Dovecot with Kopano and postfix?



  • Hi,
    So currently finishing installing Kopano to work with postfix, but im somewhat confused,
    I see kopano has its own dovecot? but it does not use SSL 993 or 995 so i installed dovecot and disable 143 110 so it wont have conflict with kopano but not sure if thats the correct way.
    As for postfix, i put a webmin to create users for postfix as i normally would but when i try to logon in the web interface not logging in.
    this is my main.cf of postfix

    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = mail.mydomain.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf
    virtual_transport = lmtp:127.0.0.1:2003
    myorigin = /etc/mailname
    mydestination = hermes.casa.local, mail.mydomain.com, hermes.casa.local, localhost.casa.local, localhost
    relayhost = 
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.3.0/24
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    home_mailbox = Maildir/
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtp_tls_security_level = may
    smtpd_tls_security_level = may
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    message_size_limit = 50240000
    maximal_queue_lifetime = 1d
    
    

    then this is my /etc/postfix/mysql-users.cf

    user = root
    password = mypassword
    hosts = 127.0.0.1
    dbname = kopano
    query = select value from objectproperty where \
     objectid=(select objectid from objectproperty where value='%s' limit 1) \
    and propname='loginname';
    
    

    Thank you



  • so after reading a bit more and understanding how kopano works
    i configured dagent

    mkdir -p /var/spool/kopano
    chown kopano:kopano /var/spool/kopano
    chmod go= /var/spool/kopano
    setfacl -m u:postfix:rwx /var/spool/kopano
    

    then inside the dagent.cfg
    added these two

    lmtp_listen = *:2003
    lmtp_listen = unix:/var/spool/kopano/dagent.sock
    
    

    but i keep getting this issue

    Dec 30 20:12:13 mail kopano-server[793]: Authentication by plugin failed for user "gerencia": Trying to authenticate failed: wrong username or password
    
    

  • Kopano

    @killmasta93 said in Dovecot with Kopano and postfix?:

    I see kopano has its own dovecot?

    No, Kopano has no Dovecot built in/integrated. Kopano needs to be the one storing your mails so you cannot work with both at the same time.

    @killmasta93 said in Dovecot with Kopano and postfix?:

    but it does not use SSL 993 or 995

    Just like with Dovecot ssl is not configured by default in kopano-gateway (the service offering pop3/imap access to users inboxes).

    @killmasta93 said in Dovecot with Kopano and postfix?:

    i put a webmin to create users for postfix

    Do I read that right that you expect to use webmin to create users in Kopano? The general recommendation is to use ldap as the backend for storing your users. I have seen you in Githubposting on the Zentyal issue tracker, you could for example use the Zentyal ldap to manage your users.

    @killmasta93 said in Dovecot with Kopano and postfix?:

    lmtp_listen = unix:/var/spool/kopano/dagent.sock

    I would recommend to to stay with the dagent listening on ip:port. while the unix socket is more secure you are struggeling enough already no not introduce additional complexities.



  • Thank you for the reply, as for the Dovecot i understand now

    as for the SSL in Kopano in the gateway.cfg i checked the log it says

    2019-12-31T10:20:14.643516: [kopano-gateway|T16982] [error  ] ECChannel::HrSetCtx(): cannot open key file
    2019-12-31T10:20:14.643528: [kopano-gateway|T16982] [error  ] Error loading SSL context, POP3S and IMAPS will be disabled
    
    

    this is the config

    ##############################################################
    # GATEWAY SETTINGS
    
    # Space-separated list of address:port specifiers for where the server should
    # listen for connections.
    #
    #    "*:143" — port 143, all protocols
    #    "[::]:143" — port 143 on IPv6 only
    #    "[2001:db8::1]:143" — port 143 on specific address only
    #
    # imaps is normally on 993, pop3s on 995.
    #
    #pop3_listen = *:110
    pop3s_listen = *:995
    #imap_listen = *:143
    imaps_listen = *:993
    
    # Connection to the storage server.
    # Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
    #server_socket = http://localhost:236/
    
    # Set this value to a name to show in the logon greeting to clients.
    # Leave empty to use DNS to find this name.
    server_hostname = mail.mydomain.co
    
    # Whether to show the hostname in the logon greeting to clients.
    #server_hostname_greeting = no
    
    # drop privileges and run the process as this user
    #run_as_user = kopano
    
    # drop privileges and run the process as this group
    #run_as_group = kopano
    
    # create a pid file
    #pid_file = /var/run/kopano/gateway.pid
    
    # create memory coredumps upon crash [no, systemdefault, yes]
    #coredump_enabled = systemdefault
    
    # Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
    #imap_only_mailfolders = yes
    
