Вы находитесь на странице: 1из 18

Zarafa Free Edition Z-Push Mail Ubuntu 12.

04 Server

By Toby Herbert on June 12th, 2013 in Servers tags: activesync, ubuntu, z-push, zarafa
In this tutorial, I will show you how to setup a Zarafa Free Edition server 7.1.4 with Push Mail
capabilities on Ubuntu 12.04 LTS.
Its a more up to date version of my last tutorial - Installing Zarafa Open Source Edition with ZPush on an Ubuntu 10.04 LTS Server.
Almost all work is done from the command line, so if you dont understand how to use one this
tutorial probably isnt for you.
A good starting point is to google How to Use a Linux Command Line:
How to Use a Linux Command Line Google Search
1) Installing Postfix MTA
Firstly, lets make sure apt-get is up-to-date for our Zarafa Free Edition server:
sudo apt-get update
sudo apt-get upgrade -fy

Now lets install Postfix, enter the following command to install it:
sudo apt-get install postfix

During the installation, you will be asked what mail server configuration you want to use:

Choose the default option Internet Site and press the Enter/Return key.
The System Mail Name is the hostname of your server:

For me, this was my servers FQDN (Fully Qualified Domain Name). Once you have entered
your FQDN, press Enter/Return to continue.
Postfix should now be installed, but were not done yet!
For Postfix to integrate correctly with the Zarafa Free Edition server, we need to modify the
Postfix configuration files.
Youll need to setup procmail for use with this server. This will allow us to setup Anti-Virus
and Spam management (more on this later).
Lets install procmail with the following command:

sudo apt-get install procmail

Next, open up /etc/postfix/main.cf with your favourite editor. Im using nano. Make sure you
have superuser (sudo) access!

Add the following lines to the bottom of the file to enable compatibility with the Zarafa Free
Edition server:
# Virtual Aliases
virtual_alias_maps = hash:/etc/postfix/aliases
# SASL Authentication
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
# Procmail
virtual_transport = procmail:
mailbox_transport = procmail:
procmail_destination_recipient_limit = 1

These lines enable various features that well be implementing later on in this tutorial.

Next you need to append your domain to the mydestination variable


e.g. to provide mail for example.com:
mydestination = server.example.com, localhost.localdomain, localhost

Change to:
mydestination = server.example.com, example.com, localhost.localdomain,
localhost

Press the key combination CTRL + X, followed by the letter y to exit nano.
Next open /etc/postfix/master.cf in your editor. You still need superuser access!

Scroll to the bottom of the file and add the following lines:
# Zarafa
zarafa
unix n
n
10
pipe
flags=DRhu user=vmail argv=/usr/bin/zarafa-dagent -R ${recipient}
# Procmail
procmail unix n
n
10
pipe
flags=DORX user=vmail argv=/usr/bin/procmail -t -o SENDER=${sender} -m
USER=${user}@${domain} DOMAIN=${domain} EXTENSION=${extension} RECIPIENT=$
{recipient} /etc/procmailrc

Postfix should now integrate nicely with your Zarafa Free Edition server!

If you need to use aliases (e.g. bob@example.com -> jerry@example.com) execute the
following commands (more on this later):
sudo touch /etc/postfix/aliases
sudo postmap /etc/postfix/aliases

Finally, start postfix by running the following command:


sudo /etc/init.d/postfix reload

2) Create the vmail user


Next we need to create the vmail user for our Zarafa Free Edition server:
sudo adduser --system --create-home vmail

If the command moans about the create-home option, run this instead:
sudo adduser --system vmail

Easy peasy!
3) Installing OpenDKIM (optional)
OpenDKIM helps identify your Zarafa, so as it is less likely to be classed as spam.
To install OpenDKIM on your Zarafa Free Edition server, run the following command:
sudo apt-get install opendkim opendkim-tools

If you didnt see any errors during the installation, you should be set to go!
Now, create a directory to store your dkim keys. Run the following command to generate this
directory:
sudo mkdir -p /etc/dkim

