[SOGo] BTS activities for Friday, September 16 2022

2022-09-16 Thread SOGo reporter 
Title: BTS activities for Friday, September 16 2022





  
BTS Activities

  Home page: https://bugs.sogo.nu
  Project: SOGo
  For the period covering: Friday, September 16 2022

  
  
idlast updatestatus (resolution)categorysummary
	
	
	  
	
5603
	2022-09-16 10:20:50
	updated (open)
	Web Mail
	Signatures not removed

Re: [SOGo] Bug in character display in S/MIME encrypted mails

2022-09-16 Thread "Richard Rosner" 

With OpenSSL 3.x I get

Error decrypting CMS structure
400755B1327F:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad 
decrypt:../providers/implementations/ciphers/ciphercommon_block.c:129:
If I swap cms for smime it changes to

Error decrypting PKCS#7 structure
rest of the error stays the same. For all I know it has to do with some kinde 
of deprecated stuff in OpenSSL 3.x so you'd need to add something to the comand 
to enable legacy stuff.

Using OpenSSL 1.1.1n however doesn't change much:
Error decrypting CMS structure
139958493545792:error:06065064:digital envelope 
routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
The private key file is a PEM RSA key. Already checked that the reason can't be 
the wrong kind of line breaks (those Windows line breaks) inside the key file, 
since that was mentioned to be a possible reason. But the key file is as it's 
supposed to be.

Regards
Richard
-- 
Richard Rosner
Beauftragter für Vernetzung

Studierendenschaft der RWTH Aachen University
Fachschaft Materialwissenschaft und Werkstofftechnik
Intzestraße 1
52072 Aachen
Tel.: +49 241 80-95781
rros...@fsmuw.rwth-aachen.de
www.fsmuw.rwth-aachen.de

Am Freitag, 16. September 2022 19:51 CEST, schrieb "\"Frank Schmirler\"" 
(s...@schmirler.de) :
 Hi Richard,

the basic openssl command to decrypt an S/MIME message would be something like

openssl cms -decrypt -in EMLFILE -inkey PRIVATEKEYFILE

Which error do you get when trying to decrypt your message with openssl?

Regards,
Frank

Am Mittwoch, 14. September 2022 14:24 CEST, schrieb "\"Richard Rosner\"" 
(rros...@fsmuw.rwth-aachen.de) :
> Hello together,
> it seems I've found a bug when displaying an S/MIME encrypted mail. It seems 
> like characters aren't interpreted as UTF-8. At least some german "Umlaute" 
> don't display correctly. In Thunderbird, on the other hand, that same mail is 
> displayed correctly. Sadly, I haven't found a way to view the unencrypted 
> mail source code to verify if the text is indicated as UTF-8. Both OpenSSL 
> 1.x and 3.x are just throwing errors when trying to decrypt the eml file and 
> I don't know of any method to use either Thunderbird or SOGo to save the mail 
> as an unecrypted eml file. If anybody knows how I could better help to find 
> the bug, let me know.
>
> Using SOGo 5.7.1.20220912-1 on 64-bit Debian 10, straight from the 
> packages.sogo.nu repo.
>
> Best Regards
> Richard
> -- 
> Richard Rosner
 


smime.p7s
Description: S/MIME cryptographic signature

[SOGo] Additional e-Mail-Accounts/Identity and S/MIME

2022-09-16 Thread Juergen Bruckner 

Dear SOGO community,

Unfortunately I can't get any further with SOGO 5.7.1 with a certain 
problem and hope for help here.


I would like to create a new e-mail account or better a additinal 
identity (with a different e-mail address) for a SOGO user under "IMAP 
accounts", which I have managed to do so far.


Then I would like to store an S/MIME certificate for this e-mail 
account, but the "Security" tab is always grayed out and not accessible.
The S/MIME certificate was stored in the "main account" without any 
problems.


