You’d like to try or use Zarafa on Arch Linux? Awesome! So you’re at the right place to read on and bring it to life.
Where to start?
Check the Compatibility / Overview. You found your device? Great! Just click the link and follow the platform specific installation instructions on archlinuxarm.org.
Archlinux moves very fast. Get around incompatibilities and use the last working os from pietma repository.
How to install?
Add pietma to the top of Arch Linux list of package repositories.
Edit /etc/pacman.conf
[pietma] SigLevel = Optional TrustAll Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo [core] (...)
Download a fresh copy of all package lists, update your complete system and install the zarafa packages.
# Skip system update with os from pietma repository pacman -Syu pacman -Sy zarafa
Packages in the Pietma repository are continously build for the latest Arch Linux release. For older systems you might want to try a build from the past. The package overview will give you a better orientation.
[pietma-20170109072800] (...)
What’s done?
- All available applications and dependencies are installed
- Zarafa and its components are fully configured to work locally
What’s open?
Start installation and please don’t mind answering the questions with yes on a fresh system.
/usr/share/doc/zarafa/pietma/install.sh [....] Set timezone for ical service [DONE] Set timezone for ical service [....] Generate password for zarafa presence service [DONE] Generate password for zarafa presence service :: Copy and override NGINX, PHP, POSTFIX, SASL settings? [Y/n] [....] Copy and override NGINX, PHP, POSTFIX, SASL settings [DONE] Copy and override NGINX, PHP, POSTFIX, SASL settings [....] Add smtps/465 to /etc/services [DONE] Add smtps/465 to /etc/services [....] Install optimizations [DONE] Install optimizations [....] Initialize MySQL database [DONE] Initialize MySQL database [....] Start MySQL database [DONE] Start MySQL database [....] Secure MySQL database [DONE] Secure MySQL database :: Please enter MySQL Root Password (or empty) [....] Create Zarafa database [DONE] Create Zarafa database [....] Start Zarafa, install database tables and public store (this will take a while >1min) [DONE] Start Zarafa, install database tables and public store [....] Stop Zarafa [DONE] Stop Zarafa [....] Stop MySQL [DONE] Stop MySQL [....] Create SSL-Keys/Certificates and trust them (this will take a while >10min) [DONE] Create SSL-Keys/Certificates and trust them :: Enable and start services MYSQLD, ZARAFA-SERVER, ZARAFA-GATEWAY, ZARAFA-SPOOLER, ZARAFA-DAGENT, ZARAFA-ICAL, PHP-FPM, NGINX, SASLAUTHD, POSTFIX [Y/n] [....] Enable and start services [DONE] Enable and start services Read More https://...
How to test?
Add an user account and please stay patient. Creating store could take few seconds, when MySQL is running on a slow SD-Card.
zarafa-admin -c 'testuser@localhost.com' -p 'securepassword' -e 'testuser@localhost.com' -f 'Firstname Lastname' zarafa-admin --create-store 'testuser@localhost.com'
Open https://alarm/zarafa-webapp in your browser and login.
You might want to manage Zarafa- and Postfix-Users with Zarafa-Postfixadmin.
Which services does it run?
Referring to zarafa packages, everything’s running and the services and web server are providing all of its functions.
- Service Overview: https://alarm
- WebApp : https://alarm/zarafa-webapp
- ActiveSync : https://alarm
- CardDav : https://alarm/carddav
- CalDav : https://alarm/caldav
- POP3 (SSL/TLS) : alarm:995
- SMTP (SSL/TLS) : alarm:465
- IMAP (SSL/TLS) : alarm:993
What else can be done?
You can find almost everything in Zarafas documentation. But for the lazy ones I’ve created some documented sample configs.
And after a little while you might wish to update Zarafa and Arch Linux.
Links
113 thoughts on “Install, Run and access Zarafa”
Very nice howto.
Unfortunately zarafa-server crahes if i try to start it with “systemctl start zarafa-server”. “systemctl status” drop the following:
/usr/bin/zarafa-server: error while loading shared libraries: libboost_filesystem.so.1.58.0: cannot open shared object file: No such file or directory
Do yu know a fix for this?
Tim
Hi Tim!
Sure we’ll find a fix 🙂 Did you compile your own or use the package? Which platform (arm, x64, i686) and version of Zarafa did you try to install?
MartiMcFly
martimcfly
I followed exact your guide and get all packages from your repository.
My system is a Raspberry Pi with an actual Arch Linux ARM installation.
pacman says it’s zarafa-server-7.2.1-2
Thank you for your help =)
Tim
Hey Tim!
This was my bad.
I’ve declared boost=1.58.0 as make but not normal dependency. So your system installed boost=1.59.0 (latest) from official repository. However, Zarafa depends on boost=1.58.0, which you’ll find in pietma’s archlinux repository.
Just uninstall boost=1.59.0 …
pacman -R boost
pacman -R boost-libs
And install boost=1.58.0 from pietma…
pacman -S pietma/boost pietma/boost-libs
I’ll release a fixed package later this evening.
Let me know wheather this helped! 🙂
MartiMcFly
martimcfly
Here we go…
I’ve updated almost all package dependencies (like icu 56.1). By now zarafa-server-7.2.1-5 should install on updated systems…
pacman -Sy zarafa-server
However, there will reimain some required packages, which I upload to pietma’s arch linux repository (like boost 1.58.0, gcc…).
For complete system updates you’ll have to ignore conflicting packages…
pacman -Syu –ignore boost –ignore boost-libs –ignore icu (…)
This is a necessary step to avoid a broken system by archlinux’s rolling release.
Please let me know about your progress!
martimcfly
Hey Marti,
With the new package zarafa works without problems =)
Thank you for your fast support.
Tim
It worked once…now getting ‘404 Not Found’ on every page (webapp / webaccess).
Systemctl gives all running services; reboot didn’t work. Database is up and runnning, zarafa-admin can make new users. Seems like a php / nginx issue. Where to look?
Laurent
Hey Laurent!
Have you…
– checked wheather all 8 (mysqld, nginx, php-fpm, zarafa-server, zarafa-gateway, zarafa-spooler, zarafa-dagent, zarafa-ical) services are running?
– made changes after the first run?
– tried this locations https://xxx/zarafa-webapp and https://xxx/zarafa-webacces? It’s not only https://xxx/webapp and https://xxx/webaccess. If there were an issue with php-fpm, then you’d get something with ‘gateway unreachable’.
MartiMcFly
martimcfly
Shame on me…..just forgot the “zarafa” before the ‘webapp / webaccess’…. 😐
Zarafa works…great job…..but….how to send mail?
I have a local SMTP server (Synology)
I have a local MYSQL server (Synology)
I have a Raspberry Pi 2 with ArchLinux and Zarafa (working)
Where to put what?
– spooler.cfg –> SMTP server (mine or my provider?)
– main.cf –> relayhost. SMTP server?
…..how does it work? Log in to Zarafa….make new mail…push ‘Sent’ …. and then…what files are used and what path to follow?
Laurent
Additional:
With echo ” ” | mail etc my mail is sent
In Zarafa it is stuck in the Outbox…
Laurent
Okay, got it working (MX records seems important…;-))
Next: use of Outlook: no license server….is it available?
Laurent
Hey Laurent,
I’m glad to hear you made it!
This packages serve default settings for a secure and integrated installation. Zarafas MYSQL database is created automatically, which is why you’re able to create accounts and access it. The recommended local MTA is Postfix (SMTP).
You might need a Smarthost as MTA.
Running SMTP and MYSQL on a different server require some considerations on security and performance. Attachments are stored to filesystem (uncompressed). Managing them in MYSQL has been slow for me.
The Outlook plugins won’t be developed anymore. But Outlook is supporting Active Sync now.
MartiMcFly
martimcfly
Active Sync works, thanks for the tip.
Running my database on the SD card is not something I want to do. I have a running SQL database on my Synology….and….so far so good. It is for home use so performance is not really an issue.
Next challenge: using my CA certificate…that will work too…I guess 😉
Thanks for the good work!
Laurent
Thanks!
In case your NAS becomes to slow of requests and processing SQL-Queries, you could just move your MySQL-Database and Zarafa-Attachements to an external hard drive just by Symlinks. That way I/Os will not mess with your SD-Cards lifetime. When this was you concern. The RPi2 has better power management and passes enough power to USB-Drives.
