Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Concept configuration of Postfix with Smarthosts

    General Discussion
    5
    39
    8231
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Gerald
      Gerald @hispeed last edited by Gerald

      @hispeed said in Concept configuration of Postfix with Smarthosts:

      I have now the configuration in Fetchmail from Gerald but unfortunately i recieve this:

      1 message for USERNAME at webXXX.login-12.hoststar.ch (6689 octets).
      fetchmail: MDA returned nonzero status 75
      reading message webXXXX@webXXX.login-12.hoststar.ch:1 of 1 (6689 octets) not flushed
      

      My questions do I need perl for Fetchmail? Something is probably wrong in the config but which config?
      I don’t get more output from Fetchmail.

      If you use the way I’m using fetchmail and have suggested it above, postfix should not be involved since it will fetch the mail and directly deliver it using kopano-dagent. So it should work even if your postfix configuration is not correct (which is probably the case :-)

      As fbartels has mentioned, make sure you change zarafa-dagent to kopano-dagent. My example was copy&pasted from my installation logs and it was still called zarafa at the time.

      So assuming you are now using

      poll pop.srv.de proto pop3 user "mylogin" pass "mypass" options ssl smtpaddress localhost forcecr mda "/usr/bin/kopano-dagent -s the-local-kopano-user-id
      

      as your configuration, your problem is most likely with kopano-dagent since this is the MDA (mail delivery agent) and your fetchmail complains about an MDA problem. To my knowledge fetchmail does not need perl, and the error message does not in any way suggest that perl would be a problem. I suggest you first check if the executable /usr/bin/kopano-dagent specified is correct (could be in another path on other distros? I’m using ubuntu 16.04) and if this is correct you need to check the logs of kopano-dagent why it fails.

      To do so, on modern systems with systemd init and current kopano configuration files you need to check the systemd log (journalctl -u kopano-dagent -f -n 20 for example). On older crappy obsolete legacy systems without systemd+journal check /var/log/kopano/ for a dagent log file. You might need to turn up the logging level if not enough can be seen in the log why it fails. This can of course be done in /etc/kopano/dagent.cfg

      If you use fetchmail the way fbartels has suggested he prefers, this is of course also perfectly fine. But then your postfix server must know for which emails he is directly responsible. Your postfix log above looked like postfix sent the email on to the internet because it did not think it is responsible to locally handle it. There are many ways to configure postfix, I’m using the virtual_ directives to tell postfix for what it is responsible. But there are other ways. If you want to go this route, the options “virtual_mailbox_domains”, “virtual_mailbox_maps”, “virtual_alias_maps” and “virtual_transport” are the most impotant. You need to really learn how to configure postfix though. If you just want to fetch some mails using POP or IMAP and Postfix will alway only be used to send mail to external recipients, using fetchmail + kopano-dagent will be much easier for you.

      1 Reply Last reply Reply Quote 0
      • thctlo
        thctlo last edited by

        @martimcfly are these scripts anywhere on github? and GPL?
        Then im not inventing the wheel again, this is a thing i want in debian also.
        The source code page says 404 to me :-(

        martimcfly 1 Reply Last reply Reply Quote 0
        • martimcfly
          martimcfly @thctlo last edited by martimcfly

          Sorry for the 404. My Gitlab (SCM) wasn’t updated for a while and I’ve made it private for security reasons. Temporaly of course.

          The bash-scripts are packed in here…

          /usr/share/doc/kopano/pietma
          https://repository.pietma.com/nexus/service/local/repositories/archlinux/content/armv7h/pietma-kopano/kopano-core-8.6.1-1-armv7h.pkg.tar.xz

          /usr/share/doc/kopano-postfixadmin/pietma/
          /usr/share/doc/kopano-postfixadmin/example-config/
          https://repository.pietma.com/nexus/service/local/repositories/archlinux/content/armv7h/pietma-kopano/kopano-postfixadmin-0.45.3-4-any.pkg.tar.xz

          Please be aware of the fact, that these script have dependencies and asume paths which are only guaranteed with that packages on Archlinux.

          But you can get a good idea how all this have to be setup to be working.

