Zarafa Free Edition Z-Push Mail Ubuntu 12.04 Server
By Toby Herbert on June 12th, 2013 in Servers tags: activesync,
ubuntu, z-push, zarafa
In this tutorial, I will show you how to setup a Zarafa Free
Edition server 7.1.4 with Push Mail capabilities on Ubuntu 12.04
LTS.
Its a more up to date version of my last tutorial -Installing
Zarafa Open Source Edition with Z-Push on an Ubuntu 10.04 LTS
Server.
Almost all work is done from the command line, so if you dont
understand how to use one this tutorial probably isnt for you.A
good starting point is to google How to Use a Linux Command
Line:How to Use a Linux Command Line Google Search1) Installing
Postfix MTA
Firstly, lets make sure apt-get is up-to-date for our Zarafa
Free Edition server:
sudo apt-get update
sudo apt-get upgrade -fyNow lets install Postfix, enter the
following command to install it:
sudo apt-get install postfixDuring the installation, you will be
asked what mail server configuration you want to use:
Choose the default option Internet Site and press the
Enter/Return key.
The System Mail Name is the hostname of your server:
For me, this was my servers FQDN (Fully Qualified Domain Name).
Once you have entered your FQDN, press Enter/Return to
continue.
Postfix should now be installed, but were not done yet!For
Postfix to integrate correctly with the Zarafa Free Edition server,
we need to modify the Postfix configuration files.
Youll need to setup procmail for use with this server. This will
allow us to setup Anti-Virus and Spam management (more on this
later).Lets install procmail with the following command:
sudo apt-get install procmailNext, open up /etc/postfix/main.cf
with your favourite editor. Im using nano. Make sure you have
superuser (sudo) access!
Add the following lines to the bottom of the file to enable
compatibility with the Zarafa Free Edition server:
# Virtual Aliases
virtual_alias_maps = hash:/etc/postfix/aliases
# SASL Authentication
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
# Procmail
virtual_transport = procmail:
mailbox_transport = procmail:
procmail_destination_recipient_limit = 1These lines enable
various features that well be implementing later on in this
tutorial.
Next you need to append your domain to the mydestination
variablee.g. to provide mail for example.com:
mydestination = server.example.com, localhost.localdomain,
localhostChange to:
mydestination = server.example.com, example.com,
localhost.localdomain, localhostPress the key combination CTRL + X,
followed by the letter y to exit nano.
Next open/etc/postfix/master.cf in your editor. You still need
superuser access!
Scroll to the bottom of the file and add the following
lines:
# Zarafa
zarafa unix - n n - 10 pipe
flags=DRhu user=vmail argv=/usr/bin/zarafa-dagent -R
${recipient}
# Procmail
procmail unix -nn-10pipe
flags=DORX user=vmail argv=/usr/bin/procmail -t -o
SENDER=${sender} -m USER=${user}@${domain} DOMAIN=${domain}
EXTENSION=${extension} RECIPIENT=${recipient}
/etc/procmailrcPostfix should now integrate nicely with yourZarafa
Free Edition server!
If you need to use aliases (e.g. [email protected] ->
[email protected]) execute the following commands (more on this
later):
sudo touch /etc/postfix/aliases
sudo postmap /etc/postfix/aliasesFinally, start postfix by
running the following command:
sudo /etc/init.d/postfix reload2) Create the vmail user
Next we need to create the vmail user for our Zarafa Free
Edition server:
sudo adduser --system --create-home vmailIf the command moans
about the create-home option, run this instead:
sudo adduser --system vmailEasy peasy!
3) Installing OpenDKIM (optional)
OpenDKIM helps identify your Zarafa, so as it is less likely to
be classed as spam.
To install OpenDKIM on your Zarafa Free Edition server, run the
following command:
sudo apt-get install opendkim opendkim-toolsIf you didnt see any
errors during the installation, you should be set to go!Now, create
a directory to store yourdkim keys. Run the following command to
generate this directory:
sudo mkdir -p /etc/dkimNow edit/etc/opendkim.confin your
editor:
Scroll to the bottom of the file and add the following:
Socket inet:8891@localhost
Domain example.com
KeyFile /etc/dkim/example_com.key
Selector exmplMake sure you change the Domain, KeyFile and
Selector to suit your needs (Selector can be anything within reason
:)).
