4 comments on the new configuration files since 8.5 / 8.6

I have a couple of comments / suggestions regarding the new default configuration style (“make kopano work without configuration files”):
In general it’s great. I love it that systemd logging is now finally default and that more settings can remain commented because they are default. But… I also found a couple of weird things:

Comment #1: The changelog for 8.5 says:

Kopano Groupware Core has been overhauled in a way that its now capable of running mostly “without configuration files” as a result of this you might see your current configuration renamed to *.rpmsave or *.dpkg-old files. If this is the case simply rename it back and restart all services.

This move away from configuration files also revealed a mismatch in the default value in our configurations files, with the default value of the individual services, which is already fixed for the next release. While in the configuration files we still define /var/log/kopano/$servicename.log as the default log location, all services actually default to - (standard output) (as introduced in KC-745). This means that systems running systemd/journald will find logging by default in these services.

I would interpret this in a way that any setting shown but commented in the .cfg files is in fact the default setting?

But in server.cfg it says:

# Name for identifying the server in a multi-server environment
# Default: (empty)
#server_name = Kopano

So what is the default? Kopano or (empty)? To comply with that I believe is the new default configuration syntax the Default: line should be removed and
#server_name =
should be the second line.

Comment #2: in dagent.cfg

# binding address for LMTP daemon
# change to the empty string if you require connections on other addresses
# server_bind =

There is still no warning that if you bind to all IPs instead of everyone on your network can deliver mails without authentication (unless a firewall prevents access to the lmtp port). If you like to have this insecure default (and it seems you do), please do at least document it with a warning about the default behavior in the configuration file! Having a no-authentication-needed default configuration bount to IPs should remind everyone of the memcached desaster! No need to repeat this in Kopano!

Comment #3: also in dagent.cfg

# Limit connections to address of interface (IPv6),
# or route path interface (IPv4). Leave empty for to indicate "all".
#server_bind_intf =

Uhhh? What does that mean? IPv6 is an “address of interface”? Last I checked IPv6 is a protocol.
IPv4 is a “route path interface”? Last I checked, IPv4 was also a protocol. And what does “all” encompass if I leave it empty? Both IPv4+IPv6?
Or does it also include all route path interfaces (LOL) and all addresses of interfaces (WTF)?

Comment #4: in server.cfg, no mentioning of the important option mysql_group_concat_max_len

man kopano-server.cfg tells us:

       The group_concat_max_len used to set for MySQL. If you have large distribution lists (more than 150 members),
       it is useful to set this value higher. On the other hand, some MySQL versions are known to break with a value
       higher than 21844.

       Default: 21844

So we need a higher values for large distribution lists to work. A maximum of 150 members is a JOKE.
And why is something higher than 21844 not default? It is because of MySQL Bug #23856
This bug was fixed with MySQL releases which came out in June 2007. Are we really having a stupid default which fucks up distribution lists because of a MySQL bug which was fixed almost 11 years ago ???

Hi @gerald ,

@gerald said in 4 comments on the new configuration files since 8.5 / 8.6:

# Name for identifying the server in a multi-server environment
# Default: (empty)
#server_name = Kopano```

This is because the difference between default values in the server code (that is the Default: (empty)) and the old default in the config file (that is the server_name = Kopano).

For #2, #3 and #4 I like to invite you to submit a patch. You can find information about this at https://stash.kopano.io/projects/KC/repos/kopanocore/browse/CONTRIBUTING.md.

Ps: if that is easier for you, you could also open up a pr against the Github mirror of that repository at https://github.com/Kopano-dev/kopano-core

So what is the default? Kopano or (empty)? the Default: line should be removed

empty, and, yes it should. Like https://github.com/jengelh/ecdev/commit/aa686ab1101796b906f96f3a9eb65c873ab36a38

IPv6 is an “address of interface”?

Not the best wording in retrospect (and it came from me, too). But, Linux is equally inconsistent:

  1. in case of IPv6, the kernel checks the connection dstaddr against the address(es) of the server_bind_intf interface.
  2. In case of IPv4, the kernel calculates the reverse route interface and compares that to server_bind_intf.

Thank you both. I will try to familiarize myself with the “How to contribute to Kopano Core” this weekend. Especially the idea of creating pull requests using github sounds nice. I’m really an amateur at this, but I’ve done this once at another project so I might be able to pull this off again :-)