Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - trysomething

Pages: [1] 2 3 ... 8
Installation and Upgrades / Re: [SOLVED] Zentyal 5.0 Comodo SSL
« on: May 03, 2017, 09:53:58 pm »
Finally got around to getting on this and that's awesome except that the 1st part where you put dovecot.conf.mas it should be main.conf.mas

Code: [Select]
cp /usr/share/zentyal/stubs/mail/ /etc/zentyal/stubs/mail/
nano /etc/zentyal/stubs/mail/

#my $certFile = '/etc/postfix/sasl/postfix.pem';
#my $keyFile  = '/etc/postfix/sasl/postfix.pem';
my $certFile = '/etc/ssl/certs/TIKI7.crt
my $keyFile  = '/etc/ssl/certs/TIKI7.key

Other modules / Re: Network trust
« on: April 18, 2017, 01:29:30 am »
It might be as simple as turning everything off and then back on.  Try restarting everything and see if it works.
It's also potentially that you're putting the trust in the wrong section of the firewall, that may sound stupid but there are 4 potential areas you may need to apply the trust to.
Also, did you label any of your NIC cards as "external" in your setup?  If so then you just need to go configure your external firewall settings under Packet Filter to allow the traffic you're trying to achieve.
If you're trying to make Znetyal into a router you'd be best served by moving to something like Monowall or a router based Linux distro though, Zentyal isnt' really a wi-fi router kind of software.

Installation and Upgrades / Re: Install failure - incomplete?
« on: April 18, 2017, 01:24:46 am »
Well that sounds like a whole mess of Zentyal meets Dell.
They kind of hate eachother and it's kind of a pain in the arse.
Seriously the best fix for this is stupid, but you need to wipe the HDD entirely clean.  If you're installing on a RAID array then you need to kill the  array and create a whole new one, otherwise this will keep happening.
start the Zentyal installation process and after you get past the "Install Zentyal" initial screen hit F2 and then Enter.
Now you're in a generic ass terminal, issue the following command followed by pressing Enter:

dd if=/dev/zero of=/dev/sda bs=1 count=10 notrunc=true

(doing that from memory so check the notrunc if the command fails for some reason that's the bugger right there)
This will kill anything and everything on the HDD in very little time.  After that Zentyal gets to make all of it's own partitions and such, otherwise it gets all screwed up with existing stuff 'n' things for some reason.



I love how people ask these questions and give absolutely no solution.
This is another example of why it is imperative that people run updates and upgrades through the Zentyal web interface.
APT and DPKG don't know how to handle certain Zentyal specific configurations.
Take into consideration that 5 doesn't have OpenChange at all, it's 100% Sogo and that's it - some things just won't fly.
So first of all just read all of the release notes prior to upgrading things.
Secondly let's not forget to read the directions (at least skim through them) for the server software we are using - since it's a best practice kind of thing to know what we're working with.
Third I'd like to bring to the forground that Zentyal uses stubs and hooks, these are specific to Zentyal and have absolutely nothing to do with Ubuntu or DPKG or APT, thusly if you use the terminal to administer Zentyal you invite corrupted files and all sorts of other funtastic issues.  Via use of the Zentyal GUI you get to take advantage of things like Hooks that tell APT or DPKG to stop a service and set something to a certain state prior to upgrading therefore you don't get issues like this thread mentions.
If you found this thread because you already made the same mistakes as the author did then you may be allright still.  If you uninstall the packages you'd already screwed up OR roll them back to the working version you can then hit up the GUI and do a proper upgrade/update.

Email and Groupware / Customizing Web Interface For Blind Users
« on: April 18, 2017, 01:08:55 am »
Greetings Zentyal Gang,
I've been out of the Zentyal loop for a minute now, but I'm working on getting a 100% blind accessible webmail client setup.  We've tested quite a few solutions and since I have more experience with Zentyal I figured I'd just stick with what I know.
I need to find the physical path to the webmail so that I can make a few changes that would make it more accessible.  Does anyone know where in the heck Zentyal hides it's Sogo webmail pages???


Just started the upgrade process myself but in 4.0 and on I've only lost Jabber.
mail Filter and Antivirus have always been there for me.
Uncertain how long it's going to take since I had a big issue with Grub and stupid images a minute ago but fingers crossed the upgrade goes swimmingly and I don't lose everything again LoL.
Hey, here's a "something you didn't know" - when doing upgrades/updates of Zentyal it's a horrible idea to create PST backups of all user accounts - why you ask - well Zentyal doesn't support PST imports.  In fact, importing a PST larger than around 200 emails in plain text will wreck any user account on a Zentyal server beyond repair...
Sucks, yeas but it is what it is...

