Child pages
  • Serversetup multi-tenant Zarafa+Postfix+SASL+SpamAssassin+Clamav+openLDAP (Ubuntu 14.04 LTS)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
~# groupadd -g 5000 zarafa
~# useradd -c 'User for ZCP' -d '/var/lib/zarafa' -g 5000 -M -N -s '/bin/false' -u 5000 zarafa

Zarafa Folders

Zarafa writes / logs to various folders which now need to be owned to the newly created user. Also for the webapp to function correctly we need to give access rights to some folders to the www-data user.

Code Block
~# chown -R zarafa: /var/log/zarafa /var/lib/zarafa
~# chown -R www-data: /var/lib/zarafa-webaccess/tmp /var/lib/zarafa-webapp/tmp

 

 

zarafa-server and ldap.conf

...

zarafa-gateway

This service talks pop(s) and imap(s) pops and imaps to the outside world. Unencrypted protocols should no longer be needed. Enable them only if you need to support legacy clients.

No Format
title/etc/zarafa/dagent.cfg
# Set this value to a name to show in the logon greeting to clients.
# Leave empty to use DNS to find this name.
server_hostname = example.com

# Whether to show the hostname in the logon greeting to clients.
server_hostname_greeting = yes

# drop privileges and run the process as this user
run_as_user             = zarafa

# drop privileges and run the process as this group
run_as_group            = zarafa

# default connection to the Zarafa server
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
server_socket = http://10.1.50.100:236/zarafa

# enable/disable POP3, and POP3 listen port
pop3_enable     =       yesno
pop3_port       =       110

# enable/disable Secure POP3, and Secure POP3 listen port
pop3s_enable    =       yes
pop3s_port      =       995

# enable/disable IMAP, and IMAP listen port
imap_enable     =       yesno
imap_port       =       143

# enable/disable Secure IMAP, and Secure IMAP listen port
imaps_enable    =       yes
imaps_port      =       993

# File with RSA key for SSL
ssl_private_key_file    =       /etc/zarafa/ssl/mail.key

#File with certificate for SSL
ssl_certificate_file    =       /etc/zarafa/ssl/mail.crt

...

No Format
title/etc/zarafa/spooler.cfg
# set our internal smtp interface for local mail
smtp_server      = 10.1.50.1
 
# drop privileges and run the process as this user
run_as_user      = zarafa

# drop privileges and run the process as this group
run_as_group     = zarafa

 
# set this if you want outlook-style meeting requests
always_send_tnef = yes

...

Code Block
title/etc/clamsmtpd.conf
OutAddress:  10026
Listen:      127.0.0.1:10025
ClamAddress: /var/run/clamav/clamd.ctl

 

Tying It All Together

Now take a deep breath, you're almost there. If all went well, all configs fit and all permissions are set, after a healthy restart of the services :you should have a complete ZCP setup up and running. Congratulations!

Code Block
~# service clamav-daemon restart
~# service clamav-freshclam restart
~# service clamsmtp restart
~# service postfix restart
~# service saslauthd restart
~# service spamassassin restart
 
# after the following command be sure to check all zarafa processes, especially zarafa-search!
~# for i in $(ls /etc/init.d/zarafa-*); do ${i} restart; done   

 

 

Regular Maintenance

Drop this file into '/etc/cron.d'. It's pretty self-explanatory, however you might want adjust the values and/or intervals.

Code Block
title/etc/cron.d/mailjobs
# minute (0-59),
# |     hour (0-23),
# |     |       day of the month (1-31),
# |     |       |       month of the year (1-12),
# |     |       |       |       day of the week (0-7 with 0=7=Sunday).
# |     |       |       |       |       user
# |     |       |       |       |       |       command

# sync LDAP to Zarafa regularly
*/15    *       *       *       *       root    /usr/bin/zarafa-admin --sync
 
# purge soft-deleted items after 30 days
3       30      *       *       *       root    /usr/bin/zarafa-admin --purge-softdelete 30

 
# spamassassin updates
# choose the right channels for your language!
5       6,12    *       *       *       root    sa-update --nogpg --channel updates.spamassassin.org --channel sought.rules.yerp.org --channel sa.zmi.at && service spamassassin restart

...

  • Send Mails via
    • WebAccess / WebApp
    • pop/pops
    • imap/imaps
    • postscreen checks
    • clamav checks
    • spamassassin check
  • Deliver mails
      check MTA logs
    • test local delivery to username / alias
    • test group deliveries
  • exchange / activesync / mobile access

 

 

This page has been viewed  times.

...