Spooler unable to connect to SMTP



  • Hi,
    I’m trying to get Kopano up and running on my freshly setup Debian Buster box with packages from the Debian repos. But somehow I can’t send out mail - kopano-spooler is unable to connect to postfix on the same machine.

    Installation went without problems via apt, WebApp can be loaded and used for composing mails, but upon hitting the send button the mails stays in the outbox.

    excerpt from /var/log/kopano/spooler.log:

    Wed Dec 11 20:40:47 2019: [=======] Starting kopano-spooler version 8.7.0 (pid 19665 uid 109)
    Wed Dec 11 20:40:47 2019: [info   ] Coredump status left at system default.
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Kopano Directory Service"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Private Folders"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Public Folders"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Kopano Directory Service"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Private Folders"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Initializing provider "Public Folders"
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] PYTHONPATH = /usr/share/kopano-spooler/python
    Wed Dec 11 20:40:47 2019: [info   ] [19665] * Loading plugins started
    Wed Dec 11 20:40:47 2019: [info   ] [19665] ** Checking plugins in /var/lib/kopano/spooler/plugins
    Wed Dec 11 20:40:47 2019: [info   ] [19665] * Loading plugins done
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Sending e-mail for user $USER, subject: "FW: Undelivered Mail Returned to Sender", si
    ze: 5831
    Wed Dec 11 20:40:47 2019: [info   ] [19665] * PreSending processing started
    Wed Dec 11 20:40:47 2019: [info   ] [19665] * PreSending processing done
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] Sending message with Message-ID: kcis.B50889D7B3094618A0119FBB1CBCA921@mail.fritz.box
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] RCPT TO: user@host
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] SMTP connecting to localhost:25
    Wed Dec 11 20:40:47 2019: [debug  ] [19665] SMTP server connected.
    Wed Dec 11 20:40:49 2019: [debug  ] [19625] Initializing provider "Kopano Directory Service"
    Wed Dec 11 20:40:49 2019: [debug  ] [19625] Initializing provider "Private Folders"
    Wed Dec 11 20:40:50 2019: [debug  ] [19625] Initializing provider "Public Folders"
    Wed Dec 11 20:40:50 2019: [info   ] [19625] Connection to storage server succeeded after 1 retries
    Wed Dec 11 20:40:50 2019: [debug  ] [19625] Number of messages in the queue: 1
    Wed Dec 11 20:40:50 2019: [debug  ] [19625] Messages with delayed delivery: 0
    Wed Dec 11 20:41:50 2019: [debug  ] [19625] Number of messages in the queue: 1
    Wed Dec 11 20:41:50 2019: [debug  ] [19625] Messages with delayed delivery: 0
    Wed Dec 11 20:42:50 2019: [debug  ] [19625] Number of messages in the queue: 1
    Wed Dec 11 20:42:50 2019: [debug  ] [19625] Messages with delayed delivery: 0
    Wed Dec 11 20:43:50 2019: [debug  ] [19625] Number of messages in the queue: 1
    Wed Dec 11 20:43:50 2019: [debug  ] [19625] Messages with delayed delivery: 0
    Wed Dec 11 20:44:50 2019: [debug  ] [19625] Number of messages in the queue: 1
    Wed Dec 11 20:44:50 2019: [debug  ] [19625] Messages with delayed delivery: 0
    Wed Dec 11 20:45:05 2019: [error  ] [19630] Connect to SMTP: Operation timed out.. E-Mail will be tried again later.
    Wed Dec 11 20:45:05 2019: [debug  ] [19630] < QUIT
    

    This is being repeated. The server.log doesn’t contain anything at the same time.

    /etc/postfix/main.cf:

    #Kopano Custom
    virtual_alias_maps = hash:/etc/postfix/aliases                  # Aliase/Weiterleitungen für Postfächer
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf        # Auslesen vorhandener Postfächer
    virtual_transport = lmtp:127.0.0.1:2003                         # Weiterleiten der Mail an Dagent für die Zustellung an das Postfach
    virtual_mailbox_domains = $FQDN                          # Berechtigte Empfangs-Domains```
    
    /etc/postfix/mysql-users.cf:
    

    user = kopano
    password = GEHEIM
    hosts = 127.0.0.1
    dbname = kopanoserver
    query = SELECT value FROM objectproperty where propname = ‘emailaddress’ and value = ‘%s’;```

    MySQL table can be read with the credentials above.

