Install, Run and access Zarafa

You’d like to try or use Zarafa on Arch Linux? Awesome! So you’re at the right place to read on and bring it to life.


Where to start?

Check the Compatibility / Overview. You found your device? Great! Just click the link and follow the platform specific installation instructions on archlinuxarm.org.

Archlinux moves very fast. Get around incompatibilities and use the last working os from pietma repository.

How to install?

Add pietma to the top of Arch Linux list of package repositories.
Edit /etc/pacman.conf

[pietma]
SigLevel = Optional TrustAll
Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo

[core]
(...)

Download a fresh copy of all package lists, update your complete system and install the zarafa packages.

# Skip system update with os from pietma repository
pacman -Syu
pacman -Sy zarafa

Packages in the Pietma repository are continously build for the latest Arch Linux release. For older systems you might want to try a build from the past. The package overview will give you a better orientation.

[pietma-20170109072800]
(...)

What’s done?

  • All available applications and dependencies are installed
  • Zarafa and its components are fully configured to work locally

What’s open?

Start installation and please don’t mind answering the questions with yes on a fresh system.

/usr/share/doc/zarafa/pietma/install.sh

[....] Set timezone for ical service
[DONE] Set timezone for ical service
[....] Generate password for zarafa presence service
[DONE] Generate password for zarafa presence service

:: Copy and override NGINX, PHP, POSTFIX, SASL settings? [Y/n]

[....] Copy and override NGINX, PHP, POSTFIX, SASL settings
[DONE] Copy and override NGINX, PHP, POSTFIX, SASL settings
[....] Add smtps/465 to /etc/services
[DONE] Add smtps/465 to /etc/services
[....] Install optimizations
[DONE] Install optimizations
[....] Initialize MySQL database
[DONE] Initialize MySQL database
[....] Start MySQL database
[DONE] Start MySQL database
[....] Secure MySQL database
[DONE] Secure MySQL database

:: Please enter MySQL Root Password (or empty) 

[....] Create Zarafa database
[DONE] Create Zarafa database
[....] Start Zarafa, install database tables and public store (this will take a while >1min)
[DONE] Start Zarafa, install database tables and public store
[....] Stop Zarafa
[DONE] Stop Zarafa
[....] Stop MySQL
[DONE] Stop MySQL
[....] Create SSL-Keys/Certificates and trust them (this will take a while >10min)
[DONE] Create SSL-Keys/Certificates and trust them

:: Enable and start services MYSQLD, ZARAFA-SERVER, ZARAFA-GATEWAY, ZARAFA-SPOOLER, ZARAFA-DAGENT, ZARAFA-ICAL, PHP-FPM, NGINX, SASLAUTHD, POSTFIX [Y/n] 

[....] Enable and start services
[DONE] Enable and start services

Read More

   https://...

How to test?

Add an user account and please stay patient. Creating store could take few seconds, when MySQL is running on a slow SD-Card.

zarafa-admin -c 'testuser@localhost.com' -p 'securepassword' -e 'testuser@localhost.com' -f 'Firstname Lastname'
zarafa-admin --create-store 'testuser@localhost.com'

Open https://alarm/zarafa-webapp in your browser and login.

You might want to manage Zarafa- and Postfix-Users with Zarafa-Postfixadmin.

Which services does it run?

Referring to zarafa packages, everything’s running and the services and web server are providing all of its functions.

What else can be done?

You can find almost everything in Zarafas documentation. But for the lazy ones I’ve created some documented sample configs.

And after a little while you might wish to update Zarafa and Arch Linux.

Links

102 thoughts on “Install, Run and access Zarafa

  1. Very nice howto.
    Unfortunately zarafa-server crahes if i try to start it with “systemctl start zarafa-server”. “systemctl status” drop the following:

    /usr/bin/zarafa-server: error while loading shared libraries: libboost_filesystem.so.1.58.0: cannot open shared object file: No such file or directory

    Do yu know a fix for this?

    Reply

    1. Hi Tim!

      Sure we’ll find a fix 🙂 Did you compile your own or use the package? Which platform (arm, x64, i686) and version of Zarafa did you try to install?

      MartiMcFly

      Reply

      1. I followed exact your guide and get all packages from your repository.
        My system is a Raspberry Pi with an actual Arch Linux ARM installation.
        pacman says it’s zarafa-server-7.2.1-2

        Thank you for your help =)

        Reply

        1. Hey Tim!

          This was my bad.

          I’ve declared boost=1.58.0 as make but not normal dependency. So your system installed boost=1.59.0 (latest) from official repository. However, Zarafa depends on boost=1.58.0, which you’ll find in pietma’s archlinux repository.

          Just uninstall boost=1.59.0 …

          pacman -R boost
          pacman -R boost-libs

          And install boost=1.58.0 from pietma…

          pacman -S pietma/boost pietma/boost-libs

          I’ll release a fixed package later this evening.

          Let me know wheather this helped! 🙂

          MartiMcFly

          Reply

        2. Here we go…

          I’ve updated almost all package dependencies (like icu 56.1). By now zarafa-server-7.2.1-5 should install on updated systems…

          pacman -Sy zarafa-server

          However, there will reimain some required packages, which I upload to pietma’s arch linux repository (like boost 1.58.0, gcc…).

          For complete system updates you’ll have to ignore conflicting packages…

          pacman -Syu –ignore boost –ignore boost-libs –ignore icu (…)

          This is a necessary step to avoid a broken system by archlinux’s rolling release.

          Please let me know about your progress!

          Reply

          1. Hey Marti,
            With the new package zarafa works without problems =)
            Thank you for your fast support.

  2. It worked once…now getting ‘404 Not Found’ on every page (webapp / webaccess).
    Systemctl gives all running services; reboot didn’t work. Database is up and runnning, zarafa-admin can make new users. Seems like a php / nginx issue. Where to look?

    Reply

      1. Shame on me…..just forgot the “zarafa” before the ‘webapp / webaccess’…. 😐

        Zarafa works…great job…..but….how to send mail?
        I have a local SMTP server (Synology)
        I have a local MYSQL server (Synology)
        I have a Raspberry Pi 2 with ArchLinux and Zarafa (working)

        Where to put what?
        – spooler.cfg –> SMTP server (mine or my provider?)
        – main.cf –> relayhost. SMTP server?

        …..how does it work? Log in to Zarafa….make new mail…push ‘Sent’ …. and then…what files are used and what path to follow?

        Reply

        1. Additional:

          With echo ” ” | mail etc my mail is sent
          In Zarafa it is stuck in the Outbox…

          Reply

  3. Okay, got it working (MX records seems important…;-))

    Next: use of Outlook: no license server….is it available?

    Reply

    1. Hey Laurent,

      I’m glad to hear you made it!

      This packages serve default settings for a secure and integrated installation. Zarafas MYSQL database is created automatically, which is why you’re able to create accounts and access it. The recommended local MTA is Postfix (SMTP).

      You might need a Smarthost as MTA.

      Running SMTP and MYSQL on a different server require some considerations on security and performance. Attachments are stored to filesystem (uncompressed). Managing them in MYSQL has been slow for me.

      The Outlook plugins won’t be developed anymore. But Outlook is supporting Active Sync now.