MartiMcFly
martimcfly
Great Tutorial, but I have some problems install the php-fpm nginx package:
[root@alarmpi alarm]# pacman -Sy php-fpm nginx :: Synchronizing package databases…
core is up to date 0.0 B 0.00B/s 00:00 [———————-] 0%
extra is up to date 0.0 B 0.00B/s 00:00 [———————-] 0%
community is up to date
alarm is up to date
aur is up to date
pietma is up to date
resolving dependencies…
looking for conflicting packages…
error: failed to prepare transaction (could not satisfy dependencies)
:: sabre-zarafa: installing php-fpm (7.0.4-1) breaks dependency ‘php-fpm<7'
:: z-push: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
:: zarafa-server: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
:: zarafa-webaccess: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
:: zarafa-webaccess-mdm: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm <7'
:: zarafa-webapp: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
:: zarafa-webapp-passwd: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm <7'
[root@alarmpi alarm]#
Do you have an advice, how to solve this?
Michael
Hey Michael,
of course 🙂
Just use the latest, security fixed, php-fpm 5.6.x I compile and provide on my repo.
pacman -Sy pietma/php-fpm
If you have already installed php 7.x you need to uninstall it before. And install 5.6.x from pietma.
Pacman -R php
Pacman -Sy pietma/php
If you’re looking for a system update, then you can use my update-system skript…
https://git.pietma.com/pietma/com-pietma-zarafa/blob/master/utils/update-system.sh
Marti
martimcfly
Ho doesn’t work on my pi3, can’t create a user:
[root@alarmpi ~]# zarafa-admin -vvv -c ‘testuser’ -p ‘securepassword’ -e ‘testuser@localhost’ -f ‘Firstname Lastname’
[error ] M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040116: disk error
[crit ] CreateProfileTemp(): ConfigureMsgService failed 80040116: disk error
[warning] CreateProfileTemp failed: 80040116: disk error
Unable to open Admin session: disk error (0x80040116)
Using the -v option (possibly multiple times) may give more hints.
Frank
Hey Frank,
I’ve never seen this message myself. A bit googling brings up this results…
https://duckduckgo.com/?q=M4LMsgServiceAdmin%3A%3AConfigureMsgService()+MSGServiceEntry+failed+80040116%3A+disk+error&t=ffsb&ia=web
https://jira.zarafa.com/browse/ZCP-13110
https://forums.zarafa.com/showthread.php?11045-Installing-7-20-Beta-1-on-CENTOS-7-issues/page2
It’s supposed to tell, that Zarafa’s not started.
Maybe you could check zarafa-servers log:
journalctl -u zarafa-server -r
Marti
MartiMcFly
Hey Marti,
I have also a PI3 and can’t also not create a user, the same error message as Frank.
I have check the zarafa-serverlog with: journalctl -u zarafa-server –r
The meesage are all:
[root@alarmpi ~]# journalctl -u zarafa-server -r
— Logs begin at Sun 2016-10-09 21:26:12 UTC, end at Sun 2016-11-06 07:37:02 UTC. —
Nov 06 07:37:02 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
Nov 06 07:37:02 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 06 07:36:59 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
Nov 06 07:36:59 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 06 07:36:56 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
Nov 06 07:36:56 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
I have check also the zarafa-server status with:
ystemctl status zarafa-server.service
* zarafa-server.service – Zarafa Collaboration Platform Storage Server
Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2016-11-05 20:47:32 UTC; 10h ago
Docs: man:zarafa-server(8)
man:zarafa-server.cfg(5)
man:zarafa-admin(8)
Main PID: 437 (zarafa-server)
Tasks: 17 (limit: 4915)
CGroup: /system.slice/zarafa-server.service
`-437 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg
Nov 06 07:41:01 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 06 07:41:01 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
Nov 06 07:41:04 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 06 07:41:04 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
Can you help me to fix the problem?
Peter
Peter
Hey Peter,
I’m sorry to hear that.
It seems the installation script calculated a wrong number of max connections for mysql. Could you flease run ‘free -h’ and send me the output? Furthermore could you please tell me what the max_connection field in the /etc/mysql/my.cnf is saying?
Please higher the number of the max_connection in the /etc/mysql/my.cnf file for about 1 to 10 (max_connections=9 -> max_connections=10 or max_connections=20). And restart mysql ‘systemctl restart mysql’.
This way zarafa should work again 🙂
I’m looking forward for your feedback!
Marti
MartiMcFly
Hey Martina,
First I can say, that it is possible now to create a user.
The max_connection field in the /etc/mysql/my.cnf was 7, I set it on 20.
Before I make de max_connection 20 the free memory was
free -h total used free shared buff/cache available
Mem: 922M 128M 579M 532K 214M 778M
Swap: 0B 0B 0B
I change the max_connectio to 20, the free memory is:
free -h total used free shared buff/cache available
Mem: 922M 125M 580M 532K 216M 782M
Swap: 0B 0B 0B
I have also checked the server log: see output
Nov 06 14:36:57 alarmpi zarafa-server[437]: SQL [00000010] info: Try to reconnect
Nov 06 14:36:57 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
Nov 06 13:05:29 alarmpi zarafa-server[437]: SQL [00000000] info: Try to reconnect
Nov 06 13:05:29 alarmpi zarafa-server[437]: SQL [00000007] info: Try to reconnect
Nov 06 13:00:44 alarmpi zarafa-server[437]: Command /etc/zarafa/userscripts/createuser` exited with non-zero status 126
Nov 06 12:59:46 alarmpi zarafa-server[437]: SQL [00000006] info: Try to reconnect
Nov 06 12:59:46 alarmpi zarafa-server[437]: SQL [00000008] info: Try to reconnect
Nov 06 12:59:43 alarmpi zarafa-server[437]: ECDatabaseMySQL::DoSelect(): query failed
Nov 06 12:59:43 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 06 12:59:43 alarmpi zarafa-server[437]: SQL [00000009] info: Try to reconnect
Also I checked the zarafa-server status.
systemctl status zarafa-server.service
* zarafa-server.service – Zarafa Collaboration Platform Storage Server Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2016-11-05 20:47:32 UTC; 17h ago
Docs: man:zarafa-server(8)
man:zarafa-server.cfg(5)
man:zarafa-admin(8)
Main PID: 437 (zarafa-server)
Tasks: 17 (limit: 4915)
CGroup: /system.slice/zarafa-server.service
`-437 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg
Nov 06 14:44:02 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
Nov 06 14:44:03 alarmpi zarafa-server[437]: SQL [00000003] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000004] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000005] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000006] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000009] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000007] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000003] info: Try to reconnect
Nov 06 14:46:36 alarmpi zarafa-server[437]: SQL [00000008] info: Try to reconnect
Thank you for your fast support.
Peter
Peter
The calculated max_connections for mysql seem to be fine. But that’s only for zarafa. You’re going to run out of connections, when there’s another application using the database at the same time. I changed the installation script so it adds 10 more spare/backup connections (max_connection=?+10) for other applications like zarafa-postfixadmin.
Have fun using Zarafa! 🙂
Marti
MartiMcFly
Hey Martina,
I have completely new install arch linux and the zarafa server.
I can create users, and mysql is running.
After 7 hours mysql is stopping to run.
The free memory is before that moment is:
free –h
total used free shared buff/cache available
Mem: 922M 138M 632M 528K 151M 770M
Swap: 0B 0B 0B
The free memory if mysql is stopped:
free –h
total used free shared buff/cache available
Mem: 944376 48360 692364 524 203652 881000
Swap: 0 0 0
I have also checked the server log on that: see output.
journalctl -u zarafa-server -r
Nov 12 03:14:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
Nov 12 03:14:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 12 03:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
Nov 12 02:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Lost connection to MySQL server at ‘reading initial communication packet’, system error: 95 “Operation not supported”
Nov 12 02:13:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 12 02:00:00 alarmpi zarafa-server[434]: Unable to get database connection: Lost connection to MySQL server at ‘reading initial communication packet’, system error: 95 “Operation not supported”
Nov 12 02:00:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 11 17:48:34 alarmpi zarafa-server[434]: WARNING: zarafa-licensed not running, commercial features will not be available until it’s started.