          1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano last edited by fbartels

            When talking about easier user management and appliances I have to throw my “go to” solution Univention into the pot as well: https://www.univention.com/products/univention-app-center/app-catalog/kopano-core/

            They also have a Fetchmail app so everything can be done from their web ui.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • thctlo
              thctlo last edited by

              @martimcfly thank you very much for these very usefull.

              @fbartels, thank for the univention link, i’ll have a look at that also.

              1 Reply Last reply Reply Quote 0
              • hispeed
                hispeed last edited by hispeed

                Hi folks, thanks for your answer…slowly I’m getting closer to the solution.
                The problem is the dagent. I can’t start it. Is there anything to do in the dagent.cfg? Everything was commented out (auskommentiert).

                Maybe I can find out more…

                Mai 30 17:19:27 svgwma-kopa-02 kopano-dagent[17333]: Wed May 30 17:19:27 2018: [info   ] Coredump status left at system default.
                Mai 30 17:19:27 svgwma-kopa-02 kopano-dagent[17333]: Wed May 30 17:19:27 2018: [info   ] Maximum LMTP threads set to 20
                Mai 30 17:19:27 svgwma-kopa-02 kopano-dagent[17333]: Wed May 30 17:19:27 2018: [info   ] Listening on *:2003 for LMTP
                Mai 30 17:19:27 svgwma-kopa-02 kopano-dagent[17333]: Wed May 30 17:19:27 2018: [crit   ] Unable to create socket(10,1,6) port 2003: Address already in use
                

                https://forums.zarafa.com/showthread.php?12412-zarafa-7-2-2-dagent-error

                Same here is there any sample for dagent.cfg?
                @thctlo i’ts always comming back ;=) 2 years are over and nobody has the problem except from me and you had it? How did you fix it?

                /etc/kopano/server.cfg <- I have probably some configuration issues also there.

                For me it looks like that this tutorial is incomplete as always:
                https://www.pc-howto.com/kopano-der-neue-stern-am-groupwarehimmel-teil-1/
                https://www.pc-howto.com/kopano-der-neue-stern-am-groupwarehimmel-teil-2/

                Maybe I’m just to stupid. @martimcfly I go thru your config files by tomorrow.

                Gerald martimcfly 2 Replies Last reply Reply Quote 0
                • Gerald
                  Gerald @hispeed last edited by Gerald

                  @hispeed

                  If you run kopano-dagent with the parameter -l, it will bind to port 2003 and wait for connections. [-l = listen mode]

                  If you start kopano-dagent with a receipient as parameter it will read mail from stdin and then (with proper input which it gets from fetchmail) deliver this single mail to kopano.

                  If your log says “Unable to create socket, address already in use”, then you already have a kopano-dagent running in listen mode and you are trying to start another one in listen mode. kopano-dagent cannot run twice in listen mode. But you can of course have it running in listen mode and on demand call it in interactive mode from fetchmail.

                  An empty dagent.cfg should be fine.

                  1 Reply Last reply Reply Quote 0
                  • hispeed
                    hispeed last edited by hispeed

                    Hi Gerald,

                    Now I’m more confident with logs and dagent. It looks now fine.

                    I think that I have a problem in fetchmailrc:

                    #.fetchmailrc
                    set syslog;
                    set postmaster "email_from_root_user_i_created_in_kopano";
                    # set no bouncemail
                    set no softbounce;
                    # accounts
                    poll webXXX.login-XXX.hoststar.ch proto pop3 user webXXXX pass XXXXXXX options ssl smtpaddress localhost forcecr mda usr/sbin/kopano-dagent -s 4
                    

                    This is wrong because of “-s” after kopano-dagent. Do I have to use " " in the syntax if yes, only at mda “usr/sbin/kopano-dagent -s 4”?
                    Number 4 is because it’s the sql table written number 4 can I use the kopano-login name as well?

