To install this update please follow these steps:
1. Go to "System -> System Operation -> Software -> System Update" and click "Get Package List" . The successful update of the package list is indicated by the message "Done!" .
2. Click "Get Packages" . This action downloads the listed update packages.
Important: If you download the packages over a slow connection (ISDN, analog, etc.), the browser may drop the connection to the administration interface. However, the download will continue in the background. Continue with the next step. If you get an error message, wait a few minutes and try again.
3. Click "Install" . This action installs the update. The end of this process is indicated by the message "Done!" .
4. The update installs a new kernel. Therefore, the system must be rebooted after installing the update: "System -> System Management -> Shutdown/Reboot -> General" .
Installation
New in this Release
Problems Fixed in this Release
Notes
Restrictions
If your Collax Business Server version is below 2.0.0 please make sure that you do a backup of the intermediate Version 1.18b. To upgrade to the current version a further intermediate step to version 2.5.2 will be accomplished.
If the version of your Collax Business Server is lower than 1.1.6a or 2.0.24, please contact the support hotline for upgrading to the latest version.
If, when surfing over the web proxy, access is denied due to error 250 and rules are used to limit the web traffic, this is because of a configured rule for which no URL or Cobion list was specified and the option "All" was not set either. The definition of such an invalid rule was only possible in old versions of Collax Business Server. In new versions, such a rule cannot be saved. In this version, the generator for the web-content filter has been improved. Thus, invalid rules are skipped and displayed with the message "*** Note: Rule rulename has empty URL list, skipping." In this connection, please also refer to the item "Web-Proxy Access Denied Due to Error 250" in this document.
From this version, netmasks from 1 to 7 bits can be specified when configuring networks. This may be required for certain network and routing scenarios.
The Collax Virus Protection can automatically update its patterns in specified intervals. Since this update, a reload is performed instead of a restart; therefore, the service is available with new patterns within a short time.
exchange4linux has been updated to version 3.1.12. Please note that a newer version of the connector must be used for this new version. The connector can be downloaded from the following URL: http://neuberger-hughes.com/pub/exchange4linux/exchange4linux-outlook-connector-3.1.12.0.0.446.508.exe.
This version features the following improvements:
If no "Read" and "Visible" permissions were set for "Default" for a public folder, Outlook used to terminate with an incorrect message asking you to apply the command "outlook.exe /resetfolder" to the PST file. Instead, the message now states that the update of the public folder cannot be continued due to the lack of permissions.
Permissions for mailboxes can be delegated to other exchange4linux users. From this update, the user "admin" can also be granted access to other mailboxes.
If only the "Visible" permission was set for "All Public Folders", but not the "Read" permission, the client could not read the folder list in the "All Public Folders", and the synchronization was not finished. In connection with the new connector, this has been improved.
To use exchange4linux, a connector is required for Microsoft Outlook. Please note that a new version of the connector must be used for the new e4l version. You can download the connector here: http://neuberger-hughes.com/pub/exchange4linux/exchange4linux-outlook-connector-3.1.12.0.0.446.508.exe
The Open-Xchange groupware has been updated to the latest version 0.8.2. The collaboration software offers all functions for e-mail, scheduling, contacts, projects, documents, and tasks. Please note that this new version also requires a new version of OXtender, which you can download in the administration interface of your Collax Business Server.
The new version of Open-Xchange provides the following features:
Usability
RSS-Feeds which allows comfortable subscription of selected web contents. This functionality can also be used to easily provide centrally managed company bookmarks to employees of the company.
Portal Page Enhancements to display upcoming events. Users can modify their settings to show future events.
Extended Search Capabilities for Documents, Bookmarks, Forum and Knowledge Base. Calendar entries can be searched for in public, private and shared folders. Search can also be executed across "all folders"
Web Mail
Plain text conversion of "HTML-only" messages.
Web Mail uses contact search across all address books.
Quick page selection so that users can set up how many mails are shown in the list view within their setup. Page selection and navigation is now possible with navigation by arrows (next and last page).
Store attachments directly into the documents section. Users can directly store an attachment of an email into the Documents section by using the export button.
Enhanced spell-check.
Confirmation email for appointments and tasks. Users are now able to check at any time the current confirmation status of a task or an appointment.
Content type modification. Users are able to change the 'Content-Type' before viewing an attachment.
Enhanced parsing of links, quotes and graphical emoticons.
Contacs
Enhanced Search Capabilities. Search capability is extended to every folder, subfolder and LDAP directory.
Customizable layout for Contacts. Layout of Contact information can be modified individually which increases user comfort.
Ability to print Contact detail view.
Drop-down ability on the Contact detail view. Multiple contacts from one company can be linked together.
Calendar
Colored Appointments.
Day of the beginning of a Week can be defined.