      MartiMcFly

      Reply

  4. Active Sync works, thanks for the tip.
    Running my database on the SD card is not something I want to do. I have a running SQL database on my Synology….and….so far so good. It is for home use so performance is not really an issue.
    Next challenge: using my CA certificate…that will work too…I guess 😉

    Thanks for the good work!

    Reply

    1. Thanks!

      In case your NAS becomes to slow of requests and processing SQL-Queries, you could just move your MySQL-Database and Zarafa-Attachements to an external hard drive just by Symlinks. That way I/Os will not mess with your SD-Cards lifetime. When this was you concern. The RPi2 has better power management and passes enough power to USB-Drives.

      MartiMcFly

      Reply

  5. Great Tutorial, but I have some problems install the php-fpm nginx package:

    [root@alarmpi alarm]# pacman -Sy php-fpm nginx :: Synchronizing package databases…
    core is up to date 0.0 B 0.00B/s 00:00 [———————-] 0%
    extra is up to date 0.0 B 0.00B/s 00:00 [———————-] 0%
    community is up to date
    alarm is up to date
    aur is up to date
    pietma is up to date
    resolving dependencies…
    looking for conflicting packages…
    error: failed to prepare transaction (could not satisfy dependencies)
    :: sabre-zarafa: installing php-fpm (7.0.4-1) breaks dependency ‘php-fpm<7'
    :: z-push: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
    :: zarafa-server: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
    :: zarafa-webaccess: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
    :: zarafa-webaccess-mdm: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm <7'
    :: zarafa-webapp: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm<7'
    :: zarafa-webapp-passwd: installing php-fpm (7.0.4-1) breaks dependency 'php-fpm <7'
    [root@alarmpi alarm]#

    Do you have an advice, how to solve this?

    Reply

  6. Ho doesn’t work on my pi3, can’t create a user:

    [root@alarmpi ~]# zarafa-admin -vvv -c ‘testuser’ -p ‘securepassword’ -e ‘testuser@localhost’ -f ‘Firstname Lastname’
    [error ] M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040116: disk error
    [crit ] CreateProfileTemp(): ConfigureMsgService failed 80040116: disk error
    [warning] CreateProfileTemp failed: 80040116: disk error
    Unable to open Admin session: disk error (0x80040116)
    Using the -v option (possibly multiple times) may give more hints.

    Reply

    1. Hey Frank,

      I’ve never seen this message myself. A bit googling brings up this results…
      https://duckduckgo.com/?q=M4LMsgServiceAdmin%3A%3AConfigureMsgService()+MSGServiceEntry+failed+80040116%3A+disk+error&t=ffsb&ia=web

      https://jira.zarafa.com/browse/ZCP-13110
      https://forums.zarafa.com/showthread.php?11045-Installing-7-20-Beta-1-on-CENTOS-7-issues/page2

      It’s supposed to tell, that Zarafa’s not started.

      Maybe you could check zarafa-servers log:
      journalctl -u zarafa-server -r

      Marti

      Reply

  7. Hey Marti,
    I have also a PI3 and can’t also not create a user, the same error message as Frank.
    I have check the zarafa-serverlog with: journalctl -u zarafa-server –r

    The meesage are all:
    [root@alarmpi ~]# journalctl -u zarafa-server -r
    — Logs begin at Sun 2016-10-09 21:26:12 UTC, end at Sun 2016-11-06 07:37:02 UTC. —
    Nov 06 07:37:02 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
    Nov 06 07:37:02 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 06 07:36:59 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
    Nov 06 07:36:59 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 06 07:36:56 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
    Nov 06 07:36:56 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007

    I have check also the zarafa-server status with:
    ystemctl status zarafa-server.service
    * zarafa-server.service – Zarafa Collaboration Platform Storage Server
    Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
    Active: active (running) since Sat 2016-11-05 20:47:32 UTC; 10h ago
    Docs: man:zarafa-server(8)
    man:zarafa-server.cfg(5)
    man:zarafa-admin(8)
    Main PID: 437 (zarafa-server)
    Tasks: 17 (limit: 4915)
    CGroup: /system.slice/zarafa-server.service
    `-437 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg

    Nov 06 07:41:01 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 06 07:41:01 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections
    Nov 06 07:41:04 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 06 07:41:04 alarmpi zarafa-server[437]: Unable to get database connection: Too many connections

    Can you help me to fix the problem?

    Peter

    Reply

    1. Hey Peter,

      I’m sorry to hear that.

      It seems the installation script calculated a wrong number of max connections for mysql. Could you flease run ‘free -h’ and send me the output? Furthermore could you please tell me what the max_connection field in the /etc/mysql/my.cnf is saying?

      Please higher the number of the max_connection in the /etc/mysql/my.cnf file for about 1 to 10 (max_connections=9 -> max_connections=10 or max_connections=20). And restart mysql ‘systemctl restart mysql’.

      This way zarafa should work again 🙂

      I’m looking forward for your feedback!

      Marti

      Reply

  8. Hey Martina,
    First I can say, that it is possible now to create a user.
    The max_connection field in the /etc/mysql/my.cnf was 7, I set it on 20.
    Before I make de max_connection 20 the free memory was
    free -h total used free shared buff/cache available
    Mem: 922M 128M 579M 532K 214M 778M
    Swap: 0B 0B 0B

    I change the max_connectio to 20, the free memory is:
    free -h total used free shared buff/cache available
    Mem: 922M 125M 580M 532K 216M 782M
    Swap: 0B 0B 0B

    I have also checked the server log: see output
    Nov 06 14:36:57 alarmpi zarafa-server[437]: SQL [00000010] info: Try to reconnect
    Nov 06 14:36:57 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
    Nov 06 13:05:29 alarmpi zarafa-server[437]: SQL [00000000] info: Try to reconnect
    Nov 06 13:05:29 alarmpi zarafa-server[437]: SQL [00000007] info: Try to reconnect
    Nov 06 13:00:44 alarmpi zarafa-server[437]: Command /etc/zarafa/userscripts/createuser` exited with non-zero status 126
    Nov 06 12:59:46 alarmpi zarafa-server[437]: SQL [00000006] info: Try to reconnect
    Nov 06 12:59:46 alarmpi zarafa-server[437]: SQL [00000008] info: Try to reconnect
    Nov 06 12:59:43 alarmpi zarafa-server[437]: ECDatabaseMySQL::DoSelect(): query failed
    Nov 06 12:59:43 alarmpi zarafa-server[437]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 06 12:59:43 alarmpi zarafa-server[437]: SQL [00000009] info: Try to reconnect

    Also I checked the zarafa-server status.
    systemctl status zarafa-server.service
    * zarafa-server.service – Zarafa Collaboration Platform Storage Server Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
    Active: active (running) since Sat 2016-11-05 20:47:32 UTC; 17h ago
    Docs: man:zarafa-server(8)
    man:zarafa-server.cfg(5)
    man:zarafa-admin(8)
    Main PID: 437 (zarafa-server)
    Tasks: 17 (limit: 4915)
    CGroup: /system.slice/zarafa-server.service
    `-437 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg

    Nov 06 14:44:02 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
    Nov 06 14:44:03 alarmpi zarafa-server[437]: SQL [00000003] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000004] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000005] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000006] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000009] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000007] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000002] info: Try to reconnect
    Nov 06 14:46:35 alarmpi zarafa-server[437]: SQL [00000003] info: Try to reconnect
    Nov 06 14:46:36 alarmpi zarafa-server[437]: SQL [00000008] info: Try to reconnect

    Thank you for your fast support.
    Peter

    Reply

    1. The calculated max_connections for mysql seem to be fine. But that’s only for zarafa. You’re going to run out of connections, when there’s another application using the database at the same time. I changed the installation script so it adds 10 more spare/backup connections (max_connection=?+10) for other applications like zarafa-postfixadmin.

