Scalix mit Debian Etch: Unterschied zwischen den Versionen

Aus Neobikers Wiki
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
Zeile 554: Zeile 554:
EOT
EOT
</pre>
</pre>
Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können.
Als sxadmin kann man in der AdminConsole (SAC) neue User anlegen.





Version vom 13. Mai 2007, 21:57 Uhr

Vorbereitung

Etch Installation in XEN DomU

Ich starte mit der Installation auf einer frischen Etch-Installation unter XEN. Der Einfachheit halber benutze ich die xen-tools.

apt-get install xen-tools
vi /etc/xen-tools/xen-tools.conf
#
# ...
lvm = vg
debootstrap = 1
#
##
#  Disk and Sizing options.
##
#
size   = 4Gb      # Disk image size.
memory = 128Mb    # Memory size
swap   = 128Mb    # Swap size
# noswap = 1      # Don't use swap at all for the new system.
fs     = ext3     # use the EXT3 filesystem for the disk image.
dist   = etch     # Default distribution to install.
image  = sparse   # Specify sparse vs. full disk images.
dhcp = 1
#
# Default kernel and ramdisk to use for the virtual servers
#
kernel = /boot/vmlinuz-2.6.18-4-xen-686
initrd = /boot/initrd.img-2.6.18-4-xen-686
#
# The default mirror for debootstrap which can be used to install
# Debian Sid, Sarge, and Etch.
#
mirror = http://ftp.de.debian.org/debian/
# ...

Etch-DomU starten

xen-create-image --hostname=scx
vi /etc/xen/scx.cfg
xm create -c /etc/xen/scx.cfg
...
ethtool -K eth0 tx off
vi /etc/network/interfaces
# uncomment ethtool
# post-up ethtool -K eth0 tx off

Zusätzliche Pakete installieren

Jetzt die notwendigen Pakete installieren:

  • Apache, Sendmail
  • Postgres
  • Kerberos
  • SASL2
  • diverse Libraries
  • Sun Java
  • gawk, wget, elinks, ethtool, less, host
apt-get install -u apache2 sendmail sendmail-doc
apt-get install -u postgresql
apt-get install -u krb5-config krb5-doc krb5-user libkadm55 libkrb53
apt-get install -u saslauthd libsasl2-modules libsasl2-gssapi-mit sasl2-bin libssl0.9.7
apt-get install -u libxml2 libglib2.0-0 libstdc++2.10-glibc2.2 libstdc++5
apt-get install -u sun-java5-jre
apt-get install -u gawk elinks wget w3m less ethtool host

Sendmail konfigurieren

Folgendes habe ich angepasst:

  • Smarthost (s.o.)
  • Debug Level
  • Interface nicht nur an 127.0.0.1 binden
  • Masquerading
  • Amavisd-new integrieren

Ich fange mit Amavisd-new, Amavisd-Milter und Clamav an. Amavisd-milter habe ich aus den Sourcen übersetzt:

apt-get install -u build-essential amavisd-new clamav

cd /usr/src
wget http://downloads.sourceforge.net/amavisd-milter/amavisd-milter-1.2.1.tar.gz
tar xvzf amavisd-milter-1.2.1.tar.gz
cd amavisd-milter-1.2.1
./configure
make
make install
mv /usr/local/sbin/amavisd-milter /usr/sbin/amavisd-milter

vi /etc/init.d/amavisd-milter #(siehe unten)
chmod 755 /etc/init.d/amavisd-milter
update-rc.d amavisd-milter defaults

vi /etc/default/amavisd-milter #(siehe unten)
mkdir /var/lib/amavis/amavisd-milter
chown amavis:amavis /var/lib/amavis/amavisd-milter
chmod 750 /var/lib/amavis/amavisd-milter

Das Konfigfile für amavisd-milter /etc/default/amavisd-milter

### /etc/sysconfig/amavisd-milter
### Configuration options for amavisd-milter
### Suitable for Redhat & SuSE systems.
#
### Location of milter binary.
MILTER="/usr/local/sbin/amavisd-milter"

### Amavisd's homedir.
### This should match the '$MYHOME' directive in amavisd.conf
AMAVIS_HOME="/var/run/amavis"
MILTER_HOME="/var/lib/amavis/amavisd-milter"

### User that amavisd-milter will run as.
### For RH/CentOS/Fedora set to "amavis"
### For SuSE set to "vscan"
MILTER_USER="amavis"

### This is the socket used for communication between sendmail <--> milter
### It must correspond to the "S=" variable of the milter definition in sendmail.cf
### Note the variable substitution!
MILTER_SOCKET="local:$AMAVIS_HOME/amavisd-milter.sock"

### This is the socket used for communication between amavisd <--> milter
### It must correspond to the value of "$unix_socketname" in amavisd.conf
### Note the variable substitution!
AMAVISD_SOCKET="$AMAVIS_HOME/amavisd.sock"

### Pid file
### Note the variable substitution!
MILTER_PID="$AMAVISD_HOME/amavisd-milter.pid"

### All the args to milter
MILTER_FLAGS="-s $MILTER_SOCKET -p $MILTER_PID -w $MILTER_HOME -S $AMAVISD_SOCKET"

Das Init-Script für amavisd-milter /etc/init.d/amavisd-milter

#! /bin/sh
### BEGIN INIT INFO
# Provides:          amavisd-milter
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Amavisd Milter Interface
# Description:       Start amavisd-milter to allow scanning of mail by amavisd-new
#
### END INIT INFO

# Author: neobiker neobiker@friedrichnet.de
#
# Please remove the "Author" lines above and replace them
# with your own name if you copy and modify this script.