New View: Work Week.
Projects, Tasks
Completely rewritten Project Module.
Projects are stored in special Project Folders.
Project Team Creation, efficiently by using existing groups and contacts.
Project Role Management. Definitions such as leader, manager, staff or chief for the project participants help grouping the team.
Folder Permission Management to reflect the internal project's permissions and to ensure the success of the project.
Task Folder assigned to Project which stores all tasks assigned to specified project.
Milestones and Tasks can be linked by defining dependencies like "Finish-to-Start" or "Finish-to-Finish"
Task Module with customizable Views to change the fields being shown in the tasks list views.
The following items have been corrected in this version:
Objects can be defined in public folders via OXtender and web interface. So far, these objects could only be removed over the web interface. From this version, created objects can also be removed with OXtender.
Appointments can be defined in shared calendars. So far, an HTTP 409 message used to be displayed when creating or deleting appointments with OXtender. Since this update, appointments can be created or deleted in shared calendars with OXtender.
After saving the favorite e-mail address in the Open-Xchange web interface, all other e-mail addresses that are possible in combination with alias@domain used to be hidden. This update enables the selection of the required sender address when sending an e-mail message.
When moving appointments, HTTP 409 or 500 messages used to be displayed from time to time. With this update, appointments can be moved with OXtender without any errors.
Outlook OXtender provides the possibility of performing an online update to get the latest version. Since this update, the Collax Business Server can be used as update server for OXtender. Simply enter the IP address of the Collax Business Server as server address under the update settings in OXtender (right-click the OX icon in the system tray and select "Change Update Server").
Samba, the SMB and CIFS service on the Collax Business Server, makes network shares available in Windows networks and can authenticate against a remote LDAP server. This update makes sure the correct LDAP server is adopted by the SMB/CIFS service when switching the authentication to "Activate local server".
The Collax Business Server provides a reliable way to detect and handle spam. On some servers with extremely high e-mail traffic, the "ProxSMTP" program would sometimes be overloaded and therefore fail to deliver e-mail to the subsequent mail server. In this connection, the message "proxsmtpd: 100008: SERVER: network read operation timed out" used to be generated in the log files. Following the update of this package from version 1.2.1 to version 1.3, this message is no longer generated, and the behavior under high load conditions has been improved.
The setting "Canonicalize sender address" can be used to rewrite internal email addresses to addresses that can be reached externally.
If you create multiple mail domains, the address is always rewritten to the first matching rewrite address. The order in which mail domains within the LDAP directory are considered for matches can change, though, and is more or less random.
You can work around this problem by configuring the email clients such that the external address is always used for outgoing e-mail.
When the authentication of users is made against a non-local database, e. g. ADS/PDC, please be aware that the user "mailadmin" does not exist on the ADS/PD, because this user is used internally in CBS. Otherwise problems will occur, e. g. during the creation of local mailboxes.
When using the web-content filter with own lists which contain URLS and/or domains and/or expressions, the error that the filter doesn't work properly and thus doesn't block anything might occur. In order to fix this problem please save each list and activate the configuration.
The NTLM authentication scheme that is usually used by windows client software is now enabled when the support for windows networks has been enabled. It is no longer necessary to enable it separately.
Please note that for being able to authenticate with NTLM against a Windows 2003 Server Service Pack 1 has to be installed.
If the above error message is displayed when surfing over the web proxy and rules are used to limit the web traffic, please check the rules configured under "Settings -> Filter -> Web-Content Filter -> Rules". Load every individual rule by double-clicking the entry. If the message "Please specify at least one URL or Cobion list" is displayed, specify the respective list to be associated with this rule or enable the menu item "All". If no such error message is displayed, you can return to the list of rules by clicking "Cancel". If you changed any of the rules, activate the configuration.
All networks that are reachable through a VPN link must also be specified as reachable networks in the respective dial-in link.
It can happen, that hylafax denies facsimiles from callers. In this case, you should deactivate fax spamlists. Please follow this description: The left menu shows Messaging/Fax/General. Deactivate 'Switch on number control'. You can save now and activate the configuration.
It is possible, that problems occur when a FritzCard-AVM-PCMCIA and another different PCMCIA-card are used at the same time. In this case please call the support hotline.
In some cases it was possible that faxes were not submitted correctly so that the header was cut or missing wholly.
If you experience these problems you should set the maximum receive rate to a value below 14.400 Bit/s. You can set this in the MODEM-Page on the GUI.
In order to be able to use the Sedlbauer-ISDN-Card for an analog connection to a provider, the following must be set in "Additional Hayes-Options" : "AT&FS14=10S15=0S18=1&E" followed by the MSN of the ISDN-Card.
The configuration used within CBS works properly with the most commonly used modems. Nevertheless, it is possible that specific modems cannot be initialized correctly. At the moment, analog links are not used as fallback by the "Link monitoring" .
