Atmail Planned Maintenance

EDIT: 15 April, 3 am Maintenance is over, everything should be back to normal

Please note that Atmail Cloud will be offline due to planned maintenance to upgrade the firewall.  Webmail and imap will not be available, email will be held and delivered after the service has been resumed.

The expected outage will be : 1am, USA Pacific Time up to 1 hour, Tuesday 15 April 2014

Atmail apologises for any inconvenience.  We realise that access to email is very important so we will endeavour to have your email available ASAP.

Should you require support after the system is back online please email support@atmail.com             

Heartbleed OpenSSL Bug: Mitigation and Recovery

The Heartbleed bug is an issue within all versions of OpenSSL in the 1.0.1 series, up to 1.0.1f. This bug introduces a severe memory handling error that can open up up to 64Kb of the application’s memory – exposing sensitive data that can include sessions, private key information, and allowing attackers to eavesdrop on previously-secure communications.

For more information, see: http://heartbleed.com

We, at Atmail, advise system administrators to apply system patches and fixes as soon as possible. Your system may be vulnerable if it fulfills the following criteria:

  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Detection

To verify, please check using the command line:

Debian/Ubuntu:  % dpkg-query -l ‘openssl*’

Expected result:
Debian: openssl_1.0.1e-2+deb7u4 or newer
Ubuntu: openssl_1.0.1-4ubuntu5.11 or newer

 
CentOS/Fedora/OpenSUSE:  % rpm -qa | grep “^openssl”

Expected result:
CentOS: openssl-1.0.1e-16 or newer
Fedora: openssl-1.0.1e-4 or newer
OpenSUSE: openssl-1.0.1c

Results outside the range of Expected results may mean that your server is vulnerable.

Mitigation

We recommend that you update your OpenSSL packages as soon as possible. Most Linux operatiing systems already have the updated packages available for download. To install, see the following steps:

RedHat:
% up2date openssl openssl-devel

CentOS/Fedora:
% yum update openssl openssl-devel

OpenSUSE:
% zypper up openssl openssl-devel

Debian/Ubuntu:
% apt-get install openssl

You will not need to recompile Atmail and Apache – however, you will need to restart your services. See as follows:

Debian/Ubuntu/OpenSSE:
% /etc/init.d/apache2 restart

Fedora/Redhat/CentOS:
% /etc/init.d/httpd restart

Recovery

If you are using SSL Certificates with your website, you may need to revoke and renew your SSL Certificates. Please contact your Certificate Authority to do so.

Revocation of certificates will effectively make your current certificates invalid – so make sure that you are ready to replace your certificates when you issue a certificate revocation.

To replace your SSL certs in Atmail:

  1. Copy your certificate file and private keys to the server
  2. If possible, make sure that the directory permissions to the certificate location are secure
  3. Remove the passphrase from the key using this command:
    % openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/ domain-nopass.key
  4. Go to WebAdmin > Services > POP3/IMAP and look for the settings “SSL Certificate Path” and “SSL Key Path
  5. Fill in the fields with your certificate and key path details. Make sure that you use the password-less key.
  6. Restart Atmail from the command line:
    % /etc/init.d/atmailserver restart

This covers the steps on how to protect your Atmail installation from the Heartbleed bug.

Plugin contest winner’s week at Silicon Beach

Last year we launched a plugin contest with a fully paid trip as a reward for the winner. Martin, from Swedish company Pixelstore, was the lucky winner with a great plugin for the Status Board software. He joined us for a week during which he experienced the full Atmail’s way of life. Here are his impressions.

Plugin Contest winnerHey Martin, congratulations on winning the Atmail Plugin contest. Can you introduce yourself and your company?

Thanks, it’s been a pleasure! My name is Martin and I’m running a media agency called Pixelstore, located outside Gothenburg in Sweden. My passion is web development and especially designing UI and UX, both the aesthetics and architecture. I love solving technical problems with beauty. Good design is as little design as possible, and is thorough down to the last detail.

Could you please tell us about your plugin that won the first prize for the competition?

We have a large display in our office running a software called “Status Board” made by the good people at Panic. It displays server monitoring, tweets, to-do’s, scheduling and much more. We always wanted to have statistics and monitoring for our Atmail server so when Atmail announced their new API and the competition we started working on it from day one. You can find everything about it at atmailstatusboard.pixelstore.se.

How was your experience visiting the Atmail HQ in Peregian Beach and what was your favourite thing?

