makeITsimple wiki

Outils pour utilisateurs

Outils du site

Piste :
linux:grommunio-linux

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
linux:grommunio-linux [2022/08/10 11:45] – [Installer rspamd] rootlinux:grommunio-linux [2023/07/14 19:01] (Version actuelle) – [Autoriser le relay pour les users authentifiés] root
Ligne 167: Ligne 167:
   - Quelques commandes pour configurer postfix: <code bash>postconf -e virtual_alias_maps=mysql:/etc/postfix/g-alias.cf   - Quelques commandes pour configurer postfix: <code bash>postconf -e virtual_alias_maps=mysql:/etc/postfix/g-alias.cf
 postconf -e virtual_mailbox_domains=mysql:/etc/postfix/g-virt.cf postconf -e virtual_mailbox_domains=mysql:/etc/postfix/g-virt.cf
-postconf -e virtual_transport="smtp:[localhost]:24"+postconf -e virtual_transport="smtp:[::1]:24"
 postconf -e mynetworks="127.0.0.0/8 [::1]/128" postconf -e mynetworks="127.0.0.0/8 [::1]/128"
 postconf -e smtpd_banner='$myhostname ESMTP' postconf -e smtpd_banner='$myhostname ESMTP'
Ligne 333: Ligne 333:
 allow_pubkey_mismatch = true; allow_pubkey_mismatch = true;
   </file>   </file>
 +
 +=== Signer ARC ===
 +  - Créer un fichier arc.conf<code bash>nano /etc/rspamd/local.d/arc.conf</code>Avec ceci: <file - arc.conf># If false, messages with empty envelope from are not signed
 +allow_envfrom_empty = true;
 +# If true, envelope/header domain mismatch is ignored
 +allow_hdrfrom_mismatch = false;
 +# If true, multiple from headers are allowed (but only first is used)
 +allow_hdrfrom_multiple = false;
 +# If true, username does not need to contain matching domain
 +allow_username_mismatch = false;
 +# Default path to key, can include '$domain' and '$selector' variables
 +path = "${DBDIR}/dkim/$domain.$selector.key";
 +# Default selector to use
 +selector = "dkim";
 +# If false, messages from authenticated users are not selected for signing
 +sign_authenticated = true;
 +# If false, messages from local networks are not selected for signing
 +sign_local = true;
 +# Symbol to add when message is signed
 +symbol_signed = "ARC_SIGNED";
 +# Whether to fallback to global config
 +try_fallback = true;
 +# Domain to use for ARC signing: can be "header" or "envelope"
 +use_domain = "header";
 +# Whether to normalise domains to eSLD
 +use_esld = true;
 +# Whether to get keys from Redis
 +use_redis = false;
 +# Hash for ARC keys in Redis
 +key_prefix = "ARC_KEYS";
 +# map of domains -> names of selectors (since rspamd 1.5.3)
 +#selector_map = "/etc/rspamd/arc_selectors.map";
 +# map of domains -> paths to keys (since rspamd 1.5.3)
 +#path_map = "/etc/rspamd/arc_paths.map";
 +# map of trusted domains. Symbol ARC_ALLOW_TRUSTED is added to messages
 +# with valid ARC chains from these domains. A failed DMARC result is removed/ignored.
 +# whitelisted_signers_map = ["example.org", "example.com"]
 +
 +# From version 1.8.4, Rspamd uses a different set of sign_headers for ARC:
 +sign_headers = "(o)from:(o)sender:(o)reply-to:(o)subject:(o)date:(o)message-id:(o)to:(o)cc:(o)mime-version:(o)content-type:(o)content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:(o)in-reply-to:(o)r>
 + </file>
  
 ==== Grommunio-dav (WIP) ==== ==== Grommunio-dav (WIP) ====
 <code bash>apt install grommunio-dav <code bash>apt install grommunio-dav
-ln -s /etc/php7/fpm/php-fpm.d/pool-grommunio-dav.conf /etc/php/7.4/fpm/pool.d</code>+ln -s /etc/php7/fpm/php-fpm.d/pool-grommunio-dav.conf /etc/php/7.4/fpm/pool.d 
 +chown root:grodav /var/lib/grommunio-dav/ 
 +chmod 770 /var/lib/grommunio-dav/</code> 
 + 
 + 
 +Modifs du 31/12/2022 
 +<code bash> 
 + 
 +ln -s /etc/grommunio-dav/grommunio-dav.conf.php /usr/share/grommunio-dav/config.php 
 +ln -s /etc/grommunio-dav/log4php.xml /usr/share/grommunio-dav/ 
 +chmod 770 /var/log/grommunio-dav/ -R 
 + 
 +</code>
 ===== Tips & tricks ===== ===== Tips & tricks =====
 ==== Activer le port submission ==== ==== Activer le port submission ====
Ligne 360: Ligne 413:
 ==== Autoriser le relay pour les users authentifiés ==== ==== Autoriser le relay pour les users authentifiés ====
  
