Ok lets say the kopano-server is up, and the database server becomes somewhat unaccessible, or too busy running a big backup (mysqldump not setup correctly), you will get login prompt on iPhone with Z-Push asking for password.

So you may want to check that your database setup is good.

This is explained in the documentation

https://documentation.kopano.io/kopanocore_administrator_manual/backup_restore.html

mysqldump -u root -pYOURROOTMYSQLPASSWORD --single-transaction --routines kopano | gzip > /somewhere/you/want/this/stored/kopano_db_backup.sql.gz

So maybe your LDAP config is fine, just because it is your auth method does not mean it is broken, your database accessibility is equality just as important.

Another way this can happen is if you have Z-Push on a totally different box, and Z-Push would not be able to reach kopano-server port… it would also happen as well on mobile devices asking for re-login.

It is good to tell users to just press cancel and not type the password, it will preserve the original password in iOS. Just cancel and refresh the mail app.

Keep us posted. I may or may not be right in this case lol, I don’t use LDAP. But I’ve seen this problem before with devices on Z-Push.

Marc

@crankshaft just wondering…
is this an IPv6 Client? and if yes, can you test this user on a IPV4 connection then.

@mapo - Thanks - IMAP is the default for us, we all use Thunderbird IMAP, the webapp was enabled (I just disabled it) but Thunderbird is preferred due to the ability to have multiple email accounts, identities etc etc

My config file looks identital except the difference I mentioned few days ago.

But what’s interesting here is that your dagent log is showing the autorespond is executing.

I wonder what else could be the issue. What about your kopano-dagent config file? Have you ever customized settings in there?

There has to be a way to debug this further.

I found the table.

The users are saved in the “objectproperty” table.
Example of finding a user, by e-mail:

use "Kopano"; select * from objectproperty where propname = "emailaddress" and value = "EMAIL@ADDRESS"; select * from objectproperty where propname = "password" and objectid = 12;

Example of changing the password, with a new hashed password:

update objectproperty set value = "247a46027b07580993c84382d6a9f9ef34da20a9" where propname = "password" and objectid = 12;

The hashed password in the database are like this:

[salt, 8 bytes][MD5 hashed password, 32 bytes]

This is my example C# class:

using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; using System.Text; namespace RpcScandinavia.Test; #region RpcKopano //---------------------------------------------------------------------------------------------------------------------- // RpcKopano. //---------------------------------------------------------------------------------------------------------------------- /// <summary> /// Utility class for the Kopano mail system. /// </summary> class RpcKopano { #region User password methods //------------------------------------------------------------------------------------------------------------------ // User password methods. //------------------------------------------------------------------------------------------------------------------ /// <summary> /// Validates the password with the hashed password. /// The hashed password is read from the Kopano database. /// </summary> /// <param name="password">The clear text password.</param> /// <param name="hashedPassword">The hashed password.</param> /// <returns>True when the passwords match, false when they do not match.</returns> public Boolean ValidateHashedPassword(String password, String hashedPassword) { // Get the salt from the hashed password. Byte[] salt = this.GetSaltFromHashedPassword(hashedPassword); // Hash the password. String compareHashedPassword = this.GetHashedPassword(salt, password); // Return true if the two hashed passwords match. return compareHashedPassword == hashedPassword; } // ValidateHashedPassword /// <summary> /// Hashes the password, using a random salt. /// The hashed password can be saved in the Kopano database. /// </summary> /// <param name="password">The clear text password.</param> /// <returns>The hashed password.</returns> public String GetHashedPassword(String password) { Byte[] salt = this.GetSalt(); String hashedPassword = this.GetHashedPassword(salt, password); return hashedPassword; } // GetHashedPassword /// <summary> /// Hashes the password, using the salt. /// The hashed password can be saved in the Kopano database. /// </summary> /// <param name="salt">The salt, must be 8 bytes long.</param> /// <param name="password">The clear text password.</param> /// <returns>The hashed password.</returns> public String GetHashedPassword(Byte[] salt, String password) { // Validate. if (salt == null) { throw new ArgumentNullException(nameof(salt)); } if (salt.Length != 8) { throw new ArgumentException($"The salt should be 8 bytes long."); } if (password == null) { throw new ArgumentNullException(nameof(salt)); } if (String.IsNullOrWhiteSpace(password) == true) { throw new ArgumentException($"The password is empty."); } // Combine salt and password bytes. Byte[] passwordBytes = Encoding.UTF8.GetBytes(password); Byte[] saltAndPassword = new Byte[salt.Length + passwordBytes.Length]; salt.CopyTo(saltAndPassword, 0); passwordBytes.CopyTo(saltAndPassword, salt.Length); // Calculate the MD5 hash. Byte[] hashedPasswordBytes = HashAlgorithm.Create("MD5").ComputeHash(saltAndPassword); // Convert the salt and hash to strings. String saltString = Encoding.UTF8.GetString(salt) .ToLower(); String hashedPassword = BitConverter.ToString(hashedPasswordBytes) .Replace("-", "") .ToLower(); // Return the MD5 hash as a string, with the salt prefixed. return saltString + hashedPassword; } // GetHashedPassword /// <summary> /// Gets the salt from the hashed password. /// The hashed password is read from the Kopano database. /// The salt is the first 8 bytes, of the hashed password. /// </summary> /// <param name="hashedPassword">The hashed password.</param> /// <returns>The salt.</returns> public Byte[] GetSaltFromHashedPassword(String hashedPassword) { // Validate. if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); } if (hashedPassword.Length != 40) { throw new ArgumentException($"The hashed password should be 40 characters long."); } // Get the first eight bytes, which is the salt. Byte[] saltBytes = Encoding.UTF8.GetBytes(hashedPassword.Substring(0, 8)); // Return the salt. return saltBytes; } // GetSaltFromHashedPassword /// <summary> /// Gets a new random salt, 8 bytes long. /// </summary> /// <returns>The salt.</returns> public Byte[] GetSalt() { // Generate random 4 bytes. Random random = new Random(); Byte[] salt = new Byte[4]; random.NextBytes(salt); // Convert into HEX string. String saltString = BitConverter.ToString(salt) .Replace("-", "") .ToLower(); // Return the HEX string as a byte array. // This makes the original 4 bytes 8 bytes long. return Encoding.UTF8.GetBytes(saltString); } // GetSalt #endregion } // RpcKopano #endregion

