Scalix mit Debian Etch: Unterschied zwischen den Versionen

Aus Neobikers Wiki
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 154: Zeile 154:
</pre>
</pre>


Jetzt kann man die Scalix-Pakete installieren (update einer vorhandenen Installation siehe  [http://www.neobiker.de/wiki/index.php?title=Scalix_Update_11.x hier]):
Jetzt kann man die Scalix-Pakete installieren (Bitte neue Versionen aus dem Wiki verwenden!):


'''/usr/src/scx-install.sh'''
'''/usr/src/scx-install-lenny.sh'''
<pre>
<pre>#!/bin/bash
#!/bin/bash
# Scalix 11.x install script
# Scalix 11.x install script
# Author: neobiker
# Author: neobiker
# Version: $Id: scx-install.sh,v 1.3 2009/02/05 09:09:34 root Exp root $
# Version: $Id: scx-install-lenny.sh,v 1.2 2009/07/25 15:53:32 root Exp root $
#
#
# $Log: scx-install.sh,v $
# $Log: scx-install-lenny.sh,v $
# Revision 1.3 2009/02/05 09:09:34 root
# Revision 1.2 2009/07/25 15:53:32 root
# minor beatifying
# Revision 1.1 2009/07/13 19:53:32 root
#
# Initial revision
# Revision 1.2 2009/02/05 08:27:45 root
# check for scalix-files first
# ask for JAVA Memory usage
#
#


set -e
set -e
# Adjust next settings
src_dir=/usr/src


# Admin password (sxadmin)
# Admin password (sxadmin)
Zeile 178: Zeile 177:


# JAVA Memory usage (ca. 50% of RAM)
# JAVA Memory usage (ca. 50% of RAM)
java_mem=128
java_mem=256
 
# load and decompress scalix packages
scalix11version=11.4.6
scalix11downloadurl="http://downloads.scalix.com/.community/${scalix11version}/scalix-${scalix11version}-GA-unsupported-debian-intel.bin"
scalix11bin=`basename $scalix11downloadurl`
scalix11dir=scalix-debian-${scalix11version}-GA
 
# Extract and install packages
if [ ! -e $scalix11dir ]; then
 
    # Download Scalix 11
    if [ ! -e $scalix11bin ]; then
        cd $src_dir
        wget -N $scalix11downloadurl
    fi
 
    sh ./$scalix11bin
fi
cd $scalix11dir/software/scalix_server/
 


#initialise variables
# initialise variables for installation script
host=$(hostname)
mnode=$(hostname -s)
mnode=$host
ip=$(hostname -i)
ldappwd=$admpwd
dbpwd=$admpwd
ip=`ifconfig eth0|grep 'inet addr:' | cut -d: -f2 | cut -d\  -f1`


# optional: ask user or comment out
# optional: ask user or comment out
Zeile 195: Zeile 211:
read a ; [ -n "$a" ] && admpwd=$a
read a ; [ -n "$a" ] && admpwd=$a


dbpwd=$admpwd
echo -n "Please enter a password for the db user [sxadmin-password] ? "
read a ; [ -n "$a" ] && dbpwd=$a
ldappwd=$admpwd
echo -n "Please enter a password for the ldap query user [sxadmin-password] ? "
echo -n "Please enter a password for the ldap query user [sxadmin-password] ? "
read a ; [ -n "$a" ] && ldappwd=$a
read a ; [ -n "$a" ] && ldappwd=$a
echo -n "Please enter a password for the db user [sxadmin-password] ? "
read a ; [ -n "$a" ] && dbpwd=$a


echo -n "Please enter the external ip address of your Scalix box [$ip]? "
echo -n "Please enter the external ip address of your Scalix box [$ip]? "
Zeile 205: Zeile 223:


echo -n "Please enter JAVA Memory usage (e.g. 50% of total MEM) [$java_mem]? "
echo -n "Please enter JAVA Memory usage (e.g. 50% of total MEM) [$java_mem]? "
read a ; [ -n "$a" ] && $java_mem=$a
read a ; [ -n "$a" ] && java_mem=$a


# modify scalix deb packages (for lenny)
fix_scalix_debs ()
{
  deb=`/bin/ls -1 scalix-${1}*.deb`
  if  [ -e "$deb" ]; then


# Update and install required packages
    [ -d old ] || mkdir old
#scalix11downloadurl="http://downloads.scalix.com/.community/11.4.2/scalix-11.4.2-GA-debian-intel.bin"
    [ -d new_$1 ] && rm -rf new_$1
#scalix11targz="scalix-11.4.2-GA-debian-intel.bin"
    [ -d new_$1/DEBIAN ] || mkdir -p new_$1/DEBIAN
scalix11dir=$(ls -1d scalix-debian-11.* | tail -1)
    [ -e old/$deb ] || cp $deb old/$deb


# Remove sendmail startup links
    dpkg -x old/$deb new_$1
# This disables outgoing mail
    dpkg -e old/$deb new_$1/DEBIAN
# /etc/init.d/sendmail stop
 
# update-rc.d -f sendmail remove
    case $1 in
        iconv)
            file=new_$1/DEBIAN/preinst
            cat $file | sed -e 's/ "\$1" -gt 1 / -n "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file
 
            file=new_$1/DEBIAN/postrm
            cat $file | sed -e 's/ "\$1" -eq 0 / -z "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file
 
            dpkg -b new_$1 $deb
            ;;
 
        server)
            file=new_$1/DEBIAN/control
            cat $file | sed -e 's/libsasl2,/libsasl2-2,/g' \
                -e 's/libmilter[^,]*,//g' \
                -e 's/libstdc++2[^,]*,//g' >$file.neu
            mv $file.neu $file
 
            file=new_$1/DEBIAN/postinst
            cat $file | sed -e "s#OMLOGFILE='~/sys/install/log'#OMLOGFILE='~/sys/install/log';#g" >$file.neu
            mv $file.neu $file
            chmod a+x $file
 
            dpkg -b new_$1 $deb
            ;;


