Sysops who manage Kopano Groupware servers, they one of the essential task is to track resource usage to know space and quotas. This post shows how Kopano users Current store size is displayed in the console.

How to show the current store size of a user

Let’s say we want to know how the storage usage of a Kopano user in an organization looks like, usually we will run this command:

$ kopano-admin --details kate@middleton.org

This will show us all the details about the user.

Object id:              5
Extern id:              \313\332\306\30\336\325G)\263\356\275;s\324\237z
Username:               kate@middleton.org
Fullname:               Kate Middleton
Emailaddress:           kate@middleton.org
Active:                 yes
Administrator:          yes
Address book:           Visible to current user
Auto-accept meeting req:no
MDB provider:           KOPANO_STORE_DELEGATE_GUID
Store GUID:             0E79B76316F0491F9A8C4BFE1C1F1592
Out Of Office:          disabled
Server version:         8.7.25
Mapped properties:
        PR_EC_ENABLED_FEATURES  mobile; outlook; webapp
        PR_EC_DISABLED_FEATURES imap; pop3
Current user store quota settings:
 Quota overrides:       no
 Warning level:         1024.00 MB
 Soft level:            2048.00 MB
 Hard level:            3072.00 MB
Current store size:     231.10 MB
Groups (1):
        Everyone

How to show the current store size of all users

If there are more than a couple of users, another adequate solution must be found, so it makes sense to create a simple bash script in which we run kopano-admin in a for loop:

#!/bin/bash
for user in $(kopano-admin -l | sed -n 5,1000p | cut -f 2 | sort)
do
    kopano-admin --details $user | grep -E 'Emailaddress|Current store size|Last logon'
done

When use Kopano in a multi-tenancy environment, then the company sections must be processed, e.g. with the query and variable assignment:

#!/bin/bash
comp=`(kopano-admin --list-companies | sed -n 4,1000p | cut -f 2)`
echo "$comp"

The result shows us all the companies listed in a usable format, right as an option in the next commands.

Finally, the next for loops show the current store size of all Kopano users in each multi-tenancy company:

#!/bin/bash
for comp in $(kopano-admin --list-companies | sed -n 4,1000p | cut -f 2)
do
    echo "Company $comp"
    for user in $(kopano-admin -l -I "$comp" | sed -n 5,1000p | cut -f 2)
    do
        kopano-admin -l --details "$user" | grep -E 'Emailaddress|Current store size'
    done
done

  As a pattern, grep with -E option can add further patterns, desired patterns can be inserted separately with pipe, e.g. Current user store quota settings like Warning level and Soft level or Hard level.

Company middleton.org
Emailaddress:           kate@middleton.org
Current store size:     231.10 MB
Company dukedom.org
Emailaddress:           charles@dukedom.org
Current store size:     694.71 MB
Emailaddress:           meghan@ducedom.org
Current store size:     1195.14 MB

The output of a multi-tenancy server looks something like this.

Hint

To get just an overview, the --user-count option gives the output.

$ kopano-admin --user-count -v -v -v -v -v -v
[debug  ] Initializing provider "Kopano Directory Service"
[debug  ] Initializing provider "Private Folders"
[debug  ] Initializing provider "Public Folders"
User counts:
                        Allowed         Used    Available
        --------------------------------------------------------
        Active          no limit        1034    -
        Non-active      no limit        17      -
          Users                         0
          Rooms                         12
          Equipment                     2
        Total                           1065

Kopano tutorial for installing on Debian 11 (Bullseye). The open source collaboration suite for e-mail and calendar server allows the greatest possible control over the data. The services cover the majority of communication needs in a organisation. A Kopano server is an alternative to the offerings that run as cloud services under the control of the providers.

Install Kopano Core Install Kopano WebApp Install Z-Push Kopano and Postfix

Install Kopano Core

KC is installed on Debian 11 (Bullseye) in this tutorial and requires a subscription key, this serial key is available from Kopano BV for a small fee. It includes deploying Konpano Core along with the WebApp and Z-Push packages using the Apache2 web server. Depending on the speed of your internet access, provisioning takes less than 10 minutes. Let’s start by adding the KC repository, which requires your valid KC subscription key.