      Have fun using Zarafa! 🙂

      Marti

      Reply

  9. Hey Martina,
    I have completely new install arch linux and the zarafa server.
    I can create users, and mysql is running.
    After 7 hours mysql is stopping to run.

    The free memory is before that moment is:
    free –h
    total used free shared buff/cache available
    Mem: 922M 138M 632M 528K 151M 770M
    Swap: 0B 0B 0B

    The free memory if mysql is stopped:
    free –h
    total used free shared buff/cache available
    Mem: 944376 48360 692364 524 203652 881000
    Swap: 0 0 0

    I have also checked the server log on that: see output.
    journalctl -u zarafa-server -r
    Nov 12 03:14:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
    Nov 12 03:14:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 12 03:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
    Nov 12 02:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Lost connection to MySQL server at ‘reading initial communication packet’, system error: 95 “Operation not supported”
    Nov 12 02:13:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 12 02:00:00 alarmpi zarafa-server[434]: Unable to get database connection: Lost connection to MySQL server at ‘reading initial communication packet’, system error: 95 “Operation not supported”
    Nov 12 02:00:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 11 17:48:34 alarmpi zarafa-server[434]: WARNING: zarafa-licensed not running, commercial features will not be available until it’s started.
    Nov 11 17:48:34 alarmpi zarafa-server[434]: Starting zarafa-server version 7,2,4,0, pid 434
    Nov 11 17:48:34 alarmpi systemd[1]: Started Zarafa Collaboration Platform Storage Server.

    Also I checked the zarafa-server status.
    systemctl status zarafa-server.service
    * zarafa-server.service – Zarafa Collaboration Platform Storage Server
    Loaded: loaded (/usr/lib/systemd/system/zarafa-server.service; enabled; vendor preset: disabled)
    Active: active (running) since Fri 2016-11-11 17:48:34 CET; 14h ago
    Docs: man:zarafa-server(8)
    man:zarafa-server.cfg(5)
    man:zarafa-admin(8)
    Main PID: 434 (zarafa-server)
    Tasks: 17 (limit: 4915)
    CGroup: /system.slice/zarafa-server.service
    `-434 /usr/sbin/zarafa-server -F -c /etc/zarafa/server.cfg

    Nov 12 07:13:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 12 07:13:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)
    Nov 12 07:14:00 alarmpi zarafa-server[434]: ECDatabaseMySQL::Connect(): mysql connect fail 80000007
    Nov 12 07:14:00 alarmpi zarafa-server[434]: Unable to get database connection: Can’t connect to local MySQL server through socket ‘/run/mysqld/mysqld.sock’ (111 “Connection refused”)

    Can you help me with this problem also?

    Peter

    Reply

    1. At the first glance your RAM looks good.

      I’m curious what your mysql logs say? => journalctl -u mysqld -n 100

      It makes the impression, that mysqls out of connections again. Something’s consuming a lot of them. Did you change any configuration in zarafas server.cfg?

      When you reach the problem (to many connection / connection refused), then there’s a strategy debuging your mysql server…
      http://alvinalexander.com/blog/post/mysql/how-show-open-database-connections-mysql

      $ mysql
      mysql> show status like ‘Conn%’;
      mysql> show status like ‘%onn%’;
      mysql> show processlist;

      $ mysqladmin status

      Of course you can post the outputs here, too.

      MartiMcFly

      Reply

  10. How can I calculate the Max Connection setting for MySQL? Is there some formula?

    Reply

  11. After Installation, i cant access CalDAV. Is there something, i must edit in the config before? zarafa-ical is started…

    Reply

    1. When your iCal problems persist, there’s always the slight chance that somethings wrong in the compiled server. In this case, you are always able to downgrade!

      I can’t know about the individual problems someone might have with this packages. That’s why packages and dependencies of each build are kept in their own repository.

      The last regular armv7h build is “pietma-20161102180723” for example…
      https://repository.pietma.com/nexus/content/sites/archlinux/armv7h/
      https://repository.pietma.com/nexus/content/sites/archlinux/i686/
      https://repository.pietma.com/nexus/content/sites/archlinux/x86_64/

      Just change your existing /etc/pacman.conf from…
      [pietma]
      SigLevel = Optional TrustAll
      Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo

      to…
      [pietma-20161102180723]
      SigLevel = Optional TrustAll
      Server = https://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo

      Now you use a fixed version, since this repository isn’t updated.

      Just run this. Pacman is going to synchronize the package-list and ask you for a downgrade.
      $ pacman -Sy zarafa-server

      MartiMcFly

      Reply

  12. I have big problems with german umlauts in WebApp. Sometimes, if i load WebApp, i see ?-Signs instead of a Umlaut, and sometimes the Signs are completely missing. This changes, if i reload WebApp to one ore the other case. My Foldernames and the WebGUI itself are in German, also my System locale seems to be completely in de_DE.utf-8 but Contact Names, Adresses, Event Subjects and such things get really weird. What can i do?

    Reply

    1. Hey RatzFatz,

      did you change your systems local like discribed here (please use the UTF8 locals) …?

      https://wiki.archlinux.de/title/Arch_Linux_auf_Deutsch_stellen

      After you’ve followed this guide and rebooted, then your system should be showing all umlauts right. If not there’s the slight chance that the mails or other stuff have been imported or stored with the wrong local. In this case drop the database (remember to keep a backup) and recreate it.

      MartiMcFly

      Reply

      1. I followed the tutorial from Arch Linux Wiki, If i set localectl manually i get:
        System Locale: LANGUAGE=de_DE.UTF-8
        VC Keymap: de-latin1-nodeadkeys
        X11 Layout: n/a

        But after reboot, i get always the following:
        [root@alarmpi share]# localectl status
        System Locale: n/a
        VC Keymap: de-latin1-nodeadkeys
        X11 Layout: n/a

        I don’t know, whats wrong. All the other setting seems to be identical, as in the tutorial, except, that i don’t use the dansk language and only german utf8. But after droping the whole database, set language the manually way and restarting from scratch, german umlauts seems to work. I don’t know if i could savely reboot, without to loose this setting, but i hope so.

        Ahh before i forget it: After user creation, i couldn’t get z-push to sync. I get the following Error: StatusException: ExportChangesICS->InitializeExporter(): Error, mapi_exportchanges_config() failed: 0x80040116. I have solved this by changing the database structure a little bit:

        alter table changes modify change_type int(11) unsigned default 0;

        After this, the sync works. I don’t know if all the other default values are OK for the table, but the logfile tells me only this table since yet.

        Reply

        1. Hey RatzFatz,

          I’m glad it worked out for you. And thanks for the hint with the database!