Nov 11 17:48:34 alarmpi zarafa-server[434]: Starting zarafa-server version 7,2,4,0, pid 434
Nov 11 17:48:34 alarmpi systemd[1]: Started Zarafa Collaboration Platform Storage Server.
Also I checked the zarafa-server status.
systemctl status zarafa-server.service
* zarafa-server.service – Zarafa Collaboration Platform Storage Server
Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2016-11-11 17:48:34 CET; 14h ago
Docs: man:zarafa-server(8)
man:zarafa-server.cfg(5)
man:zarafa-admin(8)
Main PID: 434 (zarafa-server)
Tasks: 17 (limit: 4915)
CGroup: /system.slice/zarafa-server.service
`-434 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg
Nov 12 07:13:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 12 07:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
Nov 12 07:14:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
Nov 12 07:14:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
Can you help me with this problem also?
Peter
Peter
At the first glance your RAM looks good.
I’m curious what your mysql logs say? => journalctl -u mysqld -n 100
It makes the impression, that mysqls out of connections again. Something’s consuming a lot of them. Did you change any configuration in zarafas server.cfg?
When you reach the problem (to many connection / connection refused), then there’s a strategy debuging your mysql server…
http://alvinalexander.com/blog/post/mysql/how-show-open-database-connections-mysql
$ mysql
mysql> show status like ‘Conn%’;
mysql> show status like ‘%onn%’;
mysql> show processlist;
$ mysqladmin status
Of course you can post the outputs here, too.
MartiMcFly
MartiMcFly
How can I calculate the Max Connection setting for MySQL? Is there some formula?
Hasenfuß
Hey Hasenfuß,
try this … https://pietma.com/optimize-zarafa-and-mysql-mariadb/
It’s composed out of Zarafas documentation.
MartiMcFly
MartiMcFly
After Installation, i cant access CalDAV. Is there something, i must edit in the config before? zarafa-ical is started…
Flat Eric
Hey Flat Eric,
usually only zarafa-server, zarafa-ical AND nginx have to be running correctly before you access ICAL. NGINX is working as a proxy which lets you access all webservices on the same port…
WebApp : https://alarm/zarafa-webapp
ActiveSync : https://alarm
CardDav : https://alarm/carddav
CalDav : https://alarm/caldav
MartiMcFly
MartiMcFly
When your iCal problems persist, there’s always the slight chance that somethings wrong in the compiled server. In this case, you are always able to downgrade!
I can’t know about the individual problems someone might have with this packages. That’s why packages and dependencies of each build are kept in their own repository.
The last regular armv7h build is “pietma-20161102180723” for example…
https://repository.pietma.com/nexus/content/sites/archlinux/armv7h/
https://repository.pietma.com/nexus/content/sites/archlinux/i686/
https://repository.pietma.com/nexus/content/sites/archlinux/x86_64/
Just change your existing /etc/pacman.conf from…
[pietma]
SigLevel = Optional TrustAll
Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo
to…
[pietma-20161102180723]
SigLevel = Optional TrustAll
Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo
Now you use a fixed version, since this repository isn’t updated.
Just run this. Pacman is going to synchronize the package-list and ask you for a downgrade.
$ pacman -Sy zarafa-server
MartiMcFly
MartiMcFly
I have big problems with german umlauts in WebApp. Sometimes, if i load WebApp, i see ?-Signs instead of a Umlaut, and sometimes the Signs are completely missing. This changes, if i reload WebApp to one ore the other case. My Foldernames and the WebGUI itself are in German, also my System locale seems to be completely in de_DE.utf-8 but Contact Names, Adresses, Event Subjects and such things get really weird. What can i do?
RatzFatz
Hey RatzFatz,
did you change your systems local like discribed here (please use the UTF8 locals) …?
https://wiki.archlinux.de/title/Arch_Linux_auf_Deutsch_stellen
After you’ve followed this guide and rebooted, then your system should be showing all umlauts right. If not there’s the slight chance that the mails or other stuff have been imported or stored with the wrong local. In this case drop the database (remember to keep a backup) and recreate it.
MartiMcFly
MartiMcFly
I followed the tutorial from Arch Linux Wiki, If i set localectl manually i get:
System Locale: LANGUAGE=de_DE.UTF-8
VC Keymap: de-latin1-nodeadkeys
X11 Layout: n/a
But after reboot, i get always the following:
[root@alarmpi share]# localectl status
System Locale: n/a
VC Keymap: de-latin1-nodeadkeys
X11 Layout: n/a
I don’t know, whats wrong. All the other setting seems to be identical, as in the tutorial, except, that i don’t use the dansk language and only german utf8. But after droping the whole database, set language the manually way and restarting from scratch, german umlauts seems to work. I don’t know if i could savely reboot, without to loose this setting, but i hope so.
Ahh before i forget it: After user creation, i couldn’t get z-push to sync. I get the following Error: StatusException: ExportChangesICS->InitializeExporter(): Error, mapi_exportchanges_config() failed: 0x80040116. I have solved this by changing the database structure a little bit:
alter table changes modify change_type int(11) unsigned default 0;
After this, the sync works. I don’t know if all the other default values are OK for the table, but the logfile tells me only this table since yet.
RatzFatz
Hey RatzFatz,
I’m glad it worked out for you. And thanks for the hint with the database!
MartiMcFly
MartiMcFly
Hey RatzFatz,
this archlinux wiki is more straight forward…
https://wiki.archlinux.de/title/Arch_Linux_auf_Deutsch_stellen
The steps…
$ echo LANG=de_DE.UTF-8 > /etc/locale.conf
$ echo KEYMAP=de-latin1-nodeadkeys > /etc/vconsole.conf
$ ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
Enable locales (remove comment #) in /etc/locale.gen…
en_US.UTF-8 UTF-8
en_DK.UTF-8 UTF-8
de_DE.UTF-8 UTF-8 # Für Deutschland
de_CH.UTF-8 UTF-8 # Für die Schweiz
de_AT.UTF-8 UTF-8 # Für Österreich
$ locale-gen
$ reboot
Should be fine now…
$ localectl status
For MySQL and its locale…
http://dev.mysql.com/doc/refman/5.7/en/globalization.html
I think you just have to finish setting your locale and restart your system + mysql. As long your database is using utf-8 it should be fine then.
Marti
MartiMcFly
Hey RatzFatz,
I’ve looked a little bit into this problem. It seems Zarafa fixed it in Kopano with a database update. Basically there are two changes in column defaults. I copied them from Kopano and patched them into Zarafa. It’s a regular database update with a regular entry in the versions table now. So another update (ex. to Kopano) won’t do this again.
alter table `changes` modify change_type int(11) unsigned not null default 0
alter table `abchanges` modify change_type int(11) unsigned not null default 0
All you have to do is update to the latest zarafa-server from pietma. During the start of zarafa-server the updates are done automatically. During a quick Test I’ve got no errors anymore.
Marti
MartiMcFly
Thank you very much for creating the pietma.zarafa packages and installation files. It was a huge help. I installed on a clean server and all lthe web services and z-push work perfectly, but I’m unable to log into imap or pop3. I’m using correct ports with SSL (tried TLS also). It never seems to accept a password. Am i missing something? Can you give me some suggestions? This is a cle
Mike Smith
Hey Mike,
thats my fault. I gave the wrong ports in NGINX. Just fix the NGINX config the same way I did in this commit.
https://git.pietma.com/pietma/com-pietma-zarafa/commit/b54ce0b310b00315aae9459b84be6e0021aad1b7
Then do “nginx -s reload”
MartiMcFly
MartiMcFly
This doesn’t fix the issue. I have done multiple fresh installs. The correct port is already in default.http. So far the only way i can get imap to log in at all is if I change /etc/conf.d/saslauthd From:
SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1/142 -c -n 0″
to
SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1 -c”
This seems to get logins working, at least to some degree. Only users I create on the command line will long in, though. If I create a user through zarafa-postfixadmin web interface, it doesn’t work via smtp, imap only.
Another issue that i’m having….. If I create a user using the command below, it doesn’t show up in zarafa-PostfixAdmin. If i create a user in zarafa-postfixadmin, it doesn’t seem to work for smtp, only imap. Command is:
zarafa-admin -c ‘testuser’ -p ‘securepassword’ -e ‘testuser@localhost’ -f ‘Firstname Lastname’
zarafa-admin –create-store ‘testuser’
Keep in mind, I have tried to get this working over 12 times in the past 3 days, each time with a fresh install of arch with nothing installed expect the pietma repo, zarafa installing using pacman with defaults, and the install script provided ran afterwards. This is a fresh virtual machine.
