Valid HTML 4.01 Transitional
Personal Information Manager Software

Evaluating SOGo

James F. Carter <>, 2011-01-30

SOGo versus Ideal PIM Client

Comparing SOGo, mostly via its web interface, with my design for an ideal PIM suite:

PIM Object Types

Supports contacts (vCard), events (vCalendar), tasks (vTodo), but as far as I can see it doesn't do generic notes nor vJournal. The provided web client displays webmail from multiple external IMAP servers. It has semantically appropriate formatting for vCard and vEvent, but it is less advanced for vTodo; it displays them as events.

Multi-User Access

Multi-user access to the PIM objects is a standard feature. Read or write access can be given both to an explicit ACL or globally. I don't think host OS groups can be used in the ACLs.

Network Service to Wild Side

SOGo itself does not provide any offsite service; it's recommended to enforce this with a firewall blocking SOGo's port. Instead it relies on a separate webserver to act as a proxy and feed requests to it. Normally the server is Apache but nginx is also supported. Thus the wild side service is identical to what the host provides for any other web content. In particular, TLS is handled by the webserver using its own host certificate.

Protocols Supported

SOGo's wire format is RFC 2445 (iCalendar). The preferred request protocol is CalDAV. The CardDAV variant is supported for the contact list. GroupDAV is also supported, and a generic WebDAV client can extract the PIM objects, e.g. for backup. (Thunderbird's iCal protocol choice really means CalDAV, this being the native protocol of Mac OS-X's iCal PIM client/server.)

Outgoing mail is delivered by SMTP and is normally passed to a separate mail transfer agent such as Postfix. Incoming mail is stored by a separate delivery agent, and SOGo retrieves it via a separate IMAP server. Although SOGo is not supposed to talk to outside clients, it communicates with the local proxy webserver by normal HTTP.

Web Interface

There is a complete web UI from which all functions can be performed.

Client Interface

SOGo does not include a dedicated client. However, a major use case is through the Lightning plugin for Thunderbird. There is an enhanced version of Lightning with more features and/or better integration with SOGo.

Transitive Authentication

If SOGo is doing authentication itself, it uses the host OS's LDAP service. SOGo itself does not do transitive authentication. However, it can be configured to believe in authentication performed by the proxy, and Apache has several transitive authentication modules including X.509 and GSSAPI. If SOGo does the authentication and if conditions are met which need more investigation, it will have a Kerberos ticket for the authenticated user and can use it to get service from the IMAP mail server.

Client Support

Assuming correct client and server configuration, the iPhone's native PIM client can utilize the SOGo server for contacts, calendar, and (presumably) tasks. Thunderbird is the usual dedicated client on desktop Linux and on Windows. Android needs investigation but I'm optimistic.

PIM Object Storage

The PIM objects are stored in a central database belonging to SOGo. Not my preferred arrangement.

Object Extraction

The web UI has an easy control to export an entire address book or calendar (to be saved as a file by the web browser). It looks like the right procedure for exporting a single object is to create a temporary address book or calendar, copy the object into it, and export the temporary container.

Now, how do you attach a PIM object to outgoing mail? Surprisingly, importing and exporting mail attachments of PIM objects is not currently supported; you need to go through the above file intermediary. The procedure is detailed later on.

Also for backup, can the server enumerate the objects to be backed up, e.g. users who have address books? How can the backup process authenticate so as to extract those files, which would not be globally readable?

Conclusion: SOGo is the kind of PIM server I am looking for.

Usage Scenario

I'm repeating the trial I did of Citadel, by going through a sequence of operations that a client might actually do. Mostly these are using the web interface, and in fact I'm using the Android browser for the initial part of this test.

General Remarks

A general complaint about the SOGo web UI pages: they all set the body font including the size. I need a magnifying glass to see the glyphs on Android. It is incorrect to set the body font size. For ADA compliance you need to go along with the default size selected by the user, who may be visually impaired or who may have equipment different from what the web designer used.

Also, there is an awful lot of chatter; for example the login page has 2Mb of non-obvious content which comes from the server and most of which is sent back in the login form. This is a burden on a EDGE connection from a mobile phone. Similarly, the various UI pages transfer a lot of material even after it looks like the displayable images and form have been displayed.

Although there is an Installation Guide, there is no written documentation for the users, nor context help in the web UI. I'm afraid that there are functional and important features which my users will never discover, and which even I had trouble to get working, or failed to get working, or never noticed. Jimc paraphrasing a blog posting by Ray Ozzie, a then-new senior manager at Microsoft, dated 2005-10-28: The demand for compelling, integrated user experiences that just work. There is so much hardware and software in our life, we can't spoon-feed each item.

Connect via TLS

The Apache webserver handles the TLS connection. Pro forma, it has been tested with these clients:

Logging In

This test is using SOGo native authentication with LDAP. It works reliably.

Compose Webmail

Use the UI to compose a mail message and send it out.

Does composition go smoothly?

Yes, no problems.

Is the mail sent out?


Did the MTA use the authenticated mailing feature?

