Atmail 7.3.2 now available!

Atmail 7.3.2 is a maintenance release that contains multiple API and database schema improvements. There are also multiple performance optimisations.

Please note that you MUST back up your database prior to applying this update. We cannot stress this strongly enough. This update includes multiple changes to the user tables and schema in the database. As a result of these changes, we now support multiple sessions and have optimised the database queries relating to users for the login process and caching of information.

A comprehensive list of the changes can be found in our changelog.

Atmail in Anthill SMART 100 innovation award

For those of you who don’t know, Anthill is one of the largest online communities for entrepreneurs and innovators in Australia. It is also an online magazine that aims to promote Australian businesses from the smallest to the largest and everything in between as long as they are inspiring and game changing.

Anthill top 100

Since 2008, Anthill has developed the Smart 100 Index to identify and rank Australia’s 100 most innovative products. This year, we are proud to announce that Atmail made it into the Top 100! Our webmail was the first commercial webmail on the market and since then innovation has always been a focus of ours along with security, usability and quality.

smart-100

Vote it up!

You can now help us get to the Top 50 and even the Top 10! How’s that? Go to http://anthillonline.com/atmail-qld-2014-smart-100/ and vote for us! Three possibilities for that:

  1. Tweet it: Top left of each page
  2. Trigger a Reaction: Facebook ‘Like’, Linkedin “Share” etc.
  3. Leave a Comment: Anonymous comments excluded

Help us raise awareness of Atmail webmail and take 5 seconds to click!

New Atmail Cloud is here!

atmail cloud

We are proud to announce that the New Atmail Cloud is here. With Atmail Cloud you will be sure to always enjoy all of our latest features. Security, updates and backups are all handled for you.

Easy to set up and use

Where some other solutions may require hours of setup and an IT support to run smoothly, with Atmail Cloud, we handle it all for you. It only takes the average business half an hour to get going with their contacts, calendar and mail synced across every device.

Fully featured messaging platform

With The New Atmail Cloud, you will also benefit from a full range of features such as:

  • Our dedicated support staffed by real messaging experts
  • Security, maintenance and backups all handled
  • 500GB of storage for email and files
  • Email, Calendar and Contacts
  • Inbuilt anti-virus and spam filtering
  • Mobile device support via Active Sync (mobile push) and 1-click iOS provisioning
  • Our easy to use Webmail accessible in your browser
  • Support for all popular email clients via IMAP and POP
  • Outlook contacts and calendar synchronisation
  • Your domain and your branding – add unlimited domains and branding to your Atmail Cloud account.

All for less than $2 per user

Atmail’s pay as you grow cloud pricing starts at $79 per month for 50 users and a storage of 500GB. As your usage exceeds 50 users, we charge an additional $2.00/user/Month and increase your storage quota by 10GB.

You can sign up for a 14 day free trial (no credit card required) by clicking here.

Existing users will be contacted regarding migration in the near future.

Atmail 7.3.1

We are happy to announce that Atmail 7.3.1 is now available for download in your client portal.
This version contains system and security enhancements such as:

  • Added .htaccess checks to ensure optimal system configuration
  • Closed loophole to prevent unauthorised account creation when signup is disabled in WebAdmin 
  • Resolved calendar alarm errors where description contains special characters

Welcome Atmail 7.3!

We are glad to announce that Atmail 7.3 is now live! As usual it is available for download in the client portal. Here is the list of the changes:

logo  General & System:
  • Fixed the webAdmin control panel asking for input of the administrator’s email address twice.
  • Fixed spam mail filter not capturing “spam email” outside of the blacklist.
  • Fixed horizontal scroll code called before iFrame has loaded.
  • Added SabreDav to .ics Migration tool.
  • Improved security on new input filter/validation models for calendar events and task events, including HTML safe output to WebUI.
  • Removed of “id” column in SerialConf database table. (Prevents ActiveSync errors when this field maxes).
  • Corrected WebMail Admin SubAdmin functions (list, add, view) errors.
  • Fixed entering custom NumUser or NumQuota amounts when creating a SubAdmin.
  • Fixed deleting user errors.
  • Fixed selection of both “Send to All” and “Send to all SubAdmins” only selecting SubAdmins.
  • Fixed loss of help text in the create/edit user form under specific circumstances.
  • Corrected SubAdmins being able to enable/disable password policies. (Now only Admins can access this functionality).
  • Fixed email address of SubAdmin not being saved when adding a new SubAdmin.
  • Fixed potential race condition on creation of domain(s).
  • Removed debug code from PluginCall.php
  • Multiple other system improvements.
webmail Email:
  • Added print button
  • Added automatic conversion of http/https/www text to links in email. Toggled via “Settings” tab.
  • Fixed HTML tables within email body not rendering correctly.
 
contact Contacts:
  • Added delete button for contact photos.
  • Improved security for removed unused actions from contacts controller.
  • Improved support export of user contacts in both .vcf and .csv formats.
 