                    When I use it with the username and quotes " " and I have to use the directory “usr/sbin/kopano-dagent -s username”
                    in “bin” I don’t have a kopano-dagent only in “sbin”.
                    I always recieve:

                    root@svgwma-kopa-02:/home/kopano# tail -f /var/log/mail.log
                    May 31 07:23:46 svgwma-kopa-02 fetchmail[3703]: 1 message for webXXXX at webXXX.login-XX.hoststar.ch (6722 octets).
                    May 31 07:23:47 svgwma-kopa-02 fetchmail[3703]: reading message webXXXX@webXXX.login-XX.hoststar.ch:1 of 1 (6722 octets) (log message incomplete) <--- WHY Incomplete??? 
                    May 31 07:23:47 svgwma-kopa-02 fetchmail[3703]: MDA returned nonzero status 75
                    
                    

                    I use the newest Ubuntu server version…

                    On the other side Kopano Core Delivery Agent with Debug Mode:
                    The only thing I see which is not correct, is the time. Actually I don’t know why.

                    EDIT 3:

                    Mai 31 07:28:03 svgwma-kopa-02 systemd[1]: Started Kopano Core Delivery Agent.
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [info   ] [ 3816] Logger process started on pid 3845
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [debug  ] [ 3816] StatsClient binding socket
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [debug  ] [ 3816] StatsClient bound socket to /tmp/.5bc7b9886cc74b9a.sock
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [debug  ] [ 3816] StatsClient thread started
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [=======] [ 3816] Starting kopano-dagent version 8.6.80 (pid 3816) (LMTP mode)
                    Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [debug  ] [ 3816] Submit thread started
                    

                    When I want to list all Kopano users I get this:

                    root@svgwma-kopa-02:/home/kopano# kopano-cli --list-users
                    Traceback (most recent call last):
                      File "/usr/sbin/kopano-cli", line 3, in <module>
                        import kopano_cli
                      File "/usr/lib/python2.7/dist-packages/kopano_cli/__init__.py", line 10, in <module>
                        from MAPI.Tags import PR_EC_STATSTABLE_SYSTEM, PR_DISPLAY_NAME, PR_EC_STATS_SYSTEM_VALUE
                    ImportError: No module named MAPI.Tags
                    root@svgwma-kopa-02:/home/kopano# kopano-cli
                    Traceback (most recent call last):
                      File "/usr/sbin/kopano-cli", line 3, in <module>
                        import kopano_cli
                      File "/usr/lib/python2.7/dist-packages/kopano_cli/__init__.py", line 10, in <module>
                        from MAPI.Tags import PR_EC_STATSTABLE_SYSTEM, PR_DISPLAY_NAME, PR_EC_STATS_SYSTEM_VALUE
                    ImportError: No module named MAPI.Tags
                    root@svgwma-kopa-02:/home/kopano# kopano-cli
                    

                    Something is here wrong with the DB or so…

                    Gerald 1 Reply Last reply Reply Quote 0
                    • Gerald
                      Gerald @hispeed last edited by Gerald

                      @hispeed said in Concept configuration of Postfix with Smarthosts:

                      I think that I have a problem in fetchmailrc:

                      This is wrong because of “-s” after kopano-dagent. Do I have to use " " in the syntax if yes, only at mda “usr/sbin/kopano-dagent -s 4”?
                      Number 4 is because it’s the sql table written number 4 can I use the kopano-login name as well?

                      Ok, I had “the-local-kopano-user-id” in my example. But that did not mean that you need to dig in the MySQL Database and search for a random hidden usernumber. What is meant by this is just the Username in Kopano.
                      I don’t know about the new kopano-cli but in kopano-admin this is what is specified as -u and what is listed as Username in kopano-admin -l

                      When I use it with the username and quotes " " and I have to use the directory “usr/sbin/kopano-dagent -s username”

                      Why no / in front of /usr? Might work depending on where it is run from, but this looks weird and is an unnecessary reason for it to fail.

                      in “bin” I don’t have a kopano-dagent only in “sbin”.
                      I use the newest Ubuntu server version…

                      Yeah, just mentioned it because this could have been different in other distros. But I’m also using Ubuntu and sbin is correct. Easy to check:

                      root@myhostname:~# whereis kopano-dagent
                      kopano-dagent: /usr/sbin/kopano-dagent /usr/share/kopano-dagent /usr/share/man/man8/kopano-dagent.8.gz
                      

                      I always recieve:

                      May 31 07:23:47 svgwma-kopa-02 fetchmail[3703]: reading message webXXXX@webXXX.login-XX.hoststar.ch:1 of 1 (6722 octets) (log message incomplete) <--- WHY Incomplete??? 
                      May 31 07:23:47 svgwma-kopa-02 fetchmail[3703]: MDA returned nonzero status 75
                      
                      

                      I have no idea. Perhaps remove the -s from the kopano-dagent parameter (this is for silent)
                      Instead add -v (verbose) or -vv (even more verbose)!