# Download Scalix 11
        postgres)
# cd /tmp/
            file=new_$1/DEBIAN/control
# wget -N $scalix11downloadurl
            cat $file | sed -e 's/| postgresql-client-.\..//g' \
                -e 's/| postgresql-.\..//g' >$file.neu
            mv $file.neu $file


# Extract and install packages
            dpkg -b new_$1 $deb
# sh ./$scalix11targz
            ;;


if [ -e $scalix11dir ]; then
        *)
   cd $scalix11dir
            ;;
fi
    esac
   fi
}


# Initialise more variables
# Initialise more variables
# get scalix pakage filenames: main_files, app_files, other_files
# get scalix pakage filenames: main_files, app_files, other_files
# define config_files etc.
# define config_files etc.
# only variable settings made here until -- Step 0 -- below !


scx_main="server postgres"
scx_main="server postgres"
scx_apps="tomcat_ tomcat- mobile platform res sac sis swa"
scx_apps="tomcat-connector tomcat_ mobile platform res sac sis swa"


if [ `ls -1 scalix-*.deb 2>/dev/null | wc -l` -gt 0 ] ; then
if [ `ls -1 scalix-*.deb 2>/dev/null | wc -l` -gt 0 ] ; then
Zeile 253: Zeile 309:
     other_files=`eval "ls -1 scalix-*.deb ${dropme}"`
     other_files=`eval "ls -1 scalix-*.deb ${dropme}"`


    pid=$$
    host=$(hostname -s)
     ldomain=$(hostname -d)
     ldomain=$(hostname -d)
     fqdn=$(hostname -f)
     fqdn=$(hostname -f)
     short=${host:0:1}${host: -1:1}
     short=${mnode:0:1}${mnode: -1:1}
    net="$(echo $ip | cut -d. -f-3)".0/24


     base=/var/opt/scalix/${short}
     base=/var/opt/scalix/${short}
     tomcatport=80
     tomcatport=80


     config_files="${base}/webmail/swa.properties \
     config_files="\
       ${base}/caa/scalix.res/config/ubermanager.properties \
       ${base}/caa/scalix.res/config/ubermanager.properties \
      ${base}/mobile/mobile.properties \
      ${base}/platform/platform.properties \
       ${base}/res/config/res.properties \
       ${base}/res/config/res.properties \
       ${base}/platform/platform.properties \
       ${base}/sis/sis.properties \
       ${base}/mobile/mobile.properties \
       ${base}/webmail/swa.properties"
      ${base}/sis/sis.properties"


else
else
     echo 'Sorry, no scalix-\*.deb pakages found.'
     echo 'Sorry, no scalix-\*.deb packages found.'
     echo "Please change to the directory which contains the files and try again."
     echo "Please change to the directory which contains the files and try again."
     exit 1
     exit 1
fi
fi


cat << EOF
# backup scalix config files
scx_backup_config ()
{
    for f in ${config_files}; do
      if [ -e $f ]; then
          mkdir -p `dirname /var/opt/scalix/scalix-config-backup-${pid}${f}`
          cp ${f} /var/opt/scalix/scalix-config-backup-${pid}${f}
          cp ${f} ${f}.bak
      fi
    done
}
 
# show differences to new config files
scx_diff_config ()
{
    for file in ${config_files}; do
 
      sed -e 's/#.*//g' \
          -e '/^$/ D' \
          ${file} | sort > ${file}.new
 
      sed -e 's/#.*//g' \
          -e '/^$/ D' \
          /var/opt/scalix/scalix-config-backup-${pid}${file} | sort > ${file}.old
 
      if ! diff -q ${file}.old ${file}.new; then
          echo "-------------------------------------------------"
          echo "Check changes in ${file}:"
 
          diff ${file}.old ${file}.new || true
 
          echo ">>> Restore old Configfile [y] ?"
          read a
 
          if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then
            cp ${file} ${file}.new.update
            cp /var/opt/scalix/scalix-config-backup-${pid}${file} ${file}
            echo "restored ${file} !!! <<<"
          fi
          echo "-------------------------------------------------"
          echo ""
      fi
 
    done
 
    echo ">>> Remove temp. Backupfiles (/var/opt/scalix/scalix-config-backup-${pid}) [y] ?"
    read a
 
    if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then
          rm -rf /var/opt/scalix/scalix-config-backup-${pid}
          echo "/var/opt/scalix/scalix-config-backup-${pid} deleted"
    fi
}
 
cat << EOT


>>>> Step 0: check for old Scalix installation
>>>> Step 0: check for old Scalix installation


EOF
EOT
sleep 2
sleep 2


Zeile 288: Zeile 402:
       echo "leaving old Scalix installion (files) untouched"
       echo "leaving old Scalix installion (files) untouched"
     else
     else
      scx_backup_config
       aptitude purge ${scalix_pakages}  # sun-java5-jre postgresql
       aptitude purge ${scalix_pakages}  # sun-java5-jre postgresql
       echo ""
       echo ""
Zeile 296: Zeile 411:
               mv /var/opt/scalix/s.bak /var/opt/scalix/s.bak.$$
               mv /var/opt/scalix/s.bak /var/opt/scalix/s.bak.$$
           fi
           fi
           mv /var/opt/scalix/${short}/s /var/opt/scalix/s.bak
           mv ${base}/s /var/opt/scalix/s.bak
           ls -l /var/opt/scalix/
           ls -l /var/opt/scalix/
           du -sk /var/opt/scalix/s.bak*
           du -sk /var/opt/scalix/s.bak*
Zeile 310: Zeile 425:
fi
fi


cat << EOF
cat << EOT


>>>> Step 1: install Scalix-server
>>>> Step 1a: install dependencies for Lenny


EOF
Please configure a UTF-8 locale or setup will fail later on.
(en_US.UTF-8)
 
EOT
sleep 2
 
# Remove sendmail startup links
# This disables outgoing mail
# /etc/init.d/sendmail stop
# update-rc.d -f sendmail remove
 
#aptitude update
#aptitude upgrade
aptitude install locales
 
if [ ! $(echo "$LANG" | grep UTF-8) ]; then
  echo "Please set e.g. en_US.UTF-8 locale and re-login and restart script"
  exit 0
fi
 
aptitude install apache2 gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 \
      libglib2.0-0 libxml2 sgml-base xml-core postgresql postgresql-client \
      libsasl2-modules libsasl2-2  libstdc++5 wget \
      sendmail mailx elinks w3m sun-java5-jre libssl0.9.8
 