Now create your OpenDKIM key with the following command:
cd /etc/dkim
sudo opendkim-genkey -t -s exmpl -d example.comDont forget to
change exmpl to the selector you used previously!
opendkim-genkey has generated two files for us, exmpl.private
and exmpl.txt.Type the following to rename the exmpl.private
file:
sudo mv /etc/dkim/exmpl.private /etc/dkim/example_com.keyLets
view the contents of the exmpl.txt file by typing the following
command:
sudo cat /etc/dkim/exmpl.txtYou should see something like
this:
exmpl._domainkey IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=*LONG KEY*"
; ----- DKIM exmpl for example.comAdd this record to your DNS. You
can now delete the exmpl.txt file by executing the following
command:
sudo rm /etc/dkim/exmpl.txt4) SSL Certificate
Before we install Zarafa you will need an SSL Certificate for
your Servers Hostname not your domain! So, for example, if your
servers hostname is server.example.com then your SSL Certificate
must be for server.example.com. If you dont want to buy an SSL
Certificate, you can get a free one from StartSSL.
Once you have your SSL Certificate, run the following
command:
sudo mkdir -p /etc/zarafa-sslThis will generate a directory to
store the SSL Certificate.If you need to copy the SSL Certificate
to the your server, run the following command (on your
computer):e.g for root:
scp /path/to/server_example_com.crt
[email protected]:/root/server_example_com.crt
scp /path/to/server_example_com.key
[email protected]:/root/server_example_com.key
scp /path/to/ca_bundle.crt
[email protected]:/root/ca_bundle.crtNOTE: You need both a
Certificate (CRT) and a PrivateKey (KEY) file on the server, the CA
Bundle isnt necessarily required but it helps reduce Cant validate
certificate errors. Also make sure your PrivateKey is not password
protected! If your PrivateKey is password protected you need to
remove the password. This can be done by issuing the following
command (openssl is required!):
openssl rsa -in /path/to/server_example_com.key -out
/path/to/server_example_com_decrypted.keyThen delete the password
protected file and rename the password less file to exclude
_decrypted.
You can now switch back to your server and issue the following
commands to move the SSL Certificate and PrivateKey to their
correct directories:
sudo mv /root/server_example_com.crt
/etc/zarafa-ssl/server_example_com.crt
sudo mv /root/server_example_com.key
/etc/zarafa-ssl/server_example_com.key
sudo mv /root/ca_bundle.crt /etc/zarafa-ssl/ca_bundle.crt5)
Install Zarafa Free Edition
Its finally time to install Zarafa!This is a little different
from my last tutorial, to get the most up to date version of Zarafa
we need to download an installer package and decompress it. This is
simply done via the following commands:
sudo wget
http://download.zarafa.com/community/final/7.1/7.1.4-41394/zcp-7.1.4-41394-ubuntu-12.04-x86_64-free.tar.gz
sudo tar -zxvf
zcp-7.1.4-41394-ubuntu-12.04-x86_64-free.tar.gz
cd ./zcp-7.1.4-41394-ubuntu-12.04-x86_64Or if you have an i386
(32-bit) system:
sudo wget
http://download.zarafa.com/community/final/7.1/7.1.4-41394/zcp-7.1.4-41394-ubuntu-12.04-i386-free.tar.gz
sudo tar -zxvf zcp-7.1.4-41394-ubuntu-12.04-i386-free.tar.gz
cd ./zcp-7.1.4-41394-ubuntu-12.04-i386Next, youll need to
install various packages for Zarafa to install successfully, you
can do this by entering the following commands:
sudo apt-get install php5-cli php-gettext mktemp gawk xsltproc
poppler-utils unzip catdoc libboost-filesystem1.46.1
libboost-system1.46.1 libicu48 w3m python-mysqldb
apache2-mpm-prefork libapache2-mod-php5 mysql-server python-support
libpython2.7 libcurl3NOTE: If you already have a mysql server, or
you used a password when the mysql server asked you for one, you
need to enter the password in /etc/zarafa/server.cfg in the
mysql_password variable (once Zarafa is installed of course!).
