I have a couple of comments / suggestions regarding the new default configuration style (“make kopano work without configuration files”):
In general it’s great. I love it that systemd logging is now finally default and that more settings can remain commented because they are default. But… I also found a couple of weird things:
Comment #1: The changelog for 8.5 says:
Kopano Groupware Core has been overhauled in a way that its now capable of running mostly “without configuration files” as a result of this you might see your current configuration renamed to *.rpmsave or *.dpkg-old files. If this is the case simply rename it back and restart all services. This move away from configuration files also revealed a mismatch in the default value in our configurations files, with the default value of the individual services, which is already fixed for the next release. While in the configuration files we still define /var/log/kopano/$servicename.log as the default log location, all services actually default to - (standard output) (as introduced in KC-745). This means that systems running systemd/journald will find logging by default in these services.
I would interpret this in a way that any setting shown but commented in the .cfg files is in fact the default setting?
But in server.cfg it says:
# Name for identifying the server in a multi-server environment # Default: (empty) #server_name = Kopano
So what is the default? Kopano or (empty)? To comply with that I believe is the new default configuration syntax the Default: line should be removed and
should be the second line.
Comment #2: in dagent.cfg
# binding address for LMTP daemon # change to the empty string if you require connections on other addresses # server_bind =
There is still no warning that if you bind to all IPs instead of 127.0.0.1 everyone on your network can deliver mails without authentication (unless a firewall prevents access to the lmtp port). If you like to have this insecure default (and it seems you do), please do at least document it with a warning about the default behavior in the configuration file! Having a no-authentication-needed default configuration bount to IPs should remind everyone of the memcached desaster! No need to repeat this in Kopano!
Comment #3: also in dagent.cfg
# Limit connections to address of interface (IPv6), # or route path interface (IPv4). Leave empty for to indicate "all". #server_bind_intf =
Uhhh? What does that mean? IPv6 is an “address of interface”? Last I checked IPv6 is a protocol.
IPv4 is a “route path interface”? Last I checked, IPv4 was also a protocol. And what does “all” encompass if I leave it empty? Both IPv4+IPv6?
Or does it also include all route path interfaces (LOL) and all addresses of interfaces (WTF)?
Comment #4: in server.cfg, no mentioning of the important option mysql_group_concat_max_len
man kopano-server.cfg tells us:
mysql_group_concat_max_len The group_concat_max_len used to set for MySQL. If you have large distribution lists (more than 150 members), it is useful to set this value higher. On the other hand, some MySQL versions are known to break with a value higher than 21844. Default: 21844
So we need a higher values for large distribution lists to work. A maximum of 150 members is a JOKE.
And why is something higher than 21844 not default? It is because of MySQL Bug #23856
This bug was fixed with MySQL releases which came out in June 2007. Are we really having a stupid default which fucks up distribution lists because of a MySQL bug which was fixed almost 11 years ago ???