Thanks for the help.
Mike Smith
Here is some more info.
Fresh install, edit /etc/conf.d/saslauthd to use 127.0.0.1/142 instead of 127.0.0.1/143 – Setup Zarafa Postfix Admin web interface, add domain, create user. User can log in to webapp, z-push, and imap, but not smtp.
Fresh install – edit /etc/conf.d/saslauthd to use 127.0.0.1/142 instead of 127.0.0.1/143 – Create user from command line (no zarafa-postfix-admin web interface installed or used) – User can log into everything.
On the second method, that seems to provide a functional user when created using the command listed on your blog, login seems to work across the board. I’m not sure if mail flow will actually work at this point or if more needs to be done. This is the furthest I’ve gotten up until now.
Also, If I install zarafa postfix-admin web interface afterwards the user doesn’t show up.
Are there additional steps to complete for proper mail flow after creating a user via command line on a fresh server?
Thanks again,
Mike
Mike Smith
I may have spoke too soon. Although when creating a user via command line and editing etc/conf.d/saslauthd allowed successfull login to smtp after imap, it seems to stop working after a very short period of time (1-3 minutes). I will keep experimenting and beating my head against a wall and will post here if I find anything useful. Thanks for your help.
Mike
Mike Smith
Hey Mike,
I’m sorry to hear you’ve been installing so many times and it didn’t work out.
I think I’ve found the problem. The good news: The fix is very simple…
https://git.pietma.com/pietma/com-pietma-zarafa/commit/b419f48319742306b58530841a9de662ddc38116
And…
$ systemctl restart saslauthd
Users existence is checked against ZPA. If used, all user have to be managed there. The SMTP-Authentification is done against the IMAP-Server with Saslauthd.
Badly Saslauthd used the first part of the e-mail-address as username. As long you’ve imported existing users, this worked for the ‘testuser’. But ZPA (zarafa postfixadmin) creates usernames with full e-mail-address. It wasn’t enough to only use the first part as username.
I think there won’t be many more obstacles to overcome 🙂
The fixed packages are building.
Marti
MartiMcFly
Hello Martina,
Today i have again a clean installation from Zarafa on a other SD card.
I used the script so as described on your page https://pietma.com/run-and-access-zarafa/
I only changed CN in the file /usr/share/doc/zarafa/pietma/install-ssl.sh;
Then I run /usr/share/doc/zarafa/pietma/install.sh and all like Oke.
If I do https://alarm i got the inlog screen.
I log in, and got not the screen to select the languages, the screen is white and stay white.
I used the last regular armv7h build pietma-20161229135855
Gr. Peter
Peter
Hey Peter,
have you rebootet your system?
If yes, then this might be a browser specific problem. Have you tried cleaning your caches?
MartiMcFly
MartiMcFly
Hey Martina,
I don’t believe it is a browser problem.
I have reboot the system, and i clean the caches from firefox and internet explorer 11.
In both explorers i get not the screen for selecting the languages.
In internet explorer I have the fault, page not found error 500
I have 2 time’s install zarafa with I regular armv7h build pietma-20161229135855
Also I installed with pietma-20161228024906. and had also the problem.
Before pietma-20161228024906, i had not the problem.
Gr. Peter
Peter
Martina,
In journalctl –f I see a lot of messages.
Dec 30 08:21:32 alarm systemd[1]: Started Fetchmail.
Dec 30 08:22:19 alarm php-fpm[287]: [NOTICE] [pool z-push] child 29513 exited with code 0 after 940.776547 seconds from start
Dec 30 08:22:19 alarm php-fpm[287]: [NOTICE] [pool z-push] child 12211 started
Dec 30 08:22:33 alarm systemd[1]: Started Fetchmail.
And also a lot of, with different name of course.
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-server-core.h.3: No such file or directory
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_resource_create.3.gz: bad symlink or ROFF `.so’ request
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-server-core.h.3: No such file or directory
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_client_post_no_memory.3.gz: bad symlink or ROFF `.so’ request
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-util.c.3: No such file or directory
Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_log_stderr_handler.3.gz: bad symlink or ROFF `.so’ request
Peter
Peter
Hey Peter,
this sounds like your system needs an update. I always compile against the latest libraries available. This means that your system has to be updated every time you update Zarafa from ‘pietma’ repository.
You can use the intermediate repositories (pietma-20161229135855) to get a version matching with your systems last update/installation date. But every time you switch to
some newer intermediate repository there’s the possibility that your system is too old and needs an update first. At this point you’ve got two options.
1.) Find the package which needs to be updated from the changelog (pacman -Sy *package*).
https://pietma.com/zarafa-packages-for-arch-linux-overview/
In your case I guess it’s ‘llvm-libs’.
2.) Switch to latest latest repository (‘pietma’) and update your complete system (pacman -Syu)
I personally preferre this.
Marti
MartiMcFly
Hey Marti,
I also preferre the second option and also i do a complete update.
Pacman -Syu.
package databases…
core is up to date
extra is up to date
community is up to date
alarm is up to date
aur is up to date
pietma is up to date
:: Starting full system upgrade…
resolving dependencies…
looking for conflicting packages…
error: failed to prepare transaction (could not satisfy dependencies)
:: sabre-zarafa: installing php (7.0.14-1) breaks dependency ‘php<7'
:: sabre-zarafa: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: z-push: installing php (7.0.14-1) breaks dependency 'php<7'
:: z-push: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-postfixadmin: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-postfixadmin: installing php-imap (7.0.14-1) breaks dependency 'php-imap<7'
:: zarafa-server: installing boost (1.62.0-4) breaks dependency 'boost=1.58.0'
:: zarafa-server: installing boost-libs (1.62.0-4) breaks dependency 'boost-libs=1.58.0'
:: zarafa-server: installing gsoap (2.8.40-1) breaks dependency 'gsoap=2.8.22'
:: zarafa-server: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-server: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-service-overview: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-service-overview: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-webapp: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-webapp: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-webapp-spellchecker: installing php-enchant (7.0.14-1) breaks dependency 'php-enchant<7'
Peter
Peter
I see… just place pietma repository at the top of the list of repositories in /etc/pacman.conf. Pietma is preferred then and the next update won’t tell you conflicts.
MartiMcFly
Hey Marti,
It doesn’t work, see
pacman -Suy
:: Synchronizing package databases…
pietma is up to date
core is up to date
extra is up to date
community is up to date
alarm is up to date
aur is up to date
:: Starting full system upgrade…
there is nothing to do
the screen to select the languages, stay’s white.
Peter
Peter
great! your update finished successfully! Is there any way I could take a look on this myself? Teamviewer or public url? marti
MartiMcFly
I updated my testsystem and couldn’t figure out any problems. Login and language selection worked great :/
MartiMcFly
Hello Marti,
We can do it with Teamviewer.
First I will tell you what I have done.
I installed 3 times scratch on, installed arch linux on the SD card.
1. edit /etc/pacman.conf
On the end of the file insert the list of repositories
pacman –Syu zarafa
edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
run /usr/share/doc/zarafa/pietma/install.sh
zarafa-admin -c ‘testuser@localhost.com’ -p ‘securepassword’ -e ‘testuser@localhost.com’ -f ‘Firstname Lastname’
zarafa-admin –create-store ‘testuser@localhost.com’
run /usr/share/doc/zarafa-postfixadmin/pietma/install.sh
Start service’s
Create in https://alarm/zarafa-postfixadmin/setup.php Admin account.
Create in https://alarm/zarafa-postfixadmin/login.php Domain and email adress.
Then mysql -uroot < /usr/share/doc/zarafa-postfixadmin/pietma/import-from-zarafa.sql, else I got an error.
Now I can visit https://alarm/zarafa-webapp
This is the point where I log in on zarafa en got the white screen.