 Calendar:
  • Improved Italian language support for Atmail calendar.
  • Fixed calendar web interface still displaying in Mobile UI when it is not enabled.
 
storage Storage:
  • Fixed file losing associated comments when moving the file.
  • Fixed cogwheel drop down menu not loading on click.

Atmail Planned Maintenance

EDIT: 15 April, 3 am Maintenance is over, everything should be back to normal

Please note that Atmail Cloud will be offline due to planned maintenance to upgrade the firewall.  Webmail and imap will not be available, email will be held and delivered after the service has been resumed.

The expected outage will be : 1am, USA Pacific Time up to 1 hour, Tuesday 15 April 2014

Atmail apologises for any inconvenience.  We realise that access to email is very important so we will endeavour to have your email available ASAP.

Should you require support after the system is back online please email support@atmail.com             

Heartbleed OpenSSL Bug: Mitigation and Recovery

The Heartbleed bug is an issue within all versions of OpenSSL in the 1.0.1 series, up to 1.0.1f. This bug introduces a severe memory handling error that can open up up to 64Kb of the application’s memory – exposing sensitive data that can include sessions, private key information, and allowing attackers to eavesdrop on previously-secure communications.

For more information, see: http://heartbleed.com

We, at Atmail, advise system administrators to apply system patches and fixes as soon as possible. Your system may be vulnerable if it fulfills the following criteria:

  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Detection

To verify, please check using the command line:

Debian/Ubuntu:  % dpkg-query -l ‘openssl*’

Expected result:
Debian: openssl_1.0.1e-2+deb7u4 or newer
Ubuntu: openssl_1.0.1-4ubuntu5.11 or newer

 
CentOS/Fedora/OpenSUSE:  % rpm -qa | grep “^openssl”

Expected result:
CentOS: openssl-1.0.1e-16 or newer
Fedora: openssl-1.0.1e-4 or newer
OpenSUSE: openssl-1.0.1c

Results outside the range of Expected results may mean that your server is vulnerable.

Mitigation

We recommend that you update your OpenSSL packages as soon as possible. Most Linux operatiing systems already have the updated packages available for download. To install, see the following steps:

RedHat:
% up2date openssl openssl-devel

CentOS/Fedora:
% yum update openssl openssl-devel

OpenSUSE:
% zypper up openssl openssl-devel

Debian/Ubuntu:
% apt-get install openssl

You will not need to recompile Atmail and Apache – however, you will need to restart your services. See as follows:

Debian/Ubuntu/OpenSSE:
% /etc/init.d/apache2 restart

Fedora/Redhat/CentOS:
% /etc/init.d/httpd restart

Recovery

If you are using SSL Certificates with your website, you may need to revoke and renew your SSL Certificates. Please contact your Certificate Authority to do so.

Revocation of certificates will effectively make your current certificates invalid – so make sure that you are ready to replace your certificates when you issue a certificate revocation.

To replace your SSL certs in Atmail:

  1. Copy your certificate file and private keys to the server
  2. If possible, make sure that the directory permissions to the certificate location are secure
  3. Remove the passphrase from the key using this command:
    % openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/ domain-nopass.key
  4. Go to WebAdmin > Services > POP3/IMAP and look for the settings “SSL Certificate Path” and “SSL Key Path
  5. Fill in the fields with your certificate and key path details. Make sure that you use the password-less key.
  6. Restart Atmail from the command line:
    % /etc/init.d/atmailserver restart

This covers the steps on how to protect your Atmail installation from the Heartbleed bug.

Plugin contest winner’s week at Silicon Beach

Last year we launched a plugin contest with a fully paid trip as a reward for the winner. Martin, from Swedish company Pixelstore, was the lucky winner with a great plugin for the Status Board software. He joined us for a week during which he experienced the full Atmail’s way of life. Here are his impressions.

Plugin Contest winnerHey Martin, congratulations on winning the Atmail Plugin contest. Can you introduce yourself and your company?

Thanks, it’s been a pleasure! My name is Martin and I’m running a media agency called Pixelstore, located outside Gothenburg in Sweden. My passion is web development and especially designing UI and UX, both the aesthetics and architecture. I love solving technical problems with beauty. Good design is as little design as possible, and is thorough down to the last detail.