Now you can install the Zarafa packages by running the following
command:
sudo ./install.shAccept the defaults except for the MySQL
Database Password which you chose when running the previous
command.Zarafa should now be installed on your server! Before we
continue, you should run the following commands to prevent any
warnings in your mail log where postfix may be unable to write to
the Zarafa log files. Run the following commands:
sudo mkdir -p /var/lib/zarafa
sudo mkdir -p /var/log/zarafa
sudo chmod -R 777 /var/lib/zarafa
sudo chmod -R 777 /var/log/zarafaNext, you need to edit
/etc/zarafa/server.cfg, so open it up in your favourite editor:
Make the following changes:
local_admin_users = rootChange to:
local_admin_users = root vmailAlso add this to the bottom of the
file:
# Extra Settings
disabled_features = Note: If you have a MySQL Server with a
password (or a different username other than root), you must change
the appropriate variables under the MYSQL SETTINGS heading.
Next, open up /etc/zarafa/gateway.cfg and make the following
changes:
pop3s_enable = no
imaps_enable = no
ssl_private_key_file = /etc/zarafa/gateway/privkey.pem
ssl_certificate_file = /etc/zarafa/gateway/cert.pem
ssl_verify_file = Change to:
pop3s_enable = yes
imaps_enable = yes
ssl_private_key_file =
/etc/zarafa-ssl/server_example_com.key
ssl_certificate_file =
/etc/zarafa-ssl/server_example_com.crt
ssl_verify_file = /etc/zarafa-ssl/ca_bundle.crtNow, you need to
enable apache mod_ssl to allow SSL to work with your online webmail
service. This can be done by executing the following command:
sudo a2enmod ssl proxyNext, you need to add a new VirtualHost
record. This will enable the apache webserver to use secured sites.
To add the VirtualHost record, you need to edit
/etc/apache2/sites-enabled/000-default and add this to the bottom
of the file (dont forget to change the server_example_com to your
servers certificate name!):
DocumentRoot /var/www
SSLEngine on
SSLCertificateFile /etc/zarafa-ssl/server_example_com.crt
SSLCertificateKeyFile /etc/zarafa-ssl/server_example_com.key
SSLCertificateChainFile /etc/zarafa-ssl/ca_bundle.crt
If you dont want to have to go to
http://server.example.com/webapp to access online webmail, you can
change the apache config file to allow the root of your server
forward to the webmail system. This can be done by editing
/etc/apache2/sites-enabled/000-default as follows:
DocumentRoot /var/wwwChange this to:
DocumentRoot /usr/share/zarafa-webappNOTE: If you use this
method, make sure you change both the VirtualHosts (for port 80 and
443)!
Alternatively, you can choose a different sub-directory to
forward to the webmail system, this can be done by editing
/etc/apache2/sites-enabled/zarafa-webapp as follows:
Alias /webapp /usr/share/zarafa-webappChange this to:
Alias /whatever /usr/share/zarafa-webappChange whatever to the
sub-directory you want to use (perhaps /webmail).
Ok, now edit /etc/apache2/apache2.conf and add the following to
the bottom of the file:
ProxyPass /zarafa http://localhost:236
ProxyPassReverse /zarafa http://localhost:236Next, edit
/etc/rc.local and add the following before the exit line:
sudo /etc/init.d/zarafa-server startNow that youve enabled the
SSL module and added the new VirtualHost configuration for SSL
(port 443), you need to restart apache. Run the following command
to do this:
sudo /etc/init.d/apache2 restartIts time to add our first
user!For testing purposes, lets use the username test with an email
address of [email protected]. Run the following command to create
the user (replace [email protected] with your your domain test
address!):
sudo /usr/bin/zarafa-admin -c test -p a_password -e
[email protected] -f "Test User"Lets run through what this does, -c
tells zarafa to create a user named test, -p sets the users
password to a_password, -e sets the email address for the user to
[email protected], and finally -f sets this users name to Test User.