# Do NOT "set -e"

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Amavisd Milter Interface"
NAME=amavisd-milter
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS=""
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
PIDFILE=$MILTER_PID

START="--start --quiet --pidfile $PIDFILE --name ${NAME} --startas ${DAEMON}"
STOP="--stop --quiet --pidfile $PIDFILE --name ${NAME}"

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
                || return 1
        start-stop-daemon ${START} -- $DAEMON_ARGS \
                || return 2
        # Add code here, if necessary, that waits for the process to be ready
        # to handle requests from services started subsequently which depend
        # on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
        RETVAL="$?"
        [ "$RETVAL" = 2 ] && return 2
        # Wait for children to finish too if this is a daemon that forks
        # and if the daemon is only ever run from this initscript.
        # If the above conditions are not satisfied then add some other code
        # that waits for the process to drop all resources that could be
        # needed by services started subsequently.  A last resort is to
        # sleep for some time.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ "$?" = 2 ] && return 2
        # Many daemons don't delete their pidfiles when they exit.
        rm -f $PIDFILE
        return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
        #
        # If the daemon can reload its configuration without
        # restarting (for example, when it is sent a SIGHUP),
        # then implement that here.
        #
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
        return 0
}

case "$1" in
  start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  #reload|force-reload)
        #
        # If do_reload() is not implemented then leave this commented out
        # and leave 'force-reload' as an alias for 'restart'.
        #
        #log_daemon_msg "Reloading $DESC" "$NAME"
        #do_reload
        #log_end_msg $?
        #;;
  restart|force-reload)
        #
        # If the "reload" option is implemented then remove the
        # 'force-reload' alias
        #
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
                do_start
                case "$?" in
                        0) log_end_msg 0 ;;
                        1) log_end_msg 1 ;; # Old process is still running
                        *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
          *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
  *)
        #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 3
        ;;
esac

exit 0

Smarthost unter z.B. /etc/mail/m4/provider.m4 eintragen

define(`SMART_HOST', `mail.1und1.de')

Die MAILER Definitionen sollten ans Ende der Konfiguration verschoben werden, sonst tritt eine Fehlermeldung auf. Die Sendmail Konfiguration ist unter /etc/mail/sendmail.mc

dnl # ...
define(`confLOG_LEVEL',`15')dnl #### only until Config is OK ####
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission')dnl
dnl #
dnl # SASL / TLS
dnl #
include(`/etc/mail/sasl/sasl.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl
define(`confCRL\', `/etc/mail/tls/revocation.list\')dnl
dnl #
define(`confCONTROL_SOCKET_NAME',`/var/run/sendmail/mta/smcontrol-rx')dnl
dnl #
dnl #
dnl # Masquerading options
dnl #
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`scx.neobiker.de')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
dnl #
dnl # use MILTER API
dnl #
define(`MILTER', 1)dnl
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/run/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl
dnl #
dnl # Default Mailer setup
dnl #
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

Jetzt die neue sendmail.cf generieren.

cd /etc/mail
sendmailconfig
make

# und neu starten
/etc/init.d/amavisd restart
/etc/init.d/amavisd-milter restart
/etc/init.d/sendmail restart

Scalix Installation

Sourcen laden und unter /usr/src auspacken

cd /usr/src
wget http://downloads.scalix.com/.community/11.0.2.1/scalix-11.0.4-GA-debian-intel.tgz
tar xvzf scalix-11.0.4-GA-debian-intel.tgz
cd /usr/src/scalix-debian-11.0.4-GA/software/scalix-server

dpkg -i ../../third_party/libical/i386/libical*.deb
dpkg -i scalix-server_*.deb

export PATH=/opt/scalix/bin:$PATH

echo -n "What should the name of your primary mailnode be? "; read mnode

ldomain=$(hostname -d)
host=$(hostname)
fqdn=$(hostname -f)
short=${host:0:1}${host: -1:1}

# Initialize the Scalix Message Store 
ommakeom

# Set Generation Rules for Display Name, Login Name and Internet Address
sxconfig --set -t general.usrl_cn_rule='S, G'
sxconfig --set -t general.usrl_authid_rule='gs@'
sxconfig --set -t orniasys.name_part_1='"C" <G.S>' -t orniasys.domain_part_1=$ldomain

