Posts Tagged ‘Security’

Incident report: Some mails to Microsoft online services was getting blocked..

Posted on: February 13th, 2025 by Mads Petersen

This afternoon earlier today one of the Kolab Now MX servers was listed on the Microsoft block list. This means that some users might have seen, that mails sent to recipients at ‘@outlook.com’, ‘@live.com’, ‘@hotmail.com’, and other Microsoft online services was bounced back with the message that looks something like this:

This is the mail system at host mx.kolabnow.com. 
I'm sorry to have to inform you that your message could not 
be delivered to one or more recipients. It's attached below. 
For further assistance, please send mail to postmaster. 
If you do so, please include this problem report. You can 
delete your own text from the attached returned message. 
The mail system <some-email@outlook.com>: host  
outlook-com.olc.protection.outlook.com[x.x.x.x] said: 550 5.7.1 
Unfortunately, messages from [y.y.y.y] weren't sent. Please contact 
your Internet service provider since part of their network is on our block 
list (S3150). You can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors. [Name=Protocol 
Filter Agent][AGT=PFA][MxId=<some long number>] 
[SG2PEPF03345FBECA.apcprd05.prod.outlook.com 2025-02-13T<timestamp>Z 
<another long number>] (in reply to MAIL FROM command)

Although the listing was fast discovered, Microsoft was contacted and the listing is reversed as soon as it is possible, it took a while. At this time emails should be delivered to the Microsoft online services.

A few users has misinterpreted the symptoms with error messages from missing the DKIM changes made on Monday (please read this blog post from December 2024 and the follow ups). If you are a group manager, then please make sure that you have the new DKIM related CNAMES added to your DNS zone.

If you have any questions or concerns in this context, then please contact support.

Tags: Anti-Spam, blog, DKIM, DNS, Incident Report, Security, SPAM, Support

Cross-site Scripting (XSS) issue in the Kolab Webclient?

Posted on: December 5th, 2023 by Mads Petersen

Lately we got a lot of questions at Support about a possible vulnerability in Roundcube, the Kolab Now webclient. The listing in question is CVE-2023-47272 which upstream in the Roundcube development has been handled and patched.

To see the version of Roundcube running as the Kolab now webclient, login and press the ‘About’ button in the left side of the screen. This will reveal that Kolab Now is running:

Roundcube Webmail 1.5.6.3-30.1

This tells, that the fix was already installed, and that the Kolab Now webclient is not impacted by the vulnerability.

We are thankful for having an observant and active user base.

Tags: Security, Web Client

Announcing Service Window: The death of old infrastructure..

Posted on: January 13th, 2023 by Mads Petersen

On Friday, 20^th of January 2023 at 09:00 UTC, the Kolab Now operations team will perform maintenance on the infrastructure of the Kolab Now platform. The update will move a part of the backend services to newer infrastructure. The updates will bring more stability and better manageability to the backoffice systems. No new features visible to end users will be enabled during this maintenance.

The service window is expected to last for no more than 4 hours, ending on Friday, 20^th of January 2023, at 13:00 UTC.

> Continue Reading

Tags: Security, Service Window, Support

The Annual Certificate Refresh

Posted on: January 2nd, 2023 by Mads Petersen

Another year past and we needed to again refresh our certificates.

As in previous years, e.g. 2018, 2019, 2020, etc, we rolled over certificates across all systems over the last few days of the year.

The new certificate is in place, and applies to https://kolabnow.com/, imaps://imap.kolabnow.com and smtps://smtp.kolabnow.com.

As in previous years, we publish the fingerprint here:

SHA-256:

FA:2A:BF:A9:F8:FA:67:E7:7B:0D:B2:2C:C2:F2:8B:F8:30:4C:77:84:55:38:02:B4:DD:66:7F:DA:F4:C7:DC:49

SHA-1:

B6:FE:BF:F6:3A:17:CD:E4:2D:02:7F:AF:C9:EF:0C:45:32:F9:0A:3B

Tags: Certificate Fingerprints, Security

The Annual Certificate Refresh

Posted on: December 28th, 2021 by Mads Petersen

Another year past and we needed to again refresh our certificates.

> Continue Reading

Tags: Certificate Fingerprints, Security

Our Statistics for 2020

Posted on: January 15th, 2021 by Jeroen van Meeuwen

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2020.

> Continue Reading

Tags: Privacy, Security

Bleib sicher Zuhause mit Kolab Now

Posted on: March 22nd, 2020 by Christian Mollekopf

Kolab Now unterstützt alle, die auf Homeoffice nicht vorbereitet sind, indem wir unseren Service für die Dauer der Krise gratis zur Verfügung stellen.

Email, Kalender, Office-Dokumente und mehr, helfen Ihnen Ihre Arbeitsabläufe auch Zuhause aufrecht zu erhalten.

Registriere dich jetzt mit dem Voucher Code KOLABFROMHOMENOW.

Dieses Angebot werden wir so lange wie möglich aufrechterhalten und nachdem sich die Lage beruhigt hat wieder entfernen.

Tags: Privacy, Security

Stay Safe at Home with Kolab Now

Posted on: March 16th, 2020 by Jeroen van Meeuwen

Authorities and experts alike tell us physically staying at home is the safest thing to do for you and yours, and everyone else. Our experts want you to enjoy the same safety on the web.

We have decided to spread the burden and not the virus, and do the right thing by not opportunistically profiting off of our collective misery. We now provide a 100% discount to all new signups for as long as we can manage, or for as long as the crisis continues, whichever comes first. When things cool down, we’ll remove the discount.

> Continue Reading

Tags: Privacy, Security

Our Annual Certificate Refresh

Posted on: January 16th, 2020 by Jeroen van Meeuwen

Our annual certificate refresh is upon us.

> Continue Reading

Tags: Certificate Fingerprints, Security

Our statistics for 2019

Posted on: January 3rd, 2020 by Jeroen van Meeuwen

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened, and further down nested in our legal framework outline do we have a list of 3 general types under which individual requests could be filed.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2019.

> Continue Reading

Tags: Privacy, Security