Yeah I just thought actually I can do that on the next line.
zarafa.key is key with passphraise which causes all sorts of problems on restarts
zarafa.key.web just has the passphraise removed and should never leave the server.
I am getting similar errors and was just a little downbeat as this is the smtp side of things.
This should be purely zentyal and work as I am concerned. I will have a look
It seems that the smtp is trying to force a kerberos session.
Prob if you where part of the domain this would work
Lol Zarafa is almost done now I am in a more tricky area as have to work out the Zentyal post fix settings.
Might be because purely we are not on a client joined to the domain.
In postfix /etc/main.cf
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
Not sure why I wasn't getting the fqdn as in the maillog it was just the host name of the client
so removed reject_non_fqdn_helo_hostname that and outlook now seems to work.
# Generated by Zentyal
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# require helo
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_banner = zent1.office.zentyal.lan ESMTP
biff = no
# appending .domain is the MUAs job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myorigin = /etc/mailname
myhostname = zent1.zentyal.lan
mydestination = $myorigin,$myhostname,localhost,localhost.$mydomain
smtp_helo_name = zent1.zentyal.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
relayhost =
mynetworks = 127.0.0.0/8
message_size_limit = 0
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Aliases
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = ldap:/etc/postfix/valiases.cf,ldap:/etc/postfix/useraliases.cf,ldap:/etc/postfix/groupaliases.cf
# Virtual Domains
dovecot_destination_recipient_limit = 1
virtual_transport = lmtp:127.0.0.1:2003
virtual_mailbox_base = /var/vmail/
virtual_mailbox_maps= ldap:/etc/postfix/mailbox.cf
virtual_mailbox_domains = ldap:/etc/postfix/vdomains.cf
virtual_minimum_uid = 100
virtual_uid_maps = static:108
virtual_gid_maps = static:114
# TLS/SSL
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/sasl/postfix.pem
#smtpd_tls_loglevel = 0
# recipient restrictions
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
submission_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject
smtpd_restriction_classes = submission_recipient_restrictions
# SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myorigin
broken_sasl_auth_clients = yes
smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
smtpd_sender_login_maps = ldap:/etc/postfix/login.cf
Dunno really always expected this bit to work.
The zarafa part is working and so is receiving, use webapp for now.
I guess I can just rewrite the postfix settings and just create them on a hook.
Do you want lan only clients or is this internal and external mail clients as forcing kerberos isn't going to work. Unless via a vpn and logon.