2. edit /etc/pacman.conf
At the top of the file insert the list of repositories
pacman –Syu zarafa
reboot
edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
run /usr/share/doc/zarafa/pietma/install.sh
etc
3. edit /etc/pacman.conf
At the top of the file insert the list of repositories
pacman –Sy zarafa
Reboot
edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
run /usr/share/doc/zarafa/pietma/install.sh
etc
Before creating in https://alarm/zarafa-postfixadmin/setup.php Admin account i do a pacman –Syu.
reboot
The results are all the same a white screen after inlogging zarafa.
Please send me a email so I can you my ID an password.
Gr. Peter
Peter
Hey Peter,
thanks for the fast insight into your setup. This problem was caused by a simple syntax error. I can’t tell why this didn’t cause the same issue on my system. Here are some more details…
“Stupid syntax error crashed zarafa-webapp [define(‘PLUGIN_MDM_SERVER’, 127.0.0.1:81); => define(‘PLUGIN_MDM_SERVER’, ‘127.0.0.1:81’);]. Internal error 500 is reported after login. Please update ‘zarafa-webapp-mdm’ and replace /etc/zarafa-webapp/plugins/mdm/config.php with config.php.pacnew in the same folder. Or simply fix ../mdm/config.php.”
Marti
MartiMcFly
Marti,
I’m still plauged with config issues. I’ve verified this three times today, just to make sure I’m not doing anything wrong. Fresh install, pietma repo added, pacman -Sy zarafa, then install.sh. After, I create a user with your example and webapp, imap, pop3 and z-push all login successfully, but not SMTPS with SSL on port 465. I continuously get prompted for a password.
The only items showing up in journalctl -u zarafa* is “Failed to open public store” and Client disconnected.” Neither of which should have anything to do with this issue. In journalctl -u postfix*, I’m getting a SASL authentication failure:
warning: unknown[172.16.0.3]: SASL LOGIN authentication failed: authentication failure
My /etc/conf.d/saslauthd seems to be correct:
SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1/142 -c -n 0″
I’m willing to try anything at this point. The license for my Zimbra mail server expires today and I’d really like to get this working to replace it. Thanks for the help.
Mike Smith
Mike Smith
Here is some more info. If I edit /etc/conf.d/saslauthd and remove the /142 port designation, I can login to all services, including smtp, successfully. But, if i try to send an email from user1@xyz.com to user1@xyz.com, the server doesn’t releasize it’s supposed to be hosing xyz.com’s domain email and it tries to resolve the mx and send it via the internet instead of delivering locally.
It not seems I’m unable to login to imap or smtp with users created via zarafa postfix-admin, no matter what settings are in /etc/conf.d/saslauthd.
Thanks,
Mike Smith
Mike Smith
Hey Mike,
have you tried the things from my last comment?
Replace the content of /etc/conf.d/saslauthd with this and restart saslauthd service (systemctl restart saslauthd)
Marti
MartiMcFly
Yes, multiple times.
Thanks,
Mike Smith
Mike Smith
I increased logging verbosity and zarafa is spewing out this:
Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Object not found unknown user “mike”: mike
Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike”: Trying to authenticate failed: wrong username or password
Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”
Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040111: logon failed
Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: CreateProfileTemp(): ConfigureMsgService failed 80040111: logon failed
Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: CreateProfileTemp failed: 80040111: logon failed
Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: Failed to login from 127.0.0.1:53828 with invalid username “mike” or wrong password. Error: 0x80040111
Dec 29 21:10:38 R5-D4 zarafa-gateway[68286]: Client disconnected
lines 255-309/309 (END)
Mike Smith
This output means that you still use “mike” instead of “mike@domain.xyz” as smtp login or that you haven’t replaced the content of saslathd with this…
Your previous message is talking about “/142”. This should already be replaced with “/143”. Please don’t forget the “-r” I added, too!
Marti
MartiMcFly
I think I read in one of your other posts that you didn’t have access to an x86_64 machine? If that’s true I can provision you a virtual machine with a baseline arch install to experiment with. If, that would help at all.
Thanks,
Mike Smith
Mike Smith
I had tried mike@xyz.com and mike. The output in the error log was the same. Example:
Object not found unknown user “mike serenity-networks.com”: mike serenity-networks.com
Dec 29 21:10:32 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike serenity-networks.com”: Trying to authenticate failed: wrong username or password
Dec 29 21:10:32 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike serenity-networks.com” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”
Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040111: logon failed
Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: CreateProfileTemp(): ConfigureMsgService failed 80040111: logon failed
Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: CreateProfileTemp failed: 80040111: logon failed
Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: Failed to login from 127.0.0.1:53824 with invalid username “mike serenity-networks.com” or wrong password. Error: 0x80040111
Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: Client disconnected
Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Object not found unknown user “mike”: mike
Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike”: Trying to authenticate failed: wrong username or password
Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”
Obviously I’ve triple and quadruple checked the usernames and passwords.
Also, I verified the saslauthd setting given above matches (I copy/pasted here from the wrong window.
Thanks again,
Mike Smith
Mike Smith
On a hunch, I tried something a little different. This time on a fresh load, I made the changes to etc/conf.d/saslauthd, and instead of creating a user from the command line to test, and then enabling zarafa-postfix-admin, I skipped creating a test user from the command line and went straight to enabling zarafa-postfix-admin and created a user. Things appear to be working properly now. I will continue to test and post back my results, but it appears that, 1. Creating a user via command line using the example on this post does not properly add the domain/virtual domain to zarafa/postfix (can’t send email to self) and, 2. If a user is created from the command line and then zarafa-postfix-admin is installed, authentication seems to be left in a broken state WRT imaps and smtps. After I import mail and run a few tests I’ll let you know my results.
I do have one more import obsticle to allow me to go live, and that is installing a proper SSL certificate with let’s encrypt. As far as I can tell, all SSL functions are using NGINX this scenario. If that’s the case, shouldn’t it be as simple as using the letsencrypt helper to obtain and install a proper ssl certificate, verify default.http is pointing to the correct certificate afterwards, and update etc/zarafa/server.conf to point to the new certificate? Am I missing something and / or do you have any helpful advise?
Thanks again for your amazing help. I plan on dumping every issue I’ve encountered into a blog post for reference. Hopefully it might help others down the road. You’re work on the pietma scripts are worth their weight in gold!!
Mike Smith
Mike Smith
When you’ve installed ZPA, then you have to manage ALL users with it. If you have leftovers in zarafa, then you have to import all of those users with the import script described on the website.
Letsencrypt isn’t very difficult. You need the http server accessable on port 80. Actually I’ve everything ready. It just has to be adopted into the new environment. But this will take me at least one or two days.
What I meant to say in one of my posts is that I have a working x64 and x86 environment for compilation. I just don’t use and test the zarafa binaries in this environment 🙂
Marti
MartiMcFly
Wow, lots of authentication issues seem to plague zarafa. Despite the activesync tester successfully authenticating, when opening outlook, now I’m having authentication errors for active sync. Seems to have something to do with php-fpm: pool z-push. It never ends!!!!!!
Dec 29 22:03:48 R5-D4 zarafa-server[597]: Authentication by plugin failed for user “mike serenity-networkscom”: Trying to authenticate failed: wrong username or password
Dec 29 22:03:48 R5-D4 zarafa-server[597]: Failed to authenticate user “mike serenity-networkscom” from “file:///var/run/zarafad/server.sock” using program “php-fpm: pool z-push”
Mike Smith
Any idea’s with regards to ActiveSync / Z-Push authentication not working now? This is the only error I can find that seems relevant:
Dec 29 22:03:48 R5-D4 zarafa-server[597]: Authentication by plugin failed for user “mike serenity-networkscom”: Trying to authenticate failed: wrong username or password
Dec 29 22:03:48 R5-D4 zarafa-server[597]: Failed to authenticate user “mike serenity-networkscom” from “file:///var/run/zarafad/server.sock” using program “php-fpm: pool z-push”
I’ve never used z-push (although it was pretty much the number 1 reason I’ve been trying to use this particular mail server configuration to get activesync) so I’m not sure where to begin troubleshooting. I’ve come up empty on google searches thus far.
Thanks,
Mike
Mike Smith
The error is saying that ‘mike serenity-networkscom’ couldn’t be authenticated. But shouldn’t you use ‘mike serenity-networks.com’ as login? The dot after the domain seems to be missing.
MartiMcFly
It’s stripping it from the log for some reason. The actual credentials entered has a dot.