    I’m a bit lost right now and don’t know where to look and how to fix.
    Maybe someone sees what I’m missing?

    Any other info needed in order to help? Please tell me.



  • Firewall?
    runuser -u kopano -- telnet ::1 25



  • the runuser command you gave didn’t succeed - the telnet session is never established.
    Scanning the server from the LAN yields the following:

    PORT     STATE    SERVICE
    22/tcp   open     ssh
    25/tcp   filtered smtp
    80/tcp   open     http
    110/tcp  open     pop3
    143/tcp  open     imap
    443/tcp  open     https
    465/tcp  open     smtps
    587/tcp  open     submission
    2003/tcp open     finger
    8080/tcp open     http-proxy
    9090/tcp open     zeus-admin
    

    Port 9090 is used by cockpit.

    netstat -tulpen | grep 25
    

    on the server shows this:

    tcp        3      0 0.0.0.0:587             0.0.0.0:*               LISTEN      0          155156     25893/master        
    tcp        3      0 0.0.0.0:465             0.0.0.0:*               LISTEN      0          155162     25893/master        
    tcp      101      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          155150     25893/master        
    tcp6       0      0 :::587                  :::*                    LISTEN      0          155157     25893/master        
    tcp6       0      0 :::465                  :::*                    LISTEN      0          155163     25893/master        
    tcp6     101      0 :::25                   :::*                    LISTEN      0          155151     25893/master
    

    The PID is a child of ‘service postfix@- start’

    ● postfix@-.service - Postfix Mail Transport Agent (instance -)
       Loaded: loaded (/lib/systemd/system/postfix@.service; enabled-runtime; vendor preset: enabled)
       Active: active (running) since Tue 2019-12-10 21:59:52 CET; 5 days ago
         Docs: man:postfix(1)
        Tasks: 4 (limit: 4915)
       Memory: 17.4M
       CGroup: /system.slice/system-postfix.slice/postfix@-.service
               ├─ 3035 pickup -l -t unix -u -c
               ├─ 5095 proxymap -t unix -u
               ├─25893 /usr/lib/postfix/sbin/master -w
               └─25895 qmgr -l -t unix -u
    

    The log excerpt from ‘service postfix@- status’ reads:

    Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#"
    Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#"
    Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/cleanup pid 5292 exit status 1
    Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/cleanup: bad command startup -- throttling
    Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5293 exit status 1
    Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
    Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5295 exit status 1
    Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
    Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5294 exit status 1
    Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
    

    Any ideas?



  • Oh, and according to the output ‘iptables -L’ I think the firewall is not to blame:

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    DOCKER-USER  all  --  anywhere             anywhere            
    DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    DOCKER     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain DOCKER (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9980
    
    Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    target     prot opt source               destination         
    DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
    RETURN     all  --  anywhere             anywhere            
    
    Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    target     prot opt source               destination         
    DROP       all  --  anywhere             anywhere            
    RETURN     all  --  anywhere             anywhere            
    
    Chain DOCKER-USER (1 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere             anywhere
    


  • @Miyamoto72 said in Spooler unable to connect to SMTP:

    the runuser command you gave didn’t succeed - the telnet session is never established.
    Scanning the server from the LAN yields the following:

    PORT     STATE    SERVICE
    22/tcp   open     ssh
    25/tcp   filtered smtp
    80/tcp   open     http
    110/tcp  open     pop3
    143/tcp  open     imap
    443/tcp  open     https
    465/tcp  open     smtps
    587/tcp  open     submission
    2003/tcp open     finger
    8080/tcp open     http-proxy
    9090/tcp open     zeus-admin
    

    So there is your answer. if neither telnet nor nmap can connect, how could kopano …



  • Yeah, right - but what’s the problem here, how can I solve it?



  • Disable the firewall and test.