I really liked the atmosphere. Very calm, nice people and inspiring.
Before I left home I was actually thinking about if I needed to bring a suite or not. I don’t like suits, or rather; I think they are nice, but I hate to wear one just because I have to. I didn’t know if Atmail was one of those companies with dress codes and casual Fridays. To perform well you need to be yourself, and most importantly let others be themselves. Atmail had this perfect balance where everyone being really good friends and even hanging out after work hours, but still being wicked professional and productive. That balance isn’t easy to achieve if you don’t work with the right people and have the right management. Atmail is everything I envision for a great company and how I run my own company.

What do you recommend we can improve to the Atmail API?

To be honest, nothing is really coming up in my mind right now. For the plugin that we made we didn’t miss anything. We had some issues with quota reporting but that got fixed pretty quickly!

Finally, as a user of Atmail, what is your favourite feature of the On-Premise product?

The balance between open source and commercial. Open source is a good thing, but that source also needs to be well done. When we were looking for a new email platform we searched everywhere.

In one hand you have the totally free, but also, often poorly made open source solutions. In the other hand you find commercial and large corporation software, which of course varies, but usually they are a little more thought through and more reliable. Although they usually are expensive as hell and often to main stream and less innovative. What really clicked for me with Atmail is that they were the only ones where I could really have both hands.

Atmail software is really professional and thought through. They are a small team, but they are always coming up with great and innovative ideas.

Their pricing is reasonable. Don’t get me wrong, I like free stuff, but if I can pay just a little more to have something so much better I rather do that. I sleep better during the night and I enjoy reading my emails.

Release of the 7.2.3 maintenance patch

Yesterday we released Atmail 7.2.3. which is a maintenance patch for Atmail 7.2.2. As usual it is available for download in your client portal.

  • Fixed handling of ics attachments when CalDavServer is disabled.
  • Fixed notifications with IE11 in 3 pane mode
  • Corrected variable usage in favicon
  • Saved colour / theme from top right dropdown
  • Fixed errors written to info log rather than error log
  • Corrected SQL errors when InnoDB module not available
  • Fixed Anti-Spam settings bug with message classification setting set to “Move to spam folder”
  • Fixed compose mail > email address filter bug when magic_quotes_gpc is set 1.
  • Fixed regression with Mobile UI add calendar event
  • Corrected IMAP error response triggering bad exception that caused a PHP fatal
  • Fixed UI issues for subjects in email in 3 pane view
  • Fixed symbol “&” in subject line which was rendered as “&”
  • Fixed “reply all” discarding changes and reloading composer in quick reply
  • Fixed Reply/Reply All actions on a specific node within the thread
  • Fixed relatedMessageMessageID validation not accepting some message id formats

Atmail 7.2.2 is out!

Atmail 7.2.2 is now live and available for download in the client portal. We made a lot of security improvements and fixed several bugs for this version. Here is the list of the changes:
 
logo General
  • Improved multiple device synchronisation support
  • Updated DavSync plugin
webmail Email
  • Fixed unread icon functionality for threaded messages
  • Added support for pasting multiple emails into address fields
  • Fixed HTML formatted message display
  • Fixed flag deletion on reply
calendar Calendar
  • Fixed calendar bug on viewing day/week/month
  • Fixed bug for event attendees in Chrome and Safari
contact Contacts
  • Fixed contact import button text
storage Storage
  • Fixed upload button bug for storage
  • Improved Icons in storage pane
 securitySecurity improvements
  • Reduced XSS and CSRF vulnerabilities through architectural changes
  • Added new filters and validation rules for API calls
  • Added new filters and validation rules for software functionality
  • Corrected Webdav controller functionality
  • Improved attachment and storage filename rules
  • Forced download of attachments for insecure mime types
  • Reduced exposure of technical error messages to end-users
  • Fixed spam reporting bug
admin System and Admin
  • Improved icon colours within colour themes
  • Fixed selection boxes within WebAdmin
  • Increased tooltip support
  • Added http-only cookie support
  • General clean up & removal of unused code

Once again, don’t hesitate to let us know about any suggestion you might have, we are always looking for new improvements!

Atmail Password Security Recommendations

Today, Monday  24 February 2014, Atmail has detected and blocked a malicious botnet attack to our systems.  Atmail takes security very seriously and has implemented a multi-tiered approach to protect our systems and your data.  The impact was minimal but eight accounts were compromised.  Each of these eight accounts were compromised under a brute force attack due to their use of extremely basic passwords.  This is a timely reminder to implement a strong password ethic by utilising our recommendations below.