    # Show Public folders for IMAP
    #imap_public_folders = yes
    
    # IMAP clients may use IDLE command
    #imap_capability_idle = yes
    
    # The maximum size of an email that can be uploaded to the gateway
    #imap_max_messagesize = 128M
    
    # Internally issue the expunge command to directly delete e-mail marked for deletion in IMAP.
    #imap_expunge_on_delete = no
    
    # Maximum count of allowed failed IMAP command counts per client
    #imap_max_fail_commands = 10
    
    # Some MUAs are sending commands via idle causing the connection
    # to reach imap_max_fail_commands and leaves the client in a
    # broken state. The clients include Apple Mail. If you experience
    # problems or uses Apple Mail set this option to yes
    #imap_ignore_command_idle = no
    
    # Disable all plaintext authentications unless SSL/TLS is used
    #disable_plaintext_auth = no
    
    # File with RSA key for SSL
    ssl_private_key_file = /etc/letsencrypt/live/mail.mydomain.co/privkey.pem
    
    #File with certificate for SSL
    ssl_certificate_file = /etc/letsencrypt/live/mail.mydomain.co/fullchain.pem 
    
    
    # Verify client certificate
    #ssl_verify_client = no
    
    # Client verify file and/or path
    #ssl_verify_file =
    #ssl_verify_path =
    
    #tls_min_proto = tls1.2
    # SSL ciphers to use, set to 'ALL' for backward compatibility
    #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
    
    # Prefer the server's order of SSL ciphers over client's
    #ssl_prefer_server_ciphers = no
    
    # Process model, using pthreads (thread) or processes (fork)
    # Processes are potentially safer from a security point of view.
    #process_model = thread
    
    # For temporary files.
    #tmp_path = /tmp
    
    # Whether Gateway should filter HTML messages or not. Usually, WebApp
    # takes care of this. Letting the gateways do this improves the user latency a
    # bit, but uses more disk space. (yes/no)
    #html_safety_filter = no
    
    ##############################################################
    # GATEWAY LOG SETTINGS
    
    # Logging method (syslog, file)
    log_method = file
    
    # Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
    log_level = 3
    
    # Logfile for log_method = file, use '-' for stderr
    # Default: -
    log_file = /var/log/kopano/gateway.log
    
    # Log timestamp - prefix each log line with timestamp in 'file' logging mode
    log_timestamp = yes
    
    # Buffer logging in what sized blocks. 0 for line-buffered (syslog-style).
    #log_buffer_size = 0
    
    # Bypass authentification when connecting as an administrator to the UNIX socket.
    #bypass_auth = no
    
    
    

    I was trying though zentyal couldn’t get it work, i was reading this part of the manual

     5.1.2.2. The Unix Authentication Plugin
    

    I Created a user called test

    test:x:1001:100:test:/home/test:/bin/bash
    
    

    then on the server.cfg

    # Name of the plugin that handles users
    # Required, default = db
    # Values: ldap, unix, db
    user_plugin = unix
    
    # configuration file of the user plugin, examples can be found in /usr/share/doc/kopano/example-config
    user_plugin_config = /etc/kopano/unix.cfg
    
    

    when i try to logon the web interface

    2019-12-31T10:28:25.480993: [warning] getspnam_r: Permission denied
    2019-12-31T10:28:25.481266: [warning] Authentication by plugin failed for user "test": Trying to authenticate failed: wrong username or password
    

    as for the dagent your right for now i need to first get user to authenticate then go to the next step, dont know why im struggling so much :(

    Thank you


  • Kopano

    @killmasta93 said in Dovecot with Kopano and postfix?:

    ECChannel::HrSetCtx(): cannot open key file

    the Kopano user needs permissions to read the file as well as the directories leading up to it.

    @killmasta93 said in Dovecot with Kopano and postfix?:

    user_plugin = unix

    no, please use the ldap plugin.



  • Hi, to run Postfix with Kopano all you need is virtual_mailbox_domains and virtual_transport.
    No need for Dovecot, no need for local users or postfix or mysql users as it is all in the Kopano backend via LMTP port 2003.
    I’m supporting this setup since ~5y integrating Zarafa / Kopano with Synology using Postix.

    The following is needed in you postfix main.cf:
     virtual_alias_maps = hash:/etc/kopano/postfix/valiases
     virtual_mailbox_domains = /etc/kopano/postfix/vdomains
     virtual_transport = lmtp:127.0.0.1:2003
    

    In virtual domain you are putting your mail domain(s) so Postfix knows what to listen for and in valiases the aliases for postmaster, root and others while it is important to use FQDN aka the full mail address not only the prefix.
    Postfix will verify for listening domain with LMTP backend aka Kopano dagent if users are valid and users only live in Kopano, preferably in LDAP but datbase backend would also work. In short in your sample config the “virtual_mailbox_domains” was missing to do the trick. Hope that helps.
    -TosoBoso


Log in to reply