[horde] Horde stops working if firewall blocks external domain

Vilius Sumskas/LNK vilius at lnk.lt
Tue Feb 21 08:32:07 UTC 2017 

> From: Louis-Philippe Allard <lp.allard.1 at gmail.com>
> To: horde at lists.horde.org
> Date: 2017.02.21 03:34
> Subject: Re: [horde] Horde stops working if firewall blocks external 
domain
> Sent by: "horde" <horde-bounces at lists.horde.org>
> 
>   Quoting Michael J Rubinsky <mrubinsk at horde.org>:
> 
> > Quoting Louis-Philippe Allard <lp.allard.1 at gmail.com>:
> >
> >> Quoting Simon B <simon.buongiorno at gmail.com>:
> >>
> >>>  
> >>>
> >>> On 13 Feb 2017 16:02, "Louis-Philippe Allard" 
> >>> <lp.allard.1 at gmail.com> wrote:
> >>>> Hello list,
> >>>>
> >>>> I have a Horde Webmail 5.2.17 up to date running on a Centos 7 
> >>>> VPS.  MySQL database is hosted on another VPS ont he same LAN.  
> >>>> Communication between VPS'es is 100% functional without any issues.
> >>>>
> >>>> Once in a while I login to Horde which uses IMP as my auth 
> >>>> application. IMP uses my Gmail account to authenticate me to 
> >>>> Horde.  All has been working well until I made some changes to my 
> >>>> firewall and added the domain "ssl.google-analytics.com[1]" to a 
> >>>> block list (it is part of an automated blocklist feed from 
> >>>> iblocklist.com[2]).
> >>>>
> >>>> What happens is that I am working in Horde (calendar, emails, 
> >>>> tasks, etc) then all of a sudden, connectivity stops, the apps 
> >>>> are not responding, and I see the red popup at the bottom corner 
> >>>> of the screen saying "Error communicating with server".
> >>>>
> >>>> I have successfully connected this type of incident with the 
> >>>> firewall logs and indeed it is when "ssl.google-analytics.com[1]" 
> >>>> is blocked.
> >>>>
> >>>> My question is: why is horde insisting to connect to an outside 
> >>>> domain (google's in this case) when it is not necessary?  All 
> >>>> data is stored in a local LAN database, and the VPS is also on 
> >>>> LAN.  Actually, I would expect only IMP and the emails to cease 
> >>>> working if it ***really*** needs to use 
> >>>> "ssl.google-analytics.com[1]" to function...
> >>>>
> >>>> That looks sketchy to me...
> >>>>
> >>>> Anybody can shed some light on this?
> >>>
> >>> Sounds like you, or an administrator added Google analytics 
> >>> scripts to your Horde installation.
> >>>
> >>> But as I remember you use Horde to interface to gmail's IMAP 
> >>> servers, so that might also be an issue..
> >>>
> >>> Simon
> >>
> >> Helli Simon,
> >>
> >> So if I added Google analytics scripts to my horde install, that 
> >> was automatically when installing Horde webmail, and I dont want 
> >> that stuff here...
> >
> > This is not something that Horde adds. The only place in our entire 
> > source tree that 'google-analytics' appears is in a unit test for 
> > testing RSS feeds.
> >
> >> How do I check that?
> >
> > Use grep to search your horde and pear directory for 
'google-analytics'.
> >
> >> I wonder why would using horde to interface to Gmail's servers 
> >> would require google-analytics?
> >>
> >> Links:
> >> ------
> >> [1] http://ssl.google-analytics.com
> >> [2] http://iblocklist.com
> >> Louis-Philippe Allard
> >> lp.allard.1 at gmail.com
> >> Sent using Horde Groupware on GNU/Linux
> >> --
> >> Horde mailing list
> >> Frequently Asked Questions: http://horde.org/faq/
> >> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
> >
> > --
> > mike
> > The Horde Project
> > http://www.horde.org
> > 
https://www.facebook.com/hordeprojecthttps://www.twitter.com/hordeproject
> 
> OK I have done a filesystem search and found these:
> 
> /var/www/html/horde/js/map/theme/default/google.css
> /var/www/html/horde/js/map/theme/default/google.tidy.css
> /var/www/html/horde/js/map/google.js
> /var/www/html/horde/themes/default/graphics/google.png
> 
> Are those to worry about?

These should be fine. You should search all file content for 
'google-analytics' instead.
 
> Also, this doesnt answer why everything stops working because Horde 
> has troubles communicating with the outside (some google domain or 
> whatever).  Why does Kronolith stops responding?  Why Turba stops 
> responding?  Only IMP uses Gmail as the backend server for emails, all 
> other data is stored locally.

It's hard to tell because it looks like a 3rd party modification. There is 
nothing in native Horde code that does that. You need to track this on all 
levels. Try different browsers or browsers without plugins. Track browser 
requests in browser developer tools. Check HTTP server requests, etc.

>   Louis-Philippe Allard
> lp.allard.1 at gmail.com
> Sent using Horde Groupware on GNU/Linux
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list