All posts by Don Matteo

lebt in der Schweiz, ist System Engineer MCP bei A-Enterprise GmbH. Mitglied des UNBLOG Knowledge Network. Author und Blogger zu den Themen, Tutorials für Linux und Open Source.

How to Install Z-Push

Z-Push is an open source application you’ll show how to install Z-Push. It’s for synchronizing ActiveSync compatible devices such as mobile phones, tablets and Outlook 2013 and later. Many years of experience in synchronization based on ActiveSync made Z-Push the leading open source push synchronization for many backends.

The main wireless synchronization platforms are ActiveSync for communication with Exchange Server and Research-in-Motion (RIM) BlackBerry Enterprise Server (BES). Both solutions require proprietary server-side software from the manufacturer, which limits the use of Personal Information Manager (PIMs) to either wired synchronization or third-party synchronization, which requires the installation of client software on the PDA.

This is where open source Z-Push comes in. It is an implementation of Microsoft’s ActiveSync protocol, which uses wirelessly for ActiveSync-enabled devices with multiple platforms, including Apple iPhone and iPad, Android and Blackberry 10 devices. With Open Source Z-Push, any PHP-based groupware package can be fully synchronized with any ActiveSync-compatible device.

How to Install Z-Push on Ubuntu

The distribution used in this guide is Ubuntu Server 20.04 LTS with Apache 2.4 and Kopano. Z-Push is installed from the repository as root:

$ add-apt-repository 'deb /'

$ wget -qO - | sudo apt-key add -

$ apt-get update

$ apt-get install --reinstall z-push-kopano z-push-config-apache

After installation, the main directory can be found under the path /usr/share/z-push. The configuration files are located under /etc/z-push.

 If the Kopano server is on another host, MAPI_SERVER in /etc/z-push/kopano.conf.php must be adapted to the environment.

Z-push logging is not enabled in the default configuration, but can be very useful. For the log file you create a directory with mkdir /var/log/z-push, then activate the logging approx. at line 116, with nano or vi /etc/z-push/z-push.conf.php

Log settings
define('LOGFILEDIR', '/var/log/z-push/');
define('LOGFILE', LOGFILEDIR . 'z-push.log');
define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log');

To the Apache web server restarts, apply changes are enable with this Command.

$ systemctl restart apache2.service

Install Z-Push on CentOS 7

On CentOS 7 the repository must be set up in the file /etc/yum.repos.d/z-push.repo as follows.

Insert the following lines in the terminal with Copy & Paste:

cat <<EOF> /etc/yum.repos.d/z-push.repo
name=Z-Push noarch Enterprise Linux 7 - $basearch

The Z-Push repository is added and ready for installation.

  If the repository is RHEL_6_PHP_56 or RHEL_7_PHP_56 and communication between processes is cached, make sure the draw repository is enabled.

$ yum update

Here the Apache web server is used as a Kopano backend, perform the following command to install Z-Push:

$ yum install z-push-common z-push-config-apache z-push-backend-kopano z-push-ipc-sharedmemory

On CentOS the Apache web server restarts as follows:

$ systemctl restart httpd.service

How to use Postfix SASL authentication

SMTP servers must decide whether an SMTP client is authorized to send e-mail that the server is responsible for.

Simple Authentication and Security Layer (SASL) Integration Postfix

This guide describes how to extend an MTA (Mail Transport Agent) Postfix on CentOS 7 with CyrusSASL for SMTP authentication (SMTP-Auth). After that, clients can send e-mail using SMTP-Auth. This manual is checked under CentOS Linux release 7.7.1908 (Core), with Postfix v2.10.1 and Cyrus-SASL 2.1.26. It is assumed that the postfix is already configured and Transport Layer Security (TLS) is implemented.

Postfix does not implement the SASL Library itself, but uses existing implementations as building blocks. This means that some SASL-related configuration files belong to Postfix, while other configuration files belong to the specific SASL implementation that Postfix will use.

How to Install Cyrus-SASL

When root install the packages with the following command:

yum install cyrus-sasl cyrus-sasl-plain -y

The individual SASL mechanisms are installed as RPMs.

The following is the integration for Postfix, for this purpose make the modification in the file /etc/postfix/

 service type private unpriv chroot wakeup maxproc command + args
 (yes)   (yes)   (yes)   ( never) (100)
 smtps inet n - n - - smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

For Postfix to work with SASL, Postfix must not run in the chroot directory, line smtps at position 5 (n).

Configure SMTP-Auth for local users, we edit the Postfix file /etc/postfix/

smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = !gssapi, !login, static:all
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd

Cyrus-SASL is configured by two files. The first file /etc/sysconfig/saslauthd can be transferred:

# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.

The SASL mechanisms PLAIN and LOGIN, CRAM-MD5 and DIGEST-MD5 are often used, for which the configuration file /etc/sasl2/smtpd.conf is responsible, the deployment was also performed during installation:

pwcheck_method: saslauthd
mech_list: plain login CRAM-MD5 DIGEST-MD5

Now start Cyrus-SASL Library Daemon and activate the systemd autostart, then re-start Postfix:

systemctl start saslauthd
systemctl enable saslauthd
systemctl restart postfix 

SMTP Submission Support on port 587 is now enabled, and this can be verified with the following command:

ss -tuln4 | grep 587
tcp   LISTEN      0      100         *:587         *:*

To authenticate to the SMTP gateway, a user is now created to send e-mail through the MTA:

adduser -M -s /sbin/nologin User24
passwd User24

A local UserID is sufficient for our request here, Cyrus-SASL support LDAP and SQL to interact, for example, Kopano or an AD directory service.

Testing Cyrus-SASL SMTP-Auth

The mechanisms for authentication within STARTTLS can be verified with OpenSSL:

openssl s_client -connect -starttls smtp

In the output of openssl pass an EHLO:

 250-SIZE 27262976
 250 DSN

If OpenSSL is not available, telnet can also be used for this purpose, it is connected to the gateway via port 587, PuTTY or KiTTY can also be used for this purpose.

KiTTY Configuration

Now we want to authenticate to the gateway (MTA). The user name and password must be transferred to the SMTP gateway in base64 encoded format, and enter the following command lines to obtain the base64 encoding for the user name and password.

echo -en "userxy" | base64
echo -en "password" | base64

The SASL SMTP-Auth configuration and authentication is checked as follows by running the following lines in the terminal, after entering AUTH LOGIN to insert the user name encoded with Base64 and the password.

telnet 25
Connected to
Escape character is 'A]'.
220 ESMTP MAIL Service ready at Sat, 12 Mar 2019 09:26:12
EHLO Hello
250-SIZE 2097152
250 OK
334 VXClcm5hbWU6
334 UGFzc4dvcmQ8
235 2.7.0 Authentication successful

The SMTP-Auth edition of Postfix with Cyrus-SASL.

Insert the above encoded credentials at the 334 prompts, here at line 24 as userxy and at line 26 our password.

  A 250 STARTTLS in the output shows the prerequisites that the plaintext username with password is transmitted to the SMTP gateway protected by STARTTLS.

Another easy way to test an SMTP gateway is SMTPConsole.