Concept configuration of Postfix with Smarthosts



  • Hi,

    With verbose I recieve this:

    fetchmail@svgwma-kopa-02:~$ fetchmail -f fetchmail-accounts
    Sat Jun  2 07:43:32 2018: [info   ] Coredump status left at system default.
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient binding socket
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient bound socket to /tmp/.32877d08a35722c.sock
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] Submit thread started
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient thread started
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] PYTHONPATH = /usr/share/kopano-dagent/python
    Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python type: (null)
    Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python error: No module named MAPI
    Sat Jun  2 07:43:32 2018: [11417] [crit   ] K-1732: Unable to initialize the dagent plugin manager: Unknown error code (1).
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminating
    Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminated
    

    I will check if I can update Kopano and test again…

    EDIT 1:

    I download via wget the newest kopano-core and then made the package and installed it.
    This worked fine so far. After the installation the system user on Ubuntu 18.04 had a new Password <- why?

    Now when I want to login via Webapp I recieve this error:

    Unknown MAPI Error: MAPI_E_NOT_FOUND

    When I make this: kopano-admin --create-store hispeed

    Then I recieve:

    kopano-admin: relocation error: kopano-admin: symbol _ZN2KC21GetAutoAcceptSettingsEP9IMsgStorePbS2_S2_S2_ version KC_8.6.80 not defined in file libmapi.so.1 with link time reference
    

    It’s getting worser from day to day ;=)…



  • Yes yes yes…

    I don’t believe it I can now recieve. I updated the whole Ubuntu and restartet. Then I had to change something in the config from Kopano. Attachament stored as File (I made there a change earlier). I’m sure I can switch that to database later.
    Restarting everything and now I can recieve e-mails.

    Thanks so far for everyone. There are still a few questions open like: why the kopano user gets a new password after update?

    Now I have to figure out how I can send E-mails… For this I’m going to use postfix.

    Postfix i’m back in trouble :D! Yes something is wrong in my postfix configuration.

    Jun  3 16:20:58 svgwma-kopa-02 kopano-server[2270]: message repeated 9 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
    Jun  3 16:21:01 svgwma-kopa-02 postfix/pickup[10947]: A6A46320DFE: uid=0 from=<root>
    Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: A6A46320DFE: message-id=<20180603162101.A6A46320DFE@svgwma-kopa-02.mydomain.me>
    Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
    Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
    Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: A6A46320DFE: to=<root@mydomain.me>, orig_to=<root>, relay=localhost[::1]:2003, delay=0.18, delays=0.03/0.01/0.06/0.07, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
    Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: CE28C320DFF: message-id=<20180603162101.CE28C320DFF@svgwma-kopa-02.mydomain.me>
    Jun  3 16:21:01 svgwma-kopa-02 postfix/bounce[10962]: A6A46320DFE: sender non-delivery notification: CE28C320DFF
    Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: from=<>, size=2791, nrcpt=1 (queue active)
    Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: removed
    Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
    Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: CE28C320DFF: to=<root@mydomain.me>, relay=localhost[::1]:2003, delay=0.11, delays=0.01/0/0.06/0.05, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
    Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: removed
    
    

    EDIT: 3
    Gerald or someone else:

    Do you have a sample of the postfix configuration?



  • @hispeed let me know when you need advice



  • Postfix offers SMTPUTF8 support, kopano LMTP not.
    Set in postfix smtputf8_enable = no restart postfix and its fixed. ;-)



  • Hi martimcfly,

    Yes I need help. My configuration looks like that at the moment:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    compatibility_level = 2
    
    mydomain = mydomain.me
    myorigin = $mydomain
    mynetworks = 127.0.0.0/8, [::1]/128
    smtp_host_lookup = dns, native
    
    mailbox_size_limit = 0
    message_size_limit = 52428800
    
    delay_warning_time = 4h
    unknown_local_recipient_reject_code = 450
    maximal_queue_lifetime = 7d
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    
    # header_checks = regexp:/etc/kopano/postfix/header_checks
    # body_checks = regexp:/etc/kopano/postfix/body_checks
    
    alias_maps = hash:/etc/aliases
    virtual_alias_maps = hash:/etc/kopano/postfix/valiases
    
    virtual_mailbox_domains = /etc/kopano/postfix/vdomains
    virtual_transport = lmtp:localhost:2003
    
    smtpd_banner = $myorigin ESMTP
    smtpd_helo_required = yes
    smtpd_client_restrictions = permit_mynetworks
    smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
    smtpd_sender_restrictions = reject_unknown_address
    smtpd_recipient_limit = 16
    smtpd_soft_error_limit = 3
    smtpd_hard_error_limit = 12
    
    smtp_tls_security_level = may
    smtp_sasl_auth_enable = yes
    smtp_sender_dependent_authentication = yes
    smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
    sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
    smtp_use_tls = yes
    smtp_tls_enforce_peername = no
    smtp_sasl_security_options = noanonymous
    smtp_helo_timeout = 120s
    
    # Korrekturen
    smtputf8_autodetect_classes = verify
    

    I need to use this two lines or something similar:

    smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
    sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
    

    With this config it doesn’t work. Postfix keeps telling me that the user doesn’t exist in Kopano. But I have created a user with this e-mail.