Is there any information or help on this?
Did I not notice something?

regards
Juergen
--
/¯\   No  |
\ /  HTML |Juergen Bruckner
 Xin  |microang...@microangelo.priv.at
/ \  Mail |


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Send mail error

2022-09-16 Thread Marco Moock 
Am 16. Sep 2022, um 15:00:23 Uhr schrieb International Security
Providers:

> This is not really related to sogo.. as sogo is not a SMTP-Server but
> needs a working SMTP (most likely postfix) --- Original Message
> --- h...@hrmanagement.it  schrieb am Dienstag, 13.
> September 2022 um 9:37 vorm.:
> 
> > Help.
> > Contact hr@hrmanagement.i  

Do you already have an MTA in your network?
You can just configure a local MTA like sendmail to use this existing
SMTP server for all mails, called null client.
It is rather easy to set up sendmail to do that.

Re: [SOGo] Bug in character display in S/MIME encrypted mails

2022-09-16 Thread "Frank Schmirler" 
Hi Richard,

the basic openssl command to decrypt an S/MIME message would be something like

openssl cms -decrypt -in EMLFILE -inkey PRIVATEKEYFILE

Which error do you get when trying to decrypt your message with openssl?

Regards,
Frank

Am Mittwoch, 14. September 2022 14:24 CEST, schrieb "\"Richard Rosner\"" 
(rros...@fsmuw.rwth-aachen.de) :
> Hello together,
> it seems I've found a bug when displaying an S/MIME encrypted mail. It seems 
> like characters aren't interpreted as UTF-8. At least some german "Umlaute" 
> don't display correctly. In Thunderbird, on the other hand, that same mail is 
> displayed correctly. Sadly, I haven't found a way to view the unencrypted 
> mail source code to verify if the text is indicated as UTF-8. Both OpenSSL 
> 1.x and 3.x are just throwing errors when trying to decrypt the eml file and 
> I don't know of any method to use either Thunderbird or SOGo to save the mail 
> as an unecrypted eml file. If anybody knows how I could better help to find 
> the bug, let me know.
>
> Using SOGo 5.7.1.20220912-1 on 64-bit Debian 10, straight from the 
> packages.sogo.nu repo.
>
> Best Regards
> Richard
> -- 
> Richard Rosner

Re: [SOGo] Sogo priting mail titel/attachments

2022-09-16 Thread International Security Providers 
This seems to happen just on Chromium-Browsers like Google Chrome. But not on 
Firefox.

--- Original Message ---
Christian Mack  schrieb am Donnerstag, 15. September 2022 um 
12:18 nachm.:


> Hello
> 
> Am 08.09.22 um 10:46 schrieb Test (hexagonprima...@gmail.com):
> 
> > Greetings I got a question about Sogo..
> > 
> > If you want to print a mail conversation sogo usually makes a titel page, a
> > blank page and a page with your
> > 
> > attachments along the rest of the mails.
> > 
> > Is there a way to print the titel along without it taking a whole page?
> 
> 
> Which version of SOGo are you using?
> 
> With SOGo 5.7.0 and 5.7.1-202209140439 I can not reproduce your problem.
> It always prints the complete email (Date, Subject, From, To and
> content) starting at page 1.
> 
> 
> Kind regards,
> Christian Mack
> 
> --
> Christian Mack
> Universität Konstanz
> Kommunikations-, Informations-, Medienzentrum (KIM)
> Abteilung IT-Dienste Forschung, Lehre, Infrastruktur
> 78457 Konstanz
> +49 7531 88-4416

Re: [SOGo] Send mail error

2022-09-16 Thread International Security Providers 
This is not really related to sogo.. as sogo is not a SMTP-Server but needs a 
working SMTP (most likely postfix)
--- Original Message ---
h...@hrmanagement.it  schrieb am Dienstag, 13. September 2022 um 
9:37 vorm.:

> Help.
> Contact h...@hrmanagement.it

[SOGo] Is there a way to programmatically add a 2nd user Account to Sogos Web-Interface?