Mike Smith
I’m going to start from scratch once more and see if the problem persists. It’s possible I have messed up something in troubleshooting the other issues. I’ll let you know if that clears it up.
Thanks again for the all the help.
Mike Smith
Mike Smith
I’m happy to report after a clean install, bearing in mind everything learned, everything seems to be working great. I’m migrating mail over now. The only obstacle left is setting up a Let’s Encrypt SSL certificate! I’ll try to get that figured out shortly. Thank you so much for the help you’ve given. It is very much appreciated!
Mike Smith
Mike Smith
Hey Mike,
one more thing. I’ve got a stupid syntax error in ‘/etc/zarafa-webapp/plugins/mdm/config.php’. This might annoy you in the future. A little bit of details…
“Stupid syntax error crashed zarafa-webapp [define(‘PLUGIN_MDM_SERVER’, 127.0.0.1:81); => define(‘PLUGIN_MDM_SERVER’, ‘127.0.0.1:81’);]. Internal error 500 is reported after login. Please update ‘zarafa-webapp-mdm’ and replace /etc/zarafa-webapp/plugins/mdm/config.php with config.php.pacnew in the same folder. Or simply fix ../mdm/config.php.”
Marti
MartiMcFly
Hey Mike! Congratulations, it’s so awesome to hear you’ve made it! Marti
MartiMcFly
Well, I’ve ran into another problem. I use a spam quarantine service (postlayer). In order to send mail, I have to route my outbound mail through a “smarthost” which is nothing more than an SMTP relay that uses a username and password.
Usually this is an easy entry in postfix’s main.cf, after hasing a file that contains a username and password. My problem is that the smtp_sasl_password directive is already called out in postfix and pointing to mysql:/etc/webapps/zarafa-postfixadmin/postfix/fetchmail_mailbox….something or another.
How can I add the username and password corraspoing to my smarthost in this configuration? usually I create a file (and then hash it with postfix) that contains this single line:
newton.mx25.net username:password
Please help!!
Thanks,
Mike Smith
Mike Smith
So, it looks like the callout included for zarafa-postfix-admin is only used for checking accounts added to “fetch mail” in the web interface. Currently my file appears to be cancelling out that setting in main.cf becasuse it is further down in the file. I’m able to send mail and authenticate, but I’m getting the warning message at the bottom. It would be nice to be able to just add an outbound server / smarthost authentication information in zarafa-postfix-admin. It is very, very common for mail servers to use outbound filtering, such as I do. I’m an IT consultant and I would say at least 75% of the mail servers I touch use outbound filtering in this manner. In my case, I pay 30 bucks a year for inboudn and outbound filtering. The advantage to using outbound filtering is that I don’t have to worry about reverse dns, outbound virus filtering, SPF records, or changing any dns related settings if I switch mail servers. In other words, it’s kind of a must have feature and I see a lot of benifit of adding the ability to specify and outbound smart host for all mail through the web interface. Here is the warning message I’m getting.
warning: /etc/postfix/main.cf, line 119: overriding earlier entry: smtp_sasl_password_maps=proxy:mysql:/etc/webapps/zarafa-postfixadmin/postfix/fetchmail_mail
I would be happy to provide any help or additional information, as well as testing.
Thanks,
Mike Smith
Mike Smith
Hey Mike,
did you make smarthosts work with the current Zarafa-Postfixadmin version?
Marti
MartiMcFly
I just wanted to let you know that I was able to get a Let’s Encrypt SSL certificate set up. I think it would be pretty straight forward for you (or another “coder”) to set up a script to do this on our arch-zarafa servers. Becuase of the convoluded way root directories and location directives are using in this particular nginx configuration, what I did was use certbot –manual to obtain a certificate, which was placed in /etc/letsencrypt/live/domainname/ and then I simply updated the Nginx’s default.http and default.mail to point to the newly created coorasponding .pem files. It worked like a charm. I’m insanely thrilled to say that for the first time every I actually have a z-push server set up, syncing to my iDevices running iOS 10!! Activesync tethered me to exchange for so many years, which was overkill for my domain name with only a handful of email addresses. Running a full blown exchange server for that one feature was insanity! I inteded to set up z-push with zimbra, which I had been running for a couple months as I had a spare license with a little time left, but zimbra takes up just as much resources as exchange, and a z-push setup was going to be anything but easy.
Despite all of the issues getting arch + zarafa + pietma set up, it was very much worthe the trouble. Now the only “issue” i’m having relates to my previous post with using a smart host, which is still working (although most likely breaking the fetch mail function of zarafa-postfix-admin).
If there were two things that would make pietma PERFECT, it would be:
1. Adding smarthost configuration to zarafa-postfix-admin to route outbound mail through spam filtering services (with ability to specify username/password, ssl/tls, and server address).
2. Adding a quick config for lets encrypt. Certbot in standalone mode will run a python based simple http server and do everything for you, as long as nginx is stopped. So All a script would need to do is stop the nginx service, run the certbot utility, add the new certificate paths to nginx, the start nginx. A certificate renewal process that ran once every month or so would be useful too since letsencrypt certs expire every 3months.
I’m not a coder, just a Network Engineering with a lot of colocated server resources. I would be more than happy to contribute in whatever way I can. Thank you for all the work you’ve put into this, I know it took some serious time.
Mike Smith
Mike Smith
Here is a tidbit of helpful information. If you set an SSL certificate on Nginx to enable https for webmail, imap and pop3, for some reason the zarafa mdm plugin stops working and gives an error that says “Unable to connect to Z-Push Server. Could not connect to host.” To resolve this I edited /etc/webapps/zarafa-webapp/plugins/mdm/config.php and changed PLUGIN_MDM_SERVER to the FQDN instead of localhost. All is well now. Z-push was working find for mail, this only affects the mdm plugin in the zarafa web interface.
If you aren’t using the pietma arch-zarafa setup and are using a more mainstream default setup, the actual filename you’ll need to edit is /etc/zarafa/webapp/config-mdm.php The documentation sometimes refers to it just as config-mdm.php but in instance of Pietma arch-zarafa, its just config.php in the mdm folder.
This is just FYI for google searchers. I will write a blog post soon to address this.
Thanks,
Mike Smith
Mike Smith
Hey Marti,
On the first happy New Year.
I have made some rules in Zarafa for moving the emails to a subfolder.
But if I receive an email for an subfolder, this email stays in Postin, and don’t move to the subfolder.
I have tested: cat ‘emailadress’ | zarafa-dagent peter ,the email delivered in Postin
Also I tested: cat ‘emailadress’ | zarafa-dagent -F ‘Inbox\Synology’ peter ,the email delivered in the subfolder Synology.
Before the complete new installation on 29-12, I have seen that it works
Gr. Peter
Peter
Hey Peter,
I’m sorry to hear this happen! This would be a great question to post on https://forums.zarafa.com .
Maybe a new version has fixed this?
Marti
MartiMcFly
If I use the zarafa-passwd command to change/update a password, the new password goes into effect and works on zarafa webapp, but imap still works with the old password, even after a reboot. How can this be?
Thanks,
Mike
Mike Smith
I’m having major issues with my server as of today. It started with my spam service (that also filters outbound mail) giving me thousands of rate limit bounces. Upon further examination, my server was blasting spam out. A bot was connect in on port 465 and somehow authenticating with my username and password (supposedly). So, I tried to update my password. I used zarafa-passwd to do so. This only updated my password for the webaccess interface……. Not SMTP authentication. I restarted. No change. I also tried to upgrade all packages. A simple pacman -Syu spits out errors now as there is all sorts of dependancy problems with the peitman repo now.
