Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Concept configuration of Postfix with Smarthosts

    General Discussion
    5
    39
    8231
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hispeed
      hispeed last edited by hispeed

      Hi,

      With verbose I recieve this:

      fetchmail@svgwma-kopa-02:~$ fetchmail -f fetchmail-accounts
      Sat Jun  2 07:43:32 2018: [info   ] Coredump status left at system default.
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient binding socket
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient bound socket to /tmp/.32877d08a35722c.sock
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] Submit thread started
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient thread started
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] PYTHONPATH = /usr/share/kopano-dagent/python
      Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python type: (null)
      Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python error: No module named MAPI
      Sat Jun  2 07:43:32 2018: [11417] [crit   ] K-1732: Unable to initialize the dagent plugin manager: Unknown error code (1).
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminating
      Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminated
      

      I will check if I can update Kopano and test again…

      EDIT 1:

      I download via wget the newest kopano-core and then made the package and installed it.
      This worked fine so far. After the installation the system user on Ubuntu 18.04 had a new Password <- why?

      Now when I want to login via Webapp I recieve this error:

      Unknown MAPI Error: MAPI_E_NOT_FOUND

      When I make this: kopano-admin --create-store hispeed

      Then I recieve:

      kopano-admin: relocation error: kopano-admin: symbol _ZN2KC21GetAutoAcceptSettingsEP9IMsgStorePbS2_S2_S2_ version KC_8.6.80 not defined in file libmapi.so.1 with link time reference
      

      It’s getting worser from day to day ;=)…

      1 Reply Last reply Reply Quote 0
      • hispeed
        hispeed last edited by hispeed

        Yes yes yes…

        I don’t believe it I can now recieve. I updated the whole Ubuntu and restartet. Then I had to change something in the config from Kopano. Attachament stored as File (I made there a change earlier). I’m sure I can switch that to database later.
        Restarting everything and now I can recieve e-mails.

        Thanks so far for everyone. There are still a few questions open like: why the kopano user gets a new password after update?

        Now I have to figure out how I can send E-mails… For this I’m going to use postfix.

        Postfix i’m back in trouble :D! Yes something is wrong in my postfix configuration.

        Jun  3 16:20:58 svgwma-kopa-02 kopano-server[2270]: message repeated 9 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
        Jun  3 16:21:01 svgwma-kopa-02 postfix/pickup[10947]: A6A46320DFE: uid=0 from=<root>
        Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: A6A46320DFE: message-id=<20180603162101.A6A46320DFE@svgwma-kopa-02.mydomain.me>
        Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
        Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
        Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: A6A46320DFE: to=<root@mydomain.me>, orig_to=<root>, relay=localhost[::1]:2003, delay=0.18, delays=0.03/0.01/0.06/0.07, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
        Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: CE28C320DFF: message-id=<20180603162101.CE28C320DFF@svgwma-kopa-02.mydomain.me>
        Jun  3 16:21:01 svgwma-kopa-02 postfix/bounce[10962]: A6A46320DFE: sender non-delivery notification: CE28C320DFF
        Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: from=<>, size=2791, nrcpt=1 (queue active)
        Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: removed
        Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
        Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: CE28C320DFF: to=<root@mydomain.me>, relay=localhost[::1]:2003, delay=0.11, delays=0.01/0/0.06/0.05, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
        Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: removed
        
        

        EDIT: 3
        Gerald or someone else:

        Do you have a sample of the postfix configuration?

        1 Reply Last reply Reply Quote 0
        • martimcfly
          martimcfly @hispeed last edited by

          @hispeed let me know when you need advice

          1 Reply Last reply Reply Quote 0
          • thctlo
            thctlo last edited by

            Postfix offers SMTPUTF8 support, kopano LMTP not.
            Set in postfix smtputf8_enable = no restart postfix and its fixed. ;-)

            1 Reply Last reply Reply Quote 0
            • hispeed
              hispeed last edited by

              Hi martimcfly,

              Yes I need help. My configuration looks like that at the moment:

              # See /usr/share/postfix/main.cf.dist for a commented, more complete version
              
              compatibility_level = 2
              
              mydomain = mydomain.me
              myorigin = $mydomain
              mynetworks = 127.0.0.0/8, [::1]/128
              smtp_host_lookup = dns, native
              
              mailbox_size_limit = 0
              message_size_limit = 52428800
              
              delay_warning_time = 4h
              unknown_local_recipient_reject_code = 450
              maximal_queue_lifetime = 7d
              minimal_backoff_time = 1000s
              maximal_backoff_time = 8000s
              
