What parameters should I provide as a minimum during install?
Don't panic and go for the default selected options plus for entries as per logical nee. Note it can be adjusted via Kopano4S-Admin GUI later.
Reference: Kopano4S Istallation
What is the difference between Upgrade of Kopano4S in Synology Package Center and Re-Install?
The difference is marginal: all configuration files in /etc/kopano are rolled out new when you remove the package leaving database and Kopano share and the install again aka re-install. During upgrade the configuration files stay untouched with you potential adjustments but all other actions e.g. rebuilding container from latest Docker image wil lbe the same. Litreally you save the effort going through the install menues providing the entries. In early days z4h / k4s before release candidate a reinstall could have fixed issues when configuration files contain important adjaustments but now this should be a no brainer. Lately there is an upgrade light version available complementary to package center when the Docker image changed or updatef but the wrapper and GUI stays teh same. So you go for GUI-Intro section and hit update once a new version is detected on Docker Hub.
What is the difference of Kopano editions and what is that SNR for?
Kopano comes in two editions and k4s has a third option: 1) Community edition which is free and created from Kopano repository download.kopano.io/community with nightly builds. It is essentially a beta version with rolling upgrades. Its great for familiarizing with Kopano and being brave to use beta that might rewuire hans on tasks. 2) Supported edition which requires a subscription, hence the mandatory SNR input at install which is checked by k4s against Kopano repository download.kopano.io/supported. The supported edition is QAd by Kopano and reccomended for production use (details see Kopano Editions incl. FAQ why pay open source). 3) Migration edition KC 8.4.5 which is soly to smoothen way from Zarafa importing database backups which is no longer supported in KC 8.6. This Migration edition will stop after 3 hours as it us not intended to support production usage.
I updated to Kopano Supported with subscription. Why does the package stop?
When switching from Community to Supported edition you have a version downgrade and kopano server refuses to start (see server.log). You have to rebuild from backup into empty database:
Before switching edition run > kopano-backup -U admusr -P admpwd. Now remove k4s keeping the kopano share with backup but dropping database. Next add same user with admin rights as used for backup and run > kopano -bavkup -U admusr -P admpwd --restore.
Reference: Kopano4S Migration
Kopano4S is not starting throwing cryptic Docker errors: what is wrong here?
Don't panic The common error is neglecting the Unix Highlander principle for ports: there can be only one service binding a port. If you have another mail or IMAP or CalDAV server running blocking ports like 25, 143, 8080 etc. K4S Docker Container will refuse to start. Stop the conflicting services or change rhe k4s port range for services at install; now you know what that install option is for.
On Docker Hub TosoBoso section why are automated, trusted builds not used?
It was decided to go instead for a local build option with full insight plus control to the Dockerfile and build logs for the following reasons; 1) in the Dockerfile attached to automatic build not to expose any sensitive data like SNRs which are needed to build Supported edition. 2) automated builds trigger at changes to sorce files while the frequency to rebuild Kopano is driven by available new builds plus basic testing of the build.
IMAP and ICAL are not working, how can this be fixed?
IMAP and ICAL are disabled by default and have to be selected at install ports & services section. It can also be enabled via admin GUI cfg section or running > kopano4s-optionals gateway / ical on. Note the container has to be re-iniialized as additional Docker ports have to be exposed. Also make sure the respective users have IMAP/ICAL enabled via kopano-admin or admin-GUI, which has a select box for it when updating user. Finally the ports in gateway / ICAL cfg have to match the ones exposed in Docker.
How to enable TLS / SSL for Kopano Server, Gateway and ICAL?
TLS / SSL by certificates is prepared but not by default enabled and the GUI part in tools is pending. You first have to create a default certificate on your Synology that can by used by Kopano4S (e.g. have subdomain as alternate name mail.mydomain.com via lets encrypt). Then you need to have update certificates from Synology enabled which can be selected at install or via admin gui cfg section. Alternatively run > kopano4s-init ssl. Finally you have to edit server.cfg, gateway.cfg and ical.cfg SSL section to enable it (certificates ate in default paths) and restart Kopano4s.
Does Kopano4S support LDAP or Active Directory?
Yes, while default install k4s comes with database backend, but this can be changed in server.cfg to LDAP support. Synology has a LDAP package to be used and integrate with Kopano, see documentation how to enable LDAP in Kopano.. IN future versions it is planned to have the LDAP integration and configuration prepared, scripted and easier to implement for 'home-users'.
Does Kopano4S support smarthost relayhost aka different sending mail-addresses?
Yes, but not yet fully integrated via Admin-GUI as the standard relay already is. You need to enable the sender_dependent_relayhost_maps section in /etc/kopano/postfix/main.cf and add to /etc/postfix/sender_relay the respective entries. Do not forget to postmap aka kopano-postfix map /etc/kopano/postfix/sender_relay and also /etc/kopano/postfix/sasl_passwd after you put your entries. In sender_relay file you put entries like @example.com [SMARTHOST1]:587 and @example.net [SMARTHOST2]:587 in sasl_passwd @example.com email@example.com:THEPASSWORD.
