Networking¶
When hosting Lime CRM on premise and setting up lime-inbox, there are alot of things that can give you issues depending on how the customers IT or IT-partner choose to configure their network/firewalls. This section summarizes information we have gathered during a whole lot of troubleshooting sessions.
Inbox requests overview¶
Email notification (When new email arrives)¶
Recover unprocessed/failed Emails¶
Create/Renew subscription (Sync and Save or Scheduled task)¶
Incoming requests¶
Requests that are recieved by the lime webserver.
External access vs. internal access¶
When we are talking about external access we mean that this resource needs to be accessible from the internet.
Internal access means that the resource only needs to be accessible from the limeserver itself.
There is one resource that's not guaranteed to be either/or:
- [GET]
https://<lime server DNS>/<application name>/limepkg-ms-inbox/status/inbox-summary/- This resource is used to fetch the current status to the status-component used in the webclient. Since this is a always called by the webclient, there should never be any network related problems. If the webclient works, this works.
External access¶
The resources that fall into this category are:
- The notification endpoint(s) you have configured in lime-admin. These are the only resources that needs to be accessible from the internet. More specifically, they need to be reachable by 'Change Notifications' sent by Microsofts graph API. It is possible to restrict access to this endpoint to requests coming from a defined list of IP-addresses, however this list can be difficult to maintain as it might change at any given time. We do not recommend implementing this, and do not deem it necessary to achieve a high level of security. More information from Microsoft: MS information on firewall configuration. The access that's needed is for a POST call over https (port 443).
Here's a list of Public IPs where Microsoft sends their notifications from under the purpose Microsoft Graph Change Notifications
All incoming traffic is authenticated and validated in accordance with Microsoft's documentation & guidelines.
The default notification endpoint is:
https://<lime server DNS>/<application name>/<solution-name>/inbox/
Internal access¶
The resources that falls into this category are:
| Method | URL |
|---|---|
| POST | https://<lime server DNS>/<application name>/limepkg-ms-inbox/client/health |
| GET | https://<lime server DNS>/<application name>/limepkg-ms-inbox/client/data |
| POST | https://<lime server DNS>/<application name>/limepkg-ms-inbox/client/update |
| GET | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/failed/list |
| GET | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/unprocessed/list |
| POST | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/failed/recover |
| POST | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/unprocessed/recover |
| GET | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/failed/task_id |
| GET | https://<lime server DNS>/<application name>/limepkg-ms-inbox/message/unprocessed/task_id |
| GET, POST | The recovery endpoint(s) you have configured in lime-admin. default: https://<lime server DNS>/<application name>/<solution-name>/inbox/recover/ |
It's important that the limeserver DNS is accessible/resolvable internally. This means that you should be able to paste the recovery endpoint into a browser on the lime server and get a "method not allowed" error back.
Communication-flow¶
The only incoming request for communication-flow is the webhook from Lime Newsletter. The information needed for opening to these calls can be found here.
Outgoing requests¶
This is requests that is sent by the lime webserver.
| Method | URL |
|---|---|
| DELETE, PATCH | https://graph.microsoft.com/v1.0/users/<resource-email-adress>/messages/<id> |
| GET | https://graph.microsoft.com/v1.0/users/<resource-email-adress>/messages/<id>/$value |
| GET | https://graph.microsoft.com/v1.0/users/<resource-email-adress>/mailFolders/Inbox/messages |
| POST | https://graph.microsoft.com/v1.0/subscriptions |
| DELETE, PATCH | https://graph.microsoft.com/v1.0/subscriptions/<id> |
| GET | https://graph.microsoft.com/v1.0/users/<guid>/messages/<long_id_string> |
| POST | https://graph.microsoft.com/v1.0/users/<guid>/messages/<long_id_string> |
Traml¶
Traml is being used by lime-inbox when you send an autoreply. It is also used in communication-flow when sending any message.
We are using the following TRAML endpoints:
| Method | Used in | URL |
|---|---|---|
| GET | Inbox, Communication flow |
https://app.bwz.se/<newsletter application-name>/bedrock/api/mailtemplate/name/<name> |
| GET | Communication flow |
https://app.bwz.se/<newsletter application-name>/bedrock/api/mailtemplate/<template_id>/htmlcontent |
| POST | Inbox, Communication flow |
https://app.bwz.se/<newsletter application-name>/bedrock/api/transactionmail/sendtemplate |
Troubleshooting¶
You can find some useful tools for troubleshooting here