# fix sendmail configfile
if [ -e /etc/mail/sendmail.mc ]; then
  grep MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.mailer.tmp
  grep -v MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.feature.tmp
  cat /tmp/sendmail.mc.feature.tmp >/etc/mail/sendmail.mc
  cat /tmp/sendmail.mc.mailer.tmp >> /etc/mail/sendmail.mc
  rm /tmp/sendmail.mc.*.tmp
fi
 
# some Lenny hacks for scalix binaries
[ -e /usr/lib/libssl.so.0.9.7 ] || ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
[ -e /usr/lib/libcrypto.so.0.9.7 ] || ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7
[ -e /usr/lib/liblber.so.2 ] || ln -s /usr/lib/liblber-2.4.so.2 /usr/lib/liblber.so.2
[ -e /usr/lib/libldap_r.so.2 ] || ln -s /usr/lib/libldap_r-2.4.so.2 /usr/lib/libldap_r.so.2
 
cat << EOT
 
>>>> Step 1b: install Scalix-server
 
EOT
sleep 2
sleep 2
echo "continue installation [y] ? "
echo "continue installation [y] ? "
read a ; [ -z "$a" -o "x$a" == "xy" ] || exit 0
read a ; [ -z "$a" -o "x$a" == "xy" ] || exit 0


aptitude update
fix_scalix_debs iconv
aptitude upgrade
fix_scalix_debs server
aptitude install apache2 libapache2-mod-jk gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 \
fix_scalix_debs postgres
      libglib2.0-0 libstdc++2.10-glibc2.2 libxml2 sgml-base xml-core postgresql libsasl2-modules \
 
      libsasl2-gssapi-mit sendmail elinks w3m sun-java5-jre libssl0.9.7 libstdc++5 wget libmilter0
export PATH=/opt/scalix/bin:$PATH


dpkg -i scalix-libical_*.deb scalix-chardet_*.deb scalix-iconv-extras_*.deb
dpkg -i scalix-libical_*.deb scalix-chardet_*.deb scalix-iconv-extras_*.deb
dpkg -i scalix-server_*.deb
dpkg -i scalix-server_*.deb


export PATH=/opt/scalix/bin:$PATH


# Setup mailnode
# Setup mailnode
Zeile 352: Zeile 510:
omaddpdl -l ScalixAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode


cat >>/var/opt/scalix/${short}/s/sys/general.cfg <<EOF
cat >> ${base}/s/sys/general.cfg <<EOT
#
#
# The CDA service (used for "type down" in some clients) is more
# The CDA service (used for "type down" in some clients) is more
Zeile 402: Zeile 560:
UAL_USE_SIGNON_ALIAS=FALSE
UAL_USE_SIGNON_ALIAS=FALSE


EOF
EOT
chmod 444 /var/opt/scalix/${short}/s/sys/general.cfg
chmod 444 ${base}/s/sys/general.cfg


omon -s all
omon -s all


cat << EOF
cat << EOT


>>>> Step 2: install Scalix packages
>>>> Step 2: install Scalix packages


EOF
EOT
sleep 2
sleep 2


dpkg -i scalix-postgres_*.deb scalix-tomcat_*.deb scalix-tomcat-connector_*.deb \
dpkg -i --force-overwrite scalix-tomcat_*.deb scalix-tomcat-connector_*.deb
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
dpkg -i --force-overwrite scalix-postgres_*.deb
        scalix-sis_*.deb scalix-swa_*.deb


#set JAVA Memory usage
#set JAVA Memory usage
Zeile 429: Zeile 586:
# Setup DB
# Setup DB
/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd
/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd
/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip
#/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip
/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $net


cat << EOF
dpkg -i --force-overwrite \
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
        scalix-sis_*.deb scalix-swa_*.deb
cat << EOT


>>>> Step 3: configure Scalix
>>>> Step 3: configure Scalix


EOF
EOT
sleep 2
sleep 2


Zeile 465: Zeile 626:
     -e "s;__TOMCAT_PORT__;$tomcatport;g" \
     -e "s;__TOMCAT_PORT__;$tomcatport;g" \
     -e "s;localhost;$fqdn;g" \
     -e "s;localhost;$fqdn;g" \
     -e "s;%SIS-LANGUAGE%;German;g" \
     -e "s;%SIS-LANGUAGE%;;g" \
     -e "s;%INDEX-WHITELIST%;$fqdn;g" \
     -e "s;%INDEX-WHITELIST%;$ip;g" \
     -e "s;%SEARCH-WHITELIST%;$fqdn;g" \
     -e "s;%SEARCH-WHITELIST%;$ip;g" \
     -e "s;%INDEXADMIN-WHITELIST%;$fqdn;g" \
     -e "s;%INDEXADMIN-WHITELIST%;$ip;g" \
     $file > $file.neu
     $file > $file.neu
   mv $file.neu $file
   mv $file.neu $file
Zeile 486: Zeile 647:
     mv $file.new $file
     mv $file.new $file
done
done
[ -e /var/opt/scalix/scalix-config-backup-${pid} ] && scx_diff_config


# Write Ldappassword to psdata
# Write Ldappassword to psdata
cd ${base}/caa/scalix.res/config
file=${base}/caa/scalix.res/config/psdata
echo "$ldappwd" > psdata
echo "$ldappwd" > ${file}
chown root:root psdata
chown root:root $file
chmod 400 psdata
chmod 400 $file
cd -


cat << EOF
# check files and permissions
file=$base/s/Copyright/OM-LDAP
[ -e $file ] || touch $file
 
omcheck -s | sh
 
cat << EOT


>>>> Step 4: setup apache, restart Scalix(-tomcat)
>>>> Step 4: setup apache, restart Scalix(-tomcat)