I'm afraid Kopano4S does act as open relay when connected to the internet via port 25, how to protect it?
K4S as open relay is a wrong assumtion and urban legend as you can easily verify with mxtoolbox.com etc. against your mailserver on port 25 to the internet. Check /etc/kopano/postfix/main.cf and find the following entries: # closed relay: allow localhost for clients sending; add your local nw if needed, extra entries are to deal with IPv6: mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16. The latter entry allows usage of K4s mailserver from private LAN 192.168.x; adjust as needed.
The K4S Container runs is in a Docker "bridge" network (which source NATs); how to deal with private IPs in mail headers?
K4S runs in docker bridge mode which is default and still reports as respective server in postfix mode (main.cf -> myhostname). It is possible but experimental to run K4s in Docker NW host mode without natting. This can be selected during install on 1st page when scrolling down or adjusted in package.cfg located in /var/packages/Kopano4s/etc by DOCKER_NW="host" (reset required to make effective: > kopano4s-init reset). On the onter hand Postfix can be configured only to show hostnames but no IPs to solve the issuue: Add to file /etc/kopano/postfix/header_checks following lines (already included in K4S template): "/^Received:.*\[127\.0\.0\.1/ IGNORE /^Received:.*\[172\.0\.0\.1/ IGNORE /^X-Originating-IP:/ IGNORE"
The K4S Container runs multiple services, what about the microservices paradign and segregating data from prosessing.
K4S is following the paradign segragating data from processing by using the native MariaDB as part of Synology, mounting the mysql-sockets to the container and keeping all data on Synology shares monting them also into the container. However currently the microservices paradign running only one process is not implemanted for various particular legacy reasons. It is however planned by refactoring to split k4s into containers for core, web, mail, meet and chat processing. Even after that change the containers wil have more than one process but be more focused. Note in order to control multiple processes k4s utilizes the tiny framework for docker (docker run -d --init ...).
Does Kopano4s support Synology Mail-Server+ integration?
No, Kopano4S comes with its own postfix server and integration with Synology mail-server as it was done in kagacy Zarafa package is not possible (Synology does not support LMTP and dagent into Docker container using root would violate postfix minimum rights). However Mail-Server+ package can ko-exist with Kopano4S e.g. for testing or migration purpose but only one package can run active as the same ports are used.
Setting other language for mailbox did not work; how to repair or change language later?
The language to be used is set during install or via the GUI Config section. Hoewever on versions pre k4s 0.8.5 it did not work as a translation file was missing, which is fixed now. To change langage per user retrospectively use kopano-localize-folders (-u user --lang e.g. de_DE.UTF-8). Note for ger/de langKopano versions pre 8.6 did run into issues which had been fixed recently; in case of errors just try again after update.
Why does Kopano4S not show up in Package Center even though cphub.net source was installed?
While Kopano4S is a so called 'noarch' package it has dependencies to the Docker and MariaDB10 packages. Ensure both are installed so you get Kopano4S presented in the package center. Consider buying a x86 Synology model supporting Docker when planning to use Kopano4S.
Reference: Community Package Hub User Config
Z-Push active sync is no longer working post upgrade, how to fix? it
A Trouble-Shooting topic: 1) set acls again via > kopano4s-init acl 2) run > z-push-admin fixstates 3) go sledge hammer mode run > kopano4s-init mobiles which will reset the state directory and force all z-push connections for full resync. Be carefull with 10+ devices and large mailboxes this can be heavy load and time consuming.
With Z-Push how to share dara r/o or r/w to other users on mobiles and OL?
With Z-Push 2.4.x which is integrated in Kopano4S two new features had bee introduced: 1) impersonation to access other users account similar to webapp or old zarafa-client secretary mode (don't forget to set send-as). It works with account user1#user2 to access user2's shared data. 2) shared folders concept as part of z-push admin which can be done more granular per folder, device etc. and there is also a nice script available: shared-folders.sh which wil be integrated in future k4s. Note sharing public calendar via the new function is no good idea, use the global sync via z-push config.php instead (Z-Push-Shared-And-Public-folder-Sync)
Webapp-plugins e.g. mdm are not connecting, how to fix this ?
Some webapp plugins point to webserver localhost by default port or mysql server. As k4s is using diferent ports you have to set 9080 for webserver and 3307 for Mysql / MariaDb. You can do this via K4S-Admin Gui Config section as shown in screenshot (before push of 'Replace'; mind not using spaces.
How to get global address book (GAB) to mobiles and MS Outlook?
