Note that SOAP auth with the zimbra account by itself isn't a sign for an attacker on your system. Some Carbonio cronjobs use this, too, see crontab -e as zextras and compare the times with the occurrence of SOAP auths as zimbra. In my case, this explained daily zimbra auths at 2:15, 22:00 and 23:45. Plus, the cmbackup script I'm running uses this authentication for several auths starting at 1:30 on my server. Moreover, during the upgrade process today and probably for the recommended LDAP backup, too, there were several auths today.
However, I had accesses I'm not sure about shortly after 3am at Jan 1st, 3rd, 5th, and 9th that are so regular that I'm wondering if that isn't some cronjob, too, and irregular accesses on Jan 5th at 1:44 and 11:41, on Jan 7th at 12:46, and on Jan 9th on 3:52. Plus, PreAuth keys had been set for all my domains, and I can't remember having set those myself.
Otherwise, I haven't yet found any irregular activity, so I hope that the hackers that seem to have visited my server have just paved the way for future campaigns and now won't be able to do anything as I have deleted the PreAuth keys and changed the LDAP account password.
I'd be happy if somebody could tell me what the attacker theoretically could have done with the access they had so I can have a look if really everything is in order.
Plus, PreAuth keys had been set for all my domains, and I can't remember having set those myself.
Otherwise, I haven't yet found any irregular activity, so I hope that the hackers that seem to have visited my server have just paved the way for future campaigns and now won't be able to do anything as I have deleted the PreAuth keys and changed the LDAP account password.
I'd be happy if somebody could tell me what the attacker theoretically could have done with the access they had so I can have a look if really everything is in order.
What does zimbraPreAuthKey look like?
What does it look like if there are no PreAuth keys? Only "# name" and the domain name?
Thanks for the help
//Sigtrap
Â
Â
@sigtrap Yes, if there are none set, there's only the #name and the domain name. In my case, long hex keys were also shown.
Another note: I also had to change the LDAP password in /etc/carbonio/carbonio-prometheus-openldap-exporter/carbonio-prometheus-openldap-exporter.yml in order not to get error messages in the logs. The system itself ran without problems, though.
Hi @zottel,
Note that SOAP auth with the zimbra account by itself isn't a sign for an attacker on your system. Some Carbonio cronjobs use this, too, see crontab -e as zextras and compare the times with the occurrence of SOAP auths as zimbra. In my case, this explained daily zimbra auths at 2:15, 22:00 and 23:45.
...
You are correct that provisioning commands executed from the CLI typically use the zimbra account for authentication. However, in such cases, the originating IP address (ip
or oip
) logged in the audit.log
should correspond to localhost or an internal IP address (e.g., one within your trusted network range).
If you notice any Auth
commands using the zimbra account with an external or unexpected IP address, it indicates a potential unauthorized access or misuse.
Best regards,
Luca
Â
Hello everyone,
The Zextras crew is delighted to present Carbonio Community Edition 25.3.0 with various improvements and new features.
Â
Features to highlight:
Â
Enhanced Virtual Room Management
Managing virtual rooms is now more intuitive and efficient with several usability improvements. Users can seamlessly interact with more moderators and active participants, while enhanced icons for Join, Rejoin, and Start actions provide better clarity. A new "More Options" menu allows quick access to Copy Link, Edit Details, and Delete Room functions. Additionally, users can now edit room names and modify member lists through a refined update process.
Quick Access to Appointment Details from Reminders
Users can now open appointments directly from reminders, making it easier to review important details such as the agenda, links, and references. The reminder pop-up includes an expandable section for quick access to appointment notes, along with a direct link to open the full appointment. This enhancement improves efficiency by reducing navigation steps and ensuring users have the information they need immediately.
Easier Email Communication with Meeting Participants
Users can now send emails to all attendees directly from the meeting details screen, eliminating the need to manually copy and paste email addresses. When composing an email, the "To" field is automatically populated with all participants, and the subject line is pre-filled with the meeting title.
Support for Folders in Contact Groups
The Contact Groups feature is enhanced to allow users to create and manage contact groups within their personal accounts, offering greater flexibility and usability. Users can now organize contact groups into folders, edit or delete them. This update caters to power users and those in organizations like small municipalities or schools, where managing multiple groups is essential.
Enhanced Email Deletion Behavior in Search Results
When deleting an email from the search results, the email now automatically updates to reflect the deletion, either by being removed from the list or marked as trashed, without requiring the user to manually refresh or modify the search parameters. This ensures a smoother, more intuitive user experience when interacting with emails in search results.
Enhance "Active Participants" and "Other Moderators" Layout in Virtual Rooms
This update aims to improve the visual presentation of active participants and moderators in the virtual room card. The goal is to make this information more visually impactful and easier to use, enhancing the overall user experience.
Notify Users of Reactions on Their Messages
This feature will notify users when others react to their messages by displaying a badge on the message, providing a clear indication of new interactions and keeping them up to date on engagement with their messages.
Allow Users to Modify, Add, or Remove Message Reactions
This feature enables users to easily change a previously applied emoji reaction by selecting a different one. Additionally, users can add their reaction to an existing one by clicking on the emoji bubble, providing a quick and intuitive way to interact. Users can also remove their reactions by clicking on the bubble element, allowing them to undo their actions with ease.
