Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Dovecot with Kopano and postfix?

    Kopano Groupware Core
    4
    7
    739
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • killmasta93
      killmasta93 last edited by

      Hi,
      So currently finishing installing Kopano to work with postfix, but im somewhat confused,
      I see kopano has its own dovecot? but it does not use SSL 993 or 995 so i installed dovecot and disable 143 110 so it wont have conflict with kopano but not sure if thats the correct way.
      As for postfix, i put a webmin to create users for postfix as i normally would but when i try to logon in the web interface not logging in.
      this is my main.cf of postfix

      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf
virtual_transport = lmtp:127.0.0.1:2003
myorigin = /etc/mailname
mydestination = hermes.casa.local, mail.mydomain.com, hermes.casa.local, localhost.casa.local, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
message_size_limit = 50240000
maximal_queue_lifetime = 1d

      then this is my /etc/postfix/mysql-users.cf

      user = root
password = mypassword
hosts = 127.0.0.1
dbname = kopano
query = select value from objectproperty where \
 objectid=(select objectid from objectproperty where value='%s' limit 1) \
and propname='loginname';

      Thank you

      fbartels 1 Reply Last reply Reply Quote 0
      • killmasta93
        killmasta93 last edited by

        so after reading a bit more and understanding how kopano works
        i configured dagent

        mkdir -p /var/spool/kopano
chown kopano:kopano /var/spool/kopano
chmod go= /var/spool/kopano
setfacl -m u:postfix:rwx /var/spool/kopano

        then inside the dagent.cfg
        added these two

        lmtp_listen = *:2003
lmtp_listen = unix:/var/spool/kopano/dagent.sock

        but i keep getting this issue

        Dec 30 20:12:13 mail kopano-server[793]: Authentication by plugin failed for user "gerencia": Trying to authenticate failed: wrong username or password
        1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels Kopano @killmasta93 last edited by

          @killmasta93 said in Dovecot with Kopano and postfix?:

          I see kopano has its own dovecot?

          No, Kopano has no Dovecot built in/integrated. Kopano needs to be the one storing your mails so you cannot work with both at the same time.

          @killmasta93 said in Dovecot with Kopano and postfix?:

          but it does not use SSL 993 or 995

          Just like with Dovecot ssl is not configured by default in kopano-gateway (the service offering pop3/imap access to users inboxes).

          @killmasta93 said in Dovecot with Kopano and postfix?:

          i put a webmin to create users for postfix

          Do I read that right that you expect to use webmin to create users in Kopano? The general recommendation is to use ldap as the backend for storing your users. I have seen you in Githubposting on the Zentyal issue tracker, you could for example use the Zentyal ldap to manage your users.

          @killmasta93 said in Dovecot with Kopano and postfix?:

          lmtp_listen = unix:/var/spool/kopano/dagent.sock

          I would recommend to to stay with the dagent listening on ip:port. while the unix socket is more secure you are struggeling enough already no not introduce additional complexities.

          Regards Felix

          Resources:
          https://kopano.com/blog/how-to-get-kopano/
          https://documentation.kopano.io/
          https://kb.kopano.io/

          Support overview:
          https://kopano.com/support/

          1 Reply Last reply Reply Quote 0
          • killmasta93
            killmasta93 last edited by

            Thank you for the reply, as for the Dovecot i understand now

            as for the SSL in Kopano in the gateway.cfg i checked the log it says

            2019-12-31T10:20:14.643516: [kopano-gateway|T16982] [error  ] ECChannel::HrSetCtx(): cannot open key file
2019-12-31T10:20:14.643528: [kopano-gateway|T16982] [error  ] Error loading SSL context, POP3S and IMAPS will be disabled

            this is the config

            ##############################################################
# GATEWAY SETTINGS

# Space-separated list of address:port specifiers for where the server should
# listen for connections.
#
#    "*:143" — port 143, all protocols
#    "[::]:143" — port 143 on IPv6 only
#    "[2001:db8::1]:143" — port 143 on specific address only
#
# imaps is normally on 993, pop3s on 995.
#
#pop3_listen = *:110
pop3s_listen = *:995
#imap_listen = *:143
imaps_listen = *:993

# Connection to the storage server.
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
#server_socket = http://localhost:236/

# Set this value to a name to show in the logon greeting to clients.
# Leave empty to use DNS to find this name.
server_hostname = mail.mydomain.co

# Whether to show the hostname in the logon greeting to clients.
#server_hostname_greeting = no

# drop privileges and run the process as this user
#run_as_user = kopano

# drop privileges and run the process as this group
#run_as_group = kopano

# create a pid file
#pid_file = /var/run/kopano/gateway.pid

# create memory coredumps upon crash [no, systemdefault, yes]
#coredump_enabled = systemdefault

# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
#imap_only_mailfolders = yes

# Show Public folders for IMAP
#imap_public_folders = yes

# IMAP clients may use IDLE command
#imap_capability_idle = yes

# The maximum size of an email that can be uploaded to the gateway
#imap_max_messagesize = 128M

# Internally issue the expunge command to directly delete e-mail marked for deletion in IMAP.
#imap_expunge_on_delete = no