Now edit /etc/opendkim.conf in your editor:

Scroll to the bottom of the file and add the following:


Socket
Domain
KeyFile
Selector

inet:8891@localhost
example.com
/etc/dkim/example_com.key
exmpl

Make sure you change the Domain, KeyFile and Selector to suit your needs (Selector can be
anything within reason :)).
Now create your OpenDKIM key with the following command:
cd /etc/dkim
sudo opendkim-genkey -t -s exmpl -d example.com

Dont forget to change exmpl to the selector you used previously!


opendkim-genkey has generated two files for us, exmpl.private and exmpl.txt.
Type the following to rename the exmpl.private file:
sudo mv /etc/dkim/exmpl.private /etc/dkim/example_com.key

Lets view the contents of the exmpl.txt file by typing the following command:
sudo cat /etc/dkim/exmpl.txt

You should see something like this:

exmpl._domainkey IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=*LONG KEY*" ; ----- DKIM
exmpl for example.com

Add this record to your DNS. You can now delete the exmpl.txt file by executing the following
command:
sudo rm /etc/dkim/exmpl.txt

4) SSL Certificate
Before we install Zarafa you will need an SSL Certificate for your Servers Hostname not your
domain! So, for example, if your servers hostname is server.example.com then your SSL
Certificate must be for server.example.com. If you dont want to buy an SSL Certificate, you
can get a free one from StartSSL.
Once you have your SSL Certificate, run the following command:
sudo mkdir -p /etc/zarafa-ssl

This will generate a directory to store the SSL Certificate.


If you need to copy the SSL Certificate to the your server, run the following command (on your
computer):
e.g for root:
scp /path/to/server_example_com.crt
root@server.example.com:/root/server_example_com.crt
scp /path/to/server_example_com.key
root@server.example.com:/root/server_example_com.key
scp /path/to/ca_bundle.crt root@server.example.com:/root/ca_bundle.crt

NOTE: You need both a Certificate (CRT) and a PrivateKey (KEY) file on the server, the CA
Bundle isnt necessarily required but it helps reduce Cant validate certificate errors. Also make
sure your PrivateKey is not password protected! If your PrivateKey is password protected you
need to remove the password. This can be done by issuing the following command (openssl is
required!):
openssl rsa -in /path/to/server_example_com.key -out
/path/to/server_example_com_decrypted.key

Then delete the password protected file and rename the password less file to exclude
_decrypted.
You can now switch back to your server and issue the following commands to move the SSL
Certificate and PrivateKey to their correct directories:
sudo mv /root/server_example_com.crt /etc/zarafa-ssl/server_example_com.crt
sudo mv /root/server_example_com.key /etc/zarafa-ssl/server_example_com.key
sudo mv /root/ca_bundle.crt /etc/zarafa-ssl/ca_bundle.crt

5) Install Zarafa Free Edition


Its finally time to install Zarafa!
This is a little different from my last tutorial, to get the most up to date version of Zarafa we
need to download an installer package and decompress it. This is simply done via the following
commands:
sudo wget http://download.zarafa.com/community/final/7.1/7.1.4-41394/zcp7.1.4-41394-ubuntu-12.04-x86_64-free.tar.gz
sudo tar -zxvf zcp-7.1.4-41394-ubuntu-12.04-x86_64-free.tar.gz
cd ./zcp-7.1.4-41394-ubuntu-12.04-x86_64

Or if you have an i386 (32-bit) system:


sudo wget http://download.zarafa.com/community/final/7.1/7.1.4-41394/zcp7.1.4-41394-ubuntu-12.04-i386-free.tar.gz
sudo tar -zxvf zcp-7.1.4-41394-ubuntu-12.04-i386-free.tar.gz
cd ./zcp-7.1.4-41394-ubuntu-12.04-i386

Next, youll need to install various packages for Zarafa to install successfully, you can do this
by entering the following commands:
sudo apt-get install php5-cli php-gettext mktemp gawk xsltproc poppler-utils
unzip catdoc libboost-filesystem1.46.1 libboost-system1.46.1 libicu48 w3m
python-mysqldb apache2-mpm-prefork libapache2-mod-php5 mysql-server pythonsupport libpython2.7 libcurl3

