search

kvaps / docker-kolab

Kolab image with nginx, ssl, opendkim, amavis and fail2ban
MIT License
41 stars 19 forks source link

cyrus-imapd seems to be unreachable #25

Open kevinbader opened 7 years ago

kevinbader commented 7 years ago

In /var/log/kolab/pykolab.log:

pykolab.imap WARNING Could not connect to Cyrus IMAP server 'imaps://localhost:993'

In /var/log/roundcubemail/errors:

Could not connect to localhost:143: Connection refused in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)

However, I can't find anything useful in the journal, and Cyrus itself seems to be happy:

[root@mail kolab]# systemctl status cyrus-imapd
● cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-02-10 11:15:15 CET; 37min ago
  Process: 1073 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start (code=exited, status=0/SUCCESS)
 Main PID: 1649 (cyrus-master)
   CGroup: /docker/66f8b5f1f2e1206e3ec4d049a6349812f233912296d91f09ae98dce14c53c402/system.slice/cyrus-imapd.service
           ├─1649 /usr/lib/cyrus-imapd/cyrus-master
           ├─1661 idled
           ├─1664 imapd -s
           ├─1665 imapd -s
           ├─1667 imapd -s
           ├─1668 imapd -s
           ├─1669 imapd -s
           ├─1670 lmtpd
           └─1671 notifyd

Feb 10 11:15:15 mail systemd[1]: Started Cyrus-imapd IMAP/POP3 email server.
Feb 10 11:15:15 mail ctl_cyrusdb[1655]: skiplist: clean shutdown file missing, updating recovery stamp
Feb 10 11:15:15 mail ctl_cyrusdb[1655]: recovering cyrus databases
Feb 10 11:15:15 mail master[1649]: unable to setsocketopt(IP_TOS) service ptloader/unix: Operation not supported
Feb 10 11:15:15 mail master[1649]: unable to setsocketopt(IP_TOS) service lmtpunix/unix: Operation not supported
Feb 10 11:15:15 mail master[1649]: unable to setsocketopt(IP_TOS) service notify/unix: Operation not supported
Feb 10 11:15:15 mail ctl_cyrusdb[1663]: checkpointing cyrus databases
Feb 10 11:15:15 mail ctl_cyrusdb[1663]: done checkpointing cyrus databases
Feb 10 11:45:15 mail ctl_cyrusdb[30996]: checkpointing cyrus databases
Feb 10 11:45:15 mail ctl_cyrusdb[30996]: done checkpointing cyrus databases

The other services seem to be reachable, e.g., nc -v localhost works inside the container with ports 389, 25, 80, 443, etc.

EDIT: I found the following messages in /var/log/maillog... are they relevant? I have no clue what they mean..

Feb 10 13:05:14 mail master[14476]: unable to setsocketopt(IP_TOS) service ptloader/unix: Operation not supported
Feb 10 13:05:14 mail master[14476]: unable to setsocketopt(IP_TOS) service lmtpunix/unix: Operation not supported
Feb 10 13:05:14 mail master[14476]: unable to setsocketopt(IP_TOS) service notify/unix: Operation not supported
kvaps commented 7 years ago

Confirmed, this is because guam.service is not properly up. Unfortunately I have no time to find the cause of this bug. I will be glad of any help from the outside :)

kevinbader commented 7 years ago

Thanks for pointing out Guam, I hadn't noticed the error. Turned out that the Cyrus port is configured to 9993 instead of 993, the same port Guam uses, so that was an easy fix. That's what I've changed so far:

  1. set php timezone (the other issue)
  2. set cyrus imaps port to 993 (from 9993)
  3. in roundcube/config.php set host to ssl://localhost (instead of tls://...) and port to 993
  4. enabled (uncommented) submission port in postfix master.cf

At this point user login in Rouncube works again, and I can view my mails. However, (sending and) ~receiving~ delivering mails still doesn't. In /var/log/maillog I see the mails coming in, but Postfix cannot deliver it saying status=deferred (mail transport unavailable). Any ideas?

btw, I also see connect to transport private/smtp-amavis: Connection refused in the log even though Amavis is up and running, but I'm not sure whether this affects the mail transport or not.

EDIT: do we need saslauthd? It doesn't run by default. At least the default submission config in postfix' master.cf has -o smtpd_sasl_auth_enable=yes in it.

kvaps commented 7 years ago

Hi @kevinbader, thanks for investigation!

About status=deferred (mail transport unavailable), I think this is because postfix cannot connect to amavis (or wallace). This address is listed in content_filter option in mater.cf

buhaha commented 7 years ago
  1. set cyrus imaps port to 993 (from 9993)

https://kolabsys.com/about/guam/configuration.html

In a Kolab Groupware setup, Guam is configured with listeners on ports 143 and 993, against an imaps IMAP server on localhost port 9993.

my config /etc/guam/sys.config

    {
        kolab_guam, [
            {
                imap_servers, [
                    {
                        imaps, [
                            { host, "127.0.0.1" },
                            { port, 9993 },
                            { tls, true }
                        ]
                    }
                ]
            },
            {
                listeners, [
                    {
                        imap, [
                            { port, 143 },
                            { imap_server, imaps },
                            {
                                rules, [
                                    { filter_groupware, [] }
                                ]
                            },
                            {
                                tls_config, [
                                    { certfile, "/var/lib/acme/live/example.com/cert" },
                                    { keyfile, "/var/lib/acme/live/example.com/privkey" },
                                    { cacertfile, "/var/lib/acme/live/example.com/fullchain" }
                                ]
                            }
                        ]
                    },
                    {
                        imaps, [
                            { port, 993 },
                            { implicit_tls, true },
                            { imap_server, imaps },
                            {
                                rules, [
                                    { filter_groupware, [] }
                                ]
                            },
                            {
                                tls_config, [
                                    { certfile, "/var/lib/acme/live/example.com/cert" },
                                    { keyfile, "/var/lib/acme/live/example.com/privkey" },
                                    { cacertfile, "/var/lib/acme/live/example.com/fullchain" }
kevinbader commented 7 years ago

@kvaps Thanks, removing the content_filter seemed to do the trick, although I still don't know how to use Amavis. @buhaha Thanks for pointing that out!

Is Postfix supposed to use Guam for delivery too, or is it okay to use lmtp to connect to Cyrus' unix-socket directly? Also I wonder how sasl authentication plays into this... The docs say that Guam should use it, but when I enable it Postfix picks it up and doesn't deliver anymore until I disable sasl again. Should this configured in the image, or is this meant to be configured individually?