useful feedback; it is a key factor in our success. We are open to any ideas, comments, or proposals for improving our services, and we eagerly await hearing from you.
For more information, read the Carbonio CE documentation.
Subscribe to this thread to stay informed of future releases.
Cheers!
Upgraded to 25.6 (and Ubuntu from 20.04 to 24.04).
After a coulpe hours, the zombie processes are back (>20 of them), I thought that was fixed two releases ago...
On the way to ver.25.6.1 update installation, we'll have been asked below.
Prometheus/mongoose/janus/rabbitmqevh
How should I answer? Yes, or No?
Except mongoose, 3 left are Yes?
Or you can also get the latest versions at <a href=" removed link " target="_blank" rel="noopener">unduh sekarang completely free, refer to more games and new games as soon as possible
Hello everyone,
The Zextras crew is delighted to present Carbonio Community Edition 25.9.0 with various improvements and new features.
Features to highlight:
Basic Keyboard Support in the Mails Module
We introduced keyboard navigation support to make working with the Mails module faster and more accessible. Users can now perform key actions without relying solely on the mouse:
Confirm focused element → Enter activates the currently focused control (emails, buttons, links, checkboxes, etc.).
Close elements → Esc closes modals, dropdowns, dialogs, and tooltips.
Delete elements → Del or Backspace triggers the deletion process (with confirmation if required).
Folder navigation → Chevron icons are now focusable, allowing folders to be opened and closed via keyboard.
This update improves accessibility and efficiency for power users who prefer keyboard-based navigation.
Automatic Logout After Inactivity
To strengthen account security, Carbonio WebUI now automatically logs users out after a period of inactivity. This also guarantees that users are securely logged out once their session expires, even after sleep mode, preventing unauthorized access to personal data.
This ensures reliable and secure session management, giving users peace of mind when away from their workstation.
Smartlink Creation Without File Duplication
We improved how smartlinks are generated when attaching files from Carbonio Files to emails. Smartlink creation now uses the Files API directly, preventing duplicate copies, preserving original filenames, and ensuring links point to the existing file.
This ensures a cleaner file repository and a smoother experience when sharing documents via smartlinks.
Apache Tomcat Upgrade
The Apache Tomcat component used by the Carbonio videoserver (port 8090) has been upgraded to the latest version.
Older versions exposed the system to several vulnerabilities, including denial of service, race conditions enabling remote code execution (RCE), authentication bypass, and memory leaks. Updating to the latest secure release ensures stronger protection, stability, and compliance against known threats.
Advanced Contact Search Filters
We expanded the Contacts advanced search with new filter options to make it easier to find the right contact.
Search by first name, last name, email, phone number, company, or job role.
Use tags to refine results.
Limit searches to a specific address book for more precision.
These improvements streamline contact management and help you locate information faster.
Improved Calendar Month View
The month view in Calendars has been improved for better readability.
When event cards exceed the available space on a given day, a “+ more” button now appears.
Clicking the button opens a modal with a detailed list of all appointments for that day.
This ensures that no events are hidden, and users can easily access the full schedule.
Improved Permissions & Share Management
The collaborators section has been redesigned to deliver a clearer, more intuitive experience when managing shares.
New vertical list layout shows collaborator names and emails clearly.
Larger, icon-based permission buttons make controls easier to recognize and use.
Upfront permission selection streamlines the add-collaborator flow.
Adaptive interface respects the user’s own permission level and provides helpful tooltips.
Better scalability ensures smooth management even with many collaborators.
This redesign resolves the clutter of the old chip-based view and makes managing permissions and shares more user-friendly.
Emoticons in Mail Composer
Users can now insert emoticons directly while composing emails, making messages more expressive and personalized. This addition enhances the overall writing experience and helps bring more tone into email communication.
Clear Separation of Filtering and Sorting in Mail
We improved the Mail module by making filtering and sorting options easier to understand and use.