All of these parameters are required to create a user (including
the name!).
NOTE: If you are using the same zarafa server to host multiple
domains (with the same email prefix, e.g. [email protected] and
[email protected]) your username for the first account needs to match
the first part of the email address. e.g. [email protected] (email)
-> test (username). For the second account, the username must be
different than the email. e.g. [email protected] (email) ->
test_anything (username). Its complicated but youll get there!
Youve now created a zarafa user, hooray! You now need to create
a system user matching the -c part of the last command. So if you
used -c test, you need to run the following command (change test to
the username you used!):
sudo useradd --shell /sbin/noshell testThe /sbin/noshell part
prevents the user from logging on to your server (via SSH) and
making unauthorised changes to your server.In order for this to
work properly, you need to add /sbin/noshell to the shells file,
this can be done by the following command:
echo "/sbin/noshell" >> /etc/shellsYoull also need to set
a password for the test system user (replace test with the username
you used, and a_password with the same password you used
before!):
sudo passwd testAnd finally, run this command (again change test
to the username you used!):
sudo /usr/bin/zarafa-server test:a_passwordWhen you are prompted
for a password, enter the same one used above.
If you would like to setup a catch all for your domain (say all
mail to [email protected] goes to [email protected]), you can do
this easily.To start, edit the file /etc/postfix/aliases and add
the following to it (remember to change example.com to your
domain!):
@example.com [email protected] will forward all mail to the
email address [email protected].
If you already have some other accounts on that domain, youll
also need to add the following above the @example.com mail line
(remember to change [email protected] to your username and
domain name!):
[email protected] [email protected] is not a typo!
There should be two email addresses here! This needs to be repeated
for every account you have, otherwise theyll be forwarded to your
catch all!
Your file should now look like this:
[email protected] [email protected]
@example.com [email protected] need to now rebuild the aliases
file, run the following command to do this:
sudo postmap /etc/postfix/aliasesNow finally, you need to
restart postfix, so run this command:
sudo service postfix restartZarafa should now be installed and
setup!
6) Install Z-Push (optional)
This step is optional, but recommended. Z-Push integrates with
Zarafa to provide push email. Nowadays getting emails as they
arrive to your inbox is important and a lot of people want it. As
Microsoft ActiveSync servers are extremely expensive, well be
setting up this server with Z-Push (an open source alternative to
Microsofts ActiveSync protocol, which means its free!).
First of all, lets download Z-Push on the server:
cd /usr/share
sudo wget
http://zarafa-deutschland.de/z-push-download/final/2.0/z-push-2.0.7-1690.tar.gz
sudo tar -zxvf ./z-push-2.0.7-1690.tar.gz
sudo rm ./z-push-2.0.7-1690.tar.gz
sudo mv ./z-push-2.0.7-1690 ./z-push
cd ./z-pushNow that youve downloaded Z-Push, you need to edit
the /usr/share/z-push/config.php file as follows:
define('TIMEZONE', '');Change this to:
define('TIMEZONE', 'Europe/London');Obviously only use
Europe/London is you live in London! Please choose the appropriate
Timezone for where you live.Now you need to create some directories
for Z-Push to store data in, run these commands to do this:
sudo mkdir /var/lib/z-push
sudo mkdir /var/log/z-push
sudo chmod 777 /var/lib/z-push
sudo chmod 777 /var/log/z-pushGreat! You also need to change the
permissions on /usr/share/z-push, like this:
sudo chown -R www-data:www-data /usr/share/z-push
sudo chmod -R 755 /usr/share/z-pushNext, you need to edit the
/etc/apache2/apache2.conf file and add the following:
Alias /Microsoft-Server-ActiveSync
/usr/share/z-push/index.phpZ-Push should now be installed! Wasnt
that easy?
