Concept configuration of Postfix with Smarthosts

hispeed

I’m new here and I have just successfully installed Kopano Core and Webapp. So fare im happy with it but now I need to configure everything.

Now I need postfix and probably fetchmail. Those are not included in Kopano correct?
I heard that fetchmail had/has some security issues?

Base information
I have currently some Domains Mailprovider for example:

mail.testdomain.ch
mail.gmx.ch

I always send via those provider my e-mails and from them they go out and go to the reciever.

Idea:

1. I create my user in Kopano
2. I install fetchmail
3. I create a local fetchmail account and pull all the mails via this user into the Kopano database (with reference to the user I created in step 1)
4. I install postfix
5. I configure postfix that I relay via different domains to different provider/smarthosts with different logins

End result:
My goal ist to have a single user where I can sign in (Webapp, Deskapp, Z-Push Iphone) and have all E-Mails in one account. I can send via Smartphone from the main E-Mail adress e-mails. I can send via Deskapp and via Webapp from all of my different E-Mail Accounts.

Is something possible and could someone help me to configure that?

Gerald

@hispeed

My fetchmail configuration in Ubuntu 16.04 for Kopano, which does what you want:

Fetchmail

apt install fetchmail
in /etc/kopano/server.cfg => local_admin_users ⇒ add the fetchmail user to this line
systemctl restart kopano-server
nano /etc/passwd ⇒ change the shell for user fetchmail to /bin/bash
su - fetchmail
pwd
nano fetchmail-accounts

#.fetchmailrc
set postmaster "your-admin-postmaster-account@domain.tld"
# set no bouncemail
set no softbounce
# accounts
poll pop.srv.de proto pop3 user "mylogin" pass "mypass" options ssl smtpaddress localhost forcecr mda "/usr/bin/zarafa-dagent -s the-local-kopano-user-id"

chmod 0700 fetchmail-accounts
fetchmail -f fetchmail-accounts
crontab -e
*/3 * * * * /usr/bin/fetchmail -f /var/lib/fetchmail/fetchmail-accounts -s

Cron error messages will to fetchmail@your-hostname ⇒ this account should exist, or use the MAILTO= line in crontab for another email
exit (exit shell for user fetchmail)

Check if everything works:
journalctl -u cron -f
you can also watch dagent.log, but you have to turn the log level up to info to really see what happens!

Regaring sending out messages via your provider SMTP server: Postfix has the “smtp_sender_dependent_authentication” functionality for this, which I’m also actively using. Works fine. To have user-selectable sender addresses I think you need to add all those users in Kopano and then give your main account send-as rights as far as I know… Which is a bit annoying.

hispeed

Hi Gerald,

This sounds very interesting. I’m already on your way to do it like you did it. Thanks for your help.

I’m right now working on “nano fetchmail-accounts” . What is the postmaster admin account? The master account I want to use in the end in Z-Push?

Right now I’m getting the error: fetchmail: MDA error while fetching from XXXXXXXXX

I’m looking into it right now… hopefully I find something out. Crontab is not configured yet.

EDIT:

fetchmail@svgwma-kopa-02:~$ nano fetchmail-accounts
fetchmail@svgwma-kopa-02:~$ fetchmail -f fetchmail-accounts
2 messages for webXXXX at webXXX.login-XX.hoststar.ch.
sh: 1: /usr/bin/zarafa-dagent: not found
reading message webXXXX@webXXX.login-XX.hoststar.ch:1 of 2 (1279 header octets) (180320 body octets)fetchmail: error writing message text
fetchmail: MDA error while fetching from webXXX@webXXX.login-XX.hoststar.ch
fetchmail: Query status=6 (IOERR)

Hmm I don’t have zarafa installed…?!?

EDIT 2:
The problem is this line in the fetchmail accounts config:

poll pop.srv.de proto pop3 user “mylogin” pass “mypass” options ssl smtpaddress localhost forcecr mda “/usr/bin/zarafa-dagent -s the-local-kopano-user-id”

Thanks for any help!

