openDesk 1.15 - Further improvements for collaborative work

Projects

With Open Project 17.4.0, work with backlogs and sprints has been further revised in addition to the elimination of errors. For example, backlog buckets were introduced as a new feature, making it possible to divide the backlog into specially defined lists and thus sort particularly long backlogs.

Furthermore, work packages in the backlog can now also be moved completely via drag & drop and can therefore be assigned to sprints more easily. In addition, a button has been added to the sprint header that allows sprints to be started and finalised directly in the Backlog & Sprints view.

Another notable feature that has been added to the project dashboard is the new "My meetings" widget, which informs you of upcoming meetings directly in the project overview.

As a further improvement, workflow settings can now also be transferred between roles. This helps administrators to establish consistent workflows across roles without having to make manual adjustments.

All changes can be found in the release notes of Open Project 17.4.0.

Mail & Calendar

With the update of Open-Xchange to version 8.48, support for shared accounts for mail and calendar has now been added.

For Android mobile devices, support for DAVx⁵ Select has now also been added, which enables simplified synchronisation of CalDAV/CardDAV directly from the app suite.

A detailed overview of the changes can be found in the Open-Xchange changelogs.

Files

Nextcloud has been upgraded to version 32.0.9 with this update, which is primarily associated with greater stability and bug fixes.

The Nextcloud changelog can be found in the release notes.

Deployment

Support of the proxy protocol for correct source IP addresses in Postfix

Motivation

For spam protection, openDesk relies on integrating Postfix and rspamd via the Milter protocol. In this setup, Postfix forwards, among other things, the source IP address of incoming connections to rspamd so that checks such as DKIM, rDNS, and SPF validation can be performed reliably.

In traditional deployments, this source IP corresponds to the actual client IP. In Kubernetes environments, however, applications are typically not exposed directly but are instead operated behind a load balancer or proxy. Without support for the proxy protocol, Postfix therefore only sees the IP address of the upstream load balancer instead of the real client IP.

As a result, rspamd does not receive the correct information for spam detection, and checks may fail or lose reliability. A typical example is the use of a TCP load balancer with proxy protocol enabled, as described,for example, in the STACKIT Kubernetes Engine documentation.

Change

The new Helmfile value technical.postfix.smtpdUpstreamProxyProtocol was introduced with this release.

This setting can be used to activate the HAProxy Proxy Protocol in Postfix so that Postfix can take over the original source IP addresses from the upstream LoadBalancer.

This means that Postfix and rspamd once again have the correct client IP addresses available for spam detection.

Notes for operators

Scenario 1: External spam control before openDesk

If spam control already takes place before openDesk, no changes or migration steps are necessary.

Scenario 2: Use of rspamd within openDesk

If the Helmfile values smtp.spamMilter.* are used to integrate rspamd for spam control, for example, it is recommended to activate the proxy protocol. This is the only way Postfix and rspamd can work with the actual source IP addresses.

This is important:

• The configuration must be set identically both in the Kubernetes cluster or LoadBalancer and in openDesk.

• The proxy protocol must be either activated or deactivated on both sides.

• A misconfiguration will result in Postfix not processing incoming connections correctly.

Changelog

You can find the complete changelog on openCode.