  I prefer root through system deployments (“su -“), many also use sudo, the commands shown here are processed without sudo. Ubuntu allows become root (“sudo su -“), choose your preferred approach.

In the pre-setting, the following packages can provisioned from the Debian Standard Repository.

$ apt update
$ apt install -y gnupg2 wget apt-transport-https

Debian 11 using of apt_auth.conf for embedding credentials needed do connect and download data from a repository.

Add the APT authentication configuration to Repository into:
/etc/apt/auth.conf.d/kopano.conf

$ echo "machine download.kopano.io/supported/core:/final/Debian_11/ login serial password XXXXXXXXXXXXXXXXXXXXXXXXX" | tee /etc/apt/auth.conf.d/kopano.conf

Note. instead of the placeholder (“XXX”) insert your 25-digit serial key.

Add the Final Release of the Kopano Core Repository into:
/etc/apt/sources.list.d/kopano.list

$ echo "deb https://download.kopano.io/supported/core:/final/Debian_11/ ./" | tee /etc/apt/sources.list.d/kopano.list

Now add the PGP-Signature Release.key file to the Trusted Keys.

$ wget -O- https://serial:XXXXXXXXXXXXXXXXXXXXXXXXX@download.kopano.io/supported/core:/final/Debian_11/Release.key | tee /etc/apt/trusted.gpg.d/KopanoRelease.key > /dev/null 2>&1

Note. instead of the placeholder (“XXX”) insert your 25-digit serial key.

Add the Kopano repository key into the keyring.

$ apt-key add /etc/apt/trusted.gpg.d/KopanoRelease.key
$ gpg2 --import /etc/apt/trusted.gpg.d/KopanoRelease.key

  Note. you will see the message: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))..

The clue wants to tell us that the command apt-key is deprecated, but don’t worry, it’s still valid during the transition period at the time this tutorial was written. If you want to be sure, you can use this command to check if the Kopano public key are added.

$ apt-key list | grep -B 4 Kopano

Enable the newly added Repository.

$ apt update

The server is now preconfigured and processing continues with install MariaDB and the Kopano server.

$ apt install -y mariadb-server kopano-*

Adding a SQL database user for the Kopano Store. the database has already been created by the installation script.

$ mysql
CREATE USER 'kopano'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON kopano.* TO 'kopano'@'localhost';
quit

Note. choose a secure password instead of the placeholder.

Customize the Kopano Server

  If there are no configuration files exist in/etc/kopanothe .cfg files can be found in/usr/share/doc/kopano/example-config

$ gzip -d -f --keep /usr/share/doc/kopano/example-config/*.cfg.gz & \cp /usr/share/doc/kopano/example-config/*.cfg /etc/kopano

Unpack and copy the sample configuration files (.cfg). Note. I bypass the alias ‘cp -i’ and use the non-aliased cp by prefixing it with \, if that does not work! hit unalias cp first instead of \cp.

Next edit the Kopano server configuration/etc/kopano/server.cfg

For now only the user for Kopano Admin, execution and database access will be changed.

local_admin_users = root kopano
run_as_user = kopano
run_as_group = kopano
mysql_user = kopano
mysql_password = password

Note. the password entered for the database user in the step before.

In the final step we will start the Kopano server.

$ systemctl start kopano-server

Now of course we want to check the status of the services.

$ systemctl status kopano-*

When everything worked out so far, the following output will displayed.

The Kopano Server configuration in this tutorial is based on the database backend. When using the database backend, nothing needs to be changed as the database user_plugin is already the default. In addition, there is the LDAP plugin (“user_plugin=ldap”) for better administration, for integration with OpenLDAP, Active Directory and Samba, which is not discussed further here.

Create an admin account to manage the Kopano Server.

$ kopano-cli --create -u kadmin --fullname "Kopano Admin" --password secure123 --email admin@example.org

Install Kopano WebApp

The WebApp runs as front-end of the Collaboration suite, same like the most CMS they are based on the LAMP-Stack (Apache, MySQL, PHP). For Debian 11 the Apache2 web server and PHP 7.4 (“libapache2-mod-php”) from the Debian Standard Repository are installed by default.