          MartiMcFly

          Reply

        2. Hey RatzFatz,

          this archlinux wiki is more straight forward…
          https://wiki.archlinux.de/title/Arch_Linux_auf_Deutsch_stellen

          The steps…
          $ echo LANG=de_DE.UTF-8 > /etc/locale.conf
          $ echo KEYMAP=de-latin1-nodeadkeys > /etc/vconsole.conf
          $ ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

          Enable locales (remove comment #) in /etc/locale.gen…
          en_US.UTF-8 UTF-8
          en_DK.UTF-8 UTF-8
          de_DE.UTF-8 UTF-8 # Für Deutschland
          de_CH.UTF-8 UTF-8 # Für die Schweiz
          de_AT.UTF-8 UTF-8 # Für Österreich

          $ locale-gen
          $ reboot

          Should be fine now…
          $ localectl status

          System Locale: LANG=de_DE.UTF-8
          LANGUAGE=de_DE
          LC_COLLATE=C
          VC Keymap: de-latin1
          X11 Layout: n/a

          For MySQL and its locale…
          http://dev.mysql.com/doc/refman/5.7/en/globalization.html

          Character set issues affect not only data storage, but also communication between client programs and the MySQL server. If you want the client program to communicate with the server using a character set different from the default, you’ll need to indicate which one.

          I think you just have to finish setting your locale and restart your system + mysql. As long your database is using utf-8 it should be fine then.

          Marti

          Reply

        3. Hey RatzFatz,

          I’ve looked a little bit into this problem. It seems Zarafa fixed it in Kopano with a database update. Basically there are two changes in column defaults. I copied them from Kopano and patched them into Zarafa. It’s a regular database update with a regular entry in the versions table now. So another update (ex. to Kopano) won’t do this again.

          alter table `changes` modify change_type int(11) unsigned not null default 0
          alter table `abchanges` modify change_type int(11) unsigned not null default 0

          All you have to do is update to the latest zarafa-server from pietma. During the start of zarafa-server the updates are done automatically. During a quick Test I’ve got no errors anymore.

          Marti

          Reply

  13. Thank you very much for creating the pietma.zarafa packages and installation files. It was a huge help. I installed on a clean server and all lthe web services and z-push work perfectly, but I’m unable to log into imap or pop3. I’m using correct ports with SSL (tried TLS also). It never seems to accept a password. Am i missing something? Can you give me some suggestions? This is a cle

    Reply

      1. This doesn’t fix the issue. I have done multiple fresh installs. The correct port is already in default.http. So far the only way i can get imap to log in at all is if I change /etc/conf.d/saslauthd From:

        SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1/142 -c -n 0″

        to

        SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1 -c”

        This seems to get logins working, at least to some degree. Only users I create on the command line will long in, though. If I create a user through zarafa-postfixadmin web interface, it doesn’t work via smtp, imap only.

        Another issue that i’m having….. If I create a user using the command below, it doesn’t show up in zarafa-PostfixAdmin. If i create a user in zarafa-postfixadmin, it doesn’t seem to work for smtp, only imap. Command is:

        zarafa-admin -c ‘testuser’ -p ‘securepassword’ -e ‘testuser@localhost’ -f ‘Firstname Lastname’
        zarafa-admin –create-store ‘testuser’

        Keep in mind, I have tried to get this working over 12 times in the past 3 days, each time with a fresh install of arch with nothing installed expect the pietma repo, zarafa installing using pacman with defaults, and the install script provided ran afterwards. This is a fresh virtual machine.

        Thanks for the help.

        Reply

  14. Here is some more info.

    Fresh install, edit /etc/conf.d/saslauthd to use 127.0.0.1/142 instead of 127.0.0.1/143 – Setup Zarafa Postfix Admin web interface, add domain, create user. User can log in to webapp, z-push, and imap, but not smtp.

    Fresh install – edit /etc/conf.d/saslauthd to use 127.0.0.1/142 instead of 127.0.0.1/143 – Create user from command line (no zarafa-postfix-admin web interface installed or used) – User can log into everything.

    On the second method, that seems to provide a functional user when created using the command listed on your blog, login seems to work across the board. I’m not sure if mail flow will actually work at this point or if more needs to be done. This is the furthest I’ve gotten up until now.

    Also, If I install zarafa postfix-admin web interface afterwards the user doesn’t show up.

    Are there additional steps to complete for proper mail flow after creating a user via command line on a fresh server?

    Thanks again,
    Mike

    Reply

  15. I may have spoke too soon. Although when creating a user via command line and editing etc/conf.d/saslauthd allowed successfull login to smtp after imap, it seems to stop working after a very short period of time (1-3 minutes). I will keep experimenting and beating my head against a wall and will post here if I find anything useful. Thanks for your help.

    Mike

    Reply

    1. Hey Mike,

      I’m sorry to hear you’ve been installing so many times and it didn’t work out.

      I think I’ve found the problem. The good news: The fix is very simple…
      https://git.pietma.com/pietma/com-pietma-zarafa/commit/b419f48319742306b58530841a9de662ddc38116

      And…
      $ systemctl restart saslauthd

      Users existence is checked against ZPA. If used, all user have to be managed there. The SMTP-Authentification is done against the IMAP-Server with Saslauthd.

      Badly Saslauthd used the first part of the e-mail-address as username. As long you’ve imported existing users, this worked for the ‘testuser’. But ZPA (zarafa postfixadmin) creates usernames with full e-mail-address. It wasn’t enough to only use the first part as username.

      I think there won’t be many more obstacles to overcome 🙂

      The fixed packages are building.

      Marti

      Reply

  16. Hello Martina,

    Today i have again a clean installation from Zarafa on a other SD card.
    I used the script so as described on your page https://pietma.com/run-and-access-zarafa/
    I only changed CN in the file /usr/share/doc/zarafa/pietma/install-ssl.sh;
    Then I run /usr/share/doc/zarafa/pietma/install.sh and all like Oke.
    If I do https://alarm i got the inlog screen.
    I log in, and got not the screen to select the languages, the screen is white and stay white.
    I used the last regular armv7h build pietma-20161229135855

    Gr. Peter

    Reply

    1. Hey Peter,

      have you rebootet your system?

      If yes, then this might be a browser specific problem. Have you tried cleaning your caches?

      MartiMcFly

      Reply

      1. Hey Martina,

        I don’t believe it is a browser problem.
        I have reboot the system, and i clean the caches from firefox and internet explorer 11.
        In both explorers i get not the screen for selecting the languages.
        In internet explorer I have the fault, page not found error 500
        I have 2 time’s install zarafa with I regular armv7h build pietma-20161229135855
        Also I installed with pietma-20161228024906. and had also the problem.
        Before pietma-20161228024906, i had not the problem.

        Gr. Peter

        Reply

    2. Martina,

      In journalctl –f I see a lot of messages.
      Dec 30 08:21:32 alarm systemd[1]: Started Fetchmail.
      Dec 30 08:22:19 alarm php-fpm[287]: [NOTICE] [pool z-push] child 29513 exited with code 0 after 940.776547 seconds from start
      Dec 30 08:22:19 alarm php-fpm[287]: [NOTICE] [pool z-push] child 12211 started
      Dec 30 08:22:33 alarm systemd[1]: Started Fetchmail.

