Scalix mit Debian Etch: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
Zeile 554: | Zeile 554: | ||
EOT | EOT | ||
</pre> | </pre> | ||
Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können. | |||
Als sxadmin kann man in der AdminConsole (SAC) neue User anlegen. | |||
Version vom 13. Mai 2007, 21:57 Uhr
Vorbereitung
Etch Installation in XEN DomU
Ich starte mit der Installation auf einer frischen Etch-Installation unter XEN. Der Einfachheit halber benutze ich die xen-tools.
apt-get install xen-tools vi /etc/xen-tools/xen-tools.conf # # ... lvm = vg debootstrap = 1 # ## # Disk and Sizing options. ## # size = 4Gb # Disk image size. memory = 128Mb # Memory size swap = 128Mb # Swap size # noswap = 1 # Don't use swap at all for the new system. fs = ext3 # use the EXT3 filesystem for the disk image. dist = etch # Default distribution to install. image = sparse # Specify sparse vs. full disk images. dhcp = 1 # # Default kernel and ramdisk to use for the virtual servers # kernel = /boot/vmlinuz-2.6.18-4-xen-686 initrd = /boot/initrd.img-2.6.18-4-xen-686 # # The default mirror for debootstrap which can be used to install # Debian Sid, Sarge, and Etch. # mirror = http://ftp.de.debian.org/debian/ # ...
Etch-DomU starten
xen-create-image --hostname=scx vi /etc/xen/scx.cfg xm create -c /etc/xen/scx.cfg ... ethtool -K eth0 tx off vi /etc/network/interfaces # uncomment ethtool # post-up ethtool -K eth0 tx off
Zusätzliche Pakete installieren
Jetzt die notwendigen Pakete installieren:
- Apache, Sendmail
- Postgres
- Kerberos
- SASL2
- diverse Libraries
- Sun Java
- gawk, wget, elinks, ethtool, less, host
apt-get install -u apache2 sendmail sendmail-doc apt-get install -u postgresql apt-get install -u krb5-config krb5-doc krb5-user libkadm55 libkrb53 apt-get install -u saslauthd libsasl2-modules libsasl2-gssapi-mit sasl2-bin libssl0.9.7 apt-get install -u libxml2 libglib2.0-0 libstdc++2.10-glibc2.2 libstdc++5 apt-get install -u sun-java5-jre apt-get install -u gawk elinks wget w3m less ethtool host
Sendmail konfigurieren
Folgendes habe ich angepasst:
- Smarthost (s.o.)
- Debug Level
- Interface nicht nur an 127.0.0.1 binden
- Masquerading
- Amavisd-new integrieren
Ich fange mit Amavisd-new, Amavisd-Milter und Clamav an. Amavisd-milter habe ich aus den Sourcen übersetzt:
apt-get install -u build-essential amavisd-new clamav cd /usr/src wget http://downloads.sourceforge.net/amavisd-milter/amavisd-milter-1.2.1.tar.gz tar xvzf amavisd-milter-1.2.1.tar.gz cd amavisd-milter-1.2.1 ./configure make make install mv /usr/local/sbin/amavisd-milter /usr/sbin/amavisd-milter vi /etc/init.d/amavisd-milter #(siehe unten) chmod 755 /etc/init.d/amavisd-milter update-rc.d amavisd-milter defaults vi /etc/default/amavisd-milter #(siehe unten) mkdir /var/lib/amavis/amavisd-milter chown amavis:amavis /var/lib/amavis/amavisd-milter chmod 750 /var/lib/amavis/amavisd-milter
Das Konfigfile für amavisd-milter /etc/default/amavisd-milter
### /etc/sysconfig/amavisd-milter ### Configuration options for amavisd-milter ### Suitable for Redhat & SuSE systems. # ### Location of milter binary. MILTER="/usr/local/sbin/amavisd-milter" ### Amavisd's homedir. ### This should match the '$MYHOME' directive in amavisd.conf AMAVIS_HOME="/var/run/amavis" MILTER_HOME="/var/lib/amavis/amavisd-milter" ### User that amavisd-milter will run as. ### For RH/CentOS/Fedora set to "amavis" ### For SuSE set to "vscan" MILTER_USER="amavis" ### This is the socket used for communication between sendmail <--> milter ### It must correspond to the "S=" variable of the milter definition in sendmail.cf ### Note the variable substitution! MILTER_SOCKET="local:$AMAVIS_HOME/amavisd-milter.sock" ### This is the socket used for communication between amavisd <--> milter ### It must correspond to the value of "$unix_socketname" in amavisd.conf ### Note the variable substitution! AMAVISD_SOCKET="$AMAVIS_HOME/amavisd.sock" ### Pid file ### Note the variable substitution! MILTER_PID="$AMAVISD_HOME/amavisd-milter.pid" ### All the args to milter MILTER_FLAGS="-s $MILTER_SOCKET -p $MILTER_PID -w $MILTER_HOME -S $AMAVISD_SOCKET"
Das Init-Script für amavisd-milter /etc/init.d/amavisd-milter