Could you please tell us about your plugin that won the first prize for the competition?

We have a large display in our office running a software called “Status Board” made by the good people at Panic. It displays server monitoring, tweets, to-do’s, scheduling and much more. We always wanted to have statistics and monitoring for our Atmail server so when Atmail announced their new API and the competition we started working on it from day one. You can find everything about it at atmailstatusboard.pixelstore.se.

How was your experience visiting the Atmail HQ in Peregian Beach and what was your favourite thing?

I really liked the atmosphere. Very calm, nice people and inspiring.
Before I left home I was actually thinking about if I needed to bring a suite or not. I don’t like suits, or rather; I think they are nice, but I hate to wear one just because I have to. I didn’t know if Atmail was one of those companies with dress codes and casual Fridays. To perform well you need to be yourself, and most importantly let others be themselves. Atmail had this perfect balance where everyone being really good friends and even hanging out after work hours, but still being wicked professional and productive. That balance isn’t easy to achieve if you don’t work with the right people and have the right management. Atmail is everything I envision for a great company and how I run my own company.

What do you recommend we can improve to the Atmail API?

To be honest, nothing is really coming up in my mind right now. For the plugin that we made we didn’t miss anything. We had some issues with quota reporting but that got fixed pretty quickly!

Finally, as a user of Atmail, what is your favourite feature of the On-Premise product?

The balance between open source and commercial. Open source is a good thing, but that source also needs to be well done. When we were looking for a new email platform we searched everywhere.

In one hand you have the totally free, but also, often poorly made open source solutions. In the other hand you find commercial and large corporation software, which of course varies, but usually they are a little more thought through and more reliable. Although they usually are expensive as hell and often to main stream and less innovative. What really clicked for me with Atmail is that they were the only ones where I could really have both hands.

Atmail software is really professional and thought through. They are a small team, but they are always coming up with great and innovative ideas.

Their pricing is reasonable. Don’t get me wrong, I like free stuff, but if I can pay just a little more to have something so much better I rather do that. I sleep better during the night and I enjoy reading my emails.

Release of the 7.2.3 maintenance patch

Yesterday we released Atmail 7.2.3. which is a maintenance patch for Atmail 7.2.2. As usual it is available for download in your client portal.

  • Fixed handling of ics attachments when CalDavServer is disabled.
  • Fixed notifications with IE11 in 3 pane mode
  • Corrected variable usage in favicon
  • Saved colour / theme from top right dropdown
  • Fixed errors written to info log rather than error log
  • Corrected SQL errors when InnoDB module not available
  • Fixed Anti-Spam settings bug with message classification setting set to “Move to spam folder”
  • Fixed compose mail > email address filter bug when magic_quotes_gpc is set 1.
  • Fixed regression with Mobile UI add calendar event
  • Corrected IMAP error response triggering bad exception that caused a PHP fatal
  • Fixed UI issues for subjects in email in 3 pane view
  • Fixed symbol “&” in subject line which was rendered as “&”
  • Fixed “reply all” discarding changes and reloading composer in quick reply
  • Fixed Reply/Reply All actions on a specific node within the thread
  • Fixed relatedMessageMessageID validation not accepting some message id formats

Atmail 7.2.2 is out!

Atmail 7.2.2 is now live and available for download in the client portal. We made a lot of security improvements and fixed several bugs for this version. Here is the list of the changes:
 
logo General
  • Improved multiple device synchronisation support
  • Updated DavSync plugin
webmail Email
  • Fixed unread icon functionality for threaded messages
  • Added support for pasting multiple emails into address fields
  • Fixed HTML formatted message display
  • Fixed flag deletion on reply
calendar Calendar
  • Fixed calendar bug on viewing day/week/month
  • Fixed bug for event attendees in Chrome and Safari
contact Contacts
  • Fixed contact import button text
storage Storage
  • Fixed upload button bug for storage
  • Improved Icons in storage pane
 securitySecurity improvements
  • Reduced XSS and CSRF vulnerabilities through architectural changes
  • Added new filters and validation rules for API calls
  • Added new filters and validation rules for software functionality
  • Corrected Webdav controller functionality
  • Improved attachment and storage filename rules
  • Forced download of attachments for insecure mime types
  • Reduced exposure of technical error messages to end-users
  • Fixed spam reporting bug
admin System and Admin
  • Improved icon colours within colour themes
  • Fixed selection boxes within WebAdmin
  • Increased tooltip support
  • Added http-only cookie support
  • General clean up & removal of unused code

Once again, don’t hesitate to let us know about any suggestion you might have, we are always looking for new improvements!