# pacman -Syu
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
pietma is up to date
:: Starting full system upgrade…
resolving dependencies…
looking for conflicting packages…
error: failed to prepare transaction (could not satisfy dependencies)
:: zarafa-postfixadmin: requires php<7
:: zarafa-postfixadmin: requires php-imap<7
:: zarafa-server: requires boost=1.58.0
:: zarafa-server: requires boost-libs=1.58.0
:: zarafa-server: requires gsoap=2.8.22
:: zarafa-server: requires php<7
:: zarafa-server: requires php-fpm<7
:: sabre-zarafa: installing php (7.0.14-1) breaks dependency 'php<7'
:: sabre-zarafa: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: z-push: installing php (7.0.14-1) breaks dependency 'php<7'
:: z-push: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-service-overview: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-service-overview: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-webapp: installing php (7.0.14-1) breaks dependency 'php<7'
:: zarafa-webapp: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
:: zarafa-webapp-spellchecker: installing php-enchant (7.0.14-1) breaks dependency 'php-enchant<7'
[root@R5-D4 ~]#
My business is completely dead in the water now. I've had to disable port forwarding on my firewall for port 465 to prevent spam from blasting out. The only open ports on my firewall are 25 (and only for my spam filter services IP), 465, 587, and 993. I doubt it's been "hacked." I don't know if there is a zero day that is allowing these spam senders to spoof an authentication or what. But I can't troubleshoot any further becasue I can't update my password and I can't upgrade packages. I'm completely screwed and all I know to do is move to google apps or reload the mail server. I've scoured all of the docs on the peitman repo site and can't find anything on password syncing or how any of this works.
Mike
Mike Smith
For udpates you have to put the pietma-repo over the core repo. This way pacman is going to find pietma packages first.
MartiMyFly
Please don’t take me wrong. Before I know the source of this problem I’m going hide this posts. I don’t want anybody to be compromised.
MartiMyFly
I have also just tried updating the password with zarafa-admin -u username -p newpassword and this also only updates the password for the web interface, and nothing else.
Mike Smith
MAJOR problem. I have done a TON of testing to verify this. This affects a DEFAULT zarafa set using peitman scripts. IMAP and SMTP are accepting ANY password for users. I can literally put in any password with a correct username and anything using SASLAUTHD will successfully authenticate. This is why spam is able to relay successfully. What can be causing this? It does this on my production server, and 2 other servers I’ve brought up from scratch using the scripts. This is insane.
Thanks,
Mike
Mike Smith
At first I thought it was everything related to sasl authentication but IMAP and POP3 seem to be authenticated against zarafa….. So, everything but zarafa-webaccess is accepting any and all passwords for valid user accounts….
Mike Smith
Hey Mike,
This is aweful! I’m looking into this.
As first step I took the repo offline. Before any other move I have to understand the problem.
Marti
MartiMyFly
If I can help, please let me know. I can’t think of anything I’m doing that would cause this as I’m pretty much default. Any changes made we’ve talked about here. If you want to SSH into my production server and take a look I can arrange that.
Mike Smith
Thanks! I took away my patches and tried zarafa-server again. I’m still able to login with wrong password. So there are two possible reasons for this. An error in zarafa itself or bad configuration.
MartiMyFly
Or teamviewer.
Mike Smith
I’m having mixed results reproducing it now. However, I’m working from a cloned image at this point. If you need any info offline or want to teamview into an ssh session of my server just shoot me an email. Also, I got your message and good call, I didn’t even think about that. I’d like to think I’m causing this somehow and it doesn’t affect everything.
Mike Smith
I think I’ve got an idea…!
MartiMyFly
So here we go…
Gateway and ICal are executed as ‘zarafa’-user. Basically this is ok, since this services are not exposed to the outside world. But here’s the problem, calls from zarafa user are handled with administrator rights by Zarafa-Server. Running gateway and ical as nobody is the solution!
Run this commands and fix this files and your okay again!
$ vi /etc/zarafa/ical.cfg
$ vi /etc/zarafa/gateway.cfg
run_as_user = nobody
run_as_group = nobody
$ vi /usr/lib/tmpfiles.d/zarafa-tmpfiles.conf
d /run/zarafad 0777 zarafa zarafa
d /var/run/zarafad 0777 zarafa zarafa
$ systemd-tmpfiles –create
$ systemd-tmpfiles –clean
$ rm /var/run/zarafad/ical.pid
$ rm /var/run/zarafad/gateway.pid
$ systemctl restart zarafa-gateway
$ systemctl restart zarafa-ical
Sorry for all that trouble!
Marti
MartiMyFly
It seems to have resolved the issue for IMAP, but I’m still get past SMTP authentication on port 465. I’m going to reboot and see if that makes a difference.
Thanks!
Mike
Mike Smith
that’s because saslauthd is caching it.
MartiMyFly
Btw. I’ve got the smarthost thing integrated in ZPA. But more tomorrow.
MartiMyFly
I figured it was something along those lines. I will confirm in a few. I’m taking this opportunity to delete snapshots >>> I’m about 5 deep and performance was getting pretty dismal. I’ll let you know.
Thanks!
Mike
Mike Smith
OK, I *think* everything is working now. However, imap seems to take 10-15x as long to authenticate. This applies even when authenticating via command line using openssl s_client. The lag is the authentication itself. If it is denied (wrong password), it’s instant, but when the correct password is inserted, it takes almost 10-15 seconds, at times, to come back as a successful login. This is different than before.
But, this isn’t critical, it’s just something we might want to try to figure out. It should be instant, especially on a server with very little load.
Thanks for fixing the other issues so quickly!! You’re a gem Marti!
Mike Smith
Mike Smith
To add to the above issue… imap and activesync/zpush authentication take forever to authenticate, if at all. It times out most of the time. Help 🙂
Mike Smith
After a couple MySQL restarts, things seem to have normalized. I’ll post any updates. Thx 🙂
Mike Smith
Looks like everything is great. The fixed worked well. The performance issue seemed to clear itself up overnight. I think there was just a pretty big backlog of garbage mail combined with all of the increased logging I had enabled for all services. After tidying all that up everything is running very fast, stable, and no open relaying 🙂 Thanks so much for your quick help.
Mike Smith
First of all, thank you for this very nice tutorial and your work!
I did try to install zarafa on a fresh system using your install script, and I got the following error:
[…]
[DONE] Install optimizations
[….] Initialize MySQL database
/usr/bin/my_print_defaults: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or Directory
Any idea how to fix this?
Thank you!
René
René
Hey René,
please use one of the systems served on https://repository.pietma.com/nexus/content/sites/archlinux/os/ and avoid upgrading your system. Simply don’t use the “-u” parameter with Pacman.
Zarafa 7.5.x is not compatible with the latest OpenSSL. Lately the company “Zarafa” has changed its name to Kopano. Kopano moved to a full Opensource strategy and does not maintain the Zarafa code anymore. The new name of “Zarafa Server” is “Kopano Core”.
To make the Zarafa Server packages work with the current OpenSSL I have to migrate to the Kopano sourcecode repository, change all paths in the existing packages and update all dependencies.
Right now, I am very busy. That is why I tried to serve all the resources you need to make the latest packages work.
Marti
MartiMcFly
Hi Marti,
I see you have also Kopano packages available at your repository.
Is it possible to add your repository to work with apt-get somehow.
Example sources.list: deb https://repository.pietma.com/nexus/content/repositories/archlinux/armv7h/pietma-kopano/
I’m running Ubuntu 16.04 on my RaspberryPi and like to install the Kopano server. But I can’t get it to work.
What should I do or what do you suggest?
Kind regards,
Chris
Chris
Hey Chris,
sorry for the delayed response.
I provide packages for Arch Linux. They contain all the binaries, paths and dependencies you need to run Zarafa/Kopano on Archlinux.
Dependencies are named differently, paths do not match and the packageformat is different in Ubuntu. Long story short: I’m unable to convert Arch Linux packages to Ubuntu packages.
But maybe this is something for you…
Usually you can’t install Arch Linux ARM on a SD-Card without running an Arch Linux desktop. This can be time consuming.
This is why I used my time to provide a full SD-Card image of Arch Linux ARM with preinstalled Kopano packages.
PLEASE KEEP IN MIND – THIS IS A BETA-RELEASE
“Pi(e)Ko-Server – Prepared”
The name connects pietma-kopano. The (e) in pieko is not pronounced and makes it sound ambiguous to pico (very small unit) and Raspberry(Pi-Ko)pano.
https://repository.pietma.com/nexus/content/sites/archlinux/os/prepared-kopano/
Please download the right image for your system, uncompress it and follow this instruction…
https://repository.pietma.com/nexus/content/sites/archlinux/os/prepared-kopano/prepared-kopano-rpi2-20180531.img.gz
https://www.raspberrypi.org/documentation/installation/installing-images/
As mentioned before Kopano is already installed. You can skip the installation and move to the setup sections on this pages. Just replace ‘zarafa’ with ‘kopano’ in every command.
https://pietma.com/run-and-access-zarafa/
https://pietma.com/install-run-and-access-zarafa-postfix-admin/
$> /usr/share/doc/kopano/pietma/install.sh
$> /usr/share/doc/kopano-postfixadmin/pietma/install.sh
Please let me know whether it worked out for you!
