Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Concept configuration of Postfix with Smarthosts

    General Discussion
    5
    39
    7271
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hispeed
      hispeed last edited by hispeed

      Hi,

      With verbose I recieve this:

      fetchmail@svgwma-kopa-02:~$ fetchmail -f fetchmail-accounts
Sat Jun  2 07:43:32 2018: [info   ] Coredump status left at system default.
Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient binding socket
Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient bound socket to /tmp/.32877d08a35722c.sock
Sat Jun  2 07:43:32 2018: [11417] [debug  ] Submit thread started
Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient thread started
Sat Jun  2 07:43:32 2018: [11417] [debug  ] PYTHONPATH = /usr/share/kopano-dagent/python
Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python type: (null)
Sat Jun  2 07:43:32 2018: [11417] [error  ]   Python error: No module named MAPI
Sat Jun  2 07:43:32 2018: [11417] [crit   ] K-1732: Unable to initialize the dagent plugin manager: Unknown error code (1).
Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminating
Sat Jun  2 07:43:32 2018: [11417] [debug  ] StatsClient terminated

      I will check if I can update Kopano and test again…

      EDIT 1:

      I download via wget the newest kopano-core and then made the package and installed it.
      This worked fine so far. After the installation the system user on Ubuntu 18.04 had a new Password <- why?

      Now when I want to login via Webapp I recieve this error:

      Unknown MAPI Error: MAPI_E_NOT_FOUND

      When I make this: kopano-admin --create-store hispeed

      Then I recieve:

      kopano-admin: relocation error: kopano-admin: symbol _ZN2KC21GetAutoAcceptSettingsEP9IMsgStorePbS2_S2_S2_ version KC_8.6.80 not defined in file libmapi.so.1 with link time reference

      It’s getting worser from day to day ;=)…

      1 Reply Last reply Reply Quote 0
      • hispeed
        hispeed last edited by hispeed

        Yes yes yes…

        I don’t believe it I can now recieve. I updated the whole Ubuntu and restartet. Then I had to change something in the config from Kopano. Attachament stored as File (I made there a change earlier). I’m sure I can switch that to database later.
        Restarting everything and now I can recieve e-mails.

        Thanks so far for everyone. There are still a few questions open like: why the kopano user gets a new password after update?

        Now I have to figure out how I can send E-mails… For this I’m going to use postfix.

        Postfix i’m back in trouble :D! Yes something is wrong in my postfix configuration.

        Jun  3 16:20:58 svgwma-kopa-02 kopano-server[2270]: message repeated 9 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
Jun  3 16:21:01 svgwma-kopa-02 postfix/pickup[10947]: A6A46320DFE: uid=0 from=<root>
Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: A6A46320DFE: message-id=<20180603162101.A6A46320DFE@svgwma-kopa-02.mydomain.me>
Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: A6A46320DFE: to=<root@mydomain.me>, orig_to=<root>, relay=localhost[::1]:2003, delay=0.18, delays=0.03/0.01/0.06/0.07, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
Jun  3 16:21:01 svgwma-kopa-02 postfix/cleanup[10957]: CE28C320DFF: message-id=<20180603162101.CE28C320DFF@svgwma-kopa-02.mydomain.me>
Jun  3 16:21:01 svgwma-kopa-02 postfix/bounce[10962]: A6A46320DFE: sender non-delivery notification: CE28C320DFF
Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: from=<>, size=2791, nrcpt=1 (queue active)
Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: A6A46320DFE: removed
Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME
Jun  3 16:21:01 svgwma-kopa-02 postfix/lmtp[10959]: CE28C320DFF: to=<root@mydomain.me>, relay=localhost[::1]:2003, delay=0.11, delays=0.01/0/0.06/0.05, dsn=5.1.1, status=bounced (host localhost[::1] said: 503 5.1.1 User does not exist (in reply to RCPT TO command))
Jun  3 16:21:01 svgwma-kopa-02 postfix/qmgr[10948]: CE28C320DFF: removed

        EDIT: 3
        Gerald or someone else:

        Do you have a sample of the postfix configuration?

        1 Reply Last reply Reply Quote 0
        • martimcfly
          martimcfly @hispeed last edited by

          @hispeed let me know when you need advice

          1 Reply Last reply Reply Quote 0
          • thctlo
            thctlo last edited by

            Postfix offers SMTPUTF8 support, kopano LMTP not.
            Set in postfix smtputf8_enable = no restart postfix and its fixed. ;-)

            1 Reply Last reply Reply Quote 0
            • hispeed
              hispeed last edited by

              Hi martimcfly,

              Yes I need help. My configuration looks like that at the moment:

