Kopano Core on UCS

iMag

Hi there
I’m trying to build following configuration:

MS AD on Windows SBS2003 (yes, it’s deep legacy, that’s why slowly moving from it)
UCS as MS AD member (still, but if ok planning to make it PDC)
MS AD domain domain0.local
MS AD email domain domain0.com
UCS email domain domain1.com
DNS records seems to be OK on UCS
UCS is NATed perfectly from external network
users have their primary email address on domain0.com and this cannot be changed on UCS
UCS is set with Mail domain domain1.com
users must be able to receive on their domain0.com on MS AD and on domain1.com on UCS

So, when I nslookup to UCS server and look for domain1.com, it points me to UCS server. This means that if an external connection is looking for mail exchanger for domain1.com, it finds UCS (it is perfectly NATed) and a message to a username@domain1.com is successfully delivered. Further UCS will forward imediately the message to MS AD Exchange server. I guess this is due to the fact that username’s primary address is username@domain0.com. If I login via WebApp and send myself a message the same happens. So, on UCS no message will remain.

Other behavior that don’t suite my configuration is that Kopano won’t authenticate/authorize a user over SMTP at all, although IMAP is OK. This can be on Postfix level, but I can’t understand how this can be worked on UCS.

So, is it possible to make Kopano not forward the messages to MS AD and leave them on UCS and also authenticate users on SMTP?

externa1

@iMag

For SMTP auth on UCS (postfix - is used as MTA with kopano) you’ll need to use port 587 on the client and as user name the primary email-address of the user not the AD/LDAP Login name

rg
Christian

fbartels

Hi @iMag,

the smtp auth question as already answered by @externa1.

For why you messages are relayed out into an external system instead delivered locally. This usually happens if the chosen mail domain is not registered as such on UCS (not in virtual_mailbox_domains).

You are already the second who managed to create users with a mail address which domain is not a configured “Mail domain”. Before this was prevented, but it seems Univention has changed that in their mail stack.

PS: if you are looking for a general critique of your system setup https://help.univention.com/ may be the better place, as there are way more UCS users over there.

iMag

@fbartels thanks a lot for such a comprehensive answer. If you don’t mind I will check your and @externa1 suggestions and will come with feedback and/or clarifications upon the subject. At the same time I will post on UCS forum and if you think that a crosspost is not welcome, I will move to that forum.

n.b. Actually I’m trying to build a multihome server, as we have 2 (for now) email domains for same users, and it is important to be able to send messages from both domains.

iMag

@externa1
Just tried to authenticate with primary email address (username@domain0.com) with TLS enabled on port 587 and it keeps asking me for username/password. Changed to UCS email address (username@domain1.com) and the same happens, postfix doesn’t accept the credentials.

externa1

@iMag

I think you did not add your maildomain to the config in UCS - you’ll have to add the domain in the web gui
Domain - email

rg
Christian

iMag

@externa1 said in Kopano Core on UCS:

@iMag

I think you did not add your maildomain to the config in UCS - you’ll have to add the domain in the web gui
Domain - email

rg
Christian

Do you mean this (overwritten original domains)?
mail.domains.png

externa1

@iMag

yes

iMag

@externa1
Thanks Christian for your help. I had to workaround an issue with postfix and saslauthd that lead to impossibility to login via SMTP. I have described this on UCS forum. BTW, I really had to authenticate with primary email address. So, thank you again! :)
Cheers!