      And also a lot of, with different name of course.
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-server-core.h.3: No such file or directory
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_resource_create.3.gz: bad symlink or ROFF `.so’ request
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-server-core.h.3: No such file or directory
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_client_post_no_memory.3.gz: bad symlink or ROFF `.so’ request
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: can’t open /usr/share/man/man3/wayland-util.c.3: No such file or directory
      Dec 30 07:30:30 alarm mandb[785]: /usr/bin/mandb: warning: /usr/share/man/man3/wl_log_stderr_handler.3.gz: bad symlink or ROFF `.so’ request

      Peter

      Reply

      1. Hey Peter,

        this sounds like your system needs an update. I always compile against the latest libraries available. This means that your system has to be updated every time you update Zarafa from ‘pietma’ repository.

        You can use the intermediate repositories (pietma-20161229135855) to get a version matching with your systems last update/installation date. But every time you switch to
        some newer intermediate repository there’s the possibility that your system is too old and needs an update first. At this point you’ve got two options.

        1.) Find the package which needs to be updated from the changelog (pacman -Sy *package*).
        https://pietma.com/zarafa-packages-for-arch-linux-overview/

        In your case I guess it’s ‘llvm-libs’.

        2.) Switch to latest latest repository (‘pietma’) and update your complete system (pacman -Syu)

        I personally preferre this.

        Marti

        Reply

        1. Hey Marti,

          I also preferre the second option and also i do a complete update.

          Pacman -Syu.

          package databases…
          core is up to date
          extra is up to date
          community is up to date
          alarm is up to date
          aur is up to date
          pietma is up to date
          :: Starting full system upgrade…
          resolving dependencies…
          looking for conflicting packages…
          error: failed to prepare transaction (could not satisfy dependencies)
          :: sabre-zarafa: installing php (7.0.14-1) breaks dependency ‘php<7'
          :: sabre-zarafa: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
          :: z-push: installing php (7.0.14-1) breaks dependency 'php<7'
          :: z-push: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
          :: zarafa-postfixadmin: installing php (7.0.14-1) breaks dependency 'php<7'
          :: zarafa-postfixadmin: installing php-imap (7.0.14-1) breaks dependency 'php-imap<7'
          :: zarafa-server: installing boost (1.62.0-4) breaks dependency 'boost=1.58.0'
          :: zarafa-server: installing boost-libs (1.62.0-4) breaks dependency 'boost-libs=1.58.0'
          :: zarafa-server: installing gsoap (2.8.40-1) breaks dependency 'gsoap=2.8.22'
          :: zarafa-server: installing php (7.0.14-1) breaks dependency 'php<7'
          :: zarafa-server: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
          :: zarafa-service-overview: installing php (7.0.14-1) breaks dependency 'php<7'
          :: zarafa-service-overview: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
          :: zarafa-webapp: installing php (7.0.14-1) breaks dependency 'php<7'
          :: zarafa-webapp: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
          :: zarafa-webapp-spellchecker: installing php-enchant (7.0.14-1) breaks dependency 'php-enchant<7'

          Peter

          Reply

          1. I see… just place pietma repository at the top of the list of repositories in /etc/pacman.conf. Pietma is preferred then and the next update won’t tell you conflicts.

          2. Hey Marti,

            It doesn’t work, see

            pacman -Suy
            :: Synchronizing package databases…
            pietma is up to date
            core is up to date
            extra is up to date
            community is up to date
            alarm is up to date
            aur is up to date
            :: Starting full system upgrade…
            there is nothing to do

            the screen to select the languages, stay’s white.

            Peter

          3. great! your update finished successfully! Is there any way I could take a look on this myself? Teamviewer or public url? marti

          4. I updated my testsystem and couldn’t figure out any problems. Login and language selection worked great :/

        2. Hello Marti,

          We can do it with Teamviewer.
          First I will tell you what I have done.
          I installed 3 times scratch on, installed arch linux on the SD card.
          1. edit /etc/pacman.conf
          On the end of the file insert the list of repositories
          pacman –Syu zarafa
          edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
          run /usr/share/doc/zarafa/pietma/install.sh

          zarafa-admin -c ‘testuser@localhost.com’ -p ‘securepassword’ -e ‘testuser@localhost.com’ -f ‘Firstname Lastname’
          zarafa-admin –create-store ‘testuser@localhost.com’

          run /usr/share/doc/zarafa-postfixadmin/pietma/install.sh

          Start service’s
          Create in https://alarm/zarafa-postfixadmin/setup.php Admin account.
          Create in https://alarm/zarafa-postfixadmin/login.php Domain and email adress.

          Then mysql -uroot < /usr/share/doc/zarafa-postfixadmin/pietma/import-from-zarafa.sql, else I got an error.

          Now I can visit https://alarm/zarafa-webapp
          This is the point where I log in on zarafa en got the white screen.

          2. edit /etc/pacman.conf
          At the top of the file insert the list of repositories
          pacman –Syu zarafa
          reboot

          edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
          run /usr/share/doc/zarafa/pietma/install.sh
          etc

          3. edit /etc/pacman.conf
          At the top of the file insert the list of repositories
          pacman –Sy zarafa
          Reboot

          edit /usr/share/doc/zarafa/pietma/install-ssl.sh and change the CN
          run /usr/share/doc/zarafa/pietma/install.sh
          etc

          Before creating in https://alarm/zarafa-postfixadmin/setup.php Admin account i do a pacman –Syu.
          reboot

          The results are all the same a white screen after inlogging zarafa.

          Please send me a email so I can you my ID an password.

          Gr. Peter

          Reply

          1. Hey Peter,

            thanks for the fast insight into your setup. This problem was caused by a simple syntax error. I can’t tell why this didn’t cause the same issue on my system. Here are some more details…

            “Stupid syntax error crashed zarafa-webapp [define(‘PLUGIN_MDM_SERVER’, 127.0.0.1:81); => define(‘PLUGIN_MDM_SERVER’, ‘127.0.0.1:81’);]. Internal error 500 is reported after login. Please update ‘zarafa-webapp-mdm’ and replace /etc/zarafa-webapp/plugins/mdm/config.php with config.php.pacnew in the same folder. Or simply fix ../mdm/config.php.”

            Marti

  17. Marti,

    I’m still plauged with config issues. I’ve verified this three times today, just to make sure I’m not doing anything wrong. Fresh install, pietma repo added, pacman -Sy zarafa, then install.sh. After, I create a user with your example and webapp, imap, pop3 and z-push all login successfully, but not SMTPS with SSL on port 465. I continuously get prompted for a password.

    The only items showing up in journalctl -u zarafa* is “Failed to open public store” and Client disconnected.” Neither of which should have anything to do with this issue. In journalctl -u postfix*, I’m getting a SASL authentication failure:

    warning: unknown[172.16.0.3]: SASL LOGIN authentication failed: authentication failure

    My /etc/conf.d/saslauthd seems to be correct:

    SASLAUTHD_OPTS=”-a rimap -O 127.0.0.1/142 -c -n 0″

    I’m willing to try anything at this point. The license for my Zimbra mail server expires today and I’d really like to get this working to replace it. Thanks for the help.

    Mike Smith

    Reply

  18. Here is some more info. If I edit /etc/conf.d/saslauthd and remove the /142 port designation, I can login to all services, including smtp, successfully. But, if i try to send an email from user1@xyz.com to user1@xyz.com, the server doesn’t releasize it’s supposed to be hosing xyz.com’s domain email and it tries to resolve the mx and send it via the internet instead of delivering locally.