              # See /usr/share/postfix/main.cf.dist for a commented, more complete version

compatibility_level = 2

mydomain = mydomain.me
myorigin = $mydomain
mynetworks = 127.0.0.0/8, [::1]/128
smtp_host_lookup = dns, native

mailbox_size_limit = 0
message_size_limit = 52428800

delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s

# header_checks = regexp:/etc/kopano/postfix/header_checks
# body_checks = regexp:/etc/kopano/postfix/body_checks

alias_maps = hash:/etc/aliases
virtual_alias_maps = hash:/etc/kopano/postfix/valiases

virtual_mailbox_domains = /etc/kopano/postfix/vdomains
virtual_transport = lmtp:localhost:2003

smtpd_banner = $myorigin ESMTP
smtpd_helo_required = yes
smtpd_client_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
smtpd_sender_restrictions = reject_unknown_address
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12

smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
smtp_use_tls = yes
smtp_tls_enforce_peername = no
smtp_sasl_security_options = noanonymous
smtp_helo_timeout = 120s

# Korrekturen
smtputf8_autodetect_classes = verify

              I need to use this two lines or something similar:

              smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay

              With this config it doesn’t work. Postfix keeps telling me that the user doesn’t exist in Kopano. But I have created a user with this e-mail.

              Thanks for your ideas…

              1 Reply Last reply Reply Quote 0
              • thctlo
                thctlo last edited by

                Have you even tried what i did say… :-/

                Your logs show:
                host localhost[::1] offers SMTPUTF8 support, but not 8BITMIME

                kopano-lmtp does NOT support SMTPUTF8 and you mail is rejected.

                What you see in your logs is correct.

                https://forum.kopano.io/topic/1262/kopano-smtputf8-support
                Already reported this some time ago.

                1 Reply Last reply Reply Quote 0
                • thctlo
                  thctlo last edited by thctlo

                  and about you postfix config. this part needs serious fixing, this is not ok.

                  smtpd_helo_required = yes
smtpd_client_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_destination reject_unknown_recipient_domain
smtpd_sender_restrictions = reject_unknown_address

                  I suggest and this is a verified config by the postfix list.
                  i have more but this is a working setup

                  smtpd_delay_reject = yes

# Obey the RFC's. any hostname should have an A and/or MX and/or PTR ( or resolvable CNAME ) 
# see RFC https://tools.ietf.org/html/rfc2821#section-2.3.4  and 2.3.5 
smtpd_client_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_hostname,
    reject_unknown_hostname,
    reject_invalid_hostname,
    reject_unauth_pipelining

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    reject_unauth_pipelining

smtpd_sender_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_unknown_address,
    reject_unauth_pipelining

smtpd_recipient_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_recipient,
    check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
    reject_unknown_recipient_domain,
    reject_multi_recipient_bounce,
    reject_unlisted_recipient,
    reject_unverified_recipient

smtpd_relay_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
    reject_multi_recipient_bounce,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    reject_invalid_helo_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    defer_unauth_destination
##
smtpd_data_restrictions =
    reject_unauth_pipelining,
    reject_multi_recipient_bounce
##
smtpd_etrn_restrictions =
    permit_mynetworks,
    reject

                  Now, your internet ready.

                  1 Reply Last reply Reply Quote 0
                  • hispeed
                    hispeed last edited by hispeed

                    @thctlo yes this does fix this error if I add this line. But still there are some other issues.

                    @martimcfly I have copied now your configuration. How do I now create the check_recipient_access-allow.map?
                    Where do I define the passwords and login data for my different mail accounts?

                    At the moment I get this error:

                    Jun  4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on "file:///var/run/kopano/search.sock"
Jun  4 17:53:25 svgwma-kopa-02 kopano-server[12291]: message repeated 5 times: [ Error while connecting to search on "file:///var/run/kopano/search.sock"]
Jun  4 17:54:01 svgwma-kopa-02 postfix/pickup[26277]: D3277320E04: uid=0 from=<root>
Jun  4 17:54:01 svgwma-kopa-02 postfix/cleanup[26505]: D3277320E04: message-id=<20180604175401.D3277320E04@svgwma-kopa-02.localdomain>
Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: from=<root@svgwma-kopa-02.localdomain>, size=757, nrcpt=1 (queue active)
Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Jun  4 17:54:01 svgwma-kopa-02 postfix/local[26507]: D3277320E04: to=<root@svgwma-kopa-02.localdomain>, orig_to=<root>, relay=local, delay=0.06, delays=0.02/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Jun  4 17:54:01 svgwma-kopa-02 postfix/qmgr[26278]: D3277320E04: removed

                    EDIT:
                    @fbartels Can you help me with this: Jun 4 17:52:35 svgwma-kopa-02 kopano-server[12291]: Error while connecting to search on “file:///var/run/kopano/search.sock” ?
                    -> This is solved with: Search Socket Error

                    On the images you see my old Zarafa config, which is running right now. This works fine for me. Maybe there’s a security risk somewhere I don’t know. First I need to create that on Kopano and then I can add security.

