Open-Xchange Support

Find answers to your support questions here. Open-Xchange experts are ready to help you with OX App Suite, Dovecot Pro and OX PowerDNS issues.

How to contact the Open-Xchange Support 

In order to contact Open-Xchange support you will need two things: a license key and a customer ID. If you have already signed up for Open-Xchange support then you would have received an email containing both these items.

In case you have lost or haven’t received this email, please send an email to <info AT open-xchange DOT com> and ask for your license key details.

License Key
The License Key entitles you to use a purchased product and/or get updates. This entitlement is valid for a specified period of time and for a number of licensed users. It may also include the ability to contact Open-Xchange support too. Please note that Open-Xchange activates all provided license key.

Customer ID
The customer ID identifies you as an Open-Xchange customer and gives you access to the Open-Xchange Portal.

You are entitled to advanced support if you: have obtained one of Open-Xchange's support offerings; have registered all your support keys (you will have received these after purchasing your support offering) and have an issue with your Open-Xchange product. 

To contact Open-Xchange:

  1. Send an E-Mail to support(at)open-xchange.com 
  2. Provide the following information in the Email body:

Support Key: OX-SUPPORT-OR-LICENSE-KEY-XXX
Server: url of the machine
Server Version: server version or package list
Platform: Please choose one from possible values.
GUI Version: GUI version or package list
Category: Please choose one from possible values.
Severity: 1, 2, 3, 4
Track-ID: the customer's internal tracking number, e.g. from its Bugzilla
Product: Please choose one from possible values.

Steps to reproduce:
...

Current behaviour:
...

Expected behaviour:
...

Please note that Open-Xchange can only guarantee a fast responses if the report is submitted in English.

The severity of an incident determines the impact it has on your business and in turn the urgency we place on solving the incident.

Please note that Open-Xchange's response time depends on both the severity and your service level agreement.

If all information has been provided, and is clear, then you will receive a confirmation email directly from the Open-Xchange ticket system. This email will contain a ticket number that identifies this incident.

Open-Xchange Severity Levels


Severity 1

A complete outage and business can no longer be conducted. The system, or application, is not available, there are no workarounds and it affects all deployed users.

It can also means a security or general threat that poses a potential risk to the customers’ data integrity or privacy.

Note that a situation in which one or several servers do not operate correctly is not a Severity 1 issue unless the issue causes one of the above.

 

Severity 2

Operation is severely disrupted. A business critical component of the solution environment cannot be used by a majority of users.

 

Severity 3

Partial loss of non-critical functionality. This may impairs many operations but allows the licensee to continue to operate.

 

Severity 4

General usage questions; recommendations for enhancements/modifications or general information/supplementary data. This includes, but is not limited to, documentation and translation errors.

Self Service Support

Basic troubleshooting

If you experience issues with installation you may wish to try the following

Download and installation documentation

All installation and product documentation for the current OX App Suite, as well as other Open-Xchange products, is available at OX App Suite Download & Install.

Installation and product documentation for the older Open-Xchange Server 6 Generation is available at Open-Xchange Server 6 Download & Install.

Bug Reporting

If you are an Open-Xchange customer you have the possibility to file bug reports, via e-mail, to our support engineers. Please check How to contact the Open-Xchange Support for information on how to report a bug. The benefit to you is that reports are handled in the same as a regular support ticket. The Open-Xchange support team validates it and then provide you with progress updates on the filed report.

If you are not an Open-Xchange customer, or do not have specific support level agreements, please visit the Open-Xchange Bugzilla.

Security Patch Release

Open-Xchange takes security related topics very seriously. In order to provide customers, and their users, a safe and reliable working environment, security vulnerabilities are handled with a high priority and are covered by an optimized delivery process. We believe that security issues must be communicated openly, while at the same time protecting customers that may be affected by that issue.

Delivery
To provide input to the software security community we publish all security issues. This is done once the issue has been identified, a Patch Release has been provided to our customers, and they have had sufficient time to respond and roll out the Patch Release. It is for this reason that we have chosen a hybrid model of responsible-disclosure, and full-disclosure, when announcing vulnerabilities. Open-Xchange is very eager to get feedback from the security community about unknown issues. We are committed to resolve them quickly without bureaucracy or hassle. Vulnerabilities are discussed within Open-Xchange, prior to providing a Security Patch Release. This ensures that customers can request deployment information from their Support or Services contacts.

Metrics and Frameworks
When vulnerabilities are discovered, either internally at Open-Xchange or externally, they first get evaluated. We use industry standard metrics such as CVSS (Common Vulnerability Scoring System), CWE (Common Weakness Enumeration) and get identified by CVE-IDs (Common Vulnerability and Exposures). This information is then made available through Patch Release Notes, once the vulnerability has been solved. The Release Notes do not contain specific information about the vulnerability. This makes sure that customers are protected until public disclosure is attained.

Public Disclosure
Public disclosure is achieved by using the “Bugtraq” Mailing List. The posts contain detailed information about the vulnerability as well as a history of the vulnerabilities discovery process. These postings can be used to map CVE-Identifiers from the Release Notes with a detailed description of the vulnerability. The public announcement usually takes place within 5 to 10 business days after a Security Patch Release has been provided to all customers. To avoid exploitation of a known security issues, please make sure to update your systems to a Security Patch Release as quickly as possible.

Limitations
Please note that Security Patch Releases are provided for Open-Xchange software versions that are supported at the time of vulnerability discovery.

References

Personal Data Policy

According to German law, companies are forced to handle any (log) files from customers which contain data related to a third person or has any personal protection in a special way. Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person. Even so they have to be deleted once they aren't used any more. To fulfil this requirement, customers and support agents have to keep the readable ticket communication, in form of email/article body, subject or attachment names, free from any personal data. This can be every thing from names, email addresses, screen-shots, logs files and even credentials to system accounts. This personal data only has to be handed over in form of attachments which was common practice before. Transfer channels for personal data are attachments via the ticket system, attachment in encrypted emails or provided by protected download links. How to send encrypted emails via PGP is described here.

The integrity of an 'Incident Request' with all available data needs to be saved up to 90 days after a ticket was closed to ensure a holistic assessment in case of Contractual complaints. This time frame is mandatory and gives also the customer time for detailed tests. In case of reopening an incident within these three months all information is still available and needs not to be recollected by customers and end users.

Open-Xchange introduced a weekly deletion process, the deletion work on ticket attachments and on raw email files which are affected by attachments. The automatic deletion of all ticket attachments takes place weekly at Sunday and affects all tickets which are in a 'closed' state since 90 days.

Find more helpful links regarding our Support here.