We will no longer include Uebimiau by default

[DirectAdmin Support]

Hello,

This is a notice that effective immediately, we will not include Uebimiau in our default installs of DirectAdmin. It has been changed to be an install-time option, so you can still use it if you wish.

The reasoning is that several unresolved vulnerabilities have been reported to us. Since the project seems to be discontinued, we can't forsee any of these numerous issues being resolved in a timely manner, thus we can no longer include it by default.

For anyone who wishes to install it anyway (at your own risk), you can still do so by either running:

cd /usr/local/directadmin/scripts
./webmail.sh

or by setting

uebimiau=yes

in your options.conf and running

./build uebimiau

from your custombuild directory.

For anyone currently running Uebimiau (/webmail), we recommend either removing it, or at least disabling it.

cd /var/www/html
chmod 0 webmail
mv webmail webmail.disabled

Disabling with this command is a good option, in the event that someday, the project comes back to life and the issues are repaired, as there is user-data in /var/www/html/webmail/tmp. Renaming it to the webmail.disabled is done to hide the link for it within DA.

If you're running custombuild, don't forget to set:

uebimiau=no

in your options.conf so auto-updates (if you're using them) don't reinstall it.

You may want to give ample notice to your Users in case they have emails in their Uebimiau folders, as Uebimiau uses it's own internal storage system, and has it's own proprietary folders that can only be accessed by Uebimiau.

Thanks to tillo for finding these vulnerabilities and reporting them. Note that I won't be publishing them here because we don't want to give anyone any ideas for using them. The list of vulnerabilities is also apparently quite long, which is a factor in assuming that they won't be all fixed in a timely manner, if ever. Note that the project has been picked up and renamed to T-dah, but tillo informs me that their version has many/most of the same issues as Uebimiau.

If the project does resolve all of the issues, we will consider reinstating it.

Any updates of DirectAdmin will not be removing this software for you, if you already have it.
If you wish to remove it, it must actively be done by the server admin.

John

 

[Orbixx]

I never used it anyway, no big loss. Roundcube all the way!

 

[Randy]

The app was quite dirty. Some exploits:

• http://www.milw0rm.com/exploits/9493
• http://www.milw0rm.com/exploits/8944
• http://www.milw0rm.com/exploits/4846

 

[tillo]

Thank you for the prompt announcement and decision.

Randy: actually the first is not always possible, the second is not simple to exploit and the third was fixed in DA's last Uebimiau/T-dah distribution, but sadly there are others.
I will not release any information to anyone, please don't ask. I'm a fan of full disclosure, but not until there is a full fixed release from T-dah's team.

 

[tom3000]

How to migrate from webmail to roundcube

Is there a way or a script to move automatically the folders made in webmail to roundcube and then set the domain.com/webmail folder as default to point to roundcube? A lot of people is using uebimiau and we cannot simply get rid of the access when they have a lot of folders crated in uebimiau.

 

[scsi]

Never used it and never would let my customers use it. Glad its gone. Its junk.

 

[interfasys]

Hooray!
Would be good to replace it with Horde...

 

[Meesterlijk]

Beware that /var/www/html/webmail still is in a fresh DA install CentOS 5.4 (32bit) So you need to do the following to disable, and have a nice symlink from webmail to squirellmail:

cd /var/www/html; chmod 0 webmail; mv webmail webmail.disabled; ln -sf /var/www/html/squirrelmail /var/www/html/webmail

 

[propcgamer]

Thanks, good to get rid of this outdated software!

 

[DirectAdmin Support]

Thanks for the report.

I've found that the exim.sh was checking for /usr/local/directadmin/custombuild, and wouldn't install Uebimiau if that existed, but custombuild didn't exist yet, so I changed that out for /root/.custombuild.

I've updated all packages, so it should be ok now.

John

 

[gasoline]

Did not use it for several reasons. Squirrelmail is much better.

 

[questions]

now how do you tidy up the menu in the control panel and remove the link so you dont have two links that both go to squirrelmail (except one says uebimau)?

it's unprofessional to have two links like that...

i need the filename and line number to edit pls...

---

never mind, i deleted the directory for webmail and the link no longer appears

 

[DirectAdmin Support]

If /var/www/html/webmail does not exist, then the link goes away.

If you domain.com/webmail to go to squirrelmail, then change the Alias itself to point to squirrelmail (/etc/httpd/conf/extra/httpd-alias.conf)

John

 

[daveyw]

We don't use it, because Roundcube works much better in our opinion then the other default installed webmail clients.

 

[Dougy]

Hooray!
Would be good to replace it with Horde...

old.. but i 2nd this

 

[wsd]

Yes it would be great if we got Horde default

 

[daveyw]

Is there any way that the customers can 'move' or we can 'export' all the contacts and emails to another webmail client like Roundcube?

We have customers that are using contacts @ Uebimiau and email storage, and it doesn't show on other webmail clients.

 

[nobaloney]

I've been waiting to see if anyone else would respond, but I guess not.

For the email itself: All the other webmail clients available on DirectAdmin use IMAP, while Uebimiau uses it's own proprietary store. If I recall correctly, Uebimiau can be set up for either IMAP or for POP3. I don't know if you can change between them once installed (the DirectAdmin install is for POP3, because Uebimiau was originally chosen for DirectAdmin before DirectAdmin supported IMAP (and in fact that's why it was chosen; because it supported POP3). And if you can, if the propretary mail folders are switched as well. But that would be the first direction I'd study.

Contacts: I don't know if there's a standard for IMAP contacts or not; if so, then the above might work as well.

You can probably ask on any Uebimiau forum you can find.

Two other options, both time-consuming:

1. Create a local machine, download all the email from Uebimiau, then switch the account (on the local machine) to imap, and set it to duplicate all emails between local and server.

2. Find a script or scripts, or have someone write a script or scripts, to do the conversion.

Jeff

 

[cheepas]

We don't use it, because Roundcube works much better in our opinion then the other default installed webmail clients.

Thank you for this i've been looking for a new one and i'm going to give Roundcube a go

 

[bluenet]

Webmail Ubimiau

the webmail ubimiau not in the custombuild. They can put it so you can update and install it

Thank You