Installation and Upgrades / Re: Zentyal 5.0 Comodo SSL
« on: February 14, 2017, 12:04:35 am »
So you can do that tutorial and it "should" work.  I did it on a test box and it worked but Zentyal installs are like snowflakes - none of them are the same.  Since it worked on my test box it's likely it will work on your machine but not a guarantee.
Did you ever read the Zentyal documentation about using stub files though?  There's the route to go, via use of stubs you can make changes that are upgrade proof.  This little tutorial needs redoing every sinle time you upgrade and sometimes when you update components - not very stable if you ask me.
I do it via stub files, it's safe, update/upgrade proof and bestest of all if it breaks something you only need to rename a single file, restart a service and you can limp along until you get it figured out.  Call me silly but it seems like a way better solution.
Check my thing out and enjoy doing it the right way!

Other modules / Re: virus blocker and ad blocker module for zentyal
« on: August 18, 2016, 09:12:13 pm »
There are Antivirus and Antispam modules available.
They kind of work but they are just using outdate version os available open source software Clam AV and - ummmmmmmm - I can't remember what it's called right now.

All Zentyal is in reality is a stack of open source solutions that anyone can install and configure for free - the main difference is that you surrender a TON of control.
You can literally just get a copy of any version of Ubuntu Server (I strongly suggest using an LTS version) and at the end of the setup just check the boxes for LAMP, Mail Server, SSH and I can't remember if there's an option for CA but then you get to configure EVERYTHING on your own.

After that's all done then you can install Sogo (the new super good version not the REALLY OLD version) and OpenChange.

There you go it's just like Zentyal but it's all yours - no stupid WebAdmin GUI either, you can install a really runctional CPanel from a number of different options.  Once you find the one you want you keep it, if you don't like it you remove it - it's literally that simple.

Not to mention the communities for Postfix, Dovecot, SpamAssasin, ClamAV, Sogo, OpenChange, Apache2 and whatever else you might land on installing are super active and you can actually get support for those products.

Did you know if you shell out the $500 for a commercial edition of Zentyal they don't support Dovecot?  They also don't support Postfix...  As it turns out if it's something outside of the Zentyal specific portions you don't get any help at all.  They really don't even know about Samba - which is integral in their whole architecture.
That also reminds me you'll want to install Samba too - an make your own server that's up to date, rock solid and secure!

If you cannot download attatchments on WP 8 and up it's probably not such a Zentyal only problem as it is a cross platform issue.
I would try installing the CA Cert from the Zentyal server onto one of the WP units and see if that fixes the issue.

The second step - if that didn't work is I would go into the Zentyal GUI and I would browse right on into Users and Computers > Manage and find each user that cannot download attatchments.  Once located I would scroll all of the way down to where you can disable their Openchange account, disable it and then change the password.  Once the password is changed I'd enable their Openchange account back to normal and then their WP phone will ask for the new credentials.
After putting the new password in the Outlook app or Windows Mail app will have to re-register the credentials and it "should" clear out whatever hiccup is there.
Obviously try this on an account you use instead of pushing it out to everyone all at once.
Also, although Zentyal says you shouldn't do it I'd jump into a terminal and do an apt-get update and and apt-get upgrade.
You will likely get an issue that some packages couldn't be installed, take note of one package and then do:

apt-get -f install <package name here>

The Zentyal package manager has absolutely no balls when it comes to installing packages and it often just stops at the first sign of difficulty.  It will never upgrade from there, it will never refresh the databases, it just stops...
I am on the 4.2.2 commercial edition and support from them on the commercial side sucks worse than in here - I've actually pointed out that most of their documentation in the super secret commercial edition support portal is still for 3.1 and older and doesn't apply to much of anything anymore.  So they are sucking on something but hopefully they get their heads out of their butts pretty soon.
Anyways, it's a super cool piece of free for now so just rock it as long as you can - at least you didn't pay $500 for less helpful resources LoL.


Email and Groupware / Re: Virtual Email Domains and Outlook
« on: August 18, 2016, 07:17:00 pm »
Let's say you have 3 domains

Now if is your primary domain and it's set in your Virtual Mail Domains by default it's also set in your Zentyal DNS.  If that's the case it's likely the additional ones ( and are not going to be put in there.
After you put the additional Virtual Mail Domains into your DNS then you can enable Autodiscover for each of them.  That is pretty much all it will take to get them showing up.
The fun part about it all is that the documentation is REALLY shady about it so so I don't know if you should put these entries in as an alias of the primary domain OR if you should put them in as additional entries.  I actually just thought about that and I am going to try making something an alias instead of a separate DNS entry...
Good luck and I hope this helps!

Oh, yeah did you install Sogo ActiveSync yet?  You'll need to do that for most mobile devices to be able to use your server too.

It's all pretty much in the Wiki now days - or you pay for a support contract and upgrade to a commercial account.