              # header_checks = regexp:/etc/kopano/postfix/header_checks
              # body_checks = regexp:/etc/kopano/postfix/body_checks
              
              alias_maps = hash:/etc/aliases
              virtual_alias_maps = hash:/etc/kopano/postfix/valiases
              
              virtual_mailbox_domains = /etc/kopano/postfix/vdomains
              virtual_transport = lmtp:localhost:2003
              
              smtpd_banner = $myorigin ESMTP
              smtpd_helo_required = yes
              smtpd_client_restrictions = permit_mynetworks
              smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
              smtpd_sender_restrictions = reject_unknown_address
              smtpd_recipient_limit = 16
              smtpd_soft_error_limit = 3
              smtpd_hard_error_limit = 12
              
              smtp_tls_security_level = may
              smtp_sasl_auth_enable = yes
              smtp_sender_dependent_authentication = yes
              smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
              sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
              smtp_use_tls = yes
              smtp_tls_enforce_peername = no
              smtp_sasl_security_options = noanonymous
              smtp_helo_timeout = 120s
              
              # Korrekturen
              smtputf8_autodetect_classes = verify
              

              I need to use this two lines or something similar:

              smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
              sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
              

              With this config it doesn’t work. Postfix keeps telling me that the user doesn’t exist in Kopano. But I have created a user with this e-mail.

              Thanks for your ideas…

              1 Reply Last reply Reply Quote 0
              • thctlo
                thctlo last edited by

                Have you even tried what i did say… :-/

                Your logs show:
                host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME

                kopano-lmtp does NOT support SMTPUTF8 and you mail is rejected.

                What you see in your logs is correct.

                https://forum.kopano.io/topic/1262/kopano-smtputf8-support
                Already reported this some time ago.

                1 Reply Last reply Reply Quote 0
                • thctlo
                  thctlo last edited by thctlo

                  and about you postfix config. this part needs serious fixing, this is not ok.

                  smtpd_helo_required = yes
                  smtpd_client_restrictions = permit_mynetworks
                  smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
                  smtpd_sender_restrictions = reject_unknown_address
                  

                  I suggest and this is a verified config by the postfix list.
                  i have more but this is a working setup

                  smtpd_delay_reject = yes
                  
                  # Obey the RFC's. any hostname should have an A and/or MX and/or PTR ( or resolvable CNAME ) 
                  # see RFC https://tools.ietf.org/html/rfc2821#section-2.3.4  and 2.3.5 
                  smtpd_client_restrictions =
                      permit_mynetworks,
                      reject_unauth_destination,
                      reject_non_fqdn_hostname,
                      reject_unknown_hostname,
                      reject_invalid_hostname,
                      reject_unauth_pipelining
                  
                  smtpd_helo_required = yes
                  smtpd_helo_restrictions =
                      permit_mynetworks,
                      reject_unauth_destination,
                      reject_invalid_helo_hostname,
                      reject_non_fqdn_helo_hostname,
                      reject_unknown_helo_hostname,
                      reject_unauth_pipelining
                  
                  smtpd_sender_restrictions =
                      permit_mynetworks,
                      reject_unauth_destination,
                      reject_non_fqdn_sender,
                      reject_unknown_sender_domain,
                      reject_unknown_address,
                      reject_unauth_pipelining
                  
                  smtpd_recipient_restrictions =
                      permit_mynetworks,
                      reject_unauth_destination,
                      reject_non_fqdn_recipient,
                      check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                      reject_unknown_recipient_domain,
                      reject_multi_recipient_bounce,
                      reject_unlisted_recipient,
                      reject_unverified_recipient
                  
                  smtpd_relay_restrictions =
                      permit_mynetworks,
                      reject_unauth_destination,
                      check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                      reject_multi_recipient_bounce,
                      reject_non_fqdn_hostname,
                      reject_invalid_hostname,
                      reject_invalid_helo_hostname,
                      reject_non_fqdn_sender,
                      reject_non_fqdn_recipient,
                      reject_unknown_sender_domain,
                      reject_unknown_recipient_domain,
                      defer_unauth_destination
                  ##
                  smtpd_data_restrictions =
                      reject_unauth_pipelining,
                      reject_multi_recipient_bounce
                  ##
                  smtpd_etrn_restrictions =
                      permit_mynetworks,
                      reject
                  

                  Now, your internet ready.