# Creating the Default Mailnode 
omaddmn -m $mnode

# Starting the Server Daemons
omrc -n

# Creating the Default Admin User
echo -n "Please enter the admin password for the Scalix admin user (sxadmin)? "; read admpwd

omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin

# Configuring the Admin User
omconfenu -n "sxadmin/$mnode"
omlimit -u "sxadmin/$mnode" -o -i 0 -m 0

# Creating the LDAP Query User
echo -n "Please enter a password for the ldap query user? "; read ldappwd

omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn

# Creating the Standard Scalix Admin Groups
omaddpdl -l ScalixUserAdmins/$mnode
omaddpdl -l ScalixUserAttributesAdmins/$mnode
omaddpdl -l ScalixGroupAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode

cat >>/var/opt/scalix/${short}/s/sys/general.cfg <<EOF
#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server. Note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most 10 connections per second. If clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is 30 minutes. Some
# clients "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users created without one.
# Users added with the bulk-add mechanism used by the
# wizard do not have a message store. So setting this tweak allows
# them to receive mail before they are initially signed on.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to sign on using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
# 
# Note that changing these settings normally requires restarting Scalix.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE
EOF


# Starting Scalix Services
omon -s all

# Installing the Scalix Server package
# ein Deb-Paket (scalix-tomcat_*.deb) hat einen Fehler im Install-Skript.
# Der muss zuerst behoben werden (Deb auspacken, Syntax Error korrigieren, Deb-Paket neu erstellen)
dpkg -i scalix-postgres_*.deb scalix-tomcat-connector_*.deb scalix-tomcat_*.deb \
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
        scalix-sis_*.deb scalix-swa_*.deb

# Setup DB
/opt/scalix-postgres/bin/sxpsql-init                  # To create the database and tables
echo -n "Please enter a password for the db user? "; read dbpwd

/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd

echo -n "Please enter the external ip address of your Scalix box? "; read ip

/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip

# Setting up Scalix-Tomcat
vi /etc/opt/scalix-tomcat/scalix-tomcat.conf
# Set RAM Usage to 50% of complete RAM (or other, e.g. 40M)
# JAVA_OPTS="-server -Xms40m -Xmx40m"

# Configure Scalix
tomcatport=80
base=/var/opt/scalix/${short}
files="$base/webmail/swa.properties \
       $base/caa/scalix.res/config/ubermanager.properties \
       $base/res/config/res.properties \
       $base/platform/platform.properties \
       $base/mobile/mobile.properties \
       $base/sis/sis.properties"

for file in $files; do
sed -e "s;%LOCALDOMAIN%;$ldomain;g" \
    -e "s;%LOCALHOST%;$fqdn;g" \
    -e "s;%PLATFORMURL%;$fqdn;g" \
    -e "s;__SECURED_MODE__;false;g" \
    -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \
    -e "s;__KERBEROS_REALM__;;g" \
    -e "s;__FQHN_FOR_KDC_HOST__;;g" \
    -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \
    -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \
    -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \
    -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \
    -e "s;__CONFIGURED__;true;g" \
    -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \
    -e "s;__TOMCAT_PORT__;$tomcatport;g" \
    -e "s;localhost;$fqdn;g" \
    -e "s;%SIS-LANGUAGE%;German;g" \
    -e "s;%INDEX-WHITELIST%;$fqdn;g" \
    -e "s;%SEARCH-WHITELIST%;$fqdn;g" \
    $file > $file.neu
mv $file.neu $file

done

# Write Ldappassword to psdata
cd ${base}/caa/scalix.res/config
echo "$ldappwd" > psdata
chown root:root psdata
chmod 400 psdata
cd

# Restart Tomcat
/etc/init.d/scalix-tomcat restart

# Setup Apache
ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d
cat << EOF > /etc/apache2/conf.d/scalix-access.conf
<Location />
        Allow from all
</Location>
EOF
/etc/init.d/apache2 restart

cat << EOT
#####################################################
# You should now be able to access scalix at:
# http://$fqdn/sac
# http://$fqdn/webmail
#####################################################
EOT

Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können. Als sxadmin kann man in der AdminConsole (SAC) neue User anlegen.


Not yet used: Dual-Konfiguration für amavisd-new Integration

mkdir /var/spool/mqueue-rx
chown root:amavis /var/spool/mqueue-rx
chmod 700 /var/spool/mqueue-rx

mkdir /var/lib/sendmail/host_status

m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-rx.mc > /etc/mail/sendmail-rx.cf
m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-tx.mc > /etc/mail/sendmail.cf

/usr/sbin/sendmail -C /etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp
/usr/sbin/sendmail -L sm-mta-tx -bd -q15m
/usr/sbin/sendmail -Ac -L sm-msp-queue -q10m

Quellen

[1] Scalix Wiki: Manuelle Installation unter Etch

[2] Linux Magazin Online: Mail Server