    It not seems I’m unable to login to imap or smtp with users created via zarafa postfix-admin, no matter what settings are in /etc/conf.d/saslauthd.

    Thanks,
    Mike Smith

    Reply

    1. Hey Mike,

      have you tried the things from my last comment?

      Replace the content of /etc/conf.d/saslauthd with this and restart saslauthd service (systemctl restart saslauthd)

      SASLAUTHD_OPTS=”-a rimap -r -O 127.0.0.1/143 -c -n 0″

      Marti

      Reply

  19. I increased logging verbosity and zarafa is spewing out this:

    Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Object not found unknown user “mike”: mike
    Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike”: Trying to authenticate failed: wrong username or password
    Dec 29 21:10:37 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”
    Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040111: logon failed
    Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: CreateProfileTemp(): ConfigureMsgService failed 80040111: logon failed
    Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: CreateProfileTemp failed: 80040111: logon failed
    Dec 29 21:10:37 R5-D4 zarafa-gateway[68286]: Failed to login from 127.0.0.1:53828 with invalid username “mike” or wrong password. Error: 0x80040111
    Dec 29 21:10:38 R5-D4 zarafa-gateway[68286]: Client disconnected
    lines 255-309/309 (END)

    Reply

    1. This output means that you still use “mike” instead of “mike@domain.xyz” as smtp login or that you haven’t replaced the content of saslathd with this…

      SASLAUTHD_OPTS=”-a rimap -r -O 127.0.0.1/143 -c -n 0″

      Your previous message is talking about “/142”. This should already be replaced with “/143”. Please don’t forget the “-r” I added, too!

      Marti

      Reply

  20. I think I read in one of your other posts that you didn’t have access to an x86_64 machine? If that’s true I can provision you a virtual machine with a baseline arch install to experiment with. If, that would help at all.

    Thanks,
    Mike Smith

    Reply

  21. I had tried mike@xyz.com and mike. The output in the error log was the same. Example:

    Object not found unknown user “mike serenity-networks.com”: mike serenity-networks.com
    Dec 29 21:10:32 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike serenity-networks.com”: Trying to authenticate failed: wrong username or password
    Dec 29 21:10:32 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike serenity-networks.com” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”
    Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: M4LMsgServiceAdmin::ConfigureMsgService() MSGServiceEntry failed 80040111: logon failed
    Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: CreateProfileTemp(): ConfigureMsgService failed 80040111: logon failed
    Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: CreateProfileTemp failed: 80040111: logon failed
    Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: Failed to login from 127.0.0.1:53824 with invalid username “mike serenity-networks.com” or wrong password. Error: 0x80040111
    Dec 29 21:10:32 R5-D4 zarafa-gateway[68196]: Client disconnected
    Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Object not found unknown user “mike”: mike
    Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Authentication by plugin failed for user “mike”: Trying to authenticate failed: wrong username or password
    Dec 29 21:10:33 R5-D4 zarafa-server[62347]: Failed to authenticate user “mike” from “file:///var/run/zarafad/server.sock” using program “zarafa-gateway”

    Obviously I’ve triple and quadruple checked the usernames and passwords.

    Also, I verified the saslauthd setting given above matches (I copy/pasted here from the wrong window.

    Thanks again,
    Mike Smith

    Reply

  22. On a hunch, I tried something a little different. This time on a fresh load, I made the changes to etc/conf.d/saslauthd, and instead of creating a user from the command line to test, and then enabling zarafa-postfix-admin, I skipped creating a test user from the command line and went straight to enabling zarafa-postfix-admin and created a user. Things appear to be working properly now. I will continue to test and post back my results, but it appears that, 1. Creating a user via command line using the example on this post does not properly add the domain/virtual domain to zarafa/postfix (can’t send email to self) and, 2. If a user is created from the command line and then zarafa-postfix-admin is installed, authentication seems to be left in a broken state WRT imaps and smtps. After I import mail and run a few tests I’ll let you know my results.

    I do have one more import obsticle to allow me to go live, and that is installing a proper SSL certificate with let’s encrypt. As far as I can tell, all SSL functions are using NGINX this scenario. If that’s the case, shouldn’t it be as simple as using the letsencrypt helper to obtain and install a proper ssl certificate, verify default.http is pointing to the correct certificate afterwards, and update etc/zarafa/server.conf to point to the new certificate? Am I missing something and / or do you have any helpful advise?

    Thanks again for your amazing help. I plan on dumping every issue I’ve encountered into a blog post for reference. Hopefully it might help others down the road. You’re work on the pietma scripts are worth their weight in gold!!

    Mike Smith

    Reply

    1. When you’ve installed ZPA, then you have to manage ALL users with it. If you have leftovers in zarafa, then you have to import all of those users with the import script described on the website.

      Letsencrypt isn’t very difficult. You need the http server accessable on port 80. Actually I’ve everything ready. It just has to be adopted into the new environment. But this will take me at least one or two days.

      What I meant to say in one of my posts is that I have a working x64 and x86 environment for compilation. I just don’t use and test the zarafa binaries in this environment 🙂

      Marti

      Reply

  23. Wow, lots of authentication issues seem to plague zarafa. Despite the activesync tester successfully authenticating, when opening outlook, now I’m having authentication errors for active sync. Seems to have something to do with php-fpm: pool z-push. It never ends!!!!!!

    Dec 29 22:03:48 R5-D4 zarafa-server[597]: Authentication by plugin failed for user “mike serenity-networkscom”: Trying to authenticate failed: wrong username or password
    Dec 29 22:03:48 R5-D4 zarafa-server[597]: Failed to authenticate user “mike serenity-networkscom” from “file:///var/run/zarafad/server.sock” using program “php-fpm: pool z-push”

    Reply

  24. Any idea’s with regards to ActiveSync / Z-Push authentication not working now? This is the only error I can find that seems relevant:

    Dec 29 22:03:48 R5-D4 zarafa-server[597]: Authentication by plugin failed for user “mike serenity-networkscom”: Trying to authenticate failed: wrong username or password
    Dec 29 22:03:48 R5-D4 zarafa-server[597]: Failed to authenticate user “mike serenity-networkscom” from “file:///var/run/zarafad/server.sock” using program “php-fpm: pool z-push”

    I’ve never used z-push (although it was pretty much the number 1 reason I’ve been trying to use this particular mail server configuration to get activesync) so I’m not sure where to begin troubleshooting. I’ve come up empty on google searches thus far.

    Thanks,
    Mike

    Reply

    1. The error is saying that ‘mike serenity-networkscom’ couldn’t be authenticated. But shouldn’t you use ‘mike serenity-networks.com’ as login? The dot after the domain seems to be missing.

      Reply

  25. I’m going to start from scratch once more and see if the problem persists. It’s possible I have messed up something in troubleshooting the other issues. I’ll let you know if that clears it up.

    Thanks again for the all the help.

    Mike Smith

    Reply

  26. I’m happy to report after a clean install, bearing in mind everything learned, everything seems to be working great. I’m migrating mail over now. The only obstacle left is setting up a Let’s Encrypt SSL certificate! I’ll try to get that figured out shortly. Thank you so much for the help you’ve given. It is very much appreciated!