Atmail Password Security Recommendations

The security of your email system is reliant on you maintaining a strong password ethic. A password is vulnerable to compromise, therefore Atmail makes the following recommendations:

  • Keep your password secret at all times
  • Your password should be changed periodically, at least every 90 days
  • Do not use a password previously used
  • Passwords should be at least eight characters
  • Use a password which is not easily identifiable e.g. do NOT use your date of birth or ‘password1’
  • Passwords should be complex by using a combination from each of the groups below - 

Description

Examples
Upper Case Letters A, B, C, … Z
Lower Case Letters a, b, c, … z
Numerals 0, 1, 2, … 9
Non-alphanumeric (“special characters”)

!, $, #, %

Atmail 7.2.1 Released

We are happy to announce that we have just released Atmail version 7.2.1. This will be available for download in the client portal.

Here are some of the improvements that you will find in this new version:

General and/or Installation:

  • System Installation and Configuration improvements
  • Increased Translation Support
  • Multiple Security Improvements
  • Multiple bug fixes
  • Improved IE support
  • User Interface Improvements
  • Various CSS fixes
  • Improved Translation Support
 webmail Email:
  • Multiple improvements to message navigation and handling, including:
    • New “Show More Tabs” arrow
    • Drag & Drop for email attachments
    • Tab selection
  • Multiple bug fixes, including:
    • Cache
    • Message reply
    • Next/Previous message navigation
    • Icon hovering
    • Unicode characters (Settings > Email Filters)
    • Overlapping interface (Advanced Search)
    • Tab titles in “Two Pane” view
    • File attachments with single quotes in filename
contact Contacts:
  • Multiple bug fixes, including:
    • Fixed icon in contacts pane
    • Improved colour theme support
    • Autocomplete returns personal contacts
    • Close and page navigation buttons in contact search
    • Removal of remembered contacts from personal contacts
calendar Calendars:
  • Improved text handling within calendar invitations
  • Multiple bug fixes, including:
    • Calendar alarms having long titles
    • Editing calendar names
    • Fixed name overflow
    • Sharing calendars with external email addresses
    • MS Outlook invitations losing timezone information on accept/edit
    • “Blank” titles for event reminders
  • Improved support for shell scripts via webmail/utilities/calendar/
tasks Tasks:
  • Multiple bug fixes, including:
    • Prevention of blank task list names being recorded
    • Fixes for name overflow
storage Storage:
  • Improved filename character support
admin Settings & Web Admin:
  • Improved colour theme support
  • Added missing save button (Service Providers pane)
  • Resolved issue with map tool
sync Synchronisation:
  • Improved Microsoft Outlook support (Contacts, Calendars)

Atmail 7.2 Released

Atmail is pleased to announce that version 7.2 is available for download from our client portal.

Please note some of the important changes included in 7.2:

System Requirement: PHP 5.3

  • Atmail 7.2 requires PHP 5.3 – your server must be running PHP 5.3 prior to installing the latest release.

“Tasks” – new in Atmail 7.2

Atmail Tasks (New Feature)

Get things done…

  • You can now plan, define and prioritise those things you need to do with Atmail Tasks.

Stay Organised…

  • Tasks can be organised within Task Lists, so you can have one list of tasks for Aunt Mabel’s birthday and a different list for a work project.

Standards Compliant…

  • Tasks adhere to the WebDav standard and support CalDAV so any Tasks you create within Atmail, or on other compatible devices, can all sync together.

So, get organised and give Tasks a try. We’d love to hear what you think.

Multiple Bug Fixes and Product Improvements: 

Atmail 7.2 also includes multiple bug fixes and product improvements!  Read more about these on our change log.

To download the latest version, login to your client portal at: http://clients.atmail.com/

If you have any questions, please contact us via our support portal at: http://help.atmail.com

Atmail 7.1.5 Hotfix

Atmail 7.1.5 is now available for download – providing increased security for the Atmail Webmail and Atmail Server products.

If you are running or managing an Atmail server, you are urged to apply the fix as soon as possible.

To download the latest version, login to your client portal at: http://clients.atmail.com/

To see a detailed list of changes to the Atmail 7 software, see: http://atmail.com/changelog/

If you have any questions, please contact us via our support portal at: http://help.atmail.com

Atmail 7.1.4 Now Available

Atmail 7.1.4 is now available for download. This release contains security improvements for the Atmail Webmail and Atmail Server versions.

System administrators are urged to apply the fix as soon as possible.

To download the latest version, login to your client portal at: http://clients.atmail.com/

To see a detailed list of changes to the Atmail 7 software, see: http://atmail.com/changelog/

If you have any questions, please contact us via our support portal at: http://help.atmail.com