Kopano SMTPS SASL Authentication
-
hi guys,
is it possible to activate SMTPS SASL Authentication for postfix with the users + passwords from the kopano database?
My distribution is ubuntu 18.04.
-
Please have a look at https://forum.kopano.io/topic/1453/kopano-and-outlook-integration
Regards Felix
Resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/Support overview:
https://kopano.com/support/ -
Problem seems to be Postfix do not listen on SMTP Ports 25, 465 or 587.
inet_interfaces in main.cf are set to all.
Result of netstat -an | less
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:236 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 144 164.25.200.241:22 164.25.200.18:50181 ESTABLISHED tcp6 0 0 :::995 :::* LISTEN tcp6 0 0 ::1:10024 :::* LISTEN tcp6 0 0 :::110 :::* LISTEN tcp6 0 0 :::143 :::* LISTEN tcp6 0 0 ::1:783 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::10000 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN tcp6 0 0 164.25.200.241:443 164.25.200.18:50145 ESTABLISHED udp 0 0 0.0.0.0:10000 0.0.0.0:* udp 768 0 127.0.0.53:53 0.0.0.0:* raw6 0 0 :::58 :::* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 31751 /run/user/1000/systemd/notify unix 2 [ ACC ] SEQPACKET LISTENING 16083 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 31754 /run/user/1000/systemd/private unix 2 [ ACC ] STREAM LISTENING 31758 /run/user/1000/gnupg/S.gpg-agent.browser unix 2 [ ACC ] STREAM LISTENING 31759 /run/user/1000/gnupg/S.gpg-agent.extra unix 2 [ ACC ] STREAM LISTENING 31760 /run/user/1000/gnupg/S.dirmngr unix 2 [ ACC ] STREAM LISTENING 24211 /var/snap/canonical-livepatch/41/livepatchd.sock unix 2 [ ACC ] STREAM LISTENING 31761 /run/user/1000/gnupg/S.gpg-agent.ssh unix 2 [ ACC ] STREAM LISTENING 31762 /run/user/1000/gnupg/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 29070 /var/run/sendmail/mta/smcontrol unix 2 [ ACC ] STREAM LISTENING 27741 /var/spool/postfix/var/run/saslauthd/mux unix 2 [ ACC ] STREAM LISTENING 24449 /var/run/clamav/clamd.ctl unix 2 [ ] DGRAM 20102 /tmp/.57c076d2f7c74cb.sock unix 2 [ ACC ] STREAM LISTENING 18163 /var/lib/lxd/unix.socket unix 2 [ ACC ] STREAM LISTENING 20871 @irqbalance1390.sock unix 3 [ ] DGRAM 2469 /run/systemd/notify unix 2 [ ACC ] STREAM LISTENING 18047 /run/mdadm/md127.sock unix 2 [ ACC ] STREAM LISTENING 2472 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 16081 /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 17398 /run/snapd.socket unix 2 [ ACC ] STREAM LISTENING 1574 /run/systemd/journal/stdout unix 9 [ ] DGRAM 1576 /run/systemd/journal/socket unix 2 [ ACC ] STREAM LISTENING 16195 /run/systemd/fsck.progress unix 2 [ ACC ] STREAM LISTENING 18165 /var/run/dbus/system_bus_socket unix 18 [ ] DGRAM 2566 /run/systemd/journal/dev-logMaster.cf of postfix
# service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== #smtp inet n - y - - smtpd smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING``` -
I detect there is a conflict with sendmail MTA.
I remove them and now there is following output from netstat:
root@exchange:~# sudo netstat -plntu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 2312/amavisd-new (m tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1843/mysqld tcp 0 0 0.0.0.0:236 0.0.0.0:* LISTEN 1956/kopano-server tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1231/spamd.pid --cr tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1927/perl tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 1569/python2 tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1151/systemd-resolv tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1888/sshd tcp6 0 0 :::995 :::* LISTEN 1541/kopano-gateway tcp6 0 0 ::1:10024 :::* LISTEN 2312/amavisd-new (m tcp6 0 0 :::110 :::* LISTEN 1541/kopano-gateway tcp6 0 0 :::143 :::* LISTEN 1541/kopano-gateway tcp6 0 0 ::1:783 :::* LISTEN 1231/spamd.pid --cr tcp6 0 0 :::80 :::* LISTEN 2051/apache2 tcp6 0 0 :::10000 :::* LISTEN 1927/perl tcp6 0 0 :::8080 :::* LISTEN 1201/kopano-ical tcp6 0 0 :::22 :::* LISTEN 1888/sshd tcp6 0 0 :::443 :::* LISTEN 2051/apache2 udp 0 0 0.0.0.0:10000 0.0.0.0:* 1927/perl udp 47616 0 127.0.0.53:53 0.0.0.0:* 1151/systemd-resolv -
Reinstalled Postfix and the Problem is solved.
-
Now i get these error:
warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failureI configured all like the tutorial from zarafa (linked from fbartels).
-
Added the feature IMAP to the user and now it works.