                      Also add verbose flags to fetchmail, Syntax probably the same (-v or -vv for even more verbosity).

                      On the other side Kopano Core Delivery Agent with Debug Mode:
                      The only thing I see which is not correct, is the time. Actually I don’t know why.

                      I think I had this once too in some log… Don’t remember exactly, but check timedatectl if your timezones are correct.

                      Output for me is:

                      root@somehostname:~# timedatectl
                            Local time: Thu 2018-05-31 23:28:08 CEST
                        Universal time: Thu 2018-05-31 21:28:08 UTC
                              RTC time: Thu 2018-05-31 21:28:08
                             Time zone: Europe/Berlin (CEST, +0200)
                       Network time on: yes
                      NTP synchronized: yes
                       RTC in local TZ: no
                      
                      Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [=======] [ 3816] Starting kopano-dagent version 8.6.80 (pid 3816) (LMTP mode)
                      Mai 31 07:28:03 svgwma-kopa-02 kopano-dagent[3816]: Thu May 31 07:28:03 2018: [debug  ] [ 3816] Submit thread started
                      

                      This looks like the log from the zarafa-dagent in daemon mode. (Parameter -s)
                      Not sure if the logs from a manually started zarafa-dagent in non-daemon mode will end up here to. At least nothin in the log you quoted.

                      When I want to list all Kopano users I get this:

                      root@svgwma-kopa-02:/home/kopano# kopano-cli --list-users
                      Traceback (most recent call last):
                        File "/usr/sbin/kopano-cli", line 3, in <module>
                      ImportError: No module named MAPI.Tags
                      root@svgwma-kopa-02:/home/kopano# kopano-cli
                      

                      Something is here wrong with the DB or so…

                      Does kopano-admin -l work for you? The error message looks more like you have not installed a required package?

                      1 Reply Last reply Reply Quote 0
                      • hispeed
                        hispeed last edited by hispeed

                        Hi,

                        With verbose I recieve this:

                        fetchmail@svgwma-kopa-02:~$ fetchmail -f fetchmail-accounts
                        Sat Jun  2 07:43:32 2018: [info   ] Coredump status left at system default.
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient binding socket
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient bound socket to /tmp/.32877d08a35722c.sock
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] Submit thread started
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient thread started
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] PYTHONPATH = /usr/share/kopano-dagent/python
                        Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python type: (null)
                        Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python error: No module named MAPI
                        Sat Jun  2 07:43:32 2018: [11417] [crit   ] K-1732: Unable to initialize the dagent plugin manager: Unknown error code (1).
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminating
                        Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminated
                        

                        I will check if I can update Kopano and test again…

                        EDIT 1:

                        I download via wget the newest kopano-core and then made the package and installed it.
                        This worked fine so far. After the installation the system user on Ubuntu 18.04 had a new Password <- why?

                        Now when I want to login via Webapp I recieve this error:

                        Unknown MAPI Error: MAPI_E_NOT_FOUND

                        When I make this: kopano-admin --create-store hispeed

                        Then I recieve:

                        kopano-admin: relocation error: kopano-admin: symbol _ZN2KC21GetAutoAcceptSettingsEP9IMsgStorePbS2_S2_S2_ version KC_8.6.80 not defined in file libmapi.so.1 with link time reference
                        

                        It’s getting worser from day to day ;=)…

                        1 Reply Last reply Reply Quote 0
                        • hispeed
                          hispeed last edited by hispeed

                          Yes yes yes…

                          I don’t believe it I can now recieve. I updated the whole Ubuntu and restartet. Then I had to change something in the config from Kopano. Attachament stored as File (I made there a change earlier). I’m sure I can switch that to database later.
                          Restarting everything and now I can recieve e-mails.

                          Thanks so far for everyone. There are still a few questions open like: why the kopano user gets a new password after update?

