Kopano SMTPS SASL Authentication



  • hi guys,

    is it possible to activate SMTPS SASL Authentication for postfix with the users + passwords from the kopano database?

    My distribution is ubuntu 18.04.


  • Kopano



  • @fbartels

    Problem seems to be Postfix do not listen on SMTP Ports 25, 465 or 587.

    inet_interfaces in main.cf are set to all.

    Result of netstat -an | less

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:236             0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
    tcp        0    144 164.25.200.241:22       164.25.200.18:50181     ESTABLISHED
    tcp6       0      0 :::995                  :::*                    LISTEN
    tcp6       0      0 ::1:10024               :::*                    LISTEN
    tcp6       0      0 :::110                  :::*                    LISTEN
    tcp6       0      0 :::143                  :::*                    LISTEN
    tcp6       0      0 ::1:783                 :::*                    LISTEN
    tcp6       0      0 :::80                   :::*                    LISTEN
    tcp6       0      0 :::10000                :::*                    LISTEN
    tcp6       0      0 :::8080                 :::*                    LISTEN
    tcp6       0      0 :::22                   :::*                    LISTEN
    tcp6       0      0 :::443                  :::*                    LISTEN
    tcp6       0      0 164.25.200.241:443      164.25.200.18:50145     ESTABLISHED
    udp        0      0 0.0.0.0:10000           0.0.0.0:*
    udp      768      0 127.0.0.53:53           0.0.0.0:*
    raw6       0      0 :::58                   :::*                    7
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  2      [ ]         DGRAM                    31751    /run/user/1000/systemd/notify
    unix  2      [ ACC ]     SEQPACKET  LISTENING     16083    /run/udev/control
    unix  2      [ ACC ]     STREAM     LISTENING     31754    /run/user/1000/systemd/private
    unix  2      [ ACC ]     STREAM     LISTENING     31758    /run/user/1000/gnupg/S.gpg-agent.browser
    unix  2      [ ACC ]     STREAM     LISTENING     31759    /run/user/1000/gnupg/S.gpg-agent.extra
    unix  2      [ ACC ]     STREAM     LISTENING     31760    /run/user/1000/gnupg/S.dirmngr
    unix  2      [ ACC ]     STREAM     LISTENING     24211    /var/snap/canonical-livepatch/41/livepatchd.sock
    unix  2      [ ACC ]     STREAM     LISTENING     31761    /run/user/1000/gnupg/S.gpg-agent.ssh
    unix  2      [ ACC ]     STREAM     LISTENING     31762    /run/user/1000/gnupg/S.gpg-agent
    unix  2      [ ACC ]     STREAM     LISTENING     29070    /var/run/sendmail/mta/smcontrol
    unix  2      [ ACC ]     STREAM     LISTENING     27741    /var/spool/postfix/var/run/saslauthd/mux
    unix  2      [ ACC ]     STREAM     LISTENING     24449    /var/run/clamav/clamd.ctl
    unix  2      [ ]         DGRAM                    20102    /tmp/.57c076d2f7c74cb.sock
    unix  2      [ ACC ]     STREAM     LISTENING     18163    /var/lib/lxd/unix.socket
    unix  2      [ ACC ]     STREAM     LISTENING     20871    @irqbalance1390.sock
    unix  3      [ ]         DGRAM                    2469     /run/systemd/notify
    unix  2      [ ACC ]     STREAM     LISTENING     18047    /run/mdadm/md127.sock
    unix  2      [ ACC ]     STREAM     LISTENING     2472     /run/systemd/private
    unix  2      [ ACC ]     STREAM     LISTENING     16081    /run/lvm/lvmpolld.socket
    unix  2      [ ACC ]     STREAM     LISTENING     17398    /run/snapd.socket
    unix  2      [ ACC ]     STREAM     LISTENING     1574     /run/systemd/journal/stdout
    unix  9      [ ]         DGRAM                    1576     /run/systemd/journal/socket
    unix  2      [ ACC ]     STREAM     LISTENING     16195    /run/systemd/fsck.progress
    unix  2      [ ACC ]     STREAM     LISTENING     18165    /var/run/dbus/system_bus_socket
    unix  18     [ ]         DGRAM                    2566     /run/systemd/journal/dev-log
    

    Master.cf of postfix

    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    #smtp      inet  n       -       y       -       -       smtpd
    smtp      inet  n       -       n       -       1       postscreen
    smtpd     pass  -       -       n       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    submission inet n       -       n       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       n       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING```


  • I detect there is a conflict with sendmail MTA.

    I remove them and now there is following output from netstat:

     root@exchange:~# sudo netstat -plntu
         
         Active Internet connections (only servers)
         
         Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
         
         tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      2312/amavisd-new (m
         
         tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1843/mysqld
         
         tcp        0      0 0.0.0.0:236             0.0.0.0:*               LISTEN      1956/kopano-server
         
         tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      1231/spamd.pid --cr
         
         tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1927/perl
         
         tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      1569/python2
         
         tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      1151/systemd-resolv
         
         tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1888/sshd
         
         tcp6       0      0 :::995                  :::*                    LISTEN      1541/kopano-gateway
         
         tcp6       0      0 ::1:10024               :::*                    LISTEN      2312/amavisd-new (m
         
         tcp6       0      0 :::110                  :::*                    LISTEN      1541/kopano-gateway
         
         tcp6       0      0 :::143                  :::*                    LISTEN      1541/kopano-gateway
         
         tcp6       0      0 ::1:783                 :::*                    LISTEN      1231/spamd.pid --cr
         
         tcp6       0      0 :::80                   :::*                    LISTEN      2051/apache2
         
         tcp6       0      0 :::10000                :::*                    LISTEN      1927/perl
         
         tcp6       0      0 :::8080                 :::*                    LISTEN      1201/kopano-ical
         
         tcp6       0      0 :::22                   :::*                    LISTEN      1888/sshd
         
         tcp6       0      0 :::443                  :::*                    LISTEN      2051/apache2
         
         udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1927/perl
         
         udp    47616      0 127.0.0.53:53           0.0.0.0:*                           1151/systemd-resolv


  • Reinstalled Postfix and the Problem is solved.



  • Now i get these error:

    warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
    

    I configured all like the tutorial from zarafa (linked from fbartels).



  • Added the feature IMAP to the user and now it works.


Log in to reply