EDIT 3:
Do I have to use your " " or not? Where do I find the Local-Kopano-User-id?

hispeed

Hi, does anyone else can help? I tried different things out. But I don’t know houw should I move forward. I could search a tutorial which explains fetchmail but there are the config files different.

fbartels

@hispeed said in Concept configuration of Postfix with Smarthosts:

Hi, does anyone else can help? I tried different things out. But I don’t know houw should I move forward. I could search a tutorial which explains fetchmail but there are the config files different.

you just have to replace zarafa-dagent with kopano-dagent

hispeed

Hi Felix (Master-of-support ;D),

That was one of the changes I already tried. Unfortunately no luck until now.
Where is dagent.log ? Wheren can I activate the log?

I have the old zarafa-fetchmail config in front of me.
It looks very close to this old config but I probably need that log to see what’s wrong.

“zarafa-fetchmail add zarafausername webXXXX XXXXXXXX webXXX.login-12.hoststar.ch imap 993 ssl”

fbartels

@hispeed said in Concept configuration of Postfix with Smarthosts:

That was one of the changes I already tried.

Then you have to do a better job in describing what you already have tried, how your configuration looks at the moment and what errors you see/get?

@hispeed said in Concept configuration of Postfix with Smarthosts:

Where is dagent.log ? Wheren can I activate the log?

On modern system everything is logged to through systemd to journald. But if you prefer this you can still configure a logfile in the dagent.cfg.

@hispeed said in Concept configuration of Postfix with Smarthosts:

“zarafa-fetchmail add zarafausername webXXXX XXXXXXXX webXXX.login-12.hoststar.ch imap 993 ssl”

This does not look like a fetchmail configuration. imho it should look something like this: (this also makes use of the local mta to deliver mails to dagent, this is something i prefer over directly going to dagent)

poll pop.gmx.net bad-header accept proto pop3 user something@gmx.net pass my-password-at-gmx is local-email here nokeep fetchall ssl

hispeed

In systemd i recieve:

Mai 22 20:45:42 svgwma-kopa-02 kopano-server[2089]: Starting kopano-server version 8.6.80 (pid 2089)
Mai 22 20:51:01 svgwma-kopa-02 su[2135]: Successful su for fetchmail by root
Mai 22 20:51:01 svgwma-kopa-02 su[2135]: + /dev/pts/0 root:fetchmail
Mai 22 20:51:01 svgwma-kopa-02 su[2135]: pam_unix(su:session): session opened for user fetchmail by kopano(uid=0)
Mai 22 20:51:01 svgwma-kopa-02 su[2135]: pam_systemd(su:session): Cannot create session: Already running in a session
Mai 22 20:51:06 svgwma-kopa-02 su[2135]: pam_unix(su:session): session closed for user fetchmail

I got now the following error when I use your line concerning fetchmail:

fetchmail: SMTP error: 550 5.1.1 <hispeed@localhost>: Recipient address rejected: User unknown in local recipient table
fetchmail: mail from MAILER-DAEMON@svgwma-kopa-02 bounced to XXXX@email.XXXXX.com
reading message webXXXX@webXXXX.login-XXXX.hoststar.ch:1 of 3 (1279 header octets) (180320 body octets) flushed
fetchmail: SMTP error: 550 5.1.1 <hispeed@localhost>: Recipient address rejected: User unknown in local recipient table
fetchmail: mail from MAILER-DAEMON@svgwma-kopa-02 bounced to XXXXX@email.XXXXXX.com
reading message webXXXX@webXXX.login-XXX.hoststar.ch:2 of 3 (1281 header octets) (180320 body octets) flushed
fetchmail: SMTP error: 550 5.1.1 <hispeed@localhost>: Recipient address rejected: User unknown in local recipient table
fetchmail: mail from MAILER-DAEMON@svgwma-kopa-02 bounced to XXXX@email.XXXXcom
reading message webXXX@webXXXX.ogin-XXX.hoststar.ch:3 of 3 (1268 header octets) (180258 body octets) flushed