    Thanks for your ideas…



  • Have you even tried what i did say… :-/

    Your logs show:
    host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME

    kopano-lmtp does NOT support SMTPUTF8 and you mail is rejected.

    What you see in your logs is correct.

    https://forum.kopano.io/topic/1262/kopano-smtputf8-support
    Already reported this some time ago.



  • and about you postfix config. this part needs serious fixing, this is not ok.

    smtpd_helo_required = yes
    smtpd_client_restrictions = permit_mynetworks
    smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
    smtpd_sender_restrictions = reject_unknown_address
    

    I suggest and this is a verified config by the postfix list.
    i have more but this is a working setup

    smtpd_delay_reject = yes
    
    # Obey the RFC's. any hostname should have an A and/or MX and/or PTR ( or resolvable CNAME ) 
    # see RFC https://tools.ietf.org/html/rfc2821#section-2.3.4  and 2.3.5 
    smtpd_client_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_hostname,
        reject_unknown_hostname,
        reject_invalid_hostname,
        reject_unauth_pipelining
    
    smtpd_helo_required = yes
    smtpd_helo_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        reject_unauth_pipelining
    
    smtpd_sender_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_address,
        reject_unauth_pipelining
    
    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_recipient,
        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
        reject_unknown_recipient_domain,
        reject_multi_recipient_bounce,
        reject_unlisted_recipient,
        reject_unverified_recipient
    
    smtpd_relay_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
        reject_multi_recipient_bounce,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_invalid_helo_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        defer_unauth_destination
    ##
    smtpd_data_restrictions =
        reject_unauth_pipelining,
        reject_multi_recipient_bounce
    ##
    smtpd_etrn_restrictions =
        permit_mynetworks,
        reject
    

    Now, your internet ready.



  • @thctlo yes this does fix this error if I add this line. But still there are some other issues.

    @martimcfly I have copied now your configuration. How do I now create the check_recipient_access-allow.map?
    Where do I define the passwords and login data for my different mail accounts?

    At the moment I get this error:

    Jun  4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on "file:///var/run/kopano/search.sock"
    Jun  4 17:53:25 svgwma-kopa-02 kopano-server[12291]: message repeated 5 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
    Jun  4 17:54:01 svgwma-kopa-02 postfix/pickup[26277]: D3277320E04: uid=0 from=<root>
    Jun  4 17:54:01 svgwma-kopa-02 postfix/cleanup[26505]: D3277320E04: message-id=<20180604175401.D3277320E04@svgwma-kopa-02.localdomain>
    Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: from=<root@svgwma-kopa-02.localdomain>, size=757, nrcpt=1 (queue active)
    Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
    Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: D3277320E04: to=<root@svgwma-kopa-02.localdomain>, orig_to=<root>, relay=local, delay=0.06, delays=0.02/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
    Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: removed
    

    EDIT:
    @fbartels Can you help me with this: Jun 4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on “file:///var/run/kopano/search.sock” ?
    -> This is solved with: Search Socket Error

    On the images you see my old Zarafa config, which is running right now. This works fine for me. Maybe there’s a security risk somewhere I don’t know. First I need to create that on Kopano and then I can add security.

    0_1528135898230_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix.jpg
    1_1528135898231_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix_2.jpg

    Update:
    SSL self-signed = Is working
    Z-Push 2.4.2 = Is working with Ubuntu 18.04 (No official build I took: 16.04 version)
    Deskapp = Is working
    Cron Job for Fetchmail = Is working

    To do:
    Send E-Mails ;=)



  • Sorry to disturb everyone again…

    I’m still workin on my postfix configuration. I can’t send e-mails I get at the moment this error:

    Jun  6 19:30:01 svgwma-kopa-02 postfix/cleanup[3494]: 9A8FD320E71: message-id=<20180606193001.9A8FD320E71@svgwma-kopa-02.mydomain.me>
    Jun  6 19:30:01 svgwma-kopa-02 postfix/qmgr[3482]: 9A8FD320E71: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
    Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: connect to 127.0.0.1[127.0.0.1]:2003: Connection refused
    Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: 9A8FD320E71: to=<root@mydomain.me>, orig_to=<root>, relay=none, delay=0.03, delays=0.02/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2003: Connection refused)
    

