Kopano SMTPS SASL Authentication

hi guys,

is it possible to activate SMTPS SASL Authentication for postfix with the users + passwords from the kopano database?

My distribution is ubuntu 18.04.

@fbartels

Problem seems to be Postfix do not listen on SMTP Ports 25, 465 or 587.

inet_interfaces in main.cf are set to all.

Result of netstat -an | less

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:236             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0    144 164.25.200.241:22       164.25.200.18:50181     ESTABLISHED
tcp6       0      0 :::995                  :::*                    LISTEN
tcp6       0      0 ::1:10024               :::*                    LISTEN
tcp6       0      0 :::110                  :::*                    LISTEN
tcp6       0      0 :::143                  :::*                    LISTEN
tcp6       0      0 ::1:783                 :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::10000                :::*                    LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::443                  :::*                    LISTEN
tcp6       0      0 164.25.200.241:443      164.25.200.18:50145     ESTABLISHED
udp        0      0 0.0.0.0:10000           0.0.0.0:*
udp      768      0 127.0.0.53:53           0.0.0.0:*
raw6       0      0 :::58                   :::*                    7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    31751    /run/user/1000/systemd/notify
unix  2      [ ACC ]     SEQPACKET  LISTENING     16083    /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     31754    /run/user/1000/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     31758    /run/user/1000/gnupg/S.gpg-agent.browser
unix  2      [ ACC ]     STREAM     LISTENING     31759    /run/user/1000/gnupg/S.gpg-agent.extra
unix  2      [ ACC ]     STREAM     LISTENING     31760    /run/user/1000/gnupg/S.dirmngr
unix  2      [ ACC ]     STREAM     LISTENING     24211    /var/snap/canonical-livepatch/41/livepatchd.sock
unix  2      [ ACC ]     STREAM     LISTENING     31761    /run/user/1000/gnupg/S.gpg-agent.ssh
unix  2      [ ACC ]     STREAM     LISTENING     31762    /run/user/1000/gnupg/S.gpg-agent
unix  2      [ ACC ]     STREAM     LISTENING     29070    /var/run/sendmail/mta/smcontrol
unix  2      [ ACC ]     STREAM     LISTENING     27741    /var/spool/postfix/var/run/saslauthd/mux
unix  2      [ ACC ]     STREAM     LISTENING     24449    /var/run/clamav/clamd.ctl
unix  2      [ ]         DGRAM                    20102    /tmp/.57c076d2f7c74cb.sock
unix  2      [ ACC ]     STREAM     LISTENING     18163    /var/lib/lxd/unix.socket
unix  2      [ ACC ]     STREAM     LISTENING     20871    @irqbalance1390.sock
unix  3      [ ]         DGRAM                    2469     /run/systemd/notify
unix  2      [ ACC ]     STREAM     LISTENING     18047    /run/mdadm/md127.sock
unix  2      [ ACC ]     STREAM     LISTENING     2472     /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     16081    /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     17398    /run/snapd.socket
unix  2      [ ACC ]     STREAM     LISTENING     1574     /run/systemd/journal/stdout
unix  9      [ ]         DGRAM                    1576     /run/systemd/journal/socket
unix  2      [ ACC ]     STREAM     LISTENING     16195    /run/systemd/fsck.progress
unix  2      [ ACC ]     STREAM     LISTENING     18165    /var/run/dbus/system_bus_socket
unix  18     [ ]         DGRAM                    2566     /run/systemd/journal/dev-log

Master.cf of postfix

# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
#smtp      inet  n       -       y       -       -       smtpd
smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING```

I detect there is a conflict with sendmail MTA.

I remove them and now there is following output from netstat:

 root@exchange:~# sudo netstat -plntu
     
     Active Internet connections (only servers)
     
     Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
     
     tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      2312/amavisd-new (m
     
     tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1843/mysqld
     
     tcp        0      0 0.0.0.0:236             0.0.0.0:*               LISTEN      1956/kopano-server
     
     tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      1231/spamd.pid --cr
     
     tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1927/perl
     
     tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      1569/python2
     
     tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      1151/systemd-resolv
     
     tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1888/sshd
     
     tcp6       0      0 :::995                  :::*                    LISTEN      1541/kopano-gateway
     
     tcp6       0      0 ::1:10024               :::*                    LISTEN      2312/amavisd-new (m
     
     tcp6       0      0 :::110                  :::*                    LISTEN      1541/kopano-gateway
     
     tcp6       0      0 :::143                  :::*                    LISTEN      1541/kopano-gateway
     
     tcp6       0      0 ::1:783                 :::*                    LISTEN      1231/spamd.pid --cr
     
     tcp6       0      0 :::80                   :::*                    LISTEN      2051/apache2
     
     tcp6       0      0 :::10000                :::*                    LISTEN      1927/perl
     
     tcp6       0      0 :::8080                 :::*                    LISTEN      1201/kopano-ical
     
     tcp6       0      0 :::22                   :::*                    LISTEN      1888/sshd
     
     tcp6       0      0 :::443                  :::*                    LISTEN      2051/apache2
     
     udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1927/perl
     
     udp    47616      0 127.0.0.53:53           0.0.0.0:*                           1151/systemd-resolv

Reinstalled Postfix and the Problem is solved.

Now i get these error:

warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure

I configured all like the tutorial from zarafa (linked from fbartels).

Added the feature IMAP to the user and now it works.