-nano /etc/postfix/master.cf +Work in progress  
--o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject+https://community.grommunio.com/d/383-no-smtp-auth-on-smtp-submission-due-to-saslauth-not-available/2
  
-Remplacer reject par reject_unauth_destination+  - Installer le paquet <code bash>apt install sasl2-bin</code> 
 +  - Modifier le fichier de config: <code bash>nano /etc/default/saslauthd</code> <file - saslauthd> 
 +START=yes 
 +NAME="saslauthd" 
 +MECHANISMS="pam" 
 +MECH_OPTIONS="127.0.0.1" 
 +THREADS=5 
 +OPTIONS="-r  -m /var/spool/postfix/var/run/saslauthd" 
 +</file> 
 +  - Créer les répertoires nécessaires: <code bash> 
 +mkdir -p /var/spool/postfix/var/run/saslauthd 
 +chown root:sasl /var/spool/postfix/var/run/saslauthd 
 +usermod -a -G sasl postfix
  
 +service postfix restart
 +service saslauthd restart
 +</code>
 +  - Editer le fichier pam: <code bash>nano /etc/pam.d/smtp</code> <file - smtp>#%PAM-1.0
 +auth required pam_gromox.so service=smtp
 +account required pam_permit.so</file>
 +  - Ajouter un fichier de configuration postfix: <code bash>mkdir /etc/postfix/sasl/
 +nano /etc/postfix/sasl/smtpd.conf</code> <file - smtpd.conf>log_level: 10
 +mech_list: PLAIN LOGIN
 +saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux</file>
 +  - Modifier le fichier de config postfix: <code bash>nano /etc/postfix/main.cf</code> et rajouter: <file - main.cf>
 +cyrus_sasl_config_path = /etc/postfix/sasl
 +smtpd_sasl_auth_enable = yes
 +smtpd_sasl_service = smtpd
 +broken_sasl_auth_clients = yes
 +smtpd_sasl_security_options = noanonymous
 +smtpd_sasl_local_domain =
 +</file>
 ==== Backup / Transfert ==== ==== Backup / Transfert ====
 <code bash> <code bash>
Ligne 401: Ligne 484:
   - <code bash>newaliases   - <code bash>newaliases
 service postfix restart</code> service postfix restart</code>
 +
 +==== Workaround pour le "upstream sent too big header while reading response header from upstream" ====
 +
 +<code bash>nano /usr/share/grommunio-common/nginx/locations.d/grommunio-web.conf</code>
 +<file - grommunio-web.conf>fastcgi_buffers 16 16k; 
 +fastcgi_buffer_size 32k;</file>
 +
 +==== Debug ====
 +  * dans /etc/gromox/zcore.cfg <file - zcore.cfg>zrpc_debug=1</file>
 +  * dans /etc/gromox/http.cfg <file - http.cfg>http_debug=1</file>
 +
 +==== Droits en console ====
 +<code bash># Voir les dossiers
 +grommunio-admin exmdb shared-user@mail.com folder list
 +
 +
 +# Voir les permissions sur le dossier principal
 +grommunio-admin exmdb shared-user@mail.com folder permissions 0x9 user@mail.com 
 +
 +# Voir les permissions sur le dossier calendar
 +grommunio-admin exmdb shared-user@mail.com folder permissions 0xf user@mail.com 
 +
 +# Donner la permission foldervisible à user pour le compte shared-user
 +grommunio-admin exmdb shared-user@mail.com folder grant 0xf user@mail.com  foldervisible
 +
 +</code>
 +
 +==== Autodiscover issue ====
 +https://support.microsoft.com/en-us/topic/outlook-2016-implementation-of-autodiscover-0d7b2709-958a-7249-1c87-434d257b9087
 + 
 +
 +https://learn.microsoft.com/en-us/outlook/troubleshoot/profiles-and-accounts/unexpected-autodiscover-behavior
 +
 +<code registry>
 +[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
 +"ExcludeExplicitO365Endpoint"=dword:00000001
 +"ExcludeLastKnownGoodURL"=dword:00000001
 +"ExcludeHttpsRootDomain"=dword:00000001
 +“ExcludeHttpsAutoDiscoverDomain"=dword:00000000
 +“ExcludeHttpRedirect"=dword:00000000
 +“ExcludeScpLookup"=dword:00000001
 +“ExcludeSrvRecord"=dword:00000001
 +“EnableOffice365ConfigService"=dword:00000000 </code>
 + 
linux/grommunio-linux.1660131926.txt.gz · Dernière modification : de root