Zarafa & Zentyal 3.5

[StuartNaylor]

Few changes added stored procedures in the install.

Main is separate script for ssl.

zarafa-sslkey

Will prompt you to create self cert only important part is the CN.
This should be the FQDN of the server hostname+registereddomainname

I always get confused with certs but some clients want the cn to match the server

It creates a directory /etc/zarafa/certs/

The passphraise is in with the certs.

It turns on ssl for the gateway pop3s, imaps and the server uses port 237 for ssl (236 being the normal)

Tose by any chance you can not connect to smtp lol.

[tose]

Before I try the zarafa-sslkey script, did you intend for the line that copies zarafa.key to zarafa.key.web to be commented out?

[tose]

And to answer your question regarding SMTP, the answer is no. What I get is:-

5.1.0 - Unknown address error 550-'5.1.1 <test@tosi.id.au>: Recipient address rejected: User unknown in virtual mailbox table'

Stuart, I may not have too much time over the next day or 2. I'll do what I can. Just so you know.

[StuartNaylor]

Yeah I just thought actually I can do that on the next line.

zarafa.key is key with passphraise which causes all sorts of problems on restarts

zarafa.key.web just has the passphraise removed and should never leave the server.

I am getting similar errors and was just a little downbeat as this is the smtp side of things.

This should be purely zentyal and work as I am concerned. I will have a look

It seems that the smtp is trying to force a kerberos session.

Prob if you where part of the domain this would work

Lol Zarafa is almost done now I am in a more tricky area as have to work out the Zentyal post fix settings.

Might be because purely we are not on a client joined to the domain.

In postfix /etc/main.cf

Code: [Select]

#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre

Not sure why I wasn't getting the fqdn as in the maillog it was just the host name of the client

so removed reject_non_fqdn_helo_hostname that and outlook now seems to work.

Code: [Select]

# Generated by Zentyal
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# require helo
smtpd_delay_reject  = yes
smtpd_helo_required = yes

strict_rfc821_envelopes = yes
disable_vrfy_command = yes

smtpd_banner = zent1.office.zentyal.lan ESMTP
biff = no

# appending .domain is the MUAs job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myorigin = /etc/mailname
myhostname = zent1.zentyal.lan
mydestination = $myorigin,$myhostname,localhost,localhost.$mydomain
smtp_helo_name = zent1.zentyal.lan
alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

relayhost =



mynetworks = 127.0.0.0/8

message_size_limit = 0
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Aliases
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = ldap:/etc/postfix/valiases.cf,ldap:/etc/postfix/useraliases.cf,ldap:/etc/postfix/groupaliases.cf

# Virtual Domains
dovecot_destination_recipient_limit = 1
virtual_transport = lmtp:127.0.0.1:2003
virtual_mailbox_base = /var/vmail/
virtual_mailbox_maps= ldap:/etc/postfix/mailbox.cf

virtual_mailbox_domains = ldap:/etc/postfix/vdomains.cf

virtual_minimum_uid = 100
virtual_uid_maps = static:108
virtual_gid_maps = static:114

# TLS/SSL
smtpd_use_tls = yes
smtpd_tls_key_file  = /etc/postfix/sasl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/sasl/postfix.pem
#smtpd_tls_loglevel = 0

# recipient restrictions
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre

submission_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject
smtpd_restriction_classes = submission_recipient_restrictions

# SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =  $myorigin
broken_sasl_auth_clients = yes

smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
smtpd_sender_login_maps = ldap:/etc/postfix/login.cf


Dunno really always expected this bit to work.

The zarafa part is working and so is receiving, use webapp for now.

I guess I can just rewrite the postfix settings and just create them on a hook.

Do you want lan only clients or is this internal and external mail clients as forcing kerberos isn't going to work. Unless via a vpn and logon.

[tose]

I don't really care about POP or IMAP. I don't even care about Outlook clients. Webapp is my main thing, so no disaster from my point of view.

At the end of the day I've already learned a lot & it's a win already for me from that perspective too.

I have to go away for a week in a day or 2. So won't be around to do any testing but will follow the thread & keep feedback going. Hoping we can hang in there and get something sorted for all your work so far.

[StuartNaylor]

To be honest I am exactly the same.

Centralised install once web based systems why do I want client installs, expensive and time consuming.

So web app works strange thing is that the zentyal mail module on its own now doesn't work and I guess this is another that Zentyal is Openchange only?

Haven't had a look further stopped there.

If anybody else would like to have a look at why postfix is setup so please do.

many thanks tose.

Next is to hide all those horrid system accounts

[StuartNaylor]

Install Zentyal Samba, web server & mail.

Allow ssl and create your vmail domain & virtual domain.

Turn off all pop, imap services in mail so its just running smtp

As root

./zarafa-install
./zarafa-sslkey

or

bash zarafa-install
bash zarafa-sslkey

cn to match mail server fqdn

Reboot

Add your users in Zentyal.

In network create a service Zarafa

Add the ports in the attached picture Zarafa-Services

Enable in firewall up to you internal/external

To update zentyal accounts to allow zarafa accounts

./zarafa-user 'user-cn'

or

bash zarafa-user 'user-cn'

The user cn will be 'givenname surname'

Just a slight update with smtp working.

[StuartNaylor]

If you have many users and can export them to csv

Zarafa-bulk-users uses users.csv to bulk import zentyal/mail users.
Read users.csv for format

zarafa-hide will hide users/groups from addressbook.

Haven't added OU's but maybe another time

You can add other OU's and contacts through the Zentyal User manager

http://clearsdn.clearcenter.com/zarafa-tools/7.1.8/