EOF
EOT
sleep 2
sleep 2
# Restart Tomcat
/etc/init.d/scalix-tomcat restart


# Setup Apache
# Setup Apache
[ -e /etc/apache2/conf.d/scalix-web-client.conf ] || \
[ -e /etc/apache2/conf.d/scalix-web-client.conf ] || \
     ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d
     ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d/scalix-web-client.conf


cat << EOF > /etc/apache2/conf.d/scalix-access.conf
cat << EOT > /etc/apache2/conf.d/scalix-access.conf
<Location />
<Location />
         Allow from all
         Allow from all
</Location>
</Location>
EOF
EOT
 
file=/etc/opt/scalix-tomcat/connector/ajp/instance-$mnode.conf
if [ ! -e $file ]; then
  echo 'Include /etc/opt/scalix-tomcat/connector/ajp/app-*.conf' > $file
fi


files="/etc/opt/scalix-tomcat/connector/ajp/*-$mnode.*conf \
files="/etc/opt/scalix-tomcat/connector/ajp/*-$mnode.*conf \
Zeile 526: Zeile 696:


/etc/init.d/apache2 restart
/etc/init.d/apache2 restart
# Restart Tomcat
/etc/init.d/scalix-tomcat restart


cat << EOT
cat << EOT
Zeile 533: Zeile 706:
# http://$fqdn/webmail
# http://$fqdn/webmail
#####################################################
#####################################################
#
# check the scalix installation (file permissions etc.) with:
# > omcheck -i


EOT
EOT
Zeile 543: Zeile 713:


# restore your old scalix data-store with:
# restore your old scalix data-store with:
# - stop scalix            > for f in /etc/rc1.d/*scalix*; do $f stop; done
# - stop scalix            > for f in /etc/rc1.d/K*scalix*; do \$f stop; done
# - restore the data-store  > mv /var/opt/scalix/s.bak $base/s
# - restore the data-store  > mv /var/opt/scalix/s.bak $base/s
# - and start scalix again  > for f in /etc/rc2.d/*scalix*; do $f start; done
# - and start scalix again  > for f in /etc/rc2.d/S*scalix*; do \$f start; done
#
for f in /etc/rc1.d/K*scalix*; do \$f stop; done
mv $base/s $base/s.new
mv /var/opt/scalix/s.bak $base/s
for f in /etc/rc2.d/S*scalix*; do \$f start; done
#
# if SAC Login fails, try this
ommodu sxqueryadmin -p $ldappwd


EOT
EOT

Aktuelle Version vom 16. Februar 2010, 19:19 Uhr

Vorbereitung

Ich habe Scalix in einer XEN-DomU installiert. Das ist natürlich optional. Ausserdem verwendet Scalix sendmail anstatt Exim als smtp-daemon. Analog zur Exim Installation habe ich sendmail in einer Dual-sendmail Konfiguration zusammen mit amavisd-new installiert, welche spamassassin und clamav als Spam- und Virenscanner integriert.

Etch Installation in XEN DomU

Ich starte mit der Installation auf einer frischen Etch-Installation unter XEN. Der Einfachheit halber benutze ich die xen-tools.

apt-get install xen-tools

Konfigdatei /etc/xen-tools/xen-tools.conf:

#
# ...
lvm = vg
debootstrap = 1
#
##
#  Disk and Sizing options.
##
#
size   = 4Gb      # Disk image size.
memory = 256Mb    # Memory size
swap   = 512Mb    # Swap size
# noswap = 1      # Don't use swap at all for the new system.
fs     = ext3     # use the EXT3 filesystem for the disk image.
dist   = etch     # Default distribution to install.
image  = full     # Specify sparse vs. full disk images.
#
# Uncomment and adjust these network settings if you wish to give your
# new instances static IP addresses.
#
gateway   = 192.168.2.1
netmask   = 255.255.255.0
#
# Uncomment this if you wish the images to use DHCP
#
#dhcp = 1
#
# Default kernel and ramdisk to use for the virtual servers
#
kernel = /boot/vmlinuz-2.6.18-6-xen-686
initrd = /boot/initrd.img-2.6.18-6-xen-686
#
# The default mirror for debootstrap which can be used to install
# Debian Sid, Sarge, and Etch.
#
mirror = http://ftp.de.debian.org/debian/
# ...

XEN-DomU (Etch) erstellen, die DomU starten und die Netzwerkkonfiguration der DomU vornehmen:

xen-create-image --hostname=scx --ip=192.168.2.51

vi /etc/xen/scx.cfg               # XEN-Config Anpassungen

xm create -c /etc/xen/scx.cfg     # DomU starten
scp xen1:/usr/sbin/ethtool /usr/sbin  # ethtool aus der Dom0 in die DomU kopieren
aptitude install ethtool locales

/etc/network/interfaces: IP, DNS, Gateway etc. konfigurieren

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 192.168.2.51
 gateway 192.168.2.1
 netmask 255.255.255.0
 dns-nameservers 192.168.2.20
 dns-search zuhause.lan
 post-up  ethtool -K eth0 tx off

# The commented out line above will disable TCP checksumming which
# might resolve problems for some users.  It is disabled by default
#

Zusätzliche Pakete installieren

Jetzt die für Scalix zusätzlich notwendigen Pakete installieren:

  • Apache, Sendmail
  • Postgres
  • Kerberos
  • SASL2
  • diverse Libraries
  • Sun Java, python
  • gawk, wget, elinks, ethtool, less, host
  • libmilter0 (ab 11.4.2, wird aber nicht unbedingt verwendet)
apt-get install -u apache2 sendmail sendmail-doc
apt-get install -u postgresql
apt-get install -u krb5-config krb5-doc krb5-user libkadm55 libkrb53
apt-get install -u libsasl2-modules libsasl2-gssapi-mit sasl2-bin libssl0.9.7
apt-get install -u libxml2 libglib2.0-0 libstdc++2.10-glibc2.2 libstdc++5
apt-get install -u sun-java5-jre python
apt-get install -u gawk elinks wget w3m less ethtool host bzip2
apt-get install -u libmilter0

Folgendes habe ich anschliessend angepasst (siehe unten):

  • Sendmail-Dual Konfiguration
  • Smarthost, MasqueradeAs
  • Amavisd-new, Clamav, Spamassassin integrieren

Ich fange mit Sendmail, Amavisd-new, Spamassassin und Clamav an. Für Spam- und Virenfilter verwende ich das volatile Repository, da diese Programme häufig zu aktualisieren sind und die alten Versionen aus stable teilw. Fehler produzieren (Clamav 100%CPU).