• Two distinct lists: One for sorting (e.g., ascending/descending, from, date, subject) and one for filtering (e.g., unread, important, flagged, attachment).
• Visual divider separates sorting and filtering actions to avoid confusion.
• Clear labels: Sorting options are now introduced with “Sort by:” and filtering options with “Show:”.
• Reset button lets users quickly return to the default view.
This redesign eliminates confusion, ensuring users can properly distinguish between filtering and sorting when managing messages and conversations.
Clearer Error Messages in Mail Composer
Users are now precisely informed about errors that occur while writing or sending emails, replacing the previous generic “something went wrong” message.
Invalid addresses:
The editor highlights incorrect recipients with a red error state.
An error banner clearly states “Remove invalid addresses to send the email.”
The Send button remains disabled until errors are fixed.
Quota exceeded:
If attachments push the message beyond the allowed size, an error banner states the maximum message size limit.
The Send button remains disabled until attachments are reduced.
Error banners:
Messages now appear in dedicated banners with stacked layout.
Once the issue is resolved, banners disappear automatically and sending is re-enabled.
This update ensures that users immediately understand the cause of errors and how to fix them, resulting in a smoother, frustration-free email experience.
Unread Mail Notifications in Parent Folders
The Mail module now makes it easier to track unread emails stored in subfolders.
Parent folders display a badge when subfolders contain unread messages.
Hovering over the parent folder shows a tooltip with the folder name and the number of unread messages inside its subfolders.
If there are no unread mails in subfolders, the badge is hidden, and the tooltip only shows the folder name.
This improvement ensures users never miss unread messages, even when they are stored deeper in the folder hierarchy.
Warnings for Duplicate zimbraVirtualHostName
To prevent configuration issues, Admin Panel and CLI now validate and warn administrators if a zimbraVirtualHostName is already assigned to another domain.
Before: Duplicate hostnames were only detected after restarting the proxy service.
Now: Validation occurs immediately in both the Admin Panel and CLI, reducing misconfiguration risks and avoiding downtime.
This update improves reliability and ensures clearer feedback for administrators when managing virtual hostnames.
Resource Availability Feedback in Event Creation
We improved the event scheduling experience by adding clear feedback when unavailable resources (such as meeting rooms or equipment) are selected.
Now when a user selects an unavailable resource, a notification informs them that the resource does not exist and will not be saved.
This enhancement ensures that users are always aware of resource availability, making event scheduling more reliable and user-friendly.
Multi-File & Folder Downloads in Files
The Files module now supports downloading more than one item at a time, making file management faster and more flexible.
New capabilities:
Download entire folders with one click.
Select and download multiple files simultaneously.
Download your entire home directory when needed.
Access points:
Right-click contextual menu
Hover actions on files/folders
Folder interface
Multiple selection mode
This enhancement removes the single-file limitation and greatly improves efficiency when handling multiple files.
and many more improvements!
Check out the full changelog to see the whole list.
How to upgrade
To upgrade your Carbonio CE, follow the simple instructions in the official Carbonio CE Upgrade Documentation.
We are grateful for your honest and useful feedback; it is a key factor in our success. We are open to any ideas, comments, or proposals for improving our services, and we eagerly await hearing from you.
For more information, read the Carbonio CE documentation.
Subscribe to this thread to stay informed of future releases.
Cheers!
Hi,
the new release seemed to work without problems at first, but as soon as the first user got logged out on the web interface, I found that the login page couldn't be displayed anymore. ("Something went wrong.")
After some digging, it became clear that the route services/catalog/services that seems to be required for login returned a 502.
After some more digging I found that a service named carbonio-catalog wasn't present. I could install it manually by installing the package carbonio-catalog. It had not been automatically installed with the update, unfortunately. After installation of the new service, I ran pending-setups -a as usual, and then login worked again.
Thanks for this, I had the same problem with signing in, and just installing carbonio-catalog fixed the sign-in UI