# Maximum count of allowed failed IMAP command counts per client
#imap_max_fail_commands = 10

# Some MUAs are sending commands via idle causing the connection
# to reach imap_max_fail_commands and leaves the client in a
# broken state. The clients include Apple Mail. If you experience
# problems or uses Apple Mail set this option to yes
#imap_ignore_command_idle = no

# Disable all plaintext authentications unless SSL/TLS is used
#disable_plaintext_auth = no

# File with RSA key for SSL
ssl_private_key_file = /etc/letsencrypt/live/mail.mydomain.co/privkey.pem

#File with certificate for SSL
ssl_certificate_file = /etc/letsencrypt/live/mail.mydomain.co/fullchain.pem 


# Verify client certificate
#ssl_verify_client = no

# Client verify file and/or path
#ssl_verify_file =
#ssl_verify_path =

#tls_min_proto = tls1.2
# SSL ciphers to use, set to 'ALL' for backward compatibility
#ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL

# Prefer the server's order of SSL ciphers over client's
#ssl_prefer_server_ciphers = no

# Process model, using pthreads (thread) or processes (fork)
# Processes are potentially safer from a security point of view.
#process_model = thread

# For temporary files.
#tmp_path = /tmp

# Whether Gateway should filter HTML messages or not. Usually, WebApp
# takes care of this. Letting the gateways do this improves the user latency a
# bit, but uses more disk space. (yes/no)
#html_safety_filter = no

##############################################################
# GATEWAY LOG SETTINGS

# Logging method (syslog, file)
log_method = file

# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 3

# Logfile for log_method = file, use '-' for stderr
# Default: -
log_file = /var/log/kopano/gateway.log

# Log timestamp - prefix each log line with timestamp in 'file' logging mode
log_timestamp = yes

# Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
#log_buffer_size = 0

# Bypass authentification when connecting as an administrator to the UNIX socket.
#bypass_auth = no

            I was trying though zentyal couldn’t get it work, i was reading this part of the manual

             5.1.2.2. The Unix Authentication Plugin

            I Created a user called test

            test:x:1001:100:test:/home/test:/bin/bash

            then on the server.cfg

            # Name of the plugin that handles users
# Required, default = db
# Values: ldap, unix, db
user_plugin = unix

# configuration file of the user plugin, examples can be found in /usr/share/doc/kopano/example-config
user_plugin_config = /etc/kopano/unix.cfg

            when i try to logon the web interface

            2019-12-31T10:28:25.480993: [warning] getspnam_r: Permission denied
2019-12-31T10:28:25.481266: [warning] Authentication by plugin failed for user "test": Trying to authenticate failed: wrong username or password

            as for the dagent your right for now i need to first get user to authenticate then go to the next step, dont know why im struggling so much :(

            Thank you

            fbartels 1 Reply Last reply Reply Quote 0
            • fbartels
              fbartels Kopano @killmasta93 last edited by fbartels

              @killmasta93 said in Dovecot with Kopano and postfix?:

              ECChannel::HrSetCtx(): cannot open key file

              the Kopano user needs permissions to read the file as well as the directories leading up to it.

              @killmasta93 said in Dovecot with Kopano and postfix?:

              user_plugin = unix

              no, please use the ldap plugin.

              Regards Felix

              Resources:
              https://kopano.com/blog/how-to-get-kopano/
              https://documentation.kopano.io/
              https://kb.kopano.io/

              Support overview:
              https://kopano.com/support/

              1 Reply Last reply Reply Quote 0
              • TosoBoso
                TosoBoso last edited by

                Hi, to run Postfix with Kopano all you need is virtual_mailbox_domains and virtual_transport.
                No need for Dovecot, no need for local users or postfix or mysql users as it is all in the Kopano backend via LMTP port 2003.
                I’m supporting this setup since ~5y integrating Zarafa / Kopano with Synology using Postix.

                The following is needed in you postfix main.cf:
 virtual_alias_maps = hash:/etc/kopano/postfix/valiases
 virtual_mailbox_domains = /etc/kopano/postfix/vdomains
 virtual_transport = lmtp:127.0.0.1:2003

                In virtual domain you are putting your mail domain(s) so Postfix knows what to listen for and in valiases the aliases for postmaster, root and others while it is important to use FQDN aka the full mail address not only the prefix.
                Postfix will verify for listening domain with LMTP backend aka Kopano dagent if users are valid and users only live in Kopano, preferably in LDAP but datbase backend would also work. In short in your sample config the “virtual_mailbox_domains” was missing to do the trick. Hope that helps.
                -TosoBoso

                xplod.ing 1 Reply Last reply Reply Quote 0
                • xplod.ing
                  xplod.ing @TosoBoso last edited by xplod.ing

                  Although this seems as thread necromancy, but I’v got a problem regarding this topic:
                  I have created postfix maps, which access the Kopano mysql database to check for valid users, so that incoming mails are sorted into the corresponding kopano mailboxes.

                  I have switched to Linux recently, and want to have all my emails offline, too, so I installed evolution on my client and kopano gateway and ical on my server.
                  But If I now want to send emails using evoultion (SMTP), the email server (dovecot and postfix) prohibits the unknown sender (from a foreign IP).

                  Can anybody tell me how to allow kopano users to be able to use the SMTP service?

                  Best regards,
                  and thanks for your good work.
                  X

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post