@ldsam No, nothing new. Waitig for a fix ;-) And no time left at the moment for debugging on my own.

@sky-t
// kopano dagent in main.cf
virtual_transport = lmtp:127.0.0.1:2003
mailbox_transport = lmtp:127.0.0.1:2003

Ich kann dir gerne meine vollständige main.cf geben, macht allerdings nur wenig Sinn, da ich eine sehr spezielle Konfiguration für MariaDB und Active-Directory nutze. Schau dir besser mal den ISPmail Guide auf www.workaround.org an.

@thctlo
I used a Container for Debian 10 on proxmox. After I switched to a normal vm-installation. It works. Don’t know why.

Kopano up and running.

Hi @junglemarc ,
I did the backups with
kopano-backup --user … --output-dir …
One backup includes the period from 2000 to 2015 and the other from 2016 to today.
I want put them together. Two user in one user.
Greetings, Thomas

Hi @Thomas-M
you are right. This is indeed the modification date.
Unfortunately there is no switch to only backup a defined timeframe from a calendar.

regards
Mathias

I came across this discussion yesterday. In version 8.7.21 changes were made in the code for Kerberos, these changes corrupt the Kerberos authentication in Kopano. Can be found in the git repository https://github.com/Kopano-dev/kopano-core/commit/6f5412a63b750ff45206b085a3a195835322f98c . Unfortunately Kopano did not detect this during testing or Kopano does not care.

In my opinion this is bad behaviour.
It’s not only “a few seconds”, loading search folders can be up to 10 minutes with our database size.
There should be some logic for server (re-)starts.

For sure you’ll need to get acquainted with postfix and fetchmail.
I would recommend you check the tutorials that matches the distro you are on.

Get this done as building block, before moving forward with the Kopano install.

Or how about subscribing for a license of 10 users, then you could use some support time units with Kopano, they are good and masters this topic with great clarity, they could set this up in a fraction of time. And you’d learn along the way.

All depending how much you are ready to accelerate things. Either way you’ll be learning. Keep us posted

@nils50122
Here’s a sample of my Spamd file.

server_socket = https://server:237 sslkey_file = /certs/core/spamd.pem run_as_user = kopano run_as_group = kopano log_level = 4 log_file = /logs/kopano/spamd.log log_timestamp = yes sa_group = kopano header_tag = X-Spam-Status ham_dir = /data/spamd/ham spam_dir = /data/spamd/spam spam_db = /data/spamd/spam.db

I’m using RSPAMD instead of Amavis/Spamassassin.

This link might be useful (towards the bottom) on how to integrate RSpamd with Kopano Spamd.

Investigated it:
libical3 v 3.0.5 was shipped from Kopano-Supported-Repository for Debian 9.
For Debian 10 there is that library missing in the Kopano Reporitory.
Debian native ships with v3.0.4 with has correct dependency to libicu63.
So when updating from Debian 9 to Debian 10 there is a newer version of libical wihch stays installed and pulls old dependencies.

@apio-sys said in Autoresponder failed:

Woul

i would recommend you keep AA enabled and configure it.
Main reason for that is, when any kernel upgrade comes, it 9 out of 10 times it also installs AA again.
when its not correctly disable (what also often happen) you hit problems again…

Hi zolo
I would export the attachments and db and import them into a new installed 8 version. Similar to a server move. If that is not possible due to the versioning I would test Kopano backup and restore, then via a client, via Outllook pst export import. I myself do not use Outlook ;)