                          Now I have to figure out how I can send E-mails… For this I’m going to use postfix.

                          Postfix i’m back in trouble :D! Yes something is wrong in my postfix configuration.

                          Jun  3 16:20:58 svgwma-kopa-02 kopano-server[2270]: message repeated 9 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/pickup[10947]: A6A46320DFE: uid=0 from=<root>
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: A6A46320DFE: message-id=<20180603162101.A6A46320DFE@svgwma-kopa-02.mydomain.me>
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: A6A46320DFE: to=<root@mydomain.me>, orig_to=<root>, relay=localhost[::1]:2003, delay=0.18, delays=0.03/0.01/0.06/0.07, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: CE28C320DFF: message-id=<20180603162101.CE28C320DFF@svgwma-kopa-02.mydomain.me>
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/bounce[10962]: A6A46320DFE: sender non-delivery notification: CE28C320DFF
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: from=<>, size=2791, nrcpt=1 (queue active)
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: removed
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: CE28C320DFF: to=<root@mydomain.me>, relay=localhost[::1]:2003, delay=0.11, delays=0.01/0/0.06/0.05, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
                          Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: removed
                          
                          

                          EDIT: 3
                          Gerald or someone else:

                          Do you have a sample of the postfix configuration?

                          1 Reply Last reply Reply Quote 0
                          • martimcfly
                            martimcfly @hispeed last edited by

                            @hispeed let me know when you need advice

                            1 Reply Last reply Reply Quote 0
                            • thctlo
                              thctlo last edited by

                              Postfix offers SMTPUTF8 support, kopano LMTP not.
                              Set in postfix smtputf8_enable = no restart postfix and its fixed. ;-)

                              1 Reply Last reply Reply Quote 0
                              • hispeed
                                hispeed last edited by

                                Hi martimcfly,

                                Yes I need help. My configuration looks like that at the moment:

                                # See /usr/share/postfix/main.cf.dist for a commented, more complete version
                                
                                compatibility_level = 2
                                
                                mydomain = mydomain.me
                                myorigin = $mydomain
                                mynetworks = 127.0.0.0/8, [::1]/128
                                smtp_host_lookup = dns, native
                                
                                mailbox_size_limit = 0
                                message_size_limit = 52428800
                                
                                delay_warning_time = 4h
                                unknown_local_recipient_reject_code = 450
                                maximal_queue_lifetime = 7d
                                minimal_backoff_time = 1000s
                                maximal_backoff_time = 8000s
                                
                                # header_checks = regexp:/etc/kopano/postfix/header_checks
                                # body_checks = regexp:/etc/kopano/postfix/body_checks
                                
                                alias_maps = hash:/etc/aliases
                                virtual_alias_maps = hash:/etc/kopano/postfix/valiases
                                
                                virtual_mailbox_domains = /etc/kopano/postfix/vdomains
                                virtual_transport = lmtp:localhost:2003
                                
                                smtpd_banner = $myorigin ESMTP
                                smtpd_helo_required = yes
                                smtpd_client_restrictions = permit_mynetworks
                                smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
                                smtpd_sender_restrictions = reject_unknown_address
                                smtpd_recipient_limit = 16
                                smtpd_soft_error_limit = 3
                                smtpd_hard_error_limit = 12
                                
                                smtp_tls_security_level = may
                                smtp_sasl_auth_enable = yes
                                smtp_sender_dependent_authentication = yes
                                smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
                                sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
                                smtp_use_tls = yes
                                smtp_tls_enforce_peername = no
                                smtp_sasl_security_options = noanonymous
                                smtp_helo_timeout = 120s
                                
                                # Korrekturen
                                smtputf8_autodetect_classes = verify
                                

                                I need to use this two lines or something similar:

                                smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
                                sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
                                

                                With this config it doesn’t work. Postfix keeps telling me that the user doesn’t exist in Kopano. But I have created a user with this e-mail.

                                Thanks for your ideas…

                                1 Reply Last reply Reply Quote 0
                                • thctlo
                                  thctlo last edited by

                                  Have you even tried what i did say… :-/

                                  Your logs show:
                                  host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME

                                  kopano-lmtp does NOT support SMTPUTF8 and you mail is rejected.

