Posts Tagged ‘Security’

SSO or not SSO – That is the question..

Posted on: March 31st, 2026 by

Before the migration to the new Kolab Now environment, users had to give their login credentials twice to get into the Kolab webmail client. First at https://kolabnow.com/login and later after pressing the Webmail button. You could also make use of the direct URL https://kolabnow.com/apps – in all instances the credentials would be validated against the same LDAP internally.

Many users found that a cumbersome procedure, and the number of support tickets suggesting to do a more modern authentication was high. The Kolab team took a little time to evaluate such solutions.

SSO was finally implemented in the latest new environment. With the new SSO solution, the Webmail client can use an OAuth token instead of credentials, further improving security.

The new SSO authentication system is created and run by the Kolab Now team using the standard OIDC protocol. It is only the cockpit and the Webmail client authenticating against this SSO. No 3’rd party provider is involved. Access from external clients is separate from the SSO authentication.

We had expected from the previous user feedback, that this would be received well. However, it turned out, that many users were not found of, or for one or the other reason unable to use, SSO.

Hence we have made a change:

> Continue Reading

Tags: , , , , , , , ,

Post Mortem on a migration

Posted on: March 28th, 2026 by

The dust is settling..

The migration happened on Tuesday, and was for a large part successful. No data was harmed during the event. All data was migrated. Kolab Now is now running on hardware that has guaranteed warranty for at least the next 5 years, and on a software platform that is making it easier for us to develop and maintain.

We did however run into a very unfortunate situation. A few very urgent matters caused our support mailbox to be quite full, and on top of that, the support ticket form at ‘https://kolabnow.com/support’ was out of order for a few hours. This resulted in response times much longer than we like them to be.

A few issues impacted users:

> Continue Reading

Tags: , , , , , , , , , , , ,

Incident report: Spam attack.. [Updated]

Posted on: March 6th, 2026 by

On Tuesday 2026-03-03, a number of user accounts on Kolab Now was used to send out large amounts of spam. The spammers didn’t get to send out much mail. Most of it was stopped in the Kolab Now exit filtering, but the spam rating of the mails going out unfortunately was high and caused Microsoft online services, specifically outlook.com, hotmail.com, to add two of the Kolab Now exit IP addresses to their block lists. This caused emails sent to recipients on these services to bounce with messages like:

550 5.7.1 Unfortunately, messages from [212.103.80.154] weren’t sent.

Please contact your Internet service provider since part of their network is on our block list (S3150).

The spammers were identified and stopped, but the damage was done.

> Continue Reading

Tags: , , , ,

Changes to Kolabnow password expiry policy

Posted on: July 16th, 2025 by

Today we deploy a change to the Kolab Now password expiry policy, which will affect you only if you:
– have enabled an expiry policy in your profile
– your password expired according to that policy

If both of these conditions are the place, you will be prompted to change your password when you login in to the cockpit with your correct, but expiring, password.

Tags: , ,

Incident report: Some mails to Microsoft online services was getting blocked..

Posted on: February 13th, 2025 by

This afternoon earlier today one of the Kolab Now MX servers was listed on the Microsoft block list. This means that some users might have seen, that mails sent to recipients at ‘@outlook.com’, ‘@live.com’, ‘@hotmail.com’, and other Microsoft online services was bounced back with the message that looks something like this:

This is the mail system at host mx.kolabnow.com. 
I'm sorry to have to inform you that your message could not 
be delivered to one or more recipients. It's attached below. 
For further assistance, please send mail to postmaster. 
If you do so, please include this problem report. You can 
delete your own text from the attached returned message. 
The mail system <some-email@outlook.com>: host  
outlook-com.olc.protection.outlook.com[x.x.x.x] said: 550 5.7.1 
Unfortunately, messages from [y.y.y.y] weren't sent. Please contact 
your Internet service provider since part of their network is on our block 
list (S3150). You can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors. [Name=Protocol 
Filter Agent][AGT=PFA][MxId=<some long number>] 
[SG2PEPF03345FBECA.apcprd05.prod.outlook.com 2025-02-13T<timestamp>Z 
<another long number>] (in reply to MAIL FROM command)

Although the listing was fast discovered, Microsoft was contacted and the listing is reversed as soon as it is possible, it took a while. At this time emails should be delivered to the Microsoft online services.

A few users has misinterpreted the symptoms with error messages from missing the DKIM changes made on Monday (please read this blog post from December 2024 and the follow ups). If you are a group manager, then please make sure that you have the new DKIM related CNAMES added to your DNS zone.

If you have any questions or concerns in this context, then please contact support.

Tags: , , , , , , ,

Cross-site Scripting (XSS) issue in the Kolab Webclient?

Posted on: December 5th, 2023 by

Lately we got a lot of questions at Support about a possible vulnerability in Roundcube, the Kolab Now webclient. The listing in question is  CVE-2023-47272 which upstream in the Roundcube development has been handled and patched.

To see the version of Roundcube running as the Kolab now webclient, login and press the ‘About’ button in the left side of the screen. This will reveal that Kolab Now is running:

Roundcube Webmail 1.5.6.3-30.1

This tells, that the fix was already installed, and that the Kolab Now webclient is not impacted by the vulnerability.

We are thankful for having an observant and active user base.

 

Tags: ,

Announcing Service Window: The death of old infrastructure..

Posted on: January 13th, 2023 by

On Friday, 20th of January 2023 at 09:00 UTC, the Kolab Now operations team will perform maintenance on the infrastructure of the Kolab Now platform.  The update will move a part of the backend services to newer infrastructure. The updates will bring more stability and better manageability to the backoffice systems. No new features visible to end users will be enabled during this maintenance.

The service window is expected to last for no more than 4 hours, ending on Friday, 20th of January 2023, at 13:00 UTC.

> Continue Reading

Tags: , ,

The Annual Certificate Refresh

Posted on: January 2nd, 2023 by

Another year past and we needed to again refresh our certificates.

As in previous years, e.g. 2018, 2019, 2020, etc, we rolled over certificates across all systems over the last few days of the year.

The new certificate is in place, and applies to https://kolabnow.com/, imaps://imap.kolabnow.com and smtps://smtp.kolabnow.com.

As in previous years, we publish the fingerprint here:

SHA-256:

FA:2A:BF:A9:F8:FA:67:E7:7B:0D:B2:2C:C2:F2:8B:F8:30:4C:77:84:55:38:02:B4:DD:66:7F:DA:F4:C7:DC:49

SHA-1:

B6:FE:BF:F6:3A:17:CD:E4:2D:02:7F:AF:C9:EF:0C:45:32:F9:0A:3B

 

Tags: ,

The Annual Certificate Refresh

Posted on: December 28th, 2021 by

Another year past and we needed to again refresh our certificates.

> Continue Reading

Tags: ,

Our Statistics for 2020

Posted on: January 15th, 2021 by

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2020.

> Continue Reading

Tags: ,