MartiMcFly
MartiMcFly
Hello Marti,
after the installation when the services will restart comes the error for postfixadmin.
postfix[30411]: /usr/bin/postfix: error while loading shared libraries: libicui18n.so.60: cannot open shared object file: No such file or directory
A new installation of icu doesn’t bring the solution
Manuel
Hey Manuel,
which version do you use? Zarafa or Kopano Image (PieKo)?
Did you use the system as is or have you updated before the restart of postfix?
Zarafa can’t be updated anymore and Kopano is not ready for updates yet.
Marti
MartiMcFly
Hello Marti,
i used first the way to download the packag from https://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2 and then i began with your instructions (add pietma-kopano in /etc/pacman.conf, pacman -Syu) and then tried too install over pacman -Sy kopano.
The install-script was running through and start the script /usr/share/doc/zarafa/pietma/install.sh .
Here by restarting the services postfix says me that he has tried too many often to start (so I changed it too from always to 1). After a restart of the script comes the libicui18n.so.60 fail..
Now I have download your image (Pieko), wrote your pietma-kopano in the /etc/pacman.conf and make the pacman -S kopano without the pacman -Sy…
Now the system is running since 1.5 days without any fails.
A test-user is in the database, so I try to config the rest for the production.
Thanks for instruction and the img 🙂
Manuel
Great to hear it worked!
The package/root-filesystem from archlinuxarm.org was to new and didn’t work with the last build of kopano.
Pieko is the right way to install and use Kopano 🙂
This image is completely ready. The pietma-kopano entry already exists in “pacman.conf” and the packages are already installed. So you don’t have to re-install them with “pacman -S kopano”. Just go ahead with the setup.
You’re welcome!
Marti
MartiMcFly
Hi Marti,
I installed the latest kopano-prepared 31-05-2018 image and followed the instructions you mentioned earlier. And it worked nicely, till I was try to setup cifs and iptables what I have done before.
The error I get is when executing:
# iptables -L
output: modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.27-1-ARCH”
When I look, the folder doesn’t exist, but I see a folder named 4.14.30-1-ARCH
I think it has something to do with the version, for example:
# uname -a
output: Linux 4.14.27-1-ARCH #1 SMP armv7l GNU/Linux.
# ls /lib/modules/
output: 4.14.30-1-ARCH extramodules–raspberrypi
What can I do to fix this? So I can setup iptables and other modules again.
Chris
Hey Chris,
Have you done a system update by chance? If not, then you could go back and install the old Kernel or the newer iptables…
http://tardis.tiny-vps.com/
pacman -U http://tardis.tiny-vps.com/$ARCH/$DATE/*.pkg.tar.xz
Maybe on the 31-05-2018 the Kernel was updated before iptables.
Thanks for the feedback! In the future, I’ll keep incompatibilities in mind and tell how to handle them.
Marti
MartiMcFly
Hi Marti,
Is it possible to migrate/convert emails from zarafa to kopano database incl. users/stores?
If so, do you know how to do this?
Or maybe you have already thought of that and have a nice script to do the job?
Kind regard,
Chris
Chris
Hey Chris,
you can go ahead and advice you kopano and kopanopostfixadmin to open your old zarafa database. This should work out of the box.
Please do this on a testserver first.
After evrything went good, I recommend doing a backup of all your databases and attachements BEFORE you switch your productive environment.
Marti
MartiMcFly
Hi Marti,
When I start pacman -S zarafa as suggested above, I get many warnings about cannot resolve “xxx” a dependency of “xxx”.
What can I do about this? Because I have made a clean install.
Kind regards,
Christiaan
See below:
warning: cannot resolve “libsasl=2.1.26”, a dependency of “cyrus-sasl”
warning: cannot resolve “cyrus-sasl”, a dependency of “zarafa-server”
warning: cannot resolve “zarafa-server”, a dependency of “zarafa-spamhandler”
warning: cannot resolve “perl<5.25", a dependency of "perl-digest-sha1"
warning: cannot resolve "perl-digest-sha1", a dependency of "perl-digest-hmac"
warning: cannot resolve "perl-digest-hmac", a dependency of "perl-net-dns"
warning: cannot resolve "perl-net-dns", a dependency of "spamassassin"
warning: cannot resolve "perl<5.25", a dependency of "perl-net-ssleay"
warning: cannot resolve "perl-net-ssleay", a dependency of "perl-io-socket-ssl"
warning: cannot resolve "perl-io-socket-ssl", a dependency of "spamassassin"
warning: cannot resolve "perl<5.25", a dependency of "perl-html-parser"
warning: cannot resolve "perl-html-parser", a dependency of "perl-libwww"
warning: cannot resolve "perl-libwww", a dependency of "spamassassin"
warning: cannot resolve "perl<5.25", a dependency of "perl-digest-sha1"
warning: cannot resolve "perl-digest-sha1", a dependency of "perl-digest-hmac"
warning: cannot resolve "perl-digest-hmac", a dependency of "perl-net-dns"
warning: cannot resolve "perl-net-dns", a dependency of "perl-mail-spf"
warning: cannot resolve "perl-mail-spf", a dependency of "spamassassin"
warning: cannot resolve "perl=0.12”, a dependency of “perl-io-socket-inet6”
warning: cannot resolve “perl-io-socket-inet6”, a dependency of “spamassassin”
warning: cannot resolve “perl<5.25", a dependency of "perl-crypt-openssl-random"
warning: cannot resolve "perl-crypt-openssl-random", a dependency of "perl-crypt-openssl-rsa"
warning: cannot resolve "perl<5.25", a dependency of "perl-crypt-openssl-bignum"
warning: cannot resolve "perl-crypt-openssl-bignum", a dependency of "perl-crypt-openssl-rsa"
warning: cannot resolve "perl=0.24”, a dependency of “perl-mail-dkim”
warning: cannot resolve “perl<5.25", a dependency of "perl-digest-sha1"
warning: cannot resolve "perl-digest-sha1", a dependency of "perl-mail-dkim"
warning: cannot resolve "perl<5.25", a dependency of "perl-digest-sha1"
warning: cannot resolve "perl-digest-sha1", a dependency of "perl-digest-hmac"
warning: cannot resolve "perl-digest-hmac", a dependency of "perl-net-dns"
warning: cannot resolve "perl-net-dns", a dependency of "perl-mail-dkim"
warning: cannot resolve "perl-mail-dkim", a dependency of "spamassassin"
warning: cannot resolve "perl<5.25", a dependency of "perl-net-ssleay"
warning: cannot resolve "perl-net-ssleay", a dependency of "perl-io-socket-ssl"
warning: cannot resolve "perl-io-socket-ssl", a dependency of "perl-lwp-protocol-https"
warning: cannot resolve "perl<5.25", a dependency of "perl-html-parser"
warning: cannot resolve "perl-html-parser", a dependency of "perl-libwww"
warning: cannot resolve "perl-libwww", a dependency of "perl-lwp-protocol-https"
warning: cannot resolve "perl-lwp-protocol-https", a dependency of "perl-crypt-ssleay"
warning: cannot resolve "perl=2.16”, a dependency of “zarafa-server”
:: There are 6 providers available for libgl:
:: Repository pietma
1) libglvnd
:: Repository extra
2) libglvnd
:: Repository alarm
3) imx-gpu-viv-dfb 4) imx-gpu-viv-fb 5) imx-gpu-viv-wl 6) imx-gpu-viv-x11
Enter a number (default=1):
warning: cannot resolve “libsasl=2.1.26”, a dependency of “cyrus-sasl”
warning: cannot resolve “cyrus-sasl”, a dependency of “zarafa-server”
warning: cannot resolve “zarafa-server”, a dependency of “z-push”
warning: cannot resolve “z-push”, a dependency of “zarafa-webapp-mdm”
:: The following packages cannot be upgraded due to unresolvable dependencies:
z-push zarafa-postfixadmin zarafa-server zarafa-spamhandler zarafa-webapp-mdm
Christiaan