2016/04/28

PHP extension CURL missing error during Roundcube CardDAV initialization

PHP extension CURL missing error during Roundcube CardDAV initialization

php extension curl is missing from your system

I was setting up CardDAV plugin (Roundcube CardDAV 0.5.1) for my own Roundcube webmail v1.1.4 on my Wintel machine the other day. There was an error of 
The PHP extension CURL is not installed! Please install CURL to use the CardDAV plugin.
occurring. I checked that php-curl.dll and its dependency .dll files are actually located in the Apache folder but it keeps on throwing me this kind of “php_curl.dll missing” error messages. 

Then, I googled it and only found a few resulting links. One of them mentioned about the path to these files might not be included within Windows’ Environment Variables. So, I added the path to Path line and restarted the computer. Amazingly, it works.
php curl windows install

Let me recap the whole steps to add the path to Environment Variables below:
  1. Right-click on Computer and select Properties
  2. Click on Advanced System Settings at lower-left
  3. Under Advanced tab, click on Environment Variables
  4. Then, under System variables, scroll down to Path and double-click on it
  5. To the right of Variable value, scroll to the end of space and add the actual path where Apache\bin can be located
  6. Restart Windows to be safe that this system variable change will take place
  7. Now, Apache will start smoothly as usual

How to sync Outlook calendar with ownCloud v9.0?

How to sync Outlook calendar with ownCloud v9.0?

In Mar,2016, ownCloud v9.0 was released. Some feedbacks from existing ownCloud v8.2.3 upgrading to ownCloud v9.0 are good while some are bad. Anyway, out of curiosity, I did a test drive to check if EVO Collaborator for Outlook is compatible with it. It seems out of luck that ECO did not connect to ownCloud v9.0. I was a little disappointed because this Outlook add-in has been working for owncloud from v5.0 to v8.x. 



Later, I was trying to find some clue on ownCloud’s on-line user manual about the server URL that we need to enter on iOS devices:

The URLs look like this:
  1. CalDAV URL: ADDRESS/remote.php/caldav/principals/username
  2. CardDAV URL: ADDRESS/remote.php/carddav/principals/username
I think it is too long to remember and enter during configuration. 

Then, I contacted EVO staff about this. They said they were working on it and needed a few more days to wrap it up. A few days later, I received an e-mail from them telling me it is compatible with ownCloud v9.0 now. 

I went ahead to try it. This time, EVO staff impressed me as usual. All I need to enter is the owncloud server hostname is the following format:

https://<servername_or_server_ip>/remote.php/

Unlike ownCloud’s user manual, EVO Collaborator for Outlook’s auto-detection only took a few seconds to detect all my CardDAV and CalDAV URL. However, only the default contact (address book), calendar and task folders can be detected unlike iCloud or Gmail. Then I did a few sync rounds back and forth between ownCloud’s web-UI and Outlook. Synchronization went smoothly. 



All I could say is that EVO Collaborator for Outlook is responding to new release of server or service on the market fast making sure Outlook 2007, 2010, 2013 and 2016 users can synchronize with it while improving itself toward perfection with fixes and updates. They deserve the credit of putting efforts and dedication.

2016/04/27

How to verify SMTP server TLS version

How to verify SMTP server TLS version

For the past two decades, Internet population has exploded exponentially. SSL and TLS protocol have been doing their best to protect users during Internet communication underlying different types of Internet applications such as web browsing and mail delivery.

SSL v3, TLS v1.0, and TLS v1.1 were once to be flawless. After many exploits, such as Heartbeat, Beast, Poodle, and Crime, were attacking these old SSL / TLS encryption schemes, protection became almost useless. That is why SSL becomes obsolete and TLS has evolved to TLS  v1.2.  


If you are running your own on-premises mail server, then you need to be aware of whether or not the data encryption security level of your mail server is up to date? The most updated TLS protocol version is v1.2. For a better understanding of both SSL and TLS, please refer to Wikipedia on Transport Layer Security 


There are several websites that are able to verify both SSL and TLS security level of your mail server such as:


http://www.checktls.com/index.html
https://ssl-tools.net/mailservers


These tests are important because they give you information about whether your mail server is robust enough on all TCP ports that are used during inbound and outbound SSL/TLS mail delivery, including TCP 993, 995, 587 and 465.   

Besides SSL and TLS, there are several protocols you need to make sure your mail server also supports and/or prevents attacks: 
  1. PFS (Perfect Forward Secrecy),
  2. Heartbleed
  3. BEAST (Browser Exploit Against SSL/TLS) 
  4. POODLE
  5. CRIME (Compression Ratio Info-leak Made Easy)
  6. Weak ciphers. For optimal cipher protection, you may use the following string:

    "ALL:!ECDHE-RSA-RC4-SHA:!ADH:!LOW:!EXP:!MD5:!RC4-SHA:@STRENGTH"
  7. SHA256 (https://en.wikipedia.org/wiki/SHA-2)
As a summary, a mail server equipped with TLS v1.2, PFS, Heartbleed-free, strong ciphers are considered to be optimally safeguarded against hacker attacks. It is difficult to configure a mail server to have all these criteria. Here is a mail server option called EVO Mail Server that is natively having all the above built-in. By the way, a backward compatibility with SSL v3, TLS v1.0 and TLS v1.1 is somehow needed in a real-world environment because some mail clients applications may not yet be updated to support TLS v1.2.

2016/04/05

Windows 10 port 80 used by system when you want to deploy Roundcube

Windows 10 port 80 used by system when you want to deploy Roundcube

If you were to run Roundcube Webmail along with e-mail server such as EVO Mail Server on Windows 10, please note that Port 80 is pre-occupied by Windows 10 system itself. At this moment, we need to free up Port 80 by running a DOS command:

  1. Run CMD.EXE with Run as Administrator
  2. At command prompt, key in net stop http
  3. As shown in the screenshot, http service’s dependency services will also be terminated. The dependency services may more or less include the following:
    World Wide Web Publishing Service; 
    SSDP Discovery; Print Spooler; HomeGroup Provider; Function Discovery Resource Publication; Function Discovery Provider Host
  4. Enter Y to continue
  5. The port stopping drill is only temporary. 

Here is a shortcut to the above steps:

The tip above is taking off too many services at once. Therefore, I tried a little experiement of taking down one service at a time to see if it is possible to do the minimum work and achieve the same result.

I went to Computer Management -> Services and Applications -> Services:


In the service list, I only picked and stopped World Wide Web Publishing Service and it was working! Yet, to avoid Port 80 to be pre-occupied by http service upon a system reboot, I changed Startup Type to Disabled as well.