The mails were just test mail so i don’t care. You wrote: “Local-Email here” What you mean? I have created a user which is called hispeed in Kopano. Do you mean this user or this users e-mail <- What would be e-mail of a local Kopano user?

fbartels

@hispeed said in Concept configuration of Postfix with Smarthosts:

You wrote: “Local-Email here” What you mean? I have created a user which is called hispeed in Kopano. Do you mean this user or this users e-mail <- What would be e-mail of a local Kopano user?

Yes the mail you’ve given in your fetchmail configuration is not recognized by your postfix and therefore bounces.
I really to mean an email address, else postfix won’t be able to deliver.
The email of a Kopano user is whatever you specified as an email when you created the user.

hispeed

Now it says it’s flushed thru fetchmail but because postfix is not yet configured I don’t get into Kopano.

This is my postfix config file running the system on Synology and Zarafa4H. Can I use that? I have marked with ** two lines. There are the files which Zarafa uses for connecting the different accounts. I probably have to change that to Kopano somehow?

reject_unknown_helo_hostname
smtpd_client_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12

# relayhosting from provider when running dynamic IP; now we need sasl_auth
#relayhost = smtp.example.com
smtp_sasl_auth_enable = yes
**smtp_sasl_password_maps = hash:/etc/zarafa/postfix/sasl_passwd**
**sender_dependent_relayhost_maps = hash:/etc/zarafa/postfix/sender_relay**
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_use_tls = yes
smtp_tls_enforce_peername = no
smtpd_tls_security_level = may

fbartels

The above Postfix configuration does not look complete. I’d rather recommend to use the distribution default and then add one of the examples from the documentation. these can be found at https://kb.kopano.io/display/WIKI/Postfix and https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#kc-postfix-integration

hispeed

It could be that this is not the whole configuration. I really don’t get it. One of the reason I want to go away from Synology because I really don’t know how that works at the moment and I hope I understand it more if I do it on a own system.

At the moment my config I have on pastebin: https://pastebin.com/rzmybzd2
Since I have changed the postfix config I recieve that error:
Something is now wrong: fetchmail: SMTP error: 451 4.3.0 XXXX@XXXXX.ch: Temporary lookup failure -> reading message webXXXX@webXXXXX.login-12.hoststar.ch:1 of 1 (5926 header octets) not flushed |

fbartels

@hispeed said in Concept configuration of Postfix with Smarthosts:

Since I have changed the postfix config I recieve that error:

so you combined your postfix configuration with the above from synology and now get these errors? Debugging postfix problems is always easier with the full error message from the mail.log and the main.cf (or the output of postfonf -n )

hispeed

Yes that’s right I combined that but I’m not sure if this is the actual config from the Synology which is running. I have the Docker setup from Zarafa4H. Do you know where the config is which is actually running for the Docker setup?

Mail.log:

May 25 15:52:19 svgwma-kopa-02 postfix/postfix-script[18371]: starting the Postfix mail system
May 25 15:52:19 svgwma-kopa-02 postfix/master[18373]: daemon started -- version 3.3.0, configuration /etc/postfix
May 25 15:52:24 svgwma-kopa-02 postfix/smtpd[18415]: connect from localhost6.localdomain6[::1]
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: error: open database /etc/kopano/postfix/sender_relay.db: No such file or directory
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay is unavailable. open database /etc/kopano/postfix/s$
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay lookup error for ""<>""
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: sender_dependent_relayhost_maps lookup failure
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay is unavailable. open database /etc/kopano/postfix/s$
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay lookup error for "XXXXX@hotmail.com"
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: sender_dependent_relayhost_maps lookup failure
May 25 15:52:24 svgwma-kopa-02 postfix/smtpd[18415]: NOQUEUE: reject: RCPT from localhost6.localdomain6[::1]: 451 4.3.0 <XXXX@XXXXXX.ch>: Temporary look$
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay is unavailable. open database /etc/kopano/postfix/s$
May 25 15:52:24 svgwma-kopa-02 postfix/trivial-rewrite[18418]: warning: hash:/etc/kopano/postfix/sender_relay lookup error for ""<>""