7) SASL Authentication
To be able to send mail from an IP Address not defined in your
mynetworks string, you need to setup SASL Authentication. If you
dont do this, theZarafa Free Edition server will prevent you
sending mail.
To Install SASL Authentication, run the following command:
sudo apt-get install sasl2-bin libsasl2-modulesSASL
Authentication is now installed!Next we need to edit the
/etc/default/saslauthd file (as superuser!):
Change the following lines:
START=no
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"to
START=yes
THREADS=0
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"Next, we
need to create the file /etc/postfix/sasl/smtpd.conf and add the
following:
pwcheck_method: saslauthd
mech_list: plain loginYour file should look like this:
Now we need to run the following commands:
sudo rm -r /var/run/saslauthd/
sudo mkdir -p /var/spool/postfix/var/run/saslauthd
sudo ln -s /var/spool/postfix/var/run/saslauthd /var/run
sudo chgrp sasl /var/spool/postfix/var/run/saslauthd
sudo dpkg-statoverride --add root sasl 710
/var/spool/postfix/var/run/saslauthd
sudo adduser postfix saslThese commands setup the SASL
Authentication daemon.
It should be safe to ignore any errors related to the mkdir
command.
Finally, start SASL Authentication by typing the following
command:
sudo /etc/init.d/saslauthd startRun the following commands to
test your SASL Authentication:
telnet localhost 25You should see a welcome message from
Postfix.Type the following command remembering to replace
server.example.com with your servers hostname:ehlo localhostThe
server will reply (similar to):
250-*****
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSNIf you can see the line AUTH, SASL should be enabled.
Test SASL by running the following commands:
AUTH LOGIN USERNAMEThe server will reply with something like 334
************.PASSWORDYour username and password must be base64
encoded, you can encode your username and password to base64 via
the command:
echo -n "USERNAME/PASSWORD" | openssl enc -aIf you didnt
encounter any errors, you should see this message:
235 2.7.0 Authentication successfulIf you get any errors double
check your username and password, if that doesnt work double check
your configuration files against the ones listed above.
Type quit to exit.
8) Anti-Virus and Spam
This is optional but highly recommended!
Lets start by installing the required packages, which can be
done by executing the following commands:
sudo apt-get install clamav spamc clamassassin spamassassinIf
everything goes smoothly, you should have clamav and spamc setup on
your server!So now, we need to create a procmailrc file to handle
the span and virus scanning.Create the file /etc/procmailrc and
append the following to it:
DROPPRIVS=yes
LOGFILE=/var/log/procmail.log
VERBOSE=off
:0fw: clamassassin.lock
| /usr/bin/clamassassin
:0w
* ^X-Virus-Status: Yes
| /usr/bin/zarafa-dagent -j $USER
EXITCODE=$?
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc
:0:
* ^X-Spam-Status: Yes
| /usr/bin/zarafa-dagent -j $USER
:0w
| /usr/bin/zarafa-dagent $USER
EXITCODE=$?Your Zarafa server should now put any spam or virus
messages in your Junk Folder!
Next we need to edit /etc/spamassassin/local.cf to allow the
spam engine to learn spam emails.Change the following in the
file:
rewrite_header Subject ***** SPAM *****
# report_safe 1
# use_bayes 1
# bayes_auto_learn 1to this:
# rewrite_header Subject ***** SPAM *****
report_safe 0
use_bayes 1
hayes_auto_learn 1You can also adjust the required_score
parameter to increase or decrease the spam engines sensitivity. A
lower number will Junk more emails and a higher number will Junk
less emails.
You should now have Anti-Virus and Spam Scanning setup on your
server!
9) Reboot the server
As youve just setup a lot of packages, it is probably a good
idea to reboot your server. To reboot your server, run this
command:
sudo reboot10) Relax your Zarafa Free Edition Server is
complete
Youve completed this tutorial! Well done! You should now have a
working Zarafa Free Edition server with Z-Push for ActiveSync push
email!Stay tuned for more tutorials!
