Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Spooler unable to connect to SMTP

    Kopano Groupware Core
    4
    12
    1935
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jengelh
      jengelh Banned last edited by

      Firewall?
      runuser -u kopano -- telnet ::1 25

      jengelh 1 Reply Last reply Reply Quote 0
      • Miyamoto72
        Miyamoto72 last edited by Miyamoto72

        the runuser command you gave didn’t succeed - the telnet session is never established.
        Scanning the server from the LAN yields the following:

        PORT     STATE    SERVICE
        22/tcp   open     ssh
        25/tcp   filtered smtp
        80/tcp   open     http
        110/tcp  open     pop3
        143/tcp  open     imap
        443/tcp  open     https
        465/tcp  open     smtps
        587/tcp  open     submission
        2003/tcp open     finger
        8080/tcp open     http-proxy
        9090/tcp open     zeus-admin
        

        Port 9090 is used by cockpit.

        netstat -tulpen | grep 25
        

        on the server shows this:

        tcp        3      0 0.0.0.0:587             0.0.0.0:*               LISTEN      0          155156     25893/master        
        tcp        3      0 0.0.0.0:465             0.0.0.0:*               LISTEN      0          155162     25893/master        
        tcp      101      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          155150     25893/master        
        tcp6       0      0 :::587                  :::*                    LISTEN      0          155157     25893/master        
        tcp6       0      0 :::465                  :::*                    LISTEN      0          155163     25893/master        
        tcp6     101      0 :::25                   :::*                    LISTEN      0          155151     25893/master
        

        The PID is a child of ‘service postfix@- start’

        ● postfix@-.service - Postfix Mail Transport Agent (instance -)
           Loaded: loaded (/lib/systemd/system/postfix@.service; enabled-runtime; vendor preset: enabled)
           Active: active (running) since Tue 2019-12-10 21:59:52 CET; 5 days ago
             Docs: man:postfix(1)
            Tasks: 4 (limit: 4915)
           Memory: 17.4M
           CGroup: /system.slice/system-postfix.slice/postfix@-.service
                   ├─ 3035 pickup -l -t unix -u -c
                   ├─ 5095 proxymap -t unix -u
                   ├─25893 /usr/lib/postfix/sbin/master -w
                   └─25895 qmgr -l -t unix -u
        

        The log excerpt from ‘service postfix@- status’ reads:

        Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#"
        Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#"
        Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/cleanup pid 5292 exit status 1
        Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/cleanup: bad command startup -- throttling
        Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5293 exit status 1
        Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
        Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5295 exit status 1
        Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
        Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5294 exit status 1
        Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
        

        Any ideas?

        1 Reply Last reply Reply Quote 0
        • Miyamoto72
          Miyamoto72 last edited by

          Oh, and according to the output ‘iptables -L’ I think the firewall is not to blame:

          Chain INPUT (policy ACCEPT)
          target     prot opt source               destination         
          
          Chain FORWARD (policy DROP)
          target     prot opt source               destination         
          DOCKER-USER  all  --  anywhere             anywhere            
          DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
          ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
          DOCKER     all  --  anywhere             anywhere            
          ACCEPT     all  --  anywhere             anywhere            
          ACCEPT     all  --  anywhere             anywhere            
          
          Chain OUTPUT (policy ACCEPT)
          target     prot opt source               destination         
          
          Chain DOCKER (1 references)
          target     prot opt source               destination         
          ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9980
          
          Chain DOCKER-ISOLATION-STAGE-1 (1 references)
          target     prot opt source               destination         
          DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
          RETURN     all  --  anywhere             anywhere            
          
          Chain DOCKER-ISOLATION-STAGE-2 (1 references)
          target     prot opt source               destination         
          DROP       all  --  anywhere             anywhere            
          RETURN     all  --  anywhere             anywhere            
          
          Chain DOCKER-USER (1 references)
          target     prot opt source               destination         
          RETURN     all  --  anywhere             anywhere
          
          1 Reply Last reply Reply Quote 0
          • jengelh
            jengelh Banned @jengelh last edited by

            @Miyamoto72 said in Spooler unable to connect to SMTP:

            the runuser command you gave didn’t succeed - the telnet session is never established.
            Scanning the server from the LAN yields the following:

            PORT     STATE    SERVICE
            22/tcp   open     ssh
            25/tcp   filtered smtp
            80/tcp   open     http
            110/tcp  open     pop3
            143/tcp  open     imap
            443/tcp  open     https
            465/tcp  open     smtps
            587/tcp  open     submission
            2003/tcp open     finger
            8080/tcp open     http-proxy
            9090/tcp open     zeus-admin
            

            So there is your answer. if neither telnet nor nmap can connect, how could kopano …

            1 Reply Last reply Reply Quote 0
            • Miyamoto72
              Miyamoto72 last edited by

              Yeah, right - but what’s the problem here, how can I solve it?

              1 Reply Last reply Reply Quote 0
              • A Former User
                A Former User last edited by

                Disable the firewall and test.

                Miyamoto72 1 Reply Last reply Reply Quote 0
                • thctlo
                  thctlo last edited by thctlo

                  @Miyamoto72 said in Spooler unable to connect to SMTP:

                  fatal: open dictionary: expecting “type:name” form instead of “#”

                  This looks like a config error, post the master.cf and main.cf
                  This has nothing todo with kopano.

                  Your postfix mappings are not correct.

                  Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#"
                  Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#"
                  

                  And this clearly shows it, due too these above errors postfix not starting fully.

                  I suggest, compair your settings with these, to give you the idea whats wrong.

                  ### virtual alias mailbox transport
                  virtual_alias_maps =
                      mysql:/etc/postfix/mysql/mysql-users.cf,
                      hash:/etc/postfix/virtual-kopano.map, 
                  virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql-users.cf
                  virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql-domains.cf
                  virtual_transport = lmtp:127.0.0.1:2003
                  

                  And you want to see this when you check postfix.

                  sudo systemctl status postfix
                  ● postfix.service - Postfix Mail Transport Agent
                     Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
                    Drop-In: /etc/systemd/system/postfix.service.d
                             └─override.conf
                     Active: active (exited) since Fri 2019-11-22 11:21:30 CET; 3 weeks 3 days ago
                   Main PID: 1183 (code=exited, status=0/SUCCESS)
                      Tasks: 0 (limit: 4915)
                     Memory: 0B
                     CGroup: /system.slice/postfix.service
                  
                  1 Reply Last reply Reply Quote 0
                  • Miyamoto72
                    Miyamoto72 @Guest last edited by

                    @WalterHof said in Spooler unable to connect to SMTP:

                    Disable the firewall and test.

                    There’s no firewall enabled. Except for docker rules iptables are empty AFAIUI

                    1 Reply Last reply Reply Quote 0
                    • Miyamoto72
                      Miyamoto72 last edited by Miyamoto72

                      master.cf:

                      #
                      # Postfix master process configuration file.  For details on the format
                      # of the file, see the master(5) manual page (command: "man 5 master" or
                      # on-line: http://www.postfix.org/master.5.html).
                      #
                      # Do not forget to execute "postfix reload" after editing this file.
                      #
                      # ==========================================================================
                      # service type  private unpriv  chroot  wakeup  maxproc command + args
                      #               (yes)   (yes)   (no)    (never) (100)
                      # ==========================================================================
                      smtp      inet  n       -       y       -       -       smtpd
                      #smtp      inet  n       -       y       -       1       postscreen
                      #smtpd     pass  -       -       y       -       -       smtpd
                      #dnsblog   unix  -       -       y       -       0       dnsblog
                      #tlsproxy  unix  -       -       y       -       0       tlsproxy
                      submission inet n       -       y       -       -       smtpd
                        -o syslog_name=postfix/submission
                        -o smtpd_tls_security_level=encrypt
                        -o smtpd_sasl_auth_enable=yes
                        -o smtpd_tls_auth_only=yes
                        -o smtpd_reject_unlisted_recipient=no
                      #  -o smtpd_client_restrictions=$mua_client_restrictions
                      #  -o smtpd_helo_restrictions=$mua_helo_restrictions
                      #  -o smtpd_sender_restrictions=$mua_sender_restrictions
                        -o smtpd_recipient_restrictions=
                        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
                        -o milter_macro_daemon_name=ORIGINATING
                      smtps     inet  n       -       y       -       -       smtpd
                        -o syslog_name=postfix/smtps
                        -o smtpd_tls_wrappermode=yes
                        -o smtpd_sasl_auth_enable=yes
                      #  -o smtpd_reject_unlisted_recipient=no
                      #  -o smtpd_client_restrictions=$mua_client_restrictions
                      #  -o smtpd_helo_restrictions=$mua_helo_restrictions
                      #  -o smtpd_sender_restrictions=$mua_sender_restrictions
                      #  -o smtpd_recipient_restrictions=
                      #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
                      #  -o milter_macro_daemon_name=ORIGINATING
                      #628       inet  n       -       y       -       -       qmqpd
                      pickup    unix  n       -       y       60      1       pickup
                      cleanup   unix  n       -       y       -       0       cleanup
                      qmgr      unix  n       -       n       300     1       qmgr
                      #qmgr     unix  n       -       n       300     1       oqmgr
                      tlsmgr    unix  -       -       y       1000?   1       tlsmgr
                      rewrite   unix  -       -       y       -       -       trivial-rewrite
                      bounce    unix  -       -       y       -       0       bounce
                      defer     unix  -       -       y       -       0       bounce
                      trace     unix  -       -       y       -       0       bounce
                      verify    unix  -       -       y       -       1       verify
                      flush     unix  n       -       y       1000?   0       flush
                      proxymap  unix  -       -       n       -       -       proxymap
                      proxywrite unix -       -       n       -       1       proxymap
                      smtp      unix  -       -       y       -       -       smtp
                      relay     unix  -       -       y       -       -       smtp
                              -o syslog_name=postfix/$service_name
                      #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
                      showq     unix  n       -       y       -       -       showq
                      error     unix  -       -       y       -       -       error
                      retry     unix  -       -       y       -       -       error
                      discard   unix  -       -       y       -       -       discard
                      local     unix  -       n       n       -       -       local
                      virtual   unix  -       n       n       -       -       virtual
                      lmtp      unix  -       -       y       -       -       lmtp
                      anvil     unix  -       -       y       -       1       anvil
                      scache    unix  -       -       y       -       1       scache
                      postlog   unix-dgram n  -       n       -       1       postlogd
                      #
                      # ====================================================================
                      # Interfaces to non-Postfix software. Be sure to examine the manual
                      # pages of the non-Postfix software to find out what options it wants.
                      #
                      # Many of the following services use the Postfix pipe(8) delivery
                      # agent.  See the pipe(8) man page for information about ${recipient}
                      # and other message envelope options.
                      # ====================================================================
                      #
                      # maildrop. See the Postfix MAILDROP_README file for details.
                      # Also specify in main.cf: maildrop_destination_recipient_limit=1
                      #
                      maildrop  unix  -       n       n       -       -       pipe
                        flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
                      #
                      # ====================================================================
                      #
                      # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
                      #
                      # Specify in cyrus.conf:
                      #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
                      #
                      # Specify in main.cf one or more of the following:
                      #  mailbox_transport = lmtp:inet:localhost
                      #  virtual_transport = lmtp:inet:localhost
                      #
                      # ====================================================================
                      #
                      # Cyrus 2.1.5 (Amos Gouaux)
                      # Also specify in main.cf: cyrus_destination_recipient_limit=1
                      #
                      #cyrus     unix  -       n       n       -       -       pipe
                      #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
                      #
                      # ====================================================================
                      # Old example of delivery via Cyrus.
                      #
                      #old-cyrus unix  -       n       n       -       -       pipe
                      #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
                      #
                      # ====================================================================
                      #
                      # See the Postfix UUCP_README file for configuration details.
                      #
                      uucp      unix  -       n       n       -       -       pipe
                        flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
                      #
                      # Other external delivery methods.
                      #
                      ifmail    unix  -       n       n       -       -       pipe
                        flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                      bsmtp     unix  -       n       n       -       -       pipe
                        flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
                      scalemail-backend unix	-	n	n	-	2	pipe
                        flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
                      mailman   unix  -       n       n       -       -       pipe
                        flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
                        ${nexthop} ${user}
                      

                      main.cf:

                      # See /usr/share/postfix/main.cf.dist for a commented, more complete version
                      
                      
                      # Debian specific:  Specifying a file name will cause the first
                      # line of that file to be used as the name.  The Debian default
                      # is /etc/mailname.
                      #myorigin = /etc/mailname
                      
                      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
                      biff = no
                      
                      # appending .domain is the MUA's job.
                      append_dot_mydomain = no
                      
                      # Uncomment the next line to generate "delayed mail" warnings
                      #delay_warning_time = 4h
                      
                      readme_directory = no
                      
                      # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
                      # fresh installs.
                      compatibility_level = 2
                      
                      
                      
                      # TLS parameters
                      smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
                      smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
                      smtpd_use_tls=yes
                      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
                      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                      smtp_tls_security_level = verify
                      smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
                      smtpd_tls_security_level = may
                      smtpd_tls_auth_only = yes
                      smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
                      smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
                      smtpd_tls_mandatory_ciphers = medium
                      tls_medium_cipherlist = AES128+EECDH:AES128+EDH
                      
                      # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
                      # information on enabling SSL in the smtp client.
                      
                      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
                      myhostname = mail.fritz.box
                      alias_maps = hash:/etc/aliases
                      alias_database = hash:/etc/aliases
                      myorigin = /etc/mailname
                      mydestination = mail.example.com, $myhostname, mail.fritz.box, localhost.fritz.box, localhost
                      
                      # relay mails via hosted.mailcow.de
                      relayhost = [hosted.mailcow.de]:587
                      smtp_sasl_auth_enable = yes
                      smtp_sasl_password_maps = hash:/etc/postfix/relay
                      smtp_sasl_security_options = noanonymous
                      
                      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
                      mailbox_size_limit = 0
                      recipient_delimiter = +
                      inet_interfaces = all
                      inet_protocols = all
                      
                      ### RSpamD
                      #
                      # include rspamd via milter
                      smtpd_milters = unix:/var/lib/rspamd/milter.sock
                      # or for TCP socket
                      #smtpd_milters = inet:localhost:11332
                      
                      # rspamd: skip mail without checks if something goes wrong
                      milter_default_action = accept
                      
                      #Kopano Custom
                      virtual_alias_maps = hash:/etc/postfix/aliases 			# Aliase/Weiterleitungen für Postfächer
                      virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf 	# Auslesen vorhandener Postfächer
                      virtual_transport = lmtp:127.0.0.1:2003 			# Weiterleiten der Mail an Dagent für die Zustellung an das Postfach
                      virtual_mailbox_domains = example.org 				# Berechtigte Empfangs-Domains
                      
                      smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient,reject_non_fqdn_hostname,reject_invalid_hostname,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unauth_pipelining,reject_unverified_recipient
                      

                      As far as I can see the kopano map you mentioned in your post is not in main.cf - but it doesn’t exist at all either. And virtual_mailbox_domains is given directly, not via a hashed table.

                      I know, main.cf is to be optimized in regards of crypto. But first I have to get stuff up and running.

                      For those who speak master.cf and main.cf fluently - any obvious error that could be fixed easily?

                      1 Reply Last reply Reply Quote 0
                      • thctlo
                        thctlo last edited by

                        alias_maps = hash:/etc/aliases and virtual_alias_maps = hash:/etc/postfix/aliases

                        The format (content) of these to “alias” files are different, thats all.
                        I’m betting you copied the alias file, only the format in alias is diffent …
                        per example, from : http://www.postfix.org/VIRTUAL_README.html

                        /etc/postfix/virtual:
                            listname-request@example.com listname-request
                            listname@example.com         listname
                            owner-listname@example.com   owner-listname
                        
                        /etc/aliases:
                            listname: "|/some/where/majordomo/wrapper ..."
                            owner-listname: ...
                            listname-request: ...
                        

                        And i also recommend to rename the file to virtual-kopano

                        1 Reply Last reply Reply Quote 0
                        • Miyamoto72
                          Miyamoto72 last edited by

                          I’m sorry, you lost your bet ;-) - /etc/postfix/aliases actually is an empty file (that I postmapped, of course)

                          But thanks for clearing up the different formats and the suggestion to rename /etc/postfix/aliases to a kopano-related name.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post