NOTE: If you already have a mysql server, or you used a password when the mysql server
asked you for one, you need to enter the password in /etc/zarafa/server.cfg in the
mysql_password variable (once Zarafa is installed of course!).
Now you can install the Zarafa packages by running the following command:
sudo ./install.sh

Accept the defaults except for the MySQL Database Password which you chose when running
the previous command.
Zarafa should now be installed on your server! Before we continue, you should run the
following commands to prevent any warnings in your mail log where postfix may be unable to
write to the Zarafa log files. Run the following commands:
sudo
sudo
sudo
sudo

mkdir
mkdir
chmod
chmod

-p
-p
-R
-R

/var/lib/zarafa
/var/log/zarafa
777 /var/lib/zarafa
777 /var/log/zarafa

Next, you need to edit /etc/zarafa/server.cfg, so open it up in your favourite editor:

Make the following changes:


local_admin_users = root

Change to:
local_admin_users = root vmail

Also add this to the bottom of the file:


# Extra Settings
disabled_features =

Note: If you have a MySQL Server with a password (or a different username other than root),
you must change the appropriate variables under the MYSQL SETTINGS heading.
Next, open up /etc/zarafa/gateway.cfg and make the following changes:
pop3s_enable = no
imaps_enable = no
ssl_private_key_file = /etc/zarafa/gateway/privkey.pem
ssl_certificate_file = /etc/zarafa/gateway/cert.pem
ssl_verify_file =

Change to:
pop3s_enable = yes
imaps_enable = yes
ssl_private_key_file = /etc/zarafa-ssl/server_example_com.key

ssl_certificate_file = /etc/zarafa-ssl/server_example_com.crt
ssl_verify_file = /etc/zarafa-ssl/ca_bundle.crt

Now, you need to enable apache mod_ssl to allow SSL to work with your online webmail
service. This can be done by executing the following command:
sudo a2enmod ssl proxy

Next, you need to add a new VirtualHost record. This will enable the apache webserver to use
secured sites. To add the VirtualHost record, you need to edit /etc/apache2/sites-enabled/000default and add this to the bottom of the file (dont forget to change the server_example_com to
your servers certificate name!):
<VirtualHost *:443>
DocumentRoot /var/www
SSLEngine on
SSLCertificateFile /etc/zarafa-ssl/server_example_com.crt
SSLCertificateKeyFile /etc/zarafa-ssl/server_example_com.key
SSLCertificateChainFile /etc/zarafa-ssl/ca_bundle.crt
</VirtualHost>

If you dont want to have to go to http://server.example.com/webapp to access online webmail,


you can change the apache config file to allow the root of your server forward to the webmail
system. This can be done by editing /etc/apache2/sites-enabled/000-default as follows:
DocumentRoot /var/www

Change this to:


DocumentRoot /usr/share/zarafa-webapp

NOTE: If you use this method, make sure you change both the VirtualHosts (for port 80 and
443)!
Alternatively, you can choose a different sub-directory to forward to the webmail system, this
can be done by editing /etc/apache2/sites-enabled/zarafa-webapp as follows:
Alias /webapp /usr/share/zarafa-webapp

Change this to:


Alias /whatever /usr/share/zarafa-webapp

Change whatever to the sub-directory you want to use (perhaps /webmail).


Ok, now edit /etc/apache2/apache2.conf and add the following to the bottom of the file:

ProxyPass
/zarafa http://localhost:236
ProxyPassReverse /zarafa http://localhost:236

Next, edit /etc/rc.local and add the following before the exit line:
sudo /etc/init.d/zarafa-server start

Now that youve enabled the SSL module and added the new VirtualHost configuration for SSL
(port 443), you need to restart apache. Run the following command to do this:
sudo /etc/init.d/apache2 restart

Its time to add our first user!