#! /bin/sh ### BEGIN INIT INFO # Provides: amavisd-milter # Required-Start: $local_fs $remote_fs # Required-Stop: $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Amavisd Milter Interface # Description: Start amavisd-milter to allow scanning of mail by amavisd-new # ### END INIT INFO # Author: neobiker neobiker@friedrichnet.de # # Please remove the "Author" lines above and replace them # with your own name if you copy and modify this script. # Do NOT "set -e" PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="Amavisd Milter Interface" NAME=amavisd-milter DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME PIDFILE=$MILTER_PID START="--start --quiet --pidfile $PIDFILE --name ${NAME} --startas ${DAEMON}" STOP="--stop --quiet --pidfile $PIDFILE --name ${NAME}" # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon ${START} -- $DAEMON_ARGS \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac exit 0
Smarthost unter z.B. /etc/mail/m4/provider.m4 eintragen
define(`SMART_HOST', `mail.1und1.de')
Die MAILER Definitionen sollten ans Ende der Konfiguration verschoben werden, sonst tritt eine Fehlermeldung auf. Die Sendmail Konfiguration ist unter /etc/mail/sendmail.mc
dnl # ... define(`confLOG_LEVEL',`15')dnl #### only until Config is OK #### dnl # dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!! dnl # Remove `, Addr=' clauses to receive from any interface dnl # If you want to support IPv6, switch the commented/uncommentd lines FEATURE(`no_default_msa')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission')dnl dnl # dnl # SASL / TLS dnl # include(`/etc/mail/sasl/sasl.m4')dnl include(`/etc/mail/tls/starttls.m4')dnl define(`confCRL\', `/etc/mail/tls/revocation.list\')dnl dnl # define(`confCONTROL_SOCKET_NAME',`/var/run/sendmail/mta/smcontrol-rx')dnl dnl # dnl # dnl # Masquerading options dnl # FEATURE(`always_add_domain')dnl MASQUERADE_AS(`scx.neobiker.de')dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl dnl # dnl # use MILTER API dnl # define(`MILTER', 1)dnl INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/run/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl dnl # dnl # Default Mailer setup dnl # MAILER_DEFINITIONS MAILER(`local')dnl MAILER(`smtp')dnl
Jetzt die neue sendmail.cf generieren.
cd /etc/mail sendmailconfig make # und neu starten /etc/init.d/amavisd restart /etc/init.d/amavisd-milter restart /etc/init.d/sendmail restart
Scalix Installation
Sourcen laden und unter /usr/src auspacken
cd /usr/src wget http://downloads.scalix.com/.community/11.0.2.1/scalix-11.0.4-GA-debian-intel.tgz tar xvzf scalix-11.0.4-GA-debian-intel.tgz
cd /usr/src/scalix-debian-11.0.4-GA/software/scalix-server dpkg -i ../../third_party/libical/i386/libical*.deb dpkg -i scalix-server_*.deb export PATH=/opt/scalix/bin:$PATH echo -n "What should the name of your primary mailnode be? "; read mnode ldomain=$(hostname -d) host=$(hostname) fqdn=$(hostname -f) short=${host:0:1}${host: -1:1} # Initialize the Scalix Message Store ommakeom # Set Generation Rules for Display Name, Login Name and Internet Address sxconfig --set -t general.usrl_cn_rule='S, G' sxconfig --set -t general.usrl_authid_rule='gs@' sxconfig --set -t orniasys.name_part_1='"C" <G.S>' -t orniasys.domain_part_1=$ldomain # Creating the Default Mailnode omaddmn -m $mnode # Starting the Server Daemons omrc -n # Creating the Default Admin User echo -n "Please enter the admin password for the Scalix admin user (sxadmin)? "; read admpwd omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin # Configuring the Admin User omconfenu -n "sxadmin/$mnode" omlimit -u "sxadmin/$mnode" -o -i 0 -m 0 # Creating the LDAP Query User echo -n "Please enter a password for the ldap query user? "; read ldappwd omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn # Creating the Standard Scalix Admin Groups omaddpdl -l ScalixUserAdmins/$mnode omaddpdl -l ScalixUserAttributesAdmins/$mnode omaddpdl -l ScalixGroupAdmins/$mnode omaddpdl -l ScalixAdmins/$mnode cat >>/var/opt/scalix/${short}/s/sys/general.cfg <<EOF # # The CDA service (used for "type down" in some clients) is more # efficient if it can check the directory change log before attempting # to update the access tables that it uses. One slow machines, it may # also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check # interval from five minutes to an hour. # CDA_USE_CHANGE_LOG=TRUE # CDA_CHECKTIME=60 # # These tweaks limit the number and rate of IMAP connections to the # server. The IMAP_CONNECTION_LIMIT simply restricts the total number of # connections to the server. Note that many IMAP clients have several # connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts # the rate at which clients can connect to the server, in this case, at # most 10 connections per second. If clients try to connect faster # than that, the IMAP server simply slows down the rate at which it will # accept new connections. # IMAP_CONNECTION_LIMIT=500 IMAP_CONNRATE_LIMIT=10 # # The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection # will wait for a command before terminating the connection. The default # setting, and the minimum required setting, is 30 minutes. Some # clients "refresh" their connection once every thirty minutes # exactly -- but if they are a little bit late, the server drops their # connection. Setting a timeout of 31 minutes avoids this problem. # IMAP_IDLE_TIMEOUT=31 # # This tweak arranges for Local Delivery to automatically create a # message store for users created without one. # Users added with the bulk-add mechanism used by the # wizard do not have a message store. So setting this tweak allows # them to receive mail before they are initially signed on. # LD_CREATE_MESSAGE_STORE=TRUE # # These three tweaks allow users to sign on using an alias. Only # system-defined aliases are permitted and it the alias name is ignored # for the purposes of message creation and so on. # # Note that changing these settings normally requires restarting Scalix. # UAL_SIGNON_ALIAS=YES UAL_SIGNON_ALIAS_CONFIG=SYS UAL_USE_SIGNON_ALIAS=FALSE EOF # Starting Scalix Services omon -s all # Installing the Scalix Server package # ein Deb-Paket (scalix-tomcat_*.deb) hat einen Fehler im Install-Skript. # Der muss zuerst behoben werden (Deb auspacken, Syntax Error korrigieren, Deb-Paket neu erstellen) dpkg -i scalix-postgres_*.deb scalix-tomcat-connector_*.deb scalix-tomcat_*.deb \ scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \ scalix-sis_*.deb scalix-swa_*.deb # Setup DB /opt/scalix-postgres/bin/sxpsql-init # To create the database and tables echo -n "Please enter a password for the db user? "; read dbpwd /opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd echo -n "Please enter the external ip address of your Scalix box? "; read ip /opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip # Setting up Scalix-Tomcat vi /etc/opt/scalix-tomcat/scalix-tomcat.conf # Set RAM Usage to 50% of complete RAM (or other, e.g. 40M) # JAVA_OPTS="-server -Xms40m -Xmx40m" # Configure Scalix tomcatport=80 base=/var/opt/scalix/${short} files="$base/webmail/swa.properties \ $base/caa/scalix.res/config/ubermanager.properties \ $base/res/config/res.properties \ $base/platform/platform.properties \ $base/mobile/mobile.properties \ $base/sis/sis.properties" for file in $files; do sed -e "s;%LOCALDOMAIN%;$ldomain;g" \ -e "s;%LOCALHOST%;$fqdn;g" \ -e "s;%PLATFORMURL%;$fqdn;g" \ -e "s;__SECURED_MODE__;false;g" \ -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \ -e "s;__KERBEROS_REALM__;;g" \ -e "s;__FQHN_FOR_KDC_HOST__;;g" \ -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \ -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \ -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \ -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \ -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \ -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \ -e "s;__CONFIGURED__;true;g" \ -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \ -e "s;__TOMCAT_PORT__;$tomcatport;g" \ -e "s;localhost;$fqdn;g" \ -e "s;%SIS-LANGUAGE%;German;g" \ -e "s;%INDEX-WHITELIST%;$fqdn;g" \ -e "s;%SEARCH-WHITELIST%;$fqdn;g" \ $file > $file.neu mv $file.neu $file done # Write Ldappassword to psdata cd ${base}/caa/scalix.res/config echo "$ldappwd" > psdata chown root:root psdata chmod 400 psdata cd # Restart Tomcat /etc/init.d/scalix-tomcat restart # Setup Apache ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d cat << EOF > /etc/apache2/conf.d/scalix-access.conf <Location /> Allow from all </Location> EOF /etc/init.d/apache2 restart cat << EOT ##################################################### # You should now be able to access scalix at: # http://$fqdn/sac # http://$fqdn/webmail ##################################################### EOT
Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können. Als sxadmin kann man in der AdminConsole (SAC) neue User anlegen.
Not yet used: Dual-Konfiguration für amavisd-new Integration
mkdir /var/spool/mqueue-rx chown root:amavis /var/spool/mqueue-rx chmod 700 /var/spool/mqueue-rx mkdir /var/lib/sendmail/host_status m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-rx.mc > /etc/mail/sendmail-rx.cf m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-tx.mc > /etc/mail/sendmail.cf /usr/sbin/sendmail -C /etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp /usr/sbin/sendmail -L sm-mta-tx -bd -q15m /usr/sbin/sendmail -Ac -L sm-msp-queue -q10m
Quellen
[1] Scalix Wiki: Manuelle Installation unter Etch
[2] Linux Magazin Online: Mail Server