    Maybe I have to configure something in the master.cf? I have added there some lines which I have in my Synology set-up. Unfortunately I doesn’t help.

    nano /etc/postfix/master.cf

    # From Synology / Zarafa4h Docker Image Configuration
    smtp-amavis     unix    -       -       -       -       2       smtp
      -o smtp_data_done_timeout=1200
      -o smtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
      -o max_use=20
    
    127.0.0.1:10025 inet n  -       -       -       -       smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o relay_recipient_maps=
      -o smtpd_restriction_classes=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_data_restrictions=reject_unauth_pipelining
    

    Postfix config:

    # Set compatibility level 2 because we don't want to use old configurations
    compatibility_level = 2
    
    # Domain and network settings
    mydomain = mydomain.me
    myorigin = $mydomain
    mynetworks = 127.0.0.0/8, [::1]/128
    
    # Mailbox limits
    mailbox_size_limit = 0
    message_size_limit = 52428800
    
    # Various settings
    delay_warning_time = 3h
    unknown_local_recipient_reject_code = 450
    maximal_queue_lifetime = 5d
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    
    # Header and Body Checks
    # header_checks = regexp:/etc/kopano/postfix/header_checks
    # body_checks = regexp:/etc/kopano/postfix/body_checks
    
    # Alias maps and virtual aliases
    alias_maps = hash:/etc/aliases
    virtual_alias_maps = hash:/etc/kopano/postfix/valiases
    virtual_mailbox_domains = /etc/kopano/postfix/vdomains
    virtual_transport = lmtp:localhost:2003
    
    # smtp settings
    smtpd_banner = $myorigin ESMTP
    smtpd_delay_reject = yes
    smtputf8_enable = no 
    smtp_host_lookup = dns, native
    smtpd_recipient_limit = 16
    smtpd_soft_error_limit = 3
    smtpd_hard_error_limit = 12
    smtp_tls_security_level = may
    smtp_sasl_auth_enable = yes
    smtp_sender_dependent_authentication = yes
    smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
    sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
    smtp_use_tls = yes
    smtp_tls_enforce_peername = no
    smtp_sasl_security_options = noanonymous
    smtp_helo_timeout = 120s
    
    smtpd_client_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_hostname,
        reject_unknown_hostname,
        reject_invalid_hostname,
        reject_unauth_pipelining
    
    smtpd_helo_required = yes
    
    smtpd_helo_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        reject_unauth_pipelining
    
    smtpd_sender_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_address,
        reject_unauth_pipelining
    
    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_non_fqdn_recipient,
        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
        reject_unknown_recipient_domain,
        reject_multi_recipient_bounce,
        reject_unlisted_recipient,
        reject_unverified_recipient
    
    smtpd_relay_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
        reject_multi_recipient_bounce,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_invalid_helo_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        defer_unauth_destination
    
    smtpd_data_restrictions =
        reject_unauth_pipelining,
        reject_multi_recipient_bounce
    
    smtpd_etrn_restrictions =
        permit_mynetworks,
        reject
    


  • @hispeed

    Hey Highspeed,

    I’m sorry for my absence. I was much to busy with construction work.

    Passwords are checked against Kopanos imap service. For this I use the saslauthd service. Postfix does its login checks saslauthd. You can find the configuration in github, too.

    # /etc/sasl/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: plain login
    

    https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/blob/kopano/doc/pietma/configs/postfix/main.cf

    # /etc/postfix/main.cf
    
    # kopano gateway authentification before accepting relay
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_path = smtpd
    broken_sasl_auth_clients = yes
    

    The e-mail adresses (Mailboxes, Aliases) are checked against postifxadmin. Changes to Mailbox accounts are transfered to Kopano by a services which does poll the postfixadmin changelog.

    Postifx is configured to check all e-mail adresses against the postfixadmin database. It executes predefined SQL statements…
    https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/tree/kopano/doc/example-config/postfix

    # /etc/postfix/main.cf
    
    virtual_mailbox_domains = 
        proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/domain_domain_to_domain.mysql
    
    virtual_mailbox_maps = 
        proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/mailbox_username_to_username.mysql
    
    virtual_alias_maps = 
        proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/alias_address_to_goto.mysql,
        proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/aliasdomain_at-aliasdomain_to_at-targetdomain.mysql
    
    

    If you like, you could do the address checks directly against the kopano database.

    I hope to find the setting for notifcations here.

    Marti


Log in to reply