dagent not opening external port 2003

compsos

System Debian 10.3
Kopano 10.0.1
Kopano-dagent source kopano-dagent_10.0.1.182.9589c5711-0+322.1_amd64.deb, kopano-dagent-dbgsym_10.0.1.182.9589c5711-0+322.1_amd64.deb, kopano-dagent-pytils_10.0.1.182.9589c5711-0+330.1_amd64.deb

The issue is the mail arrives at the gateway server which send it onto the mail server (normally) but since the upgrade to Debian 10 is rejected by the port “Connection Refused” I have completely rebuilt the mail server. But the issue remains.

If I telnet localhost 2003 it returns

Trying ::1...
Connected to localhost.

Escape character is '^]'.
220 2.1.5 LMTP server is ready

But if i do the same call from the gateway server get`

telnet: connect to address xxx.xxx.xx.x: Connection refused

if i stop dagent.service and run nc on the port it works for the telnet connection.

So no incoming mail can make it through the port to dagent. Other ports like 80 & 22 work as expected.
This is the netsat output

tcp        0      0 0.0.0.0:2003            0.0.0.0:*               LISTEN      1856/kopano-dagent
tcp6       0      0 :::2003                 :::*                    LISTEN      1856/kopano-dagent 

Anyone else seeing this issue?

thctlo

@compsos said in dagent not opening external port 2003:

The issue is the mail arrives at the gateway server which send it onto the mail server (normally) but since the upgrade to Debian 10 is rejected by the port “Connection

try this,
set run_as_(user/group) in dagent to root:root

then try again.

compsos

@thctlo
Thank you for the reply. Yes I have tried root, kopano and left that setting blank. all resulted in the same outcome.

Also built another VM off netinst, with only webserver, ssh and system utilities. Then added Kopano via your script, thank you, and this unit had the same result.
I have expanded the testing a little and found all non kopano port are open and work. Ports 110, 143, 236 and 2003 fail.
Could it be a failure in kopano activation in systemd? I will check the control and service associated files.

But this maybe an indication. I stopped kopano-dagent and then told systemd-socket-activate to attach dagent to port 2003. The result is what I would expect without any data.

systemctl stop kopano-dagent.service 
root@mailx:/# systemd-socket-activate -l 2003 kopano-dagent
Listening on [::]:2003 as 3.
Communication attempt on fd 3.
Execing kopano-dagent (kopano-dagent)
Warning: Terminal locale not UTF-8, but UTF-8 locale is being forced.
         Screen output may not be correctly printed.
Usage:

kopano-dagent <recipient>
 [-h|--host <serverpath>] [-c|--config <configfile>] [-f|--file <email-file>]
 [-j|--junk] [-F|--folder <foldername>] [-P|--public <foldername>] [-p <separator>] [-C|--create]
 [-l|--listen] [-r|--read] [-s] [-v] [-q] [-e] [-n] [-R]

  <recipient> Username or e-mail address of recipient
  -f file	 read e-mail from file
  -h path	 path to connect to (e.g. file:///var/run/socket)
  -c filename	 Use configuration file (e.g. /etc/kopano/dagent.cfg)
		 Default: no config file used.
  -j		 deliver in Junkmail
  -F foldername	 deliver in a subfolder of the store. Eg. 'Inbox\sales'
  -P foldername	 deliver in a subfolder of the public store. Eg. 'sales\incoming'
  -p separator	 Override default path separator (\). Eg. '-p % -F 'Inbox%dealers\resellers'
  -C		 Create the subfolder if it does not exist. Default behaviour is to revert to the normal Inbox folder

  -s		 Make DAgent silent. No errors will be printed, except when the calling parameters are wrong.
  -v		 Make DAgent verbose. More information on processing email rules can be printed.
  -q		 Return qmail style errors.
  -e		 Strip email domain from storename, eg username@domain.com will deliver to 'username'.
  -R		 Attempt to resolve the passed name. Issue an error if the resolve fails. Only one of -e and -R may be specified.
  -n		 Use 'now' as delivery time. Otherwise, time from delivery at the mailserver will be used.
  -N		 Do not send a new mail notification to clients looking at this inbox. (Fixes Outlook 2000 running rules too).
  -r		 Mark mail as read on delivery. Default: mark mail as new unread mail.
  -l		 Run DAgent as LMTP listener

  -a responder	 path to autoresponder (e.g. /usr/local/bin/autoresponder)
		 The autoresponder is called with </path/to/autoresponder> <from> <to> <subject> <kopano-username> <messagefile>
		 when the autoresponder is enabled for this user, and -j is not specified

<storename> is the name of the user where to deliver this mail.
If no file is specified with -f, it will be read from standard in.

compsos

@thctlo
Ended up doing a purge on kopano-dagent and reinstall. This time it worked. If I find what changed I will post it back.
Thanks.

jengelh

You must not use netstat.

# ss -alntp
LISTEN    0         4096            0.0.0.0%lo:2003             0.0.0.0:*        users:(("kopano-dagent",pid=27243,fd=3))
LISTEN    0         4096               [::]%lo:2003                [::]:*        users:(("kopano-dagent",pid=27243,fd=4))