                                  What you see in your logs is correct.

                                  https://forum.kopano.io/topic/1262/kopano-smtputf8-support
                                  Already reported this some time ago.

                                  1 Reply Last reply Reply Quote 0
                                  • thctlo
                                    thctlo last edited by thctlo

                                    and about you postfix config. this part needs serious fixing, this is not ok.

                                    smtpd_helo_required = yes
                                    smtpd_client_restrictions = permit_mynetworks
                                    smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
                                    smtpd_sender_restrictions = reject_unknown_address
                                    

                                    I suggest and this is a verified config by the postfix list.
                                    i have more but this is a working setup

                                    smtpd_delay_reject = yes
                                    
                                    # Obey the RFC's. any hostname should have an A and/or MX and/or PTR ( or resolvable CNAME ) 
                                    # see RFC https://tools.ietf.org/html/rfc2821#section-2.3.4  and 2.3.5 
                                    smtpd_client_restrictions =
                                        permit_mynetworks,
                                        reject_unauth_destination,
                                        reject_non_fqdn_hostname,
                                        reject_unknown_hostname,
                                        reject_invalid_hostname,
                                        reject_unauth_pipelining
                                    
                                    smtpd_helo_required = yes
                                    smtpd_helo_restrictions =
                                        permit_mynetworks,
                                        reject_unauth_destination,
                                        reject_invalid_helo_hostname,
                                        reject_non_fqdn_helo_hostname,
                                        reject_unknown_helo_hostname,
                                        reject_unauth_pipelining
                                    
                                    smtpd_sender_restrictions =
                                        permit_mynetworks,
                                        reject_unauth_destination,
                                        reject_non_fqdn_sender,
                                        reject_unknown_sender_domain,
                                        reject_unknown_address,
                                        reject_unauth_pipelining
                                    
                                    smtpd_recipient_restrictions =
                                        permit_mynetworks,
                                        reject_unauth_destination,
                                        reject_non_fqdn_recipient,
                                        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                                        reject_unknown_recipient_domain,
                                        reject_multi_recipient_bounce,
                                        reject_unlisted_recipient,
                                        reject_unverified_recipient
                                    
                                    smtpd_relay_restrictions =
                                        permit_mynetworks,
                                        reject_unauth_destination,
                                        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                                        reject_multi_recipient_bounce,
                                        reject_non_fqdn_hostname,
                                        reject_invalid_hostname,
                                        reject_invalid_helo_hostname,
                                        reject_non_fqdn_sender,
                                        reject_non_fqdn_recipient,
                                        reject_unknown_sender_domain,
                                        reject_unknown_recipient_domain,
                                        defer_unauth_destination
                                    ##
                                    smtpd_data_restrictions =
                                        reject_unauth_pipelining,
                                        reject_multi_recipient_bounce
                                    ##
                                    smtpd_etrn_restrictions =
                                        permit_mynetworks,
                                        reject
                                    

                                    Now, your internet ready.

                                    1 Reply Last reply Reply Quote 0
                                    • hispeed
                                      hispeed last edited by hispeed

                                      @thctlo yes this does fix this error if I add this line. But still there are some other issues.

                                      @martimcfly I have copied now your configuration. How do I now create the check_recipient_access-allow.map?
                                      Where do I define the passwords and login data for my different mail accounts?

                                      At the moment I get this error:

                                      Jun  4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on "file:///var/run/kopano/search.sock"
                                      Jun  4 17:53:25 svgwma-kopa-02 kopano-server[12291]: message repeated 5 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/pickup[26277]: D3277320E04: uid=0 from=<root>
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/cleanup[26505]: D3277320E04: message-id=<20180604175401.D3277320E04@svgwma-kopa-02.localdomain>
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: from=<root@svgwma-kopa-02.localdomain>, size=757, nrcpt=1 (queue active)
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: D3277320E04: to=<root@svgwma-kopa-02.localdomain>, orig_to=<root>, relay=local, delay=0.06, delays=0.02/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
                                      Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: removed
                                      

                                      EDIT:
                                      @fbartels Can you help me with this: Jun 4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on “file:///var/run/kopano/search.sock” ?
                                      -> This is solved with: Search Socket Error

                                      On the images you see my old Zarafa config, which is running right now. This works fine for me. Maybe there’s a security risk somewhere I don’t know. First I need to create that on Kopano and then I can add security.