$ apt install -y apache2 php php-common

  If a fresh installation of the server is chosen with Debian or Ubuntu, which is recommended for a successful KC installation, the entire LAMP-Stack (Apache, MySQL, PHP) can be easily installed with taskel. This will deploy all the packages required for the Kopano installation script to complete successfully.

The next Kopano Repository needs for WebApp to be added to:
/etc/apt/sources.list.d/kopano.list

$ echo "deb https://download.kopano.io/supported/webapp:/final/Debian_11/ ./" | tee -a /etc/apt/sources.list.d/kopano.list

Add the APT authentication configuration in:
/etc/apt/auth.conf.d/kopano.conf

$ echo "machine download.kopano.io/supported/webapp:/final/Debian_11/ login serial password XXXXXXXXXXXXXXXXXXXXXXXXX" | tee -a /etc/apt/auth.conf.d/kopano.conf

Add the PGP-Signature Release.key to the trusted keys.

$ wget -O- https://serial:XXXXXXXXXXXXXXXXXXXXXXXXX@download.kopano.io/supported/webapp:/final/Debian_11/Release.key | tee /etc/apt/trusted.gpg.d/WebAppRelease.key > /dev/null 2>&1

Instead of the placeholder (“XXX”) insert the 25-digit serial key.

Enable the newly added Repository.

$ apt update

Finally we will be ready to deploy the WebApp from the Repository.

$ apt install -y kopano-webapp

Enable the Kopano-WebApp site and reload the Apache2 webserver.

$ a2ensite kopano-webapp
$ systemctl reload apache2

  Since secure cookies are enabled by default starting with WebApp 3.4.0, this means that the WebApp cannot be accessed without SSL certificates. This can be switched off by enabling insecure cookies in:
/etc/kopano/webapp/config.php

define("SECURE_COOKIES", false);

Change from true to false around line 44 to allow log-in without HTTPS.

Make sure the web server is enabled at system startup.

$ phpenmod kopano
$ systemctl enable apache2
$ systemctl reload apache2

Open the URL in a browser to get the WebApp login page, i.e. http://kopano.example.org/webapp/

Another helpful post on this topic see in Kopano WebApp circle rotates endlessly in Firefox

Install Z-Push

Z-Push is an implementation of Microsoft’s ActiveSync protocol that uses wireless technology for ActiveSync-enabled devices across multiple platforms, including Apple iPhone and iPad and Android devices. With open source Z-Push, any PHP-based collaboration package can be fully synchronized with any ActiveSync compatible device.

Z-Push again provisioned from Kopano with add the Repository.

$ echo "deb https://download.kopano.io/zhub/z-push:/final/Debian_11/ ./" | tee /etc/apt/sources.list.d/z-push.list

Add the PGP-Signature Release.key to the trusted keys.

$ wget -O- https://download.kopano.io/zhub/z-push:/final/Debian_11/Release.key > /etc/apt/trusted.gpg.d/z-push.key

Add the Z-Push repository key into the keyring.

$ apt-key add /etc/apt/trusted.gpg.d/z-push.key

Enable the newly added Repository.

$ apt update

Z-Push and Z-Push AutoDiscover can now be provisioned on the server.

$ apt install -y z-push-kopano z-push-config-apache z-push-autodiscover z-push-config-apache-autodiscover

To activate Z-Push the web server has to be reloaded.

$ systemctl restart apache2

Z-Push is now deployed and can be found at /usr/share/z-push. The configuration in/etc/z-push/z-push.conf.phpthere no changes need.

Hint! it is generally a good idea to use the complete email address as a login name, with the value of USE_FULLEMAIL_FOR_LOGIN set to true in/etc/z-push/z-push.conf.php

define('USE_FULLEMAIL_FOR_LOGIN', true);

This value is also used in/etc/z-push/autodiscover.conf.php

I recommend the settingloginname_format = %uwhere the username is created with user@example.org, see the corresponding settings in
/etc/kopano/server.cfg

For Multi-tenancy installations use the loginname format %u@%c.