                  1 Reply Last reply Reply Quote 0
                  • hispeed
                    hispeed last edited by hispeed

                    @thctlo yes this does fix this error if I add this line. But still there are some other issues.

                    @martimcfly I have copied now your configuration. How do I now create the check_recipient_access-allow.map?
                    Where do I define the passwords and login data for my different mail accounts?

                    At the moment I get this error:

                    Jun  4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on "file:///var/run/kopano/search.sock"
                    Jun  4 17:53:25 svgwma-kopa-02 kopano-server[12291]: message repeated 5 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/pickup[26277]: D3277320E04: uid=0 from=<root>
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/cleanup[26505]: D3277320E04: message-id=<20180604175401.D3277320E04@svgwma-kopa-02.localdomain>
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: from=<root@svgwma-kopa-02.localdomain>, size=757, nrcpt=1 (queue active)
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: D3277320E04: to=<root@svgwma-kopa-02.localdomain>, orig_to=<root>, relay=local, delay=0.06, delays=0.02/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
                    Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: removed
                    

                    EDIT:
                    @fbartels Can you help me with this: Jun 4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on “file:///var/run/kopano/search.sock” ?
                    -> This is solved with: Search Socket Error

                    On the images you see my old Zarafa config, which is running right now. This works fine for me. Maybe there’s a security risk somewhere I don’t know. First I need to create that on Kopano and then I can add security.

                    0_1528135898230_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix.jpg
                    1_1528135898231_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix_2.jpg

                    Update:
                    SSL self-signed = Is working
                    Z-Push 2.4.2 = Is working with Ubuntu 18.04 (No official build I took: 16.04 version)
                    Deskapp = Is working
                    Cron Job for Fetchmail = Is working

                    To do:
                    Send E-Mails ;=)

                    1 Reply Last reply Reply Quote 0
                    • hispeed
                      hispeed last edited by

                      Sorry to disturb everyone again…

                      I’m still workin on my postfix configuration. I can’t send e-mails I get at the moment this error:

                      Jun  6 19:30:01 svgwma-kopa-02 postfix/cleanup[3494]: 9A8FD320E71: message-id=<20180606193001.9A8FD320E71@svgwma-kopa-02.mydomain.me>
                      Jun  6 19:30:01 svgwma-kopa-02 postfix/qmgr[3482]: 9A8FD320E71: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
                      Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: connect to 127.0.0.1[127.0.0.1]:2003: Connection refused
                      Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: 9A8FD320E71: to=<root@mydomain.me>, orig_to=<root>, relay=none, delay=0.03, delays=0.02/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2003: Connection refused)
                      

                      Maybe I have to configure something in the master.cf? I have added there some lines which I have in my Synology set-up. Unfortunately I doesn’t help.

                      nano /etc/postfix/master.cf

                      # From Synology / Zarafa4h Docker Image Configuration
                      smtp-amavis     unix    -       -       -       -       2       smtp
                        -o smtp_data_done_timeout=1200
                        -o smtp_send_xforward_command=yes
                        -o disable_dns_lookups=yes
                        -o max_use=20
                      
                      127.0.0.1:10025 inet n  -       -       -       -       smtpd
                        -o content_filter=
                        -o local_recipient_maps=
                        -o relay_recipient_maps=
                        -o smtpd_restriction_classes=
                        -o smtpd_delay_reject=no
                        -o smtpd_client_restrictions=permit_mynetworks,reject
                        -o smtpd_helo_restrictions=
                        -o smtpd_sender_restrictions=
                        -o smtpd_recipient_restrictions=permit_mynetworks,reject
                        -o smtpd_data_restrictions=reject_unauth_pipelining
                      

                      Postfix config:

                      # Set compatibility level 2 because we don't want to use old configurations
                      compatibility_level = 2
                      
                      # Domain and network settings
                      mydomain = mydomain.me
                      myorigin = $mydomain
                      mynetworks = 127.0.0.0/8, [::1]/128
                      
                      # Mailbox limits
                      mailbox_size_limit = 0
                      message_size_limit = 52428800
                      
                      # Various settings
                      delay_warning_time = 3h
                      unknown_local_recipient_reject_code = 450
                      maximal_queue_lifetime = 5d
                      minimal_backoff_time = 1000s
                      maximal_backoff_time = 8000s
                      
                      # Header and Body Checks
                      # header_checks = regexp:/etc/kopano/postfix/header_checks
                      # body_checks = regexp:/etc/kopano/postfix/body_checks
                      