    Mike Smith

    Reply

    1. Hey Mike,

      one more thing. I’ve got a stupid syntax error in ‘/etc/zarafa-webapp/plugins/mdm/config.php’. This might annoy you in the future. A little bit of details…

      “Stupid syntax error crashed zarafa-webapp [define(‘PLUGIN_MDM_SERVER’, 127.0.0.1:81); => define(‘PLUGIN_MDM_SERVER’, ‘127.0.0.1:81’);]. Internal error 500 is reported after login. Please update ‘zarafa-webapp-mdm’ and replace /etc/zarafa-webapp/plugins/mdm/config.php with config.php.pacnew in the same folder. Or simply fix ../mdm/config.php.”

      Marti

      Reply

    2. Hey Mike! Congratulations, it’s so awesome to hear you’ve made it! Marti

      Reply

  27. Well, I’ve ran into another problem. I use a spam quarantine service (postlayer). In order to send mail, I have to route my outbound mail through a “smarthost” which is nothing more than an SMTP relay that uses a username and password.

    Usually this is an easy entry in postfix’s main.cf, after hasing a file that contains a username and password. My problem is that the smtp_sasl_password directive is already called out in postfix and pointing to mysql:/etc/webapps/zarafa-postfixadmin/postfix/fetchmail_mailbox….something or another.

    How can I add the username and password corraspoing to my smarthost in this configuration? usually I create a file (and then hash it with postfix) that contains this single line:

    newton.mx25.net username:password

    Please help!!

    Thanks,
    Mike Smith

    Reply

  28. So, it looks like the callout included for zarafa-postfix-admin is only used for checking accounts added to “fetch mail” in the web interface. Currently my file appears to be cancelling out that setting in main.cf becasuse it is further down in the file. I’m able to send mail and authenticate, but I’m getting the warning message at the bottom. It would be nice to be able to just add an outbound server / smarthost authentication information in zarafa-postfix-admin. It is very, very common for mail servers to use outbound filtering, such as I do. I’m an IT consultant and I would say at least 75% of the mail servers I touch use outbound filtering in this manner. In my case, I pay 30 bucks a year for inboudn and outbound filtering. The advantage to using outbound filtering is that I don’t have to worry about reverse dns, outbound virus filtering, SPF records, or changing any dns related settings if I switch mail servers. In other words, it’s kind of a must have feature and I see a lot of benifit of adding the ability to specify and outbound smart host for all mail through the web interface. Here is the warning message I’m getting.

    warning: /etc/postfix/main.cf, line 119: overriding earlier entry: smtp_sasl_password_maps=proxy:mysql:/etc/webapps/zarafa-postfixadmin/postfix/fetchmail_mail

    I would be happy to provide any help or additional information, as well as testing.

    Thanks,
    Mike Smith

    Reply

    1. Hey Mike,

      did you make smarthosts work with the current Zarafa-Postfixadmin version?

      Marti

      Reply

  29. I just wanted to let you know that I was able to get a Let’s Encrypt SSL certificate set up. I think it would be pretty straight forward for you (or another “coder”) to set up a script to do this on our arch-zarafa servers. Becuase of the convoluded way root directories and location directives are using in this particular nginx configuration, what I did was use certbot –manual to obtain a certificate, which was placed in /etc/letsencrypt/live/domainname/ and then I simply updated the Nginx’s default.http and default.mail to point to the newly created coorasponding .pem files. It worked like a charm. I’m insanely thrilled to say that for the first time every I actually have a z-push server set up, syncing to my iDevices running iOS 10!! Activesync tethered me to exchange for so many years, which was overkill for my domain name with only a handful of email addresses. Running a full blown exchange server for that one feature was insanity! I inteded to set up z-push with zimbra, which I had been running for a couple months as I had a spare license with a little time left, but zimbra takes up just as much resources as exchange, and a z-push setup was going to be anything but easy.

    Despite all of the issues getting arch + zarafa + pietma set up, it was very much worthe the trouble. Now the only “issue” i’m having relates to my previous post with using a smart host, which is still working (although most likely breaking the fetch mail function of zarafa-postfix-admin).

    If there were two things that would make pietma PERFECT, it would be:
    1. Adding smarthost configuration to zarafa-postfix-admin to route outbound mail through spam filtering services (with ability to specify username/password, ssl/tls, and server address).
    2. Adding a quick config for lets encrypt. Certbot in standalone mode will run a python based simple http server and do everything for you, as long as nginx is stopped. So All a script would need to do is stop the nginx service, run the certbot utility, add the new certificate paths to nginx, the start nginx. A certificate renewal process that ran once every month or so would be useful too since letsencrypt certs expire every 3months.

    I’m not a coder, just a Network Engineering with a lot of colocated server resources. I would be more than happy to contribute in whatever way I can. Thank you for all the work you’ve put into this, I know it took some serious time.

    Mike Smith

    Reply

  30. Here is a tidbit of helpful information. If you set an SSL certificate on Nginx to enable https for webmail, imap and pop3, for some reason the zarafa mdm plugin stops working and gives an error that says “Unable to connect to Z-Push Server. Could not connect to host.” To resolve this I edited /etc/webapps/zarafa-webapp/plugins/mdm/config.php and changed PLUGIN_MDM_SERVER to the FQDN instead of localhost. All is well now. Z-push was working find for mail, this only affects the mdm plugin in the zarafa web interface.

    If you aren’t using the pietma arch-zarafa setup and are using a more mainstream default setup, the actual filename you’ll need to edit is /etc/zarafa/webapp/config-mdm.php The documentation sometimes refers to it just as config-mdm.php but in instance of Pietma arch-zarafa, its just config.php in the mdm folder.

    This is just FYI for google searchers. I will write a blog post soon to address this.

    Thanks,
    Mike Smith

    Reply

  31. Hey Marti,

    On the first happy New Year.
    I have made some rules in Zarafa for moving the emails to a subfolder.
    But if I receive an email for an subfolder, this email stays in Postin, and don’t move to the subfolder.
    I have tested: cat ‘emailadress’ | zarafa-dagent peter ,the email delivered in Postin
    Also I tested: cat ‘emailadress’ | zarafa-dagent -F ‘Inbox\Synology’ peter ,the email delivered in the subfolder Synology.
    Before the complete new installation on 29-12, I have seen that it works

    Gr. Peter

    Reply

  32. If I use the zarafa-passwd command to change/update a password, the new password goes into effect and works on zarafa webapp, but imap still works with the old password, even after a reboot. How can this be?

    Thanks,
    Mike

    Reply

  33. I’m having major issues with my server as of today. It started with my spam service (that also filters outbound mail) giving me thousands of rate limit bounces. Upon further examination, my server was blasting spam out. A bot was connect in on port 465 and somehow authenticating with my username and password (supposedly). So, I tried to update my password. I used zarafa-passwd to do so. This only updated my password for the webaccess interface……. Not SMTP authentication. I restarted. No change. I also tried to upgrade all packages. A simple pacman -Syu spits out errors now as there is all sorts of dependancy problems with the peitman repo now.