The AntiVir-WebGate does not yet support HTTPS which means that HTTPS-connections are not possible in combination with AntiVir-WebGate. So at the moment HTTPS-traffic bypasses this filter.
Refer to the release notes for version 3.0.0 if you update from a version older than 3.0.0.
If your CBS was installed from a CD, after this update only the first five users will be shown in the administration GUI. All other users are still existent on the system and do not affect the functionality of the server. In order to unmake these restrictions you can clear your license with our support: support@collax.com. Wether you own a CD-installed system or not can be seen from the text on the top of the administration GUI.
The print service itself offers its services over the Internet Printing Protocol (IPP). This protocol is directly supported by MacOS X and most Linux distributions. Printers with Ethernet ports can be added to the queues on the Collax Business Server. These printers are also exported over the printer support of the SMB/CIFS server and can be addressed directly over IPP by Windows clients.
Exporting virtual hosts via FTP is only possible with IP-based virtual hosts. Name-based virtual hosting with FTP is not possible due to limitations in the FTP protocol itself.
The initial setup of the mailboxes is in conjunction with the option "Alternative namespace". This means that you should decide which format you want to use before the mailboxes are created. When this option is enabled the folders Sent, Draft and Trash are below the folder Inbox. When this option is disabled the folders Sent, Draft and Trash are on the same level as the folder Inbox. When you change the option "Alternative namespace" after the creation of the mailboxes, the Webmailer will show up a error in the following form: "Query: CREATE "INBOX.Sent" and "Reason Given: Invalid mailbox name". The name of the folder can vary.
In order to accomplish NTLM-Authorization with an imported group, this group must be a global group on the AD-Server and must be the primary group of the user.
Because of a limitation in the IPSec implementation (OpenSWAN), IPSec can only be used with four different network interfaces. In particular, this leads to problems involving failovers and outgoing IPSec connections.
You can (and must) select the interface that you will use to create a VPN link. For this link, select "dial-in" in the "initiate" field. Then, in the "on Link" field, choose the network link over which the IPSec data will be forwarded.
Additionally, if you wish to prevent these links from being used to establish an inbound connection to your local network, you must specify the system certificate as your own certificate as well as the receiver's certificate.
It is not possible to use VPN connections with asymmetric routes if the system is both a router and an IPSec gateway.
This is because IPSec accumulates a checksum of the IP header contents. With asymmetric routing, the IP addresses of the links - over which the data is transmitted and received - do not correspond.
It is not possible to establish multiple IPSec connections for the same networks and the same two security gateways. This is due to how OpenSWAN works internally (keyword "eroutes". Those having trouble with OpenSWAN know what is meant here; a deeper analysis would go beyond the scope of these release notes).
You can set up a GRE-tunnel over the IPSec-tunnel to bypass this problem.
Because VPN connections are handled as network devices some limitations apply to traffic shaping inside VPN tunnels. Concrete this means classification information can be lost for data transmitted inside a VPN tunnel.
The base DN of the LDAP directory cannot be changed retroactively through the GUI. The reason for this is that not all directory data can be rebuilt from the configuration.
Although data is lost, the easier way is to delete the files in the "/var/lib/openldap/openldap-data" directory, and then recreate the directory.
To achieve that, proceed as follows:
Log on to the system as "root" .
Stop the LDAP server. You can do this either through the GUI (System -> Services) or with the "/etc/init.d/openldap stop" command.
Use "cd /var/lib/openldap/openldap-data" to change to to the database directory of the LDAP server. Verify that you are in the right path with the "pwd" command.
Delete all files in the directory with "rm *.dbb" .
Change the base DN of the directory in the GUI.
Activate the changes. You will get an array of error messages explaining that data cannot be written into the LDAP directory. When the activation is completed, the LDAP server should restart with the changed configuration.
Execute the "/usr/lib/akconfig/scripts/ldif.gen config" command to transfer the data from the system configuration into the LDAP directory.
Beware: all passwords of all users will be lost after having changed the base DN. You have to enter them again via the Admin GUI.
The web filter of the TrendMicro VirusWall can not authenticate against other proxies. If a remote proxy requires authentication, the web filter of the VirusWall cannot be used. Workaround: enable AntiVir WebGate additionally which is able to authenticate itself against a different proxy.
If the TrendMicro virus filter is used together with the spam filter, and the option "Forward as text attachment" is selected for the spam filter, e-mail messages identified as spam and forwarded as text attachments are processed by the TrendMicro virus filter, but not checked for viruses. However, the virus check works with all other options offered under this menu item ("Do not change" or "Forward as e-mail attachment"). If a second virus filter is used, infested spam e-mails will be intercepted by this virus filter.