                                      0_1528135898230_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix.jpg
                                      1_1528135898231_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix_2.jpg

                                      Update:
                                      SSL self-signed = Is working
                                      Z-Push 2.4.2 = Is working with Ubuntu 18.04 (No official build I took: 16.04 version)
                                      Deskapp = Is working
                                      Cron Job for Fetchmail = Is working

                                      To do:
                                      Send E-Mails ;=)

                                      1 Reply Last reply Reply Quote 0
                                      • hispeed
                                        hispeed last edited by

                                        Sorry to disturb everyone again…

                                        I’m still workin on my postfix configuration. I can’t send e-mails I get at the moment this error:

                                        Jun  6 19:30:01 svgwma-kopa-02 postfix/cleanup[3494]: 9A8FD320E71: message-id=<20180606193001.9A8FD320E71@svgwma-kopa-02.mydomain.me>
                                        Jun  6 19:30:01 svgwma-kopa-02 postfix/qmgr[3482]: 9A8FD320E71: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
                                        Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: connect to 127.0.0.1[127.0.0.1]:2003: Connection refused
                                        Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: 9A8FD320E71: to=<root@mydomain.me>, orig_to=<root>, relay=none, delay=0.03, delays=0.02/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2003: Connection refused)
                                        

                                        Maybe I have to configure something in the master.cf? I have added there some lines which I have in my Synology set-up. Unfortunately I doesn’t help.

                                        nano /etc/postfix/master.cf

                                        # From Synology / Zarafa4h Docker Image Configuration
                                        smtp-amavis     unix    -       -       -       -       2       smtp
                                          -o smtp_data_done_timeout=1200
                                          -o smtp_send_xforward_command=yes
                                          -o disable_dns_lookups=yes
                                          -o max_use=20
                                        
                                        127.0.0.1:10025 inet n  -       -       -       -       smtpd
                                          -o content_filter=
                                          -o local_recipient_maps=
                                          -o relay_recipient_maps=
                                          -o smtpd_restriction_classes=
                                          -o smtpd_delay_reject=no
                                          -o smtpd_client_restrictions=permit_mynetworks,reject
                                          -o smtpd_helo_restrictions=
                                          -o smtpd_sender_restrictions=
                                          -o smtpd_recipient_restrictions=permit_mynetworks,reject
                                          -o smtpd_data_restrictions=reject_unauth_pipelining
                                        

                                        Postfix config:

                                        # Set compatibility level 2 because we don't want to use old configurations
                                        compatibility_level = 2
                                        
                                        # Domain and network settings
                                        mydomain = mydomain.me
                                        myorigin = $mydomain
                                        mynetworks = 127.0.0.0/8, [::1]/128
                                        
                                        # Mailbox limits
                                        mailbox_size_limit = 0
                                        message_size_limit = 52428800
                                        
                                        # Various settings
                                        delay_warning_time = 3h
                                        unknown_local_recipient_reject_code = 450
                                        maximal_queue_lifetime = 5d
                                        minimal_backoff_time = 1000s
                                        maximal_backoff_time = 8000s
                                        
                                        # Header and Body Checks
                                        # header_checks = regexp:/etc/kopano/postfix/header_checks
                                        # body_checks = regexp:/etc/kopano/postfix/body_checks
                                        
                                        # Alias maps and virtual aliases
                                        alias_maps = hash:/etc/aliases
                                        virtual_alias_maps = hash:/etc/kopano/postfix/valiases
                                        virtual_mailbox_domains = /etc/kopano/postfix/vdomains
                                        virtual_transport = lmtp:localhost:2003
                                        
                                        # smtp settings
                                        smtpd_banner = $myorigin ESMTP
                                        smtpd_delay_reject = yes
                                        smtputf8_enable = no 
                                        smtp_host_lookup = dns, native
                                        smtpd_recipient_limit = 16
                                        smtpd_soft_error_limit = 3
                                        smtpd_hard_error_limit = 12
                                        smtp_tls_security_level = may
                                        smtp_sasl_auth_enable = yes
                                        smtp_sender_dependent_authentication = yes
                                        smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
                                        sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
                                        smtp_use_tls = yes
                                        smtp_tls_enforce_peername = no
                                        smtp_sasl_security_options = noanonymous
                                        smtp_helo_timeout = 120s
                                        
                                        smtpd_client_restrictions =
                                            permit_mynetworks,
                                            reject_unauth_destination,
                                            reject_non_fqdn_hostname,
                                            reject_unknown_hostname,
                                            reject_invalid_hostname,
                                            reject_unauth_pipelining
                                        
                                        smtpd_helo_required = yes
                                        
                                        smtpd_helo_restrictions =
                                            permit_mynetworks,
                                            reject_unauth_destination,
                                            reject_invalid_helo_hostname,
                                            reject_non_fqdn_helo_hostname,
                                            reject_unknown_helo_hostname,
                                            reject_unauth_pipelining
                                        
                                        smtpd_sender_restrictions =
                                            permit_mynetworks,
                                            reject_unauth_destination,
                                            reject_non_fqdn_sender,
                                            reject_unknown_sender_domain,
                                            reject_unknown_address,
                                            reject_unauth_pipelining
                                        
                                        smtpd_recipient_restrictions =
                                            permit_mynetworks,
                                            reject_unauth_destination,
                                            reject_non_fqdn_recipient,
                                            check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                                            reject_unknown_recipient_domain,
                                            reject_multi_recipient_bounce,
                                            reject_unlisted_recipient,
                                            reject_unverified_recipient
                                        
                                        smtpd_relay_restrictions =
                                            permit_mynetworks,
                                            reject_unauth_destination,
                                            check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
                                            reject_multi_recipient_bounce,
                                            reject_non_fqdn_hostname,
                                            reject_invalid_hostname,
                                            reject_invalid_helo_hostname,
                                            reject_non_fqdn_sender,
                                            reject_non_fqdn_recipient,
                                            reject_unknown_sender_domain,
                                            reject_unknown_recipient_domain,
                                            defer_unauth_destination
                                        
                                        smtpd_data_restrictions =
                                            reject_unauth_pipelining,
                                            reject_multi_recipient_bounce
                                        
                                        smtpd_etrn_restrictions =
                                            permit_mynetworks,
                                            reject
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • martimcfly
                                          martimcfly last edited by martimcfly

                                          @hispeed

                                          Hey Highspeed,

                                          I’m sorry for my absence. I was much to busy with construction work.

                                          Passwords are checked against Kopanos imap service. For this I use the saslauthd service. Postfix does its login checks saslauthd. You can find the configuration in github, too.

                                          # /etc/sasl/smtpd.conf
                                          pwcheck_method: saslauthd
                                          mech_list: plain login
                                          

                                          https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/blob/kopano/doc/pietma/configs/postfix/main.cf

                                          # /etc/postfix/main.cf
                                          
                                          # kopano gateway authentification before accepting relay
                                          smtpd_sasl_auth_enable = yes
                                          smtpd_sasl_path = smtpd
                                          broken_sasl_auth_clients = yes
                                          

                                          The e-mail adresses (Mailboxes, Aliases) are checked against postifxadmin. Changes to Mailbox accounts are transfered to Kopano by a services which does poll the postfixadmin changelog.

                                          Postifx is configured to check all e-mail adresses against the postfixadmin database. It executes predefined SQL statements…
                                          https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/tree/kopano/doc/example-config/postfix

                                          # /etc/postfix/main.cf
                                          
                                          virtual_mailbox_domains = 
                                              proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/domain_domain_to_domain.mysql
                                          
                                          virtual_mailbox_maps = 
                                              proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/mailbox_username_to_username.mysql
                                          
                                          virtual_alias_maps = 
                                              proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/alias_address_to_goto.mysql,
                                              proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/aliasdomain_at-aliasdomain_to_at-targetdomain.mysql
                                          
                                          

                                          If you like, you could do the address checks directly against the kopano database.

                                          I hope to find the setting for notifcations here.

                                          Marti

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post