    # pacman -Syu
    :: Synchronizing package databases…
    core is up to date
    extra is up to date
    community is up to date
    pietma is up to date
    :: Starting full system upgrade…
    resolving dependencies…
    looking for conflicting packages…
    error: failed to prepare transaction (could not satisfy dependencies)
    :: zarafa-postfixadmin: requires php<7
    :: zarafa-postfixadmin: requires php-imap<7
    :: zarafa-server: requires boost=1.58.0
    :: zarafa-server: requires boost-libs=1.58.0
    :: zarafa-server: requires gsoap=2.8.22
    :: zarafa-server: requires php<7
    :: zarafa-server: requires php-fpm<7
    :: sabre-zarafa: installing php (7.0.14-1) breaks dependency 'php<7'
    :: sabre-zarafa: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
    :: z-push: installing php (7.0.14-1) breaks dependency 'php<7'
    :: z-push: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
    :: zarafa-service-overview: installing php (7.0.14-1) breaks dependency 'php<7'
    :: zarafa-service-overview: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
    :: zarafa-webapp: installing php (7.0.14-1) breaks dependency 'php<7'
    :: zarafa-webapp: installing php-fpm (7.0.14-1) breaks dependency 'php-fpm<7'
    :: zarafa-webapp-spellchecker: installing php-enchant (7.0.14-1) breaks dependency 'php-enchant<7'
    [root@R5-D4 ~]#

    My business is completely dead in the water now. I've had to disable port forwarding on my firewall for port 465 to prevent spam from blasting out. The only open ports on my firewall are 25 (and only for my spam filter services IP), 465, 587, and 993. I doubt it's been "hacked." I don't know if there is a zero day that is allowing these spam senders to spoof an authentication or what. But I can't troubleshoot any further becasue I can't update my password and I can't upgrade packages. I'm completely screwed and all I know to do is move to google apps or reload the mail server. I've scoured all of the docs on the peitman repo site and can't find anything on password syncing or how any of this works.

    Mike

    Reply

    1. For udpates you have to put the pietma-repo over the core repo. This way pacman is going to find pietma packages first.

      Reply

    2. Please don’t take me wrong. Before I know the source of this problem I’m going hide this posts. I don’t want anybody to be compromised.

      Reply

  34. I have also just tried updating the password with zarafa-admin -u username -p newpassword and this also only updates the password for the web interface, and nothing else.

    Reply

  35. MAJOR problem. I have done a TON of testing to verify this. This affects a DEFAULT zarafa set using peitman scripts. IMAP and SMTP are accepting ANY password for users. I can literally put in any password with a correct username and anything using SASLAUTHD will successfully authenticate. This is why spam is able to relay successfully. What can be causing this? It does this on my production server, and 2 other servers I’ve brought up from scratch using the scripts. This is insane.

    Thanks,
    Mike

    Reply

  36. At first I thought it was everything related to sasl authentication but IMAP and POP3 seem to be authenticated against zarafa….. So, everything but zarafa-webaccess is accepting any and all passwords for valid user accounts….

    Reply

    1. Hey Mike,

      This is aweful! I’m looking into this.
      As first step I took the repo offline. Before any other move I have to understand the problem.

      Marti

      Reply

      1. If I can help, please let me know. I can’t think of anything I’m doing that would cause this as I’m pretty much default. Any changes made we’ve talked about here. If you want to SSH into my production server and take a look I can arrange that.

        Reply

        1. Thanks! I took away my patches and tried zarafa-server again. I’m still able to login with wrong password. So there are two possible reasons for this. An error in zarafa itself or bad configuration.

          Reply

  37. I’m having mixed results reproducing it now. However, I’m working from a cloned image at this point. If you need any info offline or want to teamview into an ssh session of my server just shoot me an email. Also, I got your message and good call, I didn’t even think about that. I’d like to think I’m causing this somehow and it doesn’t affect everything.

    Reply

    1. So here we go…

      Gateway and ICal are executed as ‘zarafa’-user. Basically this is ok, since this services are not exposed to the outside world. But here’s the problem, calls from zarafa user are handled with administrator rights by Zarafa-Server. Running gateway and ical as nobody is the solution!

      Run this commands and fix this files and your okay again!

      $ vi /etc/zarafa/ical.cfg
      $ vi /etc/zarafa/gateway.cfg
      run_as_user = nobody
      run_as_group = nobody

      $ vi /usr/lib/tmpfiles.d/zarafa-tmpfiles.conf
      d /run/zarafad 0777 zarafa zarafa
      d /var/run/zarafad 0777 zarafa zarafa

      $ systemd-tmpfiles –create
      $ systemd-tmpfiles –clean
      $ rm /var/run/zarafad/ical.pid
      $ rm /var/run/zarafad/gateway.pid
      $ systemctl restart zarafa-gateway
      $ systemctl restart zarafa-ical

      Sorry for all that trouble!

      Marti

      Reply

      1. It seems to have resolved the issue for IMAP, but I’m still get past SMTP authentication on port 465. I’m going to reboot and see if that makes a difference.

        Thanks!
        Mike

        Reply

        1. Btw. I’ve got the smarthost thing integrated in ZPA. But more tomorrow.

          Reply

  38. I figured it was something along those lines. I will confirm in a few. I’m taking this opportunity to delete snapshots >>> I’m about 5 deep and performance was getting pretty dismal. I’ll let you know.

    Thanks!
    Mike

    Reply

  39. OK, I *think* everything is working now. However, imap seems to take 10-15x as long to authenticate. This applies even when authenticating via command line using openssl s_client. The lag is the authentication itself. If it is denied (wrong password), it’s instant, but when the correct password is inserted, it takes almost 10-15 seconds, at times, to come back as a successful login. This is different than before.

    But, this isn’t critical, it’s just something we might want to try to figure out. It should be instant, especially on a server with very little load.

    Thanks for fixing the other issues so quickly!! You’re a gem Marti!

    Mike Smith

    Reply

  40. To add to the above issue… imap and activesync/zpush authentication take forever to authenticate, if at all. It times out most of the time. Help 🙂

    Reply

  41. Looks like everything is great. The fixed worked well. The performance issue seemed to clear itself up overnight. I think there was just a pretty big backlog of garbage mail combined with all of the increased logging I had enabled for all services. After tidying all that up everything is running very fast, stable, and no open relaying 🙂 Thanks so much for your quick help.

    Reply

  42. First of all, thank you for this very nice tutorial and your work!

    I did try to install zarafa on a fresh system using your install script, and I got the following error:

    […]

    [DONE] Install optimizations
    [….] Initialize MySQL database
    /usr/bin/my_print_defaults: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or Directory

    Any idea how to fix this?

    Thank you!
    René

    Reply

    1. Hey René,

      please use one of the systems served on https://repository.pietma.com/nexus/content/sites/archlinux/os/ and avoid upgrading your system. Simply don’t use the “-u” parameter with Pacman.

      Zarafa 7.5.x is not compatible with the latest OpenSSL. Lately the company “Zarafa” has changed its name to Kopano. Kopano moved to a full Opensource strategy and does not maintain the Zarafa code anymore. The new name of “Zarafa Server” is “Kopano Core”.

      To make the Zarafa Server packages work with the current OpenSSL I have to migrate to the Kopano sourcecode repository, change all paths in the existing packages and update all dependencies.

      Right now, I am very busy. That is why I tried to serve all the resources you need to make the latest packages work.

      Marti

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *