This seems to be the best place to post about a challenge I am facing. But I need a little input.
Virtualmin seems to have taken a backseat to Cloudmin. And Cloudmin is something I cannot, and would never want to use. Plus I’m prevented by law and customer requirements from using it.
Examples:
1.I have a lawyer whose business I got because he says that he’s required by law to know where his email, which contains confidential client information, is actually/physically located. When I took him to my server room and pointed to my Virtualmin server. He signed up.
2.I have an entire medical group. Which has more than a handful of Dr’s and their assistants, their communication with insurance and patients, and even their phone system connects to my server sending voicemail messages to the Dr’s smartphones. Just about all this contains confidential patient information. I again got their business because I was able to setup a VPN between their office and my server. Then the smartphones have a secure player program (provided by their phone system provider) so it’s secure all the way from their phone system to the Dr’s ear. I won’t go into the web site and it’s encrypted forms (how the patients communicate to them over the Internet). But let’s just say, it’s a very tight system. And I had to help develop a lot on my side to make it work.
But now I’ve got a problem.
One of the domains I host on Virtualmin was hacked. This customer considered themselves knowledgeable enough to maintain their own domain. They let one of their moron employees, with a common username, change his password to a dictionary word with Usermin. And someone in Germany got into the account and used it to send spam.
I caught this and stopped it in less than 12 hours (started while I was asleep), but the damage caused and the time I had to spend getting off blacklists. And the fact the hacker seems to have spread the word that he hacked into that system has kept me busy fending off other “attacks”, and trying to make sure all the other accounts are not being as stupid.
So… No more Mr. Nice-guy. I’m building a SSL only (very anal, and intentionally so. Requiring a SSL cert for every email account) email system to move all 5 of my email servers over to. I want it to also have groupware ability for the domains that want it. And the groupware needs to support SyncML & Activsync.
I know Horde can do SyncML (somewhat), and there’s Z-Push for Activesync. Both of which are available in Virtualmin “Install Scripts”. But I’ve been testing these and cannot get them to work. Maybe it’s because the people behind Virtualmin have been spending most of their time developing Cloudmin. The install script for Horde left out a lot of php-perl modules it needed. And it did not configure it correctly to access the IMAP server. And the Z-Push installed did not seem to be configured for anything. And there’s nothing I can find documenting how to set it up installed with the package. I have to use the Z-Push web site, which is lacking somewhat itself.
But maybe it’s because this server has been used all weekend for testing other packages. I’ve tried Kolab, Open-Exchange (OX), Zimbra and a few others. And found them all lacking in some way, or too much of a headache to manage for my needs.
And to be honest, since this server is for testing/development it’s behind a NAT firewall.
So I’m about to give Virtualmin another shot. This time giving it a public IP, but still behind a router I built using Shorewall so I can do port forwarding and blocking.
My Virtualmin license expires soon. I need to decide if I’m going to renew it since I’ve found GPL Virtualmin to do all I need for the other hosting.
So has anyone else had a similar challenge? If so, what did you find worked best for you?
And does Virtualmin have a future since Cloudmin seems to be the new, but useless to me, path being taken.
Thanks for any input!
Chuck