In this post I like to introduce you to the Spoofing and Phishing Alert Zimlet (previously sa-alert). The goal of this Zimlet is to help users to identify spoofing and phishing and thus offer protection against it. While some parts of this Zimlet work automatically, it is not meant to be a fully automated plug-and-play solution and it is recommended you deploy it with a knowledgeable helpdesk/support staff to back it up.
This zimlet checks the result from Spam Assassin and alerts the user when certain tags are found. In addition it enforces the zimbraPrefShortEmailAddress setting to be FALSE as that allows the user to see the used email FROM address. The Zimlet also checks for suspicious characters in headers, like the NULL character etc. See also Mailsploit and bug 108709.
I deployed the Zimlet in an organisation with 700 users, and pointed the alertmail property to the helpdesk ticketing system, after a few weeks of increased incoming tickets and configuring the ignorelistReplyTo and ignorelistReturnPath the number of false positives dropped, and now the alert is really valuable to the user.
While both products allow you to integrate Nextcloud/ownCloud in your Zimbra, there are some differences. That I’ll show you in this post.
*Support rendering Markdown. Directly edit from Zimbra, the text source file.
Require Nextcloud APP
Support SSO to Nextcloud
*WebDAV Client supports storing the password on Zimbra LDAP (in plain text)
Support Windows File Shares
via external storage
*You can store the credentials of a share in Nextcloud, but that means all users would use a single set of credentials
Supported by Zimbra
Zimbra WebDAV Client now fully supports previewing in OnlyOffice (Screenshot).
In my experience, Collabora (LibreOffice) creates documents that are 100% compatible with LibreOffice, while OnlyOffice creates documents that are 100% compatible with Microsoft Office. In addition when one exports to a PDF the documents from Collabora are more compatible with jsPDF (so you can embed it in WordPress).
If it comes to the configuration, Zimbra Drive is pre-configured by the administrator that can set the Nextcloud servers to use per cos/domain etc. Zimbra WebDAV Client allows the admin to set default settings (can be based on Zimbra’s public URL) and set a list of allowed domains. The user is able to configure the settings of Zimbra WebDAV Client to use whatever Nextcloud desired (if the admin allows the domain).
Did I overlook a feature? Comment below and I add it to the table.
Hello All, in this first Zeta Alliance post I am going to show you how to install a Virtual Server with OnlyOffice. The VM will be using Let’s Encrypt for SSL, and the certbot renew cycle is used to update the docker image as well.
The VM will need a public port 443 and 8443 exposed to the Internet and I recommend to put it on a separate IP and domain name. You MUST use port 443, but in place of 8443 you can use any port that is higher than 8000.
The VM is kickstarted and the SSL certificate is generated from Let’s Encrypt. Why? Because let’s encrypt does include a working certificate chain AND removes weak ciphers from the cert. This results in less configuration, or you can say OnlyOffice does not work with weak ciphers, broken chains and or wildcard certs.
Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/onlyoffice.domain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/onlyoffice.domain.com/privkey.pem
Apache stays on port 443, because that works with Let’s Encrypt.
mkdir -p /app/onlyoffice/DocumentServer/data/certs/
cp /etc/letsencrypt/live/onlyoffice.domain.com/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
cp /etc/letsencrypt/live/onlyoffice.domain.com/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
openssl dhparam -out dhparam.pem 2048
[root@onlyoffice ~]# ls /app/onlyoffice/DocumentServer/data/certs/
dhparam.pem onlyoffice.crt onlyoffice.key onlyoffice.pem
firewall-cmd --add-port=8443/udp --permanent
firewall-cmd --add-port=8443/tcp --permanent
#Remove all running containers, there should be none
docker rm -f $(docker ps -a -q)
docker run -i -t -d --restart always --name onlyoffice-document-server -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
Now you can look at https://onlyoffice.domain.com:8443/welcome/ and see the Document Server running. Install and configure OnlyOffice app under Office apps in Nextcloud and configure under Admin, the server url. Done!
In the current version of DS you may restrict access from alternative ownCloud, NextCloud or other file storages by editing Document Server configuration file /etc/onlyoffice/documentserver/default.json. Find the section ‘filter’ and change it to the following look :
After editing configuration file use the command ‘supervisorctl restart all’. As you are using Docker version at first enter the container with ‘docker exec -it container_ID /bin/bash’ and then perform previously mentioned operations. Thank you for the interest in ONLYOFFICE.
Automatic update of Let’s Encrypt Certificate and docker document server