hispeed

Ok I found the Synology Zarafa4h Docker main.config. Now when I send an e-mail to the adress I can fetch it via Fetchmail and it’s getting flushed. But I don’t recieve it in Kopano ^^. Config should be fine I have corrected it and I don’t recieve any errors right now.
This is the mail.log I see now after recieving with fetchmail:

May 26 12:46:47 svgwma-kopa-02 postfix/smtpd[23055]: connect from localhost6.localdomain6[::1]
May 26 12:46:47 svgwma-kopa-02 postfix/smtpd[23055]: 5E115320DFE: client=localhost6.localdomain6[::1]
May 26 12:46:47 svgwma-kopa-02 postfix/cleanup[23058]: 5E115320DFE: message-id=<AM4PR08MB118748749C61D00DED07E089FB680@AM4PR08MB1187.eurprd08.prod.outlook.com>
May 26 12:46:47 svgwma-kopa-02 postfix/qmgr[23017]: 5E115320DFE: from=<MyEMailaddress@hotmail.com>, size=7069, nrcpt=1 (queue active)
May 26 12:46:47 svgwma-kopa-02 postfix/smtpd[23055]: disconnect from localhost6.localdomain6[::1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May 26 12:46:50 svgwma-kopa-02 postfix/smtp[23059]: 5E115320DFE: to=<Emailkopanouser@domain.ch>, relay=mail.XXXX.ch[213.239.XXX.XXX]:25, delay=3, delays=0.$
May 26 12:46:50 svgwma-kopa-02 postfix/qmgr[23017]: 5E115320DFE: removed

Why is the last line:
May 26 12:46:50 svgwma-kopa-02 postfix/qmgr[23017]: 5E115320DFE: removed <— Removed! My message???

Gerald

The mail is removed because it was delivered to mail.XXXX.ch[213.239.XX.XXX]. If this is not your Kopano server, something is wrong here. Perhaps postfix does not think it is responsible for this domain. Also, why is postfix involved here? If you use fetchmail to get mail and send that to kopano-dagent, postfix should not be involved ?!?

hispeed

I really don’t know why postfix is now involved for recieving mails. Maybe this is a question for Felix?

Here is my actual config from postfix:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination
myhostname = svgwma-kopa-02.mysubdomain.topleveldomain.com
mydomain = mydomain.me
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_transport = lmtp:[localhost]:2003
# virtual_mailbox_domains = /etc/kopano/postfix/vdomains
# virtual_alias_maps = hash:/etc/kopano/postfix/valiases
mydestination = $myhostname, svgwma-kopa-02, localhost.localdomain, localhost
# relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtp_host_lookup = dns, native
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
message_size_limit = 52428800

#Hinzugefuegt am 24.05.2018 von alter Zarafa Konfiguration

smtpd_client_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
delay_warning_time = 4h
smtpd_helo_required = yes
#unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtpd_sender_restrictions = reject_unknown_address
#relayhosting from provider when running dynamic IP; now we need sasl_auth
# relayhost = smtp.example.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_enforce_peername = no
smtpd_tls_security_level = may
smtp_helo_timeout = 120s

Here is mail fetchmail config:

#.fetchmailrc
set postmaster hispeed@mydomain.ch
# set no bouncemail
set no softbounce
# accounts
poll server.login-12.hoststar.ch bad-header accept proto imap user loginuser pass password is hispeed@mydomain.ch nokeep fetchall ssl

Right now Fetchmail is showing me that the message is flushed.
I don’t recieve any mails in Kopano. In mail.log I recieve this:

May 27 19:52:41 svgwma-kopa-02 postfix/smtpd[30766]: connect from localhost6.localdomain6[::1]
May 27 19:52:41 svgwma-kopa-02 postfix/smtpd[30766]: 8617A320E75: client=localhost6.localdomain6[::1]
May 27 19:52:41 svgwma-kopa-02 postfix/cleanup[30769]: 8617A320E75: message-id=<DB5PR08MB119103B83CE312DEB6C608DEFB6F0@DB5PR08MB1191.eurprd08.prod.outlook.com>
May 27 19:52:41 svgwma-kopa-02 postfix/qmgr[30459]: 8617A320E75: from=<myemailtestsender@hotmail.com>, size=7071, nrcpt=1 (queue active)
May 27 19:52:41 svgwma-kopa-02 postfix/smtpd[30766]: 9E8DF320E76: client=localhost6.localdomain6[::1]
May 27 19:52:41 svgwma-kopa-02 postfix/cleanup[30769]: 9E8DF320E76: message-id=<DB5PR08MB11917FBDB3ECAEC234C9F1F3FB6F0@DB5PR08MB1191.eurprd08.prod.outlook.com>
May 27 19:52:41 svgwma-kopa-02 postfix/qmgr[30459]: 9E8DF320E76: from=<myemailtestsender@hotmail.com>, size=7065, nrcpt=1 (queue active)
May 27 19:52:41 svgwma-kopa-02 postfix/smtpd[30766]: disconnect from localhost6.localdomain6[::1] ehlo=1 mail=2 rcpt=2 data=2 quit=1 commands=8
May 27 19:52:45 svgwma-kopa-02 postfix/smtp[30770]: 8617A320E75: to=<mykopanolocaluser@mytopleveldomain.ch>, relay=mail.externalmailserver.ch[XXX.XXX.213.233]:25, delay=3.6, delays=$
May 27 19:52:45 svgwma-kopa-02 postfix/qmgr[30459]: 8617A320E75: removed
May 27 19:52:45 svgwma-kopa-02 postfix/smtp[30771]: 9E8DF320E76: to=<mykopanolocaluser@mytopleveldomain.ch>, relay=mail.externalmailserver.ch[XX.2XXX.213.233]:25, delay=3.6, delays=$
May 27 19:52:45 svgwma-kopa-02 postfix/qmgr[30459]: 9E8DF320E76: removed

Thanks for any help.

hispeed

I have now the configuration in Fetchmail from Gerald but unfortunately i recieve this:

1 message for USERNAME at webXXX.login-12.hoststar.ch (6689 octets).
fetchmail: MDA returned nonzero status 75
reading message webXXXX@webXXX.login-12.hoststar.ch:1 of 1 (6689 octets) not flushed

My questions do I need perl for Fetchmail? Something is probably wrong in the config but which config?
I don’t get more output from Fetchmail.

martimcfly

@hispeed Hej hispeed! Maybe this is something for you?

I created a distribution for ARMv7 (RaspberryPi, Odroid) serving all your wishes. Packages for x64 are going to be build after testing.

It brings all configuration files and a customized Postfixadmin (managing Kopano and Postfix simultaneously) you can create a standalone mailserver or one which is sending with smarthost (User- or Domainwide) at the same time. Fetchmail is working, too.

The installscripts create the ready and running server. All together your done in about 15 minutes.

Introduction (Zarafa based)
https://pietma.com/zarafa-packages-for-arch-linux-arm/
https://pietma.com/zarafa-and-postfix-management/

KOPANO BUILD
https://pietma.com/run-and-access-zarafa/#comment-1973

Current image with Kopano 8.6.1
https://repository.pietma.com/nexus/content/sites/archlinux/os/prepared-kopano/

Marti

hispeed

Thanks for your post martimcfly. Actually I have a Odroid-C1 but I use it for something different. So I will need the X64 image. But I hope I can get it running on Ubuntu but if don’t get it work I will try your image as soon as it’s available for my platform based on esxi 6.5.