Figure out how to write your sieve script then jump into a terminal and do the following:
sudo nano /var/vmail/default.sieve

Put your sieve script into this file and then save and close it.  Now just restart the mail and openchange modules:

sudo service Zentyal mail restart
sudo service Zentyal openchange restart

Zentyal is open source, so is Openchange.  On the same note Sogo, Samba, Postfix, Dovecot and Ubuntu are all open source projects.
When Microsoft and Apple stop publishing things for years at a time on their website it's one thing, but when Openchange doesn't put anything on a website it usually means that someone or everyone is hard at work.
In fact there's talk around the water cooler that Zentyal took over Openchange development, which was being spearheaded by Sogo.  Then there's the fact that Sogo's latest version seems to just have Openchange fully incorporated into it.  I haven't had anyone from either project call me and tell me personally that this is all factual, but I do know for sure that Zentyal is hard at work getting ready to launch v5.xx for all of us beta testers.  If that's the case then we're all going to get to play with a super cool release and from the hints I've been getting it's going to be pretty bad a**!

No matter what you do to and every time you restart the Zentyal server it will be undone.
Go change the heck out of it then run the following command to test it out:
sudo service Zentyal mail restart

So holy cow, what happened?  if you go to /usr/share/Zentyal/stubs/mail you'll see what are called stub files like and - but you don't edit those either.  Make the following 2 directories like so:
sudo mkdir -p /etc/Zentyal/stubs
sudo mkdir -p /etc/Zentyal/stubs/mail

Now copy and over to the /etc/Zentyal/stubs/mail from /usr/share/Zentyal/stubs/mail and you have 2 stubs files to edit.
Inside of these files you can find the place to turn off basic authentication, and tighten down the settings.
By default Zentyal does NOT allow open relays, but you can setup open relays inside of the Mail configuration from the web GUI.  I'd venture a guess that someone didn't read the whole Wiki and couldn't figure out why clients couldn't connect to the server and just opened everything up.  Zentyal creates a self signed certificate and you have to go into the admin panel to download it - https://your servers IP:8443/
Login with any user that is a member of the local sudoers group on the machine and navigate to Mail>Openchange
Click the Download Certificate button and download the Root CA Certificate file.
Now, on every client you have to install that certificate file into the Trusted Root Certificates container - which doesn't happen automatically you have to manually pick that container.
Once that's all done you're good to go and you can connect up to the server like normal and you'll be able to lock down your relay policies.
If you've tinkered with the Firewall settings you're likely going to need to find the default settings for that and revert back too, otherwise the open relay will never be closed.

Using hooks to edit is going to stop working relatively quickly in the life span of an email server.  So there is a proper and pretty solid solution that is update and upgrade proof.
Issue the following commands:
1.  sudo mkdir -p /etc/Zentyal/stubs
2. sudo mkdir -p /etc/Zentyal/stubs/openchange
3.  sudo mkdir -p /etc/Zentyal/stubs/mail4.  cp /usr/share/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas /etc/Zentyal/stubs/openchange
5.  cp /usr/share/Zentyal/stubs/mail/ /etc/Zentyal/stubs/mail

Now you have the 2 stub files necessary to make this all happen.  These are Zentyal generated files and making copies in the /etc/Zentyal/stubs directory and subdirectories ensures they won't ever be overwritten by the system, but the system will use them over the ones under /usr/share/Zentyal/stubs.
Zentyal itself just makes a self signed certificate, that won't cut it in the real world, so you'll need a trusted 3rd party SSL that covers the following names for Zentyal Mail Servers:
Obviously replace hostname with your servers hostname and with your actual TLD but leave autodiscover as is.  You can get a Comodo Positive SAN SSL for around $50/year and it's done in a few minutes.  You'll need your certificate file, your key file and your ca-bundle, put those in a secure directory on your server like /etc/apache2/ssl/cert.crt - cert.key &
Then edit the 2 files you just copied:
1.  sudo nano /etc/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas
2.  sudo nano /etc/Zentyal/stubs/mail/

In each of them you will find a certificate refrence and it points to <% certfile %> (or something really similar to that) you'll edit it as follows (add the 2nd line and 3rd line)
certificatefile = <path to your .crt)>
CertificatKeyFile <path to your .key>
CertificateCAFile <path to your ca-bundle file>

I'm not sure if the works exactly the same way but it's something VERY similar.  Now restart OpenChange and Mail Modules:
1.  sudo service Zentyal mail restart
2.  sudo service Zentyal openchange restart

Now you've got a proper certificate file in place and your email server will work like a champion from here on out.
You may also want to find the line in that sets up your SMTP banner it's something like smtpd_banner = <% destination %> ESMTP
Whatever the <% - - - %> says you can just change that to your FQDN.  So if your hostname is "mail" and your TLD is "" then you'd change it to ""
As long as you have your PTR setup properly and your SMTP banner matches then you're golden.
Hope this helps you get things properly fixed.

Pages: [1] 2 3 ... 8