There are two ways: traditional via z-push config system contacts enhanced by gab2contacts and for Outlook only using Kopano OL extention and gabsync script. Details how to setup are listed below. For 1st method ensure to run > kopano-admin -s to create public folder and then > kopano-pubfolders will list the id of system public folder respectively contacts (alternative to kopano-folderlist -l SYSTEM). This system id has to be placed in z-push config.php using the example section and now public contacts are synced to any mobile device. To the sync the GAB to public contacst use the gab2contacts script.
Is Z-Push or Active-Sync Autodiscover available; how to configre it?
Yes z-push-autodiscover is installed and prepared in Kopano4S. You should create autodiscover subdomain (autodiscover.mydomain.com) with valid SSL certificate and create a Synology reverse proxy entry from the subdomain to 'localhost:9080/AutoDiscover/AutoDiscover.xml'. The rest is as per documentation below.
How to setup Reverse Proxy so default port 443 can be used for https from the internet?
Kopano4S comes with embedded reverse proxy (see below) but for certain use cases (e.g. Autodiscover) Synology reverse proxy is usefull. To install it go for Synology control panal, application portal and then reverse proxy tab. In creation dialog put a name, use protocol https, enable hsts, put a subdomain like kopano.mydomain.com and port 443. As target put protocol https, localhost and port 9443 (proxy to http no longer works as webapp 3.4 requires cookies and ssl).
How to ensure webserver access.log and others showing the remote IP and not a private IP?
Web-Client requests are not traceable as IP address gets masked by Docker when running in default bridge mode to private IPs making access-log and fail2ban unusable. Even simple Reverse-Proxy directives X-Forwarded-For appear not to work which seems to be linked to Dockers userland-proxy exposing ports. The solution is a customized logging and passing values to php integrated into the Nginx in K4s since v. 0.99 and with that once reverse procy passes X-Forwarded-For it works.
What's the difference Synology Reverse Proxy vs. K4S for WebApp, Z-Push?
Kopano4S offers reverse proxy virtual directories being installed for webapp and z-push for conveniance. It differs from Synology reverse proxy using subdomains (e.g. webapp.mydomain.com) and k4s locations (mydomain.com/webapp). Reverse proxy by location does work for every use case (but here) and comes with the advantage that no additional certificate or alternate name needs to be created. At the end both solutions are based on Synology's NGINX and refer to same target. Note some users reported issues with k4s reverse proxy breaking DSM on custom ports I could never recreate it as it works fine on standard setups. Also common integration for locations in Synology NGINX is used (e.g phpMyAdmin package is simimlare) As I cannot solve any configuration I disabled k4s reverse proxy from default install selection, however encourage to test using it as it is very conveniant and for z-push additional parameters to encouter long open session times are included
How to add files into the Kopano4S container?
Best to use the mounted directory /etc/kopano (same in container) or kopano-share/backup (/var/lib/kopano/backup in k4s container). But remember while files remain in the mounted directories anything added or changed in the container will be lost at next upgrade when container is reloaded and reset. Best you put your extra files once integration is tested onto your webserver private area (access lan only) and put all steps into the script postinst.sh: download plus install so it survises updates; see below changes that do not get lost during upgrade.
How to configure plugins or other tools when localhost in the container does not do the trick?
If you want to set database connection in plugins localhost and port 3306 will not work as MariaDB is running outside the container on port 3307. To get the container host IP address use the environment $PARENT. For connecting the webserver e.g. from mdm plugin localhost would work but wou had to add port 9080 to overwrite defaul port 80.
How to add extra Debian packages or configuration changes that do not get lost during updates?
A Modding topic: in /etc/kopano/custom there are two files: dbkg-add and postinstall.sh, which are both triggered each time during upgrades when a new container is initialized. The first is a list of valid debian packages and by default has vi/vim included while the later is a shell script that can hold any action (e.g. downloads or sed changes to config files). The results are found in posinstall.log. Remember: any modification in k4s container gets lost at update so use the scripting.
Does Kopano4S still support Zarafa Outlook client?
Generally speaking yes for last zarafa-client 7.2.6 the basic functions will work for OL 2013 & 2016 32bit but MS deferred the usage of mapi32.dll, the underlying library. So be prepared for future surprises as collaboration options and even basics can be broken with any MS Office update. Basics get usually fixed by reinstall while extended functions will no longer be fixed as Zarafa stopped updating the OL client extention. Use at your own risk and have z-push active sync as fall back ready.
Does Kopano4S support archiving functions system wide or per user?
Kind of no or not yet. The embedded archiver of Kopano would provide both, however for Supported subscriptions it is linked to the professional edition which is somewhat expensive and unlikely to be used (see editions above). On the k4s roadmap is a free archiving solution based on maildir file system dumps and IMAP as 'poor mens archiver'. It will be possible to send a copy of every mail to a system archive area and for users to move out old mails via IMAP to ease up their mail-size. By adding z-push backend imap mobiles would also benefit from it. -Now you know why k4s is already shipped with an empty archive directory mounted into the container.
Back to Kopano4SHome