Sendmail unter Debian Etch

Unter Debian ist standardmässig Exim als Maildaemon installiert. Scalix verwendet und konfiguriert sendmail.

Hier beschreibe ich meine sendmail Installation unter Debian Etch zusammen mit amavisd-new, clamav und spamassassin.

Wenn die Email-Konfiguration mit sendmail funktioniert, kann Scalix installiert werden. Die Scalix Installation passt die sendmail Konfiguration so an, dass Emails an den Mail-Server Scalix ausgeliefert werden.

Scalix Installation

Sourcen laden

Sourcen laden (82MB) und unter /usr/src auspacken:

cd /usr/src
wget http://downloads.scalix.com/.community/11.0.4/scalix-11.0.4-GA-debian-intel.tgz
tar xvzf scalix-11.0.4-GA-debian-intel.tgz

bzw. bei den neueren Versionen (inkl. Stand heute 11.4.3)

wget -c http://downloads.scalix.com/.community/11.4.2/scalix-11.4.2-GA-debian-intel.bin
sh ./scalix-11.4.2-GA-debian-intel.bin

Installation

Das Pakage von 11.0.4 war bei mir korrupt, in einem Tomcat-Paket ist ein Syntaxfehler. Den behebe ich zuerst:

cd /usr/src/scalix-debian-11.0.4-GA/software/scalix_server
mkdir -p new/DEBIAN old
mv scalix-tomcat_5.5.16-263_all.deb old 
dpkg -x old/scalix-tomcat_5.5.16-263_all.deb new
dpkg -e old/scalix-tomcat_5.5.16-263_all.deb new/DEBIAN

vi new/DEBIAN/postinst
# ... Zeile 21 die überflüssige ')' entfernen
    /opt/scalix-tomcat/bin/sxtomcat-create-instance ""
# ...

dpkg -b new scalix-tomcat_5.5.16-263_all_patched.deb

Jetzt kann man die Scalix-Pakete installieren (Bitte neue Versionen aus dem Wiki verwenden!):

/usr/src/scx-install-lenny.sh

#!/bin/bash
# Scalix 11.x install script
# Author: neobiker
# Version: $Id: scx-install-lenny.sh,v 1.2 2009/07/25 15:53:32 root Exp root $
#
# $Log: scx-install-lenny.sh,v $
# Revision 1.2  2009/07/25 15:53:32  root
# Revision 1.1  2009/07/13 19:53:32  root
# Initial revision
#

set -e

# Adjust next settings
src_dir=/usr/src

# Admin password (sxadmin)
admpwd=geheim

# JAVA Memory usage (ca. 50% of RAM)
java_mem=256

# load and decompress scalix packages
scalix11version=11.4.6
scalix11downloadurl="http://downloads.scalix.com/.community/${scalix11version}/scalix-${scalix11version}-GA-unsupported-debian-intel.bin"
scalix11bin=`basename $scalix11downloadurl`
scalix11dir=scalix-debian-${scalix11version}-GA

# Extract and install packages
if [ ! -e $scalix11dir ]; then

    # Download Scalix 11
    if [ ! -e $scalix11bin ]; then
        cd $src_dir
        wget -N $scalix11downloadurl
    fi

    sh ./$scalix11bin
fi
cd $scalix11dir/software/scalix_server/


# initialise variables for installation script
mnode=$(hostname -s)
ip=$(hostname -i)

# optional: ask user or comment out
# --------
echo -n "Name of your mailnode [$mnode] ? "
read a ; [ -n "$a" ] && mnode=$a

echo -n "Admin password for Scalix admin user (sxadmin) [$admpwd] ? "
read a ; [ -n "$a" ] && admpwd=$a

dbpwd=$admpwd
echo -n "Please enter a password for the db user [sxadmin-password] ? "
read a ; [ -n "$a" ] && dbpwd=$a

ldappwd=$admpwd
echo -n "Please enter a password for the ldap query user [sxadmin-password] ? "
read a ; [ -n "$a" ] && ldappwd=$a

echo -n "Please enter the external ip address of your Scalix box [$ip]? "
read a ; [ -n "$a" ] && ip=$a

echo -n "Please enter JAVA Memory usage (e.g. 50% of total MEM) [$java_mem]? "
read a ; [ -n "$a" ] && java_mem=$a

# modify scalix deb packages (for lenny)
fix_scalix_debs ()
{
  deb=`/bin/ls -1 scalix-${1}*.deb`
  if  [ -e "$deb" ]; then

    [ -d old ] || mkdir old
    [ -d new_$1 ] && rm -rf new_$1
    [ -d new_$1/DEBIAN ] || mkdir -p new_$1/DEBIAN
    [ -e old/$deb ] || cp $deb old/$deb

    dpkg -x old/$deb new_$1
    dpkg -e old/$deb new_$1/DEBIAN

    case $1 in
        iconv)
            file=new_$1/DEBIAN/preinst
            cat $file | sed -e 's/ "\$1" -gt 1 / -n "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file

            file=new_$1/DEBIAN/postrm
            cat $file | sed -e 's/ "\$1" -eq 0 / -z "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file

            dpkg -b new_$1 $deb
            ;;

        server)
            file=new_$1/DEBIAN/control
            cat $file | sed -e 's/libsasl2,/libsasl2-2,/g' \
                -e 's/libmilter[^,]*,//g' \
                -e 's/libstdc++2[^,]*,//g' >$file.neu
            mv $file.neu $file

            file=new_$1/DEBIAN/postinst
            cat $file | sed -e "s#OMLOGFILE='~/sys/install/log'#OMLOGFILE='~/sys/install/log';#g" >$file.neu
            mv $file.neu $file
            chmod a+x $file

            dpkg -b new_$1 $deb
            ;;

        postgres)
            file=new_$1/DEBIAN/control
            cat $file | sed -e 's/| postgresql-client-.\..//g' \
                -e 's/| postgresql-.\..//g' >$file.neu
            mv $file.neu $file

            dpkg -b new_$1 $deb
            ;;