Z-Push readiness can be verified by opening the URL in a browser.

http://kopano.example.org/Microsoft-Server-ActiveSync

If everything went well, you will be prompted to log in, use the previously created (“kadmin”) user here or, if already available, another user login, then the Z-Push ActiveSync page will appear.

Kopano and Postfix Mail Transport Agent

Kopano Core does not include its own MTA, but integrates with all established MTAs found in modern Linux distributions. Although KC supports most Linux MTAs, using Postfix is recommended.

To deliver an email to a user’s mailbox, the kopano-dagent is run. Messages are passed to kopano-dagent via the LMTP protocol. Using LMTP is the recommended deployment method as it enables Single Instance Attachment Storage.

Postfix with MySQL connection is used for this purpose, which is provisioned for the MTA as follows.

$ apt install -y postfix postfix-mysql

The install assistant prompts you to choose the mode in which the MTA has to by run and enter a hostname for the Postfix configuration, i.e. kopano.example.org.

Add the main Postfix configuration to/etc/postfix/main.cf

myhostname = kopano.example.org
mydestination = localhost
# relayhost if relaying via a smarthost
relayhost = 172.31.245.70
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.31.245.70

virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_transport = lmtp:127.0.0.1:2003
virtual_mailbox_domains = example.org

smtpd_recipient_restrictions = permit_mynetworks,
        reject_non_fqdn_recipient,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_unknown_client,
        reject_unknown_hostname,
        reject_invalid_hostname,
        reject_unauth_pipelining,
        reject_unauth_destination,
        reject_unverified_recipient,
        permit

For lookup of the recipient the password is needed again in the next step.

In addition create a file/etc/postfix/mysql-users.cf

$ echo "user = kopano
password = password
hosts = 127.0.0.1
dbname = kopano
query = SELECT value FROM objectproperty where propname = 'emailaddress' and value = '%s';" > /etc/postfix/mysql-users.cf

  According to a Kopano server in Multi-tenancy environment, I’ll use here the loginname format ‘%u@%c’ (%u Username, %c Teantname), for a system-wide unique username such as email address.

At last restrict the access rights and build the virtual Berkeley DB.

$ chmod 600 /etc/postfix/mysql-users.cf
$ touch /etc/postfix/virtual
$ postmap /etc/postfix/virtual
$ systemctl restart postfix

With incoming emails now Postfix virtual_mailbox_maps look up if the recipient (user) exists in the store using SQL query. other integrations are possible, such as interaction with LDAP, which is not covered in this tutorial.

Useful Commands

After the Kopano server is hooked up and ready to use, in the next steps we create and manage user accounts and mailbox storage using db plugin.

With a Multi-tenancy environment (only then) the following KC server setting is made bellow the MISC SETTINGS section in:
/etc/kopano/server.cfg

enable_hosted_kopano = true
storename_format = %u
loginname_format = %u@%c

In a Multi-tenancy installation, first we will become an organization with the domain they create their company space.

$ kopano-admin --create-company -s -I company.org

Create a new user account for the organization.

$ kopano-admin -c kate@company.org -p password -e kate@company.org -f 'Kate Middleton' -a1

Here will be set administrator level for user with -a1.

Do not forget to create a mailbox store for new created user.

$ kopano-cli --create-store -u kate@company.org

Now check whether the new user actually exists with list users, users will now logging in using the e-mail address as the username.

$  kopano-admin -l
User list for company.org(2):
        Username                Fullname        Homeserver
-----------------------------------------------------------
        SYSTEM                  SYSTEM          Unknown
        kate@company.org        Kate Middleton

For help hitkopano-admin --helpalso further detailed information view the man page or hitman kopano-adminin your terminal shell.

Let’s Encrypt SSL/TLS Certificate Authority (CA)

The deployment of Let’s Encrypt and it’s ACME implementation with Certbot is done quickly with just only two commands.

$ apt -y install certbot python3-certbot-apache
$ certbot --apache -d kopano.example.org

Conclusion

The Kopano server is now complete with all functions that can be used by the desktop and mobile clients. A further variety of applications and plugins can be provisioned, the infrastructure integration for active directory or samba and OpenLDAP may be further steps.