  • @Miyamoto72 said in Spooler unable to connect to SMTP:

    fatal: open dictionary: expecting “type:name” form instead of “#”

    This looks like a config error, post the master.cf and main.cf
    This has nothing todo with kopano.

    Your postfix mappings are not correct.

    Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#"
    Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#"
    

    And this clearly shows it, due too these above errors postfix not starting fully.

    I suggest, compair your settings with these, to give you the idea whats wrong.

    ### virtual alias mailbox transport
    virtual_alias_maps =
        mysql:/etc/postfix/mysql/mysql-users.cf,
        hash:/etc/postfix/virtual-kopano.map, 
    virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql-users.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql-domains.cf
    virtual_transport = lmtp:127.0.0.1:2003
    

    And you want to see this when you check postfix.

    sudo systemctl status postfix
    ● postfix.service - Postfix Mail Transport Agent
       Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
      Drop-In: /etc/systemd/system/postfix.service.d
               └─override.conf
       Active: active (exited) since Fri 2019-11-22 11:21:30 CET; 3 weeks 3 days ago
     Main PID: 1183 (code=exited, status=0/SUCCESS)
        Tasks: 0 (limit: 4915)
       Memory: 0B
       CGroup: /system.slice/postfix.service
    


  • @WalterHof said in Spooler unable to connect to SMTP:

    Disable the firewall and test.

    There’s no firewall enabled. Except for docker rules iptables are empty AFAIUI



  • master.cf:

    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_tls_auth_only=yes
      -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    

    main.cf:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = no
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    
    
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtp_tls_security_level = verify
    smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    smtpd_tls_security_level = may
    smtpd_tls_auth_only = yes
    smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
    smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = AES128+EECDH:AES128+EDH
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = mail.fritz.box
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail.example.com, $myhostname, mail.fritz.box, localhost.fritz.box, localhost
    
    # relay mails via hosted.mailcow.de
    relayhost = [hosted.mailcow.de]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/relay
    smtp_sasl_security_options = noanonymous
    
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    
    ### RSpamD
    #
    # include rspamd via milter
    smtpd_milters = unix:/var/lib/rspamd/milter.sock
    # or for TCP socket
    #smtpd_milters = inet:localhost:11332
    
    # rspamd: skip mail without checks if something goes wrong
    milter_default_action = accept
    
    #Kopano Custom
    virtual_alias_maps = hash:/etc/postfix/aliases 			# Aliase/Weiterleitungen für Postfächer
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf 	# Auslesen vorhandener Postfächer
    virtual_transport = lmtp:127.0.0.1:2003 			# Weiterleiten der Mail an Dagent für die Zustellung an das Postfach
    virtual_mailbox_domains = example.org 				# Berechtigte Empfangs-Domains
    
    smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient,reject_non_fqdn_hostname,reject_invalid_hostname,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unauth_pipelining,reject_unverified_recipient
    

    As far as I can see the kopano map you mentioned in your post is not in main.cf - but it doesn’t exist at all either. And virtual_mailbox_domains is given directly, not via a hashed table.

    I know, main.cf is to be optimized in regards of crypto. But first I have to get stuff up and running.

    For those who speak master.cf and main.cf fluently - any obvious error that could be fixed easily?



  • alias_maps = hash:/etc/aliases and virtual_alias_maps = hash:/etc/postfix/aliases

    The format (content) of these to “alias” files are different, thats all.
    I’m betting you copied the alias file, only the format in alias is diffent …
    per example, from : http://www.postfix.org/VIRTUAL_README.html

    /etc/postfix/virtual:
        listname-request@example.com listname-request
        listname@example.com         listname
        owner-listname@example.com   owner-listname
    
    /etc/aliases:
        listname: "|/some/where/majordomo/wrapper ..."
        owner-listname: ...
        listname-request: ...
    

    And i also recommend to rename the file to virtual-kopano



  • I’m sorry, you lost your bet ;-) - /etc/postfix/aliases actually is an empty file (that I postmapped, of course)

    But thanks for clearing up the different formats and the suggestion to rename /etc/postfix/aliases to a kopano-related name.


Log in to reply