        *)
            ;;
    esac
  fi
}

# Initialise more variables
# get scalix pakage filenames: main_files, app_files, other_files
# define config_files etc.
# only variable settings made here until -- Step 0 -- below !

scx_main="server postgres"
scx_apps="tomcat-connector tomcat_ mobile platform res sac sis swa"

if [ `ls -1 scalix-*.deb 2>/dev/null | wc -l` -gt 0 ] ; then
    for f in `ls -1 scalix-*.deb | cut -d_ -f1`; do
        scalix_pakages="$scalix_pakages $f"
    done

    for f in ${scx_main}; do
        main_files="${main_files} "`ls scalix-${f}*.deb`
        dropme="${dropme} | grep -v $f"
    done

    for f in ${scx_apps}; do
        app_files="${app_files} "`ls scalix-${f}*.deb`
        dropme="${dropme} | grep -v $f"
    done

    other_files=`eval "ls -1 scalix-*.deb ${dropme}"`

    pid=$$
    host=$(hostname -s)
    ldomain=$(hostname -d)
    fqdn=$(hostname -f)
    short=${mnode:0:1}${mnode: -1:1}
    net="$(echo $ip | cut -d. -f-3)".0/24

    base=/var/opt/scalix/${short}
    tomcatport=80

    config_files="\
       ${base}/caa/scalix.res/config/ubermanager.properties \
       ${base}/mobile/mobile.properties \
       ${base}/platform/platform.properties \
       ${base}/res/config/res.properties \
       ${base}/sis/sis.properties \
       ${base}/webmail/swa.properties"

else
    echo 'Sorry, no scalix-\*.deb packages found.'
    echo "Please change to the directory which contains the files and try again."
    exit 1
fi

# backup scalix config files
scx_backup_config ()
{
    for f in ${config_files}; do
       if [ -e $f ]; then
          mkdir -p `dirname /var/opt/scalix/scalix-config-backup-${pid}${f}`
          cp ${f} /var/opt/scalix/scalix-config-backup-${pid}${f}
          cp ${f} ${f}.bak
       fi
    done
}

# show differences to new config files
scx_diff_config ()
{
    for file in ${config_files}; do

      sed -e 's/#.*//g' \
          -e '/^$/ D' \
          ${file} | sort > ${file}.new

      sed -e 's/#.*//g' \
          -e '/^$/ D' \
          /var/opt/scalix/scalix-config-backup-${pid}${file} | sort > ${file}.old

      if ! diff -q ${file}.old ${file}.new; then
          echo "-------------------------------------------------"
          echo "Check changes in ${file}:"

          diff ${file}.old ${file}.new || true

          echo ">>> Restore old Configfile [y] ?"
          read a

          if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then
            cp ${file} ${file}.new.update
            cp /var/opt/scalix/scalix-config-backup-${pid}${file} ${file}
            echo "restored ${file} !!! <<<"
          fi
          echo "-------------------------------------------------"
          echo ""
      fi

    done

    echo ">>> Remove temp. Backupfiles (/var/opt/scalix/scalix-config-backup-${pid}) [y] ?"
    read a

    if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then
          rm -rf /var/opt/scalix/scalix-config-backup-${pid}
          echo "/var/opt/scalix/scalix-config-backup-${pid} deleted"
    fi
}

cat << EOT

>>>> Step 0: check for old Scalix installation

EOT
sleep 2

# Scalix already installed, remove ?
if [ -d ${base} ]; then
    echo "Scalix directory found: $base"
    echo "Remove Scalix Installation (not the datastore!) [n] ? "
    read a
    if [ "x$a" == "x" -o "x$a" == "xn" ]; then
      echo "leaving old Scalix installion (files) untouched"
    else
      scx_backup_config
      aptitude purge ${scalix_pakages}   # sun-java5-jre postgresql
      echo ""
      echo "delete scalix pakages (${base}, but save the Data-Store!) [y] ? "
      read a
      if [ "x$a" == "x" -o "x$a" == "xy" ]; then
          if [ -d /var/opt/scalix/s.bak ]; then
              mv /var/opt/scalix/s.bak /var/opt/scalix/s.bak.$$
          fi
          mv ${base}/s /var/opt/scalix/s.bak
          ls -l /var/opt/scalix/
          du -sk /var/opt/scalix/s.bak*
          echo ""
          echo "saved data-store, delete all scalix files ${base} now [y] ?"
          read a
          if [ "x$a" == "x" -o "x$a" == "xy" ]; then
              scalix_config_dirs="${base} /opt/scalix* /etc/opt/scalix* /etc/init.d/scalix*"
              rm -rf ${scalix_config_dirs}
          fi
      fi
    fi
fi

cat << EOT

>>>> Step 1a: install dependencies for Lenny

Please configure a UTF-8 locale or setup will fail later on.
(en_US.UTF-8)

EOT
sleep 2

# Remove sendmail startup links
# This disables outgoing mail
# /etc/init.d/sendmail stop
# update-rc.d -f sendmail remove

#aptitude update
#aptitude upgrade
aptitude install locales

if [ ! $(echo "$LANG" | grep UTF-8) ]; then
   echo "Please set e.g. en_US.UTF-8 locale and re-login and restart script"
   exit 0
fi

aptitude install apache2 gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 \
       libglib2.0-0 libxml2 sgml-base xml-core postgresql postgresql-client \
       libsasl2-modules libsasl2-2  libstdc++5 wget \
       sendmail mailx elinks w3m sun-java5-jre libssl0.9.8

# fix sendmail configfile
if [ -e /etc/mail/sendmail.mc ]; then
  grep MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.mailer.tmp
  grep -v MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.feature.tmp
  cat /tmp/sendmail.mc.feature.tmp >/etc/mail/sendmail.mc
  cat /tmp/sendmail.mc.mailer.tmp >> /etc/mail/sendmail.mc
  rm /tmp/sendmail.mc.*.tmp
fi