Allow Users to Choose from All Available Reactions
This feature allows users to select any available reaction from the system, beyond just the default ones. Users will have access to a broader range of emojis to express their feelings and reactions in messages, enhancing customization and interaction.
and many more improvements!
Check out the full changelog to know the whole list.
Â
How to upgrade
To upgrade your Carbonio CE, follow the simple instructions in the official Carbonio CEÂ Upgrade Documentation.
Â
Â
We are grateful for your honest and useful feedback; it is a key factor in our success. We are open to any ideas, comments, or proposals for improving our services, and we eagerly await hearing from you.
Â
For more information read the Carbonio CE documentation.
Subscribe to this thread to stay informed of future releases.
Â
Cheers!
Hi guy,
I am trying to enable the cbpolicyd feature following the instructions here:
https://community.zextras.com/restricting-sending-and-receiving-emails-for-users-in-carbonio-community-edition-carbonio-ce/
However, when I restart the service, I encounter the following error:
Additionally, I don't see any .log
file being created for this service.
I would appreciate any help. Thank you!
hello!
is it planned to support installation on ubuntu 24.04?
thanks for your work 🙂
Yes, we do have plans to support Carbonio CE installation on Ubuntu 24.04 LTS. We will share an official announcement regarding Ubuntu 24.04 support once all preparations and testing have been completed.
Please stay tuned to the forum for updates on the Carbonio CE release with Ubuntu 24.04 compatibility.
Hello everyone,
The Zextras crew is delighted to present Carbonio Community Edition 25.6.0 with various improvements and new features.
Â
Features to highlight:
Â
Enhanced Search with Multi-Word Token Support
Users can now search for entire phrases in the main search bar, improving accuracy and efficiency in finding emails and events. This update allows both exact phrase searches and word-by-word searches, eliminating the need for advanced search for common queries. A clearer search experience helps users quickly locate relevant content without unnecessary filtering.
Improved Calendar Visualization for Appointment Statuses
The Carbonio CE Calendar now uses distinct visual styles to represent different appointment statuses, making it easier for users to interpret availability at a glance. Free, Declined, Tentative, and Placeholder appointments are visually differentiated, helping users plan meetings and avoid scheduling conflicts.
Picture-in-Picture Mode for Seamless Video Calls
The new Picture-in-Picture (PiP) mode lets users continue viewing video calls, including speakers and screen shares, while multitasking in other windows. This feature automatically activates when switching tabs or screens and can be easily moved, resized, or hidden based on user preference. Available for both 1:1 and group video calls, PiP improves productivity by allowing users to stay engaged in conversations without disrupting their workflow.
Enhanced Forwarding Experience in Chats
When forwarding a single message, users are now automatically directed to the destination chat after completing the action. This streamlined process eliminates extra steps, improving the user experience and saving time.
Improved Speaker Identification in Meetings
The user experience is enhanced by integrating the a widget into both grid and cinema modes, making it easy to identify the speaker even when their tile isn't visible. This feature ensures users can always stay connected to the conversation, regardless of the layout or number of participants.
Improved Full-Screen Layout in Meetings
The Full-Screen layout now adapts intelligently based on the active view:
In Cinema mode: both sidebar and carousel are hidden.
In other views: only the sidebar is hidden.
This ensures a cleaner, distraction-free full-screen experience.
Granular Feature Controls for Domain Admins
Domain admins can now manage feature availability at both CoS and individual account levels.
Notifications for Shared Items in Files
Users will now be informed when:
New items are added to shared folders.
Folders/files are shared or removed.
A notification badge appears, with blue highlights marking new events. Notifications refresh automatically and persist even if source data changes
Configurable Maximum Upload Size in Files
Admins can now define the maximum file upload size in the Files module by configuring the max-uploadable-size-in-mb key in Consul. This enforces organization-wide upload policies effectively.
Access Code Protection for Public File Links
Users can now secure public download links with an access code. Features include:
Code generation
Regeneration
Copy options
A modal prompt for recipients to enter the access code before accessing the content.
Internal Upload Endpoint for System Integrations
A secure internal API endpoint has been introduced for file uploads without user tokens. It uses AccountId headers and is limited to trusted internal services via Consul, supporting future integration use cases.
Visual Cue for Empty 'To' Fields in Emails
When a message is sent only to CC or BCC recipients, the label [Empty 'To' Field] now appears in the message list and viewer. This improves message visibility and aligns search/filter behaviors.
and many more improvements!
Check out the full changelog to see the whole list.
Â
How to upgrade
To upgrade your Carbonio CE, follow the simple instructions in the official Carbonio CEÂ Upgrade Documentation.
Â
Â
We are grateful for your honest and useful feedback; it is a key factor in our success. We are open to any ideas, comments, or proposals for improving our services, and we eagerly await hearing from you.
Â
For more information, read the Carbonio CE documentation.
Subscribe to this thread to stay informed of future releases.
Â
Cheers!
Upgraded to 25.6 (and Ubuntu from 20.04 to 24.04).
After a coulpe hours, the zombie processes are back (>20 of them), I thought that was fixed two releases ago...
On the way to ver.25.6.1 update installation, we'll have been asked below.
Prometheus/mongoose/janus/rabbitmqevh
How should I answer? Yes, or No?
Except mongoose, 3 left are Yes?
Â