For testing purposes, lets use the username test with an email address of test@example.com.
Run the following command to create the user (replace test@example.com with your your
domain test address!):
sudo /usr/bin/zarafa-admin -c test -p a_password -e test@example.com -f "Test
User"

Lets run through what this does, -c tells zarafa to create a user named test, -p sets the users
password to a_password, -e sets the email address for the user to test@example.com, and
finally -f sets this users name to Test User. All of these parameters are required to create a user
(including the name!).
NOTE: If you are using the same zarafa server to host multiple domains (with the same email
prefix, e.g. test@example.com and test@domain.com) your username for the first account needs
to match the first part of the email address. e.g. test@example.com (email) -> test (username).
For the second account, the username must be different than the email. e.g. test@domain.com
(email) -> test_anything (username). Its complicated but youll get there!
Youve now created a zarafa user, hooray! You now need to create a system user matching the -c
part of the last command. So if you used -c test, you need to run the following command (change
test to the username you used!):
sudo useradd --shell /sbin/noshell test

The /sbin/noshell part prevents the user from logging on to your server (via SSH) and making
unauthorised changes to your server.
In order for this to work properly, you need to add /sbin/noshell to the shells file, this can be
done by the following command:
echo "/sbin/noshell" >> /etc/shells

Youll also need to set a password for the test system user (replace test with the username you
used, and a_password with the same password you used before!):
sudo passwd test

And finally, run this command (again change test to the username you used!):
sudo /usr/bin/zarafa-server test:a_password

When you are prompted for a password, enter the same one used above.
If you would like to setup a catch all for your domain (say all mail to anything@example.com
goes to mail@example.com), you can do this easily.
To start, edit the file /etc/postfix/aliases and add the following to it (remember to change
example.com to your domain!):
@example.com mail@example.com

This will forward all mail to the email address mail@example.com.


If you already have some other accounts on that domain, youll also need to add the following
above the @example.com mail line (remember to change username@example.com to your
username and domain name!):
username@example.com username@example.com

This is not a typo! There should be two email addresses here! This needs to be repeated for every
account you have, otherwise theyll be forwarded to your catch all!
Your file should now look like this:
username@example.com username@example.com
@example.com mail@example.com

You need to now rebuild the aliases file, run the following command to do this:
sudo postmap /etc/postfix/aliases

Now finally, you need to restart postfix, so run this command:


sudo service postfix restart

Zarafa should now be installed and setup!


6) Install Z-Push (optional)
This step is optional, but recommended. Z-Push integrates with Zarafa to provide push email.
Nowadays getting emails as they arrive to your inbox is important and a lot of people want it. As
Microsoft ActiveSync servers are extremely expensive, well be setting up this server with ZPush (an open source alternative to Microsofts ActiveSync protocol, which means its free!).
First of all, lets download Z-Push on the server:

cd /usr/share
sudo wget http://zarafa-deutschland.de/z-push-download/final/2.0/z-push-2.0.71690.tar.gz
sudo tar -zxvf ./z-push-2.0.7-1690.tar.gz
sudo rm ./z-push-2.0.7-1690.tar.gz
sudo mv ./z-push-2.0.7-1690 ./z-push
cd ./z-push

Now that youve downloaded Z-Push, you need to edit the /usr/share/z-push/config.php file as
follows:
define('TIMEZONE', '');

Change this to:


define('TIMEZONE', 'Europe/London');

Obviously only use Europe/London is you live in London! Please choose the appropriate
Timezone for where you live.
Now you need to create some directories for Z-Push to store data in, run these commands to do
this:
sudo
sudo
sudo
sudo

mkdir
mkdir
chmod
chmod

/var/lib/z-push
/var/log/z-push
777 /var/lib/z-push
777 /var/log/z-push

Great! You also need to change the permissions on /usr/share/z-push, like this:
sudo chown -R www-data:www-data /usr/share/z-push
sudo chmod -R 755 /usr/share/z-push

Next, you need to edit the /etc/apache2/apache2.conf file and add the following:
Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php

Z-Push should now be installed! Wasnt that easy?