The mail was handed off to the local SMTP server (Postfix). From the work domain authentication is not required or used. From home, Postfix is configured to authenticate (with a X.509 certificate and key) on the work MX and relay the mail through it.

Did SOGo get the sender address right?

It sends from user@realm, using the realm it was configured for. At work this is the correct sender address. In my home setup I use my work IMAP and SMTP hosts. With SOGoMailAuxiliaryUserAccountsEnabled YES the individual user (me) was able to configure nonlocal IMAP account(s) and to specify the from address to be used in connection with mail from that account, i.e. when mail from that account is being displayed.

[NEED TO MOVE] At work each user's LDAP Person record includes, as a local hack, an attribute called mailSite naming the IMAP server host, and given the IMAPHostFieldName = mailSite declaration in the local SOGoUserSources list, SOGo uses this attribute to find the server, and uses the user's login password as a credential to the server.

Did SOGo get the recipient address right?


Does the message look like spam to the recipient?

Each user can configure SOGo to send the mail either as text/plain or text/html. vCards in the sender's address book also have a selection for which format the recipient prefers to receive, which I assume (without testing) overrides the sender's global preference.

The message does not have any gratuitous spammy garbage features.

Read Webmail

This worked competently.

Calendar using Web UI

This is all using the web client.

Calendar using GUI Client

Do these clients behave normally with calendars served from SOGo? (Both viewing and creating events.)

Contact List using Web Client

The evaluation is similar to the calendar case with these additions:

Contact List using GUI Client

Do these clients behave normally with contacts served from SOGo? (Both viewing and creating them.)

Task List using Webcit

Basically, the evaluation is the same as for the calendar, with these additions:

The task object for SOGo is handled identically to a calendar entry. There isn't any special task list semantics.

I would prefer to have tasks (with specific dates) appear on the calendar, but also to have a proper task list. Tasks should have more than just 3 priorities. Undated tasks are common.

Questions for the Developers

Webmail: Alternate Roles

I need to send mail from several from addresses, and in fact at home I always send from the realm at work. How does the individual user configure this? Can one of the addresses be set as the default?

See if alternate e-mail addresses does anything. No, that's for recipients, not senders.

Mailing PIM Objects

User A wants to mail a vEvent, vTodo, vCard, etc. to user B. When composing mail, how does A attach a PIM object? If A uses his hacking skills to accomplish this, it is displayed semantically appropriately (tested for vEvent), but how does B take the attached object into his PIM collection (calendar or address book)?

Purging Ancient Events

How do you purge ancient events? How do you configure the survival time? Can it be per event?

Calendar Search Box

Calendar list view, there is a box with a magnifying glass icon and a down triangle which, if clicked, shows a list with one member, Title or Description. When you type in it, it appears to be doing Ajax pre-queries. What is it for? I typed keywords from event titles (with the correct case), and entire event titles, but never got any matching events.

Foreign Mail Accounts

At home my mail is outsourced; at work my IMAP server is not the machine where I'm testing SOGo. I see the configuration option to identify the IMAP host from a field in the LDAP Persons record, but I have not yet gotten that configured. The GUI is set up so it could represent foreign IMAP servers such as Gmail. How can we make that happen for particular users?

Thanks to Pascal Gienger for this tip:

In the config file turn on SOGoMailAuxiliaryUserAccountsEnabled YES. Beware, passwords are stored in cleartext in your sql backend.

Then in Preferences - IMAP Accounts, a + and - button will appear in the panel listing accounts. Hit +. Fill out the form specifying the server. If you leave the password blank... It does not ask the user for a password. It attempts to connect to the IMAP server without a password, which the server rejects. This is poisonous for sogod: log file says ---. Restarted sogod; now the password is auto filled with 9 centered dots, same as for the primary account (which is not the length of my password). Here's exactly what happens when I hit save+close in Preferences, which causes a mail refresh:

  • In sogo.log;
    localhost - - [01/Mar/2011:21:22:46 GMT] "POST /SOGo/so/jimc/Mail/0/mailboxes HTTP/1.1" 200 170/0 0.081 - - 0 (client gets messages from primary mail server; there aren't any (correct), but the folders are shown.)
  • In process circle circulates, then gives up.
  • Hit Preferences; nothing is logged, and the window eventually shows 502 proxy error, timeout reading from remote server. But the SOGo master process is still running, and after 10 minutes it will restart the worker thread, if you don't restart it by hand.
  • After 3 minutes maillog on the remote IMAP server says:
    Mar 1 21:25:46 nasturtium dovecot: imap-login: Disconnected: Inactivity (no auth attempts): rip=, lip=, TLS handshaking

The cure: change TLS to SSL. What other bad consequences does this have?

In the middle panel if you change your e-mail address, then whenever a folder from that account is being shown, outgoing mail is sent from the configured address.

Task List

So far I haven't found any difference between tasks and calendar events. Is there a real task list view? A simple but effective example is Astrid on Android. If I were using SOGo's tasks at all, I would pick an arbitrary week, and use days to represent categories, and times within the day to represent the order of doing the tasks, kind of like the priority but (manually) accounting for how one step depends on a previous one being finished.