2022-09-16 Thread International Security Providers 
Is there a way to programmatically add a 2nd user Account to Sogos 
Web-Interface?
maybe somehow using "sogo-tool"?
I would love to just define all the vars I would in the webinterface but using 
the CLI and it will automatically show up on the next login of the specified 
user.
I could integrate this flow in my IAM..

BR you all

Re: [SOGo] Repeated socket shutdown

2022-09-16 Thread David Kmoch 

Thank you Christian, I will try.

Best reagards
David Kmoch

Dne 16.09.2022 v 13:46 Christian Mack (christian.m...@uni-konstanz.de) 
napsal(a):

Hello

You have a user x with a lot of changes in his/her INBOX.
To get all changes from the IMAP server, SOGo takes 69.209102 seconds.
But Apache actively closes the connection before the result can be 
delivered.
Therefore the web frontend tries to get the changes again, which breaks 
again and so forth.


You have to increase your timeout on the apache side.


Kind regards,
Christian Mack

Am 16.09.22 um 12:23 schrieb David Kmoch (david.km...@tul.cz):

Hello,

some users are able to completely block a sogo worker. I have no idea
how they achieve this, but I would rather know how to prevent it on
the server side (except blocking their IP), since it repeats over and
over lasting from several hours to several days.

Apache log:

[proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout 
specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error 
reading status line from remote server 127.0.0.1:2, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view
[proxy:error] [pid 18588:tid 139754100205312] [client 
149.255.xxx.xxx:55788] AH00898: Error reading from remote server 
returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view


SOGo log:

14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri 
'/SOGo/so/x/Mail/0/folderINBOX/changes'
14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 
72665 has been hanging in the same request for 1 minutes

14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute
14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> 
client disconnected during delivery of response for 
uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so 
rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was 
shutdown


The worker thread eats %100 CPU during that sequence.

Running version 5.7.1 on RHEL8, LDAP auth, no EAS.

Any idea what can be wrong or what to look for?






--

David Kmoch
Technical University of Liberec
Studentská 2, 461 17 Liberec

tel: +420 485 353 633


smime.p7s
Description: Elektronicky podpis S/MIME

Re: [SOGo] Repeated socket shutdown

2022-09-16 Thread Christian Mack 

Hello

You have a user x with a lot of changes in his/her INBOX.
To get all changes from the IMAP server, SOGo takes 69.209102 seconds.
But Apache actively closes the connection before the result can be 
delivered.
Therefore the web frontend tries to get the changes again, which breaks 
again and so forth.


You have to increase your timeout on the apache side.


Kind regards,
Christian Mack

Am 16.09.22 um 12:23 schrieb David Kmoch (david.km...@tul.cz):

Hello,

some users are able to completely block a sogo worker. I have no idea
how they achieve this, but I would rather know how to prevent it on
the server side (except blocking their IP), since it repeats over and
over lasting from several hours to several days.

Apache log:

[proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout 
specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error 
reading status line from remote server 127.0.0.1:2, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view
[proxy:error] [pid 18588:tid 139754100205312] [client 
149.255.xxx.xxx:55788] AH00898: Error reading from remote server 
returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view


SOGo log:

14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri 
'/SOGo/so/x/Mail/0/folderINBOX/changes'
14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 
72665 has been hanging in the same request for 1 minutes

14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute
14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> 
client disconnected during delivery of response for 
uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so 
rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was 
shutdown


The worker thread eats %100 CPU during that sequence.

Running version 5.7.1 on RHEL8, LDAP auth, no EAS.

Any idea what can be wrong or what to look for?




--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung, Lehre, Infrastruktur
78457 Konstanz
+49 7531 88-4416


smime.p7s
Description: S/MIME Cryptographic Signature

[SOGo] Repeated socket shutdown

2022-09-16 Thread David Kmoch 

Hello,

some users are able to completely block a sogo worker. I have no idea
how they achieve this, but I would rather know how to prevent it on
the server side (except blocking their IP), since it repeats over and
over lasting from several hours to several days.