                    0_1528135898230_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix.jpg
                    1_1528135898231_2018-06-04 20_07_56-Titanserver_zarafa_config_postfix_2.jpg

                    Update:
                    SSL self-signed = Is working
                    Z-Push 2.4.2 = Is working with Ubuntu 18.04 (No official build I took: 16.04 version)
                    Deskapp = Is working
                    Cron Job for Fetchmail = Is working

                    To do:
                    Send E-Mails ;=)

                    1 Reply Last reply Reply Quote 0
                    • hispeed
                      hispeed last edited by

                      Sorry to disturb everyone again…

                      I’m still workin on my postfix configuration. I can’t send e-mails I get at the moment this error:

                      Jun  6 19:30:01 svgwma-kopa-02 postfix/cleanup[3494]: 9A8FD320E71: message-id=<20180606193001.9A8FD320E71@svgwma-kopa-02.mydomain.me>
Jun  6 19:30:01 svgwma-kopa-02 postfix/qmgr[3482]: 9A8FD320E71: from=<root@mydomain.me>, size=727, nrcpt=1 (queue active)
Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: connect to 127.0.0.1[127.0.0.1]:2003: Connection refused
Jun  6 19:30:01 svgwma-kopa-02 postfix/lmtp[3496]: 9A8FD320E71: to=<root@mydomain.me>, orig_to=<root>, relay=none, delay=0.03, delays=0.02/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2003: Connection refused)

                      Maybe I have to configure something in the master.cf? I have added there some lines which I have in my Synology set-up. Unfortunately I doesn’t help.

                      nano /etc/postfix/master.cf

                      # From Synology / Zarafa4h Docker Image Configuration
smtp-amavis     unix    -       -       -       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20

127.0.0.1:10025 inet n  -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining

                      Postfix config:

                      # Set compatibility level 2 because we don't want to use old configurations
compatibility_level = 2

# Domain and network settings
mydomain = mydomain.me
myorigin = $mydomain
mynetworks = 127.0.0.0/8, [::1]/128

# Mailbox limits
mailbox_size_limit = 0
message_size_limit = 52428800

# Various settings
delay_warning_time = 3h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 5d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s

# Header and Body Checks
# header_checks = regexp:/etc/kopano/postfix/header_checks
# body_checks = regexp:/etc/kopano/postfix/body_checks

# Alias maps and virtual aliases
alias_maps = hash:/etc/aliases
virtual_alias_maps = hash:/etc/kopano/postfix/valiases
virtual_mailbox_domains = /etc/kopano/postfix/vdomains
virtual_transport = lmtp:localhost:2003

# smtp settings
smtpd_banner = $myorigin ESMTP
smtpd_delay_reject = yes
smtputf8_enable = no 
smtp_host_lookup = dns, native
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/kopano/postfix/sasl_passwd
sender_dependent_relayhost_maps = hash:/etc/kopano/postfix/sender_relay
smtp_use_tls = yes
smtp_tls_enforce_peername = no
smtp_sasl_security_options = noanonymous
smtp_helo_timeout = 120s

smtpd_client_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_hostname,
    reject_unknown_hostname,
    reject_invalid_hostname,
    reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_helo_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    reject_unauth_pipelining

smtpd_sender_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_unknown_address,
    reject_unauth_pipelining

smtpd_recipient_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_recipient,
    check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
    reject_unknown_recipient_domain,
    reject_multi_recipient_bounce,
    reject_unlisted_recipient,
    reject_unverified_recipient

smtpd_relay_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    check_recipient_access hash:/etc/postfix/personal/check_recipient_access-allow.map
    reject_multi_recipient_bounce,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    reject_invalid_helo_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    defer_unauth_destination

smtpd_data_restrictions =
    reject_unauth_pipelining,
    reject_multi_recipient_bounce

smtpd_etrn_restrictions =
    permit_mynetworks,
    reject
                      1 Reply Last reply Reply Quote 0
                      • martimcfly
                        martimcfly last edited by martimcfly

                        @hispeed

                        Hey Highspeed,

                        I’m sorry for my absence. I was much to busy with construction work.

                        Passwords are checked against Kopanos imap service. For this I use the saslauthd service. Postfix does its login checks saslauthd. You can find the configuration in github, too.

                        # /etc/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

                        https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/blob/kopano/doc/pietma/configs/postfix/main.cf

                        # /etc/postfix/main.cf

# kopano gateway authentification before accepting relay
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes

                        The e-mail adresses (Mailboxes, Aliases) are checked against postifxadmin. Changes to Mailbox accounts are transfered to Kopano by a services which does poll the postfixadmin changelog.

                        Postifx is configured to check all e-mail adresses against the postfixadmin database. It executes predefined SQL statements…
                        https://github.com/pietmacom/com-pietma-zarafa-postfixadmin/tree/kopano/doc/example-config/postfix

                        # /etc/postfix/main.cf

virtual_mailbox_domains = 
    proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/domain_domain_to_domain.mysql

virtual_mailbox_maps = 
    proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/mailbox_username_to_username.mysql

virtual_alias_maps = 
    proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/alias_address_to_goto.mysql,
    proxy:mysql:/etc/webapps/kopano-postfixadmin/postfix/aliasdomain_at-aliasdomain_to_at-targetdomain.mysql

                        If you like, you could do the address checks directly against the kopano database.

                        I hope to find the setting for notifcations here.

                        Marti

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post