# some Lenny hacks for scalix binaries
[ -e /usr/lib/libssl.so.0.9.7 ] || ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
[ -e /usr/lib/libcrypto.so.0.9.7 ] || ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7
[ -e /usr/lib/liblber.so.2 ] || ln -s /usr/lib/liblber-2.4.so.2 /usr/lib/liblber.so.2
[ -e /usr/lib/libldap_r.so.2 ] || ln -s /usr/lib/libldap_r-2.4.so.2 /usr/lib/libldap_r.so.2

cat << EOT

>>>> Step 1b: install Scalix-server

EOT
sleep 2
echo "continue installation [y] ? "
read a ; [ -z "$a" -o "x$a" == "xy" ] || exit 0

fix_scalix_debs iconv
fix_scalix_debs server
fix_scalix_debs postgres

export PATH=/opt/scalix/bin:$PATH

dpkg -i scalix-libical_*.deb scalix-chardet_*.deb scalix-iconv-extras_*.deb
dpkg -i scalix-server_*.deb


# Setup mailnode
ommakeom

sxconfig --set -t general.usrl_cn_rule='G S'
sxconfig --set -t general.usrl_authid_rule='l@'
sxconfig --set -t orniasys.name_part_1='"C" <S>' -t orniasys.domain_part_1="$ldomain"

omaddmn -m $mnode

omrc -n

omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin
omconfenu -n "sxadmin/$mnode"
omlimit -u "sxadmin/$mnode" -o -i 0 -m 0

omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn

omaddpdl -l ScalixUserAdmins/$mnode
omaddpdl -l ScalixUserAttributesAdmins/$mnode
omaddpdl -l ScalixGroupAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode

cat >> ${base}/s/sys/general.cfg <<EOT
#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server. Note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most 10 connections per second. If clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is 30 minutes. Some
# clients "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users created without one.
# Users added with the bulk-add mechanism used by the
# wizard do not have a message store. So setting this tweak allows
# them to receive mail before they are initially signed on.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to sign on using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
#
# Note that changing these settings normally requires restarting Scalix.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE

EOT
chmod 444 ${base}/s/sys/general.cfg

omon -s all

cat << EOT

>>>> Step 2: install Scalix packages

EOT
sleep 2

dpkg -i --force-overwrite scalix-tomcat_*.deb scalix-tomcat-connector_*.deb
dpkg -i --force-overwrite scalix-postgres_*.deb

#set JAVA Memory usage
file=/etc/opt/scalix-tomcat/scalix-tomcat.conf
if [ -e $file ]; then
    sed -e "s;Xms256;Xms${java_mem};g" \
        -e "s;Xmx256;Xmx${java_mem};g" \
        $file > $file.neu
    mv $file.neu $file
fi

# Setup DB
/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd
#/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip
/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $net

dpkg -i --force-overwrite \
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
        scalix-sis_*.deb scalix-swa_*.deb
cat << EOT

>>>> Step 3: configure Scalix

EOT
sleep 2

# Configure Scalix
for file in ${config_files}; do
  sed \
    -e "s;%LOCALDOMAIN%;$ldomain;g" \
    -e "s;%LOCALHOST%;$fqdn;g" \
    -e "s;%IMAPHOST%;$fqdn;g" \
    -e "s;%SMTPHOST%;$fqdn;g" \
    -e "s;%DBHOST%;$fqdn:5733;g" \
    -e "s;%DBPASSWD%;$dbpwd;g" \
    -e "s;%LDAPPORT%;389;g" \
    -e "s;http://%PLATFORMURL%:8080/api;http://$fqdn/api;g" \
    -e "s;%PLATFORMURL%;http://$fqdn/api;g" \
    -e "s;swa.platform.enabled=false;swa.platform.enabled=true;g" \
    -e "s;__SECURED_MODE__;false;g" \
    -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \
    -e "s;__KERBEROS_REALM__;;g" \
    -e "s;__FQHN_FOR_KDC_HOST__;;g" \
    -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \
    -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \
    -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \
    -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \
    -e "s;__CONFIGURED__;true;g" \
    -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \
    -e "s;__TOMCAT_PORT__;$tomcatport;g" \
    -e "s;localhost;$fqdn;g" \
    -e "s;%SIS-LANGUAGE%;;g" \
    -e "s;%INDEX-WHITELIST%;$ip;g" \
    -e "s;%SEARCH-WHITELIST%;$ip;g" \
    -e "s;%INDEXADMIN-WHITELIST%;$ip;g" \
    $file > $file.neu
  mv $file.neu $file
done

# some (optional) GERMAN settings
for file in ${config_files}; do
  sed \
      -e "s;ubermanager.console.defaultCountry=US;ubermanager.console.defaultCountry=DE;g" \
      -e "s;ubermanager.console.defaultLanguage=AMERICAN;ubermanager.console.defaultLanguage=GERMAN;g" \
      -e "s;swa.user.locale=en_US;swa.user.locale=de_DE;g" \
      -e "s;swa.user.preferredDateTimeFormat=1;swa.user.preferredDateTimeFormat=2;g" \
      -e "s;swa.user.dateSeparatorChar=/;swa.user.dateSeparatorChar=.;g" \
      -e "s;swa.user.weekStart=0;swa.user.weekStart=1;g" \
      -e "s;swa.user.defaultCalendarView=0;swa.user.defaultCalendarView=2;g" \
      ${file} > ${file}.new
    mv $file.new $file
done

[ -e /var/opt/scalix/scalix-config-backup-${pid} ] && scx_diff_config

# Write Ldappassword to psdata
file=${base}/caa/scalix.res/config/psdata
echo "$ldappwd" > ${file}
chown root:root $file
chmod 400 $file

# check files and permissions
file=$base/s/Copyright/OM-LDAP
[ -e $file ] || touch $file

omcheck -s | sh

cat << EOT

>>>> Step 4: setup apache, restart Scalix(-tomcat)