Apache log:

[proxy_http:error] [pid 18588:tid 139754100205312] (70007)The timeout 
specified has expired: [client 149.255.xxx.xxx:55788] AH01102: error 
reading status line from remote server 127.0.0.1:2, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view
[proxy:error] [pid 18588:tid 139754100205312] [client 
149.255.xxx.xxx:55788] AH00898: Error reading from remote server 
returned by /SOGo/so/x/Mail/0/folderINBOX/changes, referer: 
https://webmail.tul.cz/SOGo/so/x/Mail/view


SOGo log:

14:03:50 sogod [72665]: |SOGo| starting method 'POST' on uri 
'/SOGo/so/x/Mail/0/folderINBOX/changes'
14:04:50 sogod [72650]: [WARN] <0x0x55b769ba5580[WOWatchDogChild]> pid 
72665 has been hanging in the same request for 1 minutes

14:04:59 sogod [72665]: |SOGo| request took 69.209102 seconds to execute
14:04:59 sogod [72665]: [ERROR] <0x0x55b76b51a350[WOHttpTransaction]> 
client disconnected during delivery of response for 
uri=/SOGo/so/x/Mail/0/folderINBOX/changes app=SOGo rqKey=so 
rqPath=x/Mail/0/folderINBOX/changes> (len=328115): the socket was 
shutdown


The worker thread eats %100 CPU during that sequence.

Running version 5.7.1 on RHEL8, LDAP auth, no EAS.

Any idea what can be wrong or what to look for?

--

David Kmoch
Technical University of Liberec
Studentská 2, 461 17 Liberec
+420 485 353 633


smime.p7s
Description: Elektronicky podpis S/MIME

Re: [SOGo] How to configure MFA for SOGo

2022-09-16 Thread Christian Mack 

Hello

There is no additional documentation from SOGo.

You can deactivate 2FA for USER_A on the servers command line with:

/usr/sbin/sogo-tool user-preferences set defaults USER_A SOGoTOTPEnabled 
'{"SOGoTOTPEnabled":0}'


I assume, that one of the seeds from attribute "General" is used, but I 
didn't check this in source code.

You can get that with:
/usr/sbin/sogo-tool user-preferences get preferences USER_A General


Kind regards,
Christian Mack

Am 15.09.22 um 16:25 schrieb Randall Sargent (rrsarg...@pilotcat.com):

Unfortunately, that didn't work. It's rejecting my one-time code now.

Is there any documentation out there?


-Original Message-
From: users-requ...@sogo.nu  On Behalf Of Christian Mack
Sent: Thursday, September 15, 2022 1:50 AM
To: users@sogo.nu
Subject: Re: [SOGo] How to configure MFA for SOGo

Hello

SOGo implements its own TOTP 2FA.
That only protects access to the web frontend.

You have to log into the web frontend in order to activate it.
Then activate in "Preferences" --> "General" --> "General" tab option
"Enable two-factor authentication using a TOTP application".
SOGo will now display a QR-Code below that option.
You have to scan that with your prefered TOTP app on your smartphone.
Then save the activation of 2FA in SOGo web interface by clicking on the
diskette symbol on green circle at the top right corner.

  From now on, SOGo will ask for the security code when logging in to the
web frontend after the login page.


Kind regards,
Christian Mack

Am 14.09.22 um 20:30 schrieb Randall Sargent (rrsarg...@pilotcat.com):

Hello,

I am looking for documentation on how to implement MFA/2FA on SOGo, 
specifically DUO, but any will do.

Thank you






--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung, Lehre, Infrastruktur
78457 Konstanz
+49 7531 88-4416


smime.p7s
Description: S/MIME Cryptographic Signature