7) SASL Authentication
To be able to send mail from an IP Address not defined in your mynetworks string, you need to
setup SASL Authentication. If you dont do this, the Zarafa Free Edition server will prevent you
sending mail.
To Install SASL Authentication, run the following command:
sudo apt-get install sasl2-bin libsasl2-modules

SASL Authentication is now installed!


Next we need to edit the /etc/default/saslauthd file (as superuser!):

Change the following lines:


START=no
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"

to
START=yes
THREADS=0
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Next, we need to create the file /etc/postfix/sasl/smtpd.conf and add the following:
pwcheck_method: saslauthd
mech_list: plain login

Your file should look like this:

Now we need to run the following commands:


sudo rm -r /var/run/saslauthd/
sudo mkdir -p /var/spool/postfix/var/run/saslauthd
sudo ln -s /var/spool/postfix/var/run/saslauthd /var/run
sudo chgrp sasl /var/spool/postfix/var/run/saslauthd
sudo dpkg-statoverride --add root sasl 710
/var/spool/postfix/var/run/saslauthd
sudo adduser postfix sasl

These commands setup the SASL Authentication daemon.


It should be safe to ignore any errors related to the mkdir command.
Finally, start SASL Authentication by typing the following command:
sudo /etc/init.d/saslauthd start

Run the following commands to test your SASL Authentication:


telnet localhost 25

You should see a welcome message from Postfix.


Type the following command remembering to replace server.example.com with your servers
hostname:
ehlo localhost

The server will reply (similar to):

250-*****
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

If you can see the line AUTH, SASL should be enabled. Test SASL by running the following
commands:
AUTH LOGIN USERNAME

The server will reply with something like 334 ************.


PASSWORD

Your username and password must be base64 encoded, you can encode your username and
password to base64 via the command:
echo -n "USERNAME/PASSWORD" | openssl enc -a

If you didnt encounter any errors, you should see this message:
235 2.7.0 Authentication successful

If you get any errors double check your username and password, if that doesnt work double
check your configuration files against the ones listed above.
Type quit to exit.
8) Anti-Virus and Spam
This is optional but highly recommended!
Lets start by installing the required packages, which can be done by executing the following
commands:
sudo apt-get install clamav spamc clamassassin spamassassin

If everything goes smoothly, you should have clamav and spamc setup on your server!
So now, we need to create a procmailrc file to handle the span and virus scanning.
Create the file /etc/procmailrc and append the following to it:
DROPPRIVS=yes

LOGFILE=/var/log/procmail.log
VERBOSE=off
:0fw: clamassassin.lock
| /usr/bin/clamassassin
:0w
* ^X-Virus-Status: Yes
| /usr/bin/zarafa-dagent -j $USER
EXITCODE=$?
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc
:0:
* ^X-Spam-Status: Yes
| /usr/bin/zarafa-dagent -j $USER
:0w
| /usr/bin/zarafa-dagent $USER
EXITCODE=$?

Your Zarafa server should now put any spam or virus messages in your Junk Folder!
Next we need to edit /etc/spamassassin/local.cf to allow the spam engine to learn spam emails.
Change the following in the file:
rewrite_header Subject ***** SPAM *****
# report_safe 1
# use_bayes 1
# bayes_auto_learn 1

to this:
# rewrite_header Subject ***** SPAM *****
report_safe 0
use_bayes 1
hayes_auto_learn 1

You can also adjust the required_score parameter to increase or decrease the spam engines
sensitivity. A lower number will Junk more emails and a higher number will Junk less emails.
You should now have Anti-Virus and Spam Scanning setup on your server!
9) Reboot the server
As youve just setup a lot of packages, it is probably a good idea to reboot your server. To reboot
your server, run this command:
sudo reboot

10) Relax your Zarafa Free Edition Server is complete


Youve completed this tutorial! Well done! You should now have a working Zarafa Free
Edition server with Z-Push for ActiveSync push email!
Stay tuned for more tutorials!

Вам также может понравиться