KeyHelp® Updates - Increased server performance, more secure hosting

by Alexander Mahr

Since last week the new KeyHelp main version 22.1 is available for installation. In addition, there have been further releases of smaller hotfix updates in the past time.

Below you will find an overview of selected features and improvements of these updates.

  • Enhancement of command line functionality
    The "keyhelp" command provides access to an additional command line utility.
    This gives you access to useful functions such as these:

    • keyhelp login [username]
      This command creates a URL that you can use to log into the KeyHelp account of your choice immediately, without first entering a password or username.
      Without [username], URLs are generated for the first main administrator.
    • keyhelp run [name]
      This command runs the maintenance interval with the specified name. Without [name], the maintenance interval "update" is called.

    The mentioned tool is designed for non-interactive use. The application "keyhelp-toolbox" is still available as an interactive console application. Here, improvements have been made with the update as well.
  • Increased web server performance
    The Multiple Processing Module (MPM) is used by the Apache web server to determine how incoming requests are processed. Depending on which MPM is used, this can affect the performance and resource usage of the server.
    With the new version, it is now possible for administrators to select the Multiple Processing Module via the KeyHelp interface.
    Default for new installations since KeyHelp 22.1 is the module "mpm_event". This module ensures optimal resource usage and optimizes the page loading speed of all websites on the server. For compatibility with older software, the modules "mpm_worker" and "mpm_prefork" are also available.

    You can access the settings via "Settings" → "Configurations" → "System" → "Web Server".
  • New backup features
    In the backup settings you will now find a new menu item that can help you in case of problems while using the backup system.
    For example, if during a backup operation the process is interrupted for unexpected reasons (e.g. server restart, etc.), manual intervention may become necessary. Previously, these operations had to be triggered via console commands. Now you can ensure problem-free backup creation again with just a few clicks.

    You can access the settings via "Settings" → "Backup" → "Troubleshooting".

    Furthermore, after each backup run you will now learn to what extent the size of the backup repository has changed and can quickly evaluate whether an expansion of the backup storage will be necessary.

    This information is available under "Settings" → "Backup".
  • Improvements in the email system
    In older KeyHelp versions, email clients could self-decide which internal folders to use for the special "Drafts", "Spam" and "Trash" directories.
    This could mean that as soon as an email account was accessed by different email clients from different vendors, each client potentially chose its own preference.
    This not only affected the readability for the human viewer, but could also result in the automatic spam filter training for that account not being able to be completed.
    With the new KeyHelp release, email clients are instructed to use consistent directories to counteract the above issues.

    New update-safe customization options are now available for Roundcube Webmailer. You can now configure your own images for different areas of the Roundcube user interface, thus optimally adapting the webmailer to your corporate identity.

    You can access the settings via "Settings" → "Configurations" → "Tools" → "Webmail".
  • Security relevant change of the "FollowSymLinks" directive
    In the Apache web server configurations, you can use the "FollowSymLinks" directive, which allows the web server to follow symbolic links. However, using this directive poses a significant security risk, especially on shared hosting systems. Malicious users could use it to read data from other users on the server by cleverly creating symbolic links. For the stated reason, the use of the " FollowSymLinks" directive is prohibited by default on KeyHelp systems since the update to 22.0.1. As an alternative, the less critical "SymLinksIfOwnerMatch" should be used instead.

    The critical directive is often found in .htaccess files placed on the server. So, to ensure the functionality and security of websites on a KeyHelp system, all critical .htaccess files have been modified and "FollowSymLinks" has been replaced by "SymLinksIfOwnerMatch" as part of the update to version 22.0.1 and 22.1. You were informed about which files in particular were affected by your KeyHelp system in the course of the update routine.

An overview of all changes can be found in the change log at