                      # Alias maps and virtual aliases
                      alias_maps = hash:/etc/aliases
                      virtual_alias_maps = hash:/etc/kopano/postfix/valiases
                      virtual_mailbox_domains = /etc/kopano/postfix/vdomains
                      virtual_transport = lmtp:localhost:2003
                      
                      # smtp settings
                      smtpd_banner = $myorigin ESMTP
                      smtpd_delay_reject = yes
                      smtputf8_enable = no 
                      smtp_host_lookup = dns, native
                      smtpd_recipient_limit = 16
                      smtpd_soft_error_limit = 3
                      smtpd_hard_error_limit = 12
                      smtp_tls_security_level = may
                      smtp_sasl_auth_enable = yes
                      smtp_sender_dependent_authentication = yes
                      smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
                      sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
                      smtp_use_tls = yes
                      smtp_tls_enforce_peername = no
                      smtp_sasl_security_options = noanonymous
                      smtp_helo_timeout = 120s
                      
                      smtpd_client_restrictions =
                          permit_mynetworks,
                          reject_unauth_destination,
                          reject_non_fqdn_hostname,
                          reject_unknown_hostname,
                          reject_invalid_hostname,
                          reject_unauth_pipelining
                      
                      smtpd_helo_required = yes
                      
                      smtpd_helo_restrictions =
                          permit_mynetworks,
                          reject_unauth_destination,
                          reject_invalid_helo_hostname,
                          reject_non_fqdn_helo_hostname,
                          reject_unknown_helo_hostname,
                          reject_unauth_pipelining
                      
                      smtpd_sender_restrictions =
                          permit_mynetworks,
                          reject_unauth_destination,
                          reject_non_fqdn_sender,
                          reject_unknown_sender_domain,
                          reject_unknown_address,
                          reject_unauth_pipelining
                      
                      smtpd_recipient_restrictions =
                          permit_mynetworks,
                          reject_unauth_destination,
                          reject_non_fqdn_recipient,
                          check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                          reject_unknown_recipient_domain,
                          reject_multi_recipient_bounce,
                          reject_unlisted_recipient,
                          reject_unverified_recipient
                      
                      smtpd_relay_restrictions =
                          permit_mynetworks,
                          reject_unauth_destination,
                          check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                          reject_multi_recipient_bounce,
                          reject_non_fqdn_hostname,
                          reject_invalid_hostname,
                          reject_invalid_helo_hostname,
                          reject_non_fqdn_sender,
                          reject_non_fqdn_recipient,
                          reject_unknown_sender_domain,
                          reject_unknown_recipient_domain,
                          defer_unauth_destination
                      
                      smtpd_data_restrictions =
                          reject_unauth_pipelining,
                          reject_multi_recipient_bounce
                      
                      smtpd_etrn_restrictions =
                          permit_mynetworks,
                          reject
                      
                      1 Reply Last reply Reply Quote 0
                      • martimcfly
                        martimcfly last edited by martimcfly

                        @hispeed

                        Hey Highspeed,

                        I’m sorry for my absence. I was much to busy with construction work.

                        Passwords are checked against Kopanos imap service. For this I use the saslauthd service. Postfix does its login checks saslauthd. You can find the configuration in github, too.

                        # /etc/sasl/smtpd.conf
                        pwcheck_method: saslauthd
                        mech_list: plain login
                        

                        https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/blob/kopano/doc/pietma/configs/postfix/main.cf

                        # /etc/postfix/main.cf
                        
                        # kopano gateway authentification before accepting relay
                        smtpd_sasl_auth_enable = yes
                        smtpd_sasl_path = smtpd
                        broken_sasl_auth_clients = yes
                        

                        The e-mail adresses (Mailboxes, Aliases) are checked against postifxadmin. Changes to Mailbox accounts are transfered to Kopano by a services which does poll the postfixadmin changelog.

                        Postifx is configured to check all e-mail adresses against the postfixadmin database. It executes predefined SQL statements…
                        https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/tree/kopano/doc/example-config/postfix

                        # /etc/postfix/main.cf
                        
                        virtual_mailbox_domains = 
                            proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/domain_domain_to_domain.mysql
                        
                        virtual_mailbox_maps = 
                            proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/mailbox_username_to_username.mysql
                        
                        virtual_alias_maps = 
                            proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/alias_address_to_goto.mysql,
                            proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/aliasdomain_at-aliasdomain_to_at-targetdomain.mysql
                        
                        

                        If you like, you could do the address checks directly against the kopano database.

                        I hope to find the setting for notifcations here.

                        Marti

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post