EOT
sleep 2

# Setup Apache
[ -e /etc/apache2/conf.d/scalix-web-client.conf ] || \
    ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d/scalix-web-client.conf

cat << EOT > /etc/apache2/conf.d/scalix-access.conf
<Location />
        Allow from all
</Location>
EOT

file=/etc/opt/scalix-tomcat/connector/ajp/instance-$mnode.conf
if [ ! -e $file ]; then
  echo 'Include /etc/opt/scalix-tomcat/connector/ajp/app-*.conf' > $file
fi

files="/etc/opt/scalix-tomcat/connector/ajp/*-$mnode.*conf \
       /etc/opt/scalix-tomcat/connector/jk/*-$mnode.*conf"
for file in $files; do
  if [ -e $file ]; then
    sed -e 's;<VirtualHost;#<VirtualHost;g' \
        -e 's;</VirtualHost;#</VirtualHost;g' \
        $file > $file.neu
    mv $file.neu $file
  fi
done

/etc/init.d/apache2 restart

# Restart Tomcat
/etc/init.d/scalix-tomcat restart

cat << EOT
#####################################################
# You should now be able to access scalix at:
# http://$fqdn/sac
# http://$fqdn/webmail
#####################################################

EOT

if [ -e /var/opt/scalix/s.bak ]; then
cat << EOT

# restore your old scalix data-store with:
# - stop scalix             > for f in /etc/rc1.d/K*scalix*; do \$f stop; done
# - restore the data-store  > mv /var/opt/scalix/s.bak $base/s
# - and start scalix again  > for f in /etc/rc2.d/S*scalix*; do \$f start; done
#
for f in /etc/rc1.d/K*scalix*; do \$f stop; done
mv $base/s $base/s.new
mv /var/opt/scalix/s.bak $base/s
for f in /etc/rc2.d/S*scalix*; do \$f start; done
#
# if SAC Login fails, try this
ommodu sxqueryadmin -p $ldappwd

EOT
fi

Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können. Als sxadmin kann man in der Scalix Admin Console (SAC) neue User anlegen.

Zuerst sollte man dem Scalix Mailserver zusätzlich die richtige (externe) Mail-Domain beibringen. Das trägt man unter "Einstellungen - Administration - Lokale Domains" ein. Bei mir sind 2 Einträge vorhanden

  • neobiker.de
  • Zuhause.xx


Um Ressourcen zu sparen, kann man den Speicherbedarf des Tomcat etwas zügeln (das ist im install-skript bereits eingebaut):

/etc/opt/scalix-tomcat/scalix-tomcat.conf

# Configuration file for Scalix Tomcat

# The directory where Java is installed
# (determined from /usr/bin/java managed by update-alternatives
# by default, change to hardcoded path if needed):
JAVA_HOME="`/opt/scalix-tomcat/bin/determine-java-home`"

# Additional arguments to be passed to Java:
JAVA_OPTS="-server -Xms40m -Xmx40m"

# Maximum number of file descriptors
ULIMIT_NUM_FILES="1000"

Webmail per DMZ-Proxy und SSL-Zugriff

Gesicherten Zugriff auf den Webmail Client von Scalix realisierte ich über einen Apache-Server in meiner DMZ. Hierzu installiert man das scalix-tomcat-connector Paket in der DMZ. In der Firewall muss Port 8009 von der DMZ zum Scalix-Server freigeschaltet werden.

dpkg -i scalix-tomcat-connector_11.0.4.25_all.deb

Standardmässig verwende ich SSL, das erzwinge ich mit einer Rewriting Regel in der Standardkonfiguration /etc/apache2/sites-enabled/000-default

NameVirtualHost *:80
<VirtualHost *:80>
...
        <IfModule mod_rewrite.c>
          <IfModule mod_ssl.c>
            <Location /webmail>
              RewriteEngine on
              RewriteCond %{HTTPS} !^on$ [NC]
              RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
            </Location>
          </IfModule>
        </IfModule>
...

</VirtualHost>


/etc/apache2/sites-enabled/000-default-ssl

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName www-dmz.neobiker.de
        ServerAdmin webmaster@neobiker.de
        DocumentRoot /var/www/

        SSLEngine on
        # meine eigenen Certifikate meiner Server-CA
        SSLCertificateFile /etc/ssl/certs/dmz1_wwwCert.pem
        SSLCertificateKeyFile /etc/ssl/private/dmz1_www-Key.pem
        #SSLCertificateFile /etc/apache2/ssl/apache.pem
        #SSLCertificateKeyFile /etc/apache2/ssl/apache.pem

        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride AuthConfig
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined

        <IfModule mod_proxy_ajp.c>
                Include /etc/opt/scalix-tomcat/connector/ajp/app-scx.*.conf
        </IfModule>

</VirtualHost>

Die Scalix-Proxy Konfigurationen: /etc/opt/scalix-tomcat/connector/ajp/app-scx.*.conf

/etc/opt/scalix-tomcat/connector/ajp/app-scx.sac.conf

        ProxyPass /sac ajp://scx.neobiker.lan:8009/sac

/etc/opt/scalix-tomcat/connector/ajp/app-scx.webmail.conf

        ProxyPass /webmail ajp://scx.neobiker.lan:8009/webmail

Unter Etch wird das Apache Modul mod_jk nicht mehr benötigt, da es von mod_proxy_ajp abgelöst wurde. Da ich das ajp-Modul selber in der SSL-Konfiguration includiere (vgl. oben), kommentiere ich es hier aus (entweder/oder):


/etc/apache2/conf.d/scalix-tomcat-connector.conf

# ---------------------------------------------------------------------------
# Configure on-the-fly deflate compression of the pages:
# ---------------------------------------------------------------------------

<Location />
  AddOutputFilterByType DEFLATE text/xml text/html text/css
  AddOutputFilterByType DEFLATE application/x-javascript
</Location>

# ---------------------------------------------------------------------------
# mod_proxy_ajp connector configuration
# ---------------------------------------------------------------------------

#<IfModule mod_proxy_ajp.c>
#  Include /etc/opt/scalix-tomcat/connector/ajp/app*.conf
#</IfModule>

# ---------------------------------------------------------------------------
# mod_jk connector configuration (part common to all platforms)
# ---------------------------------------------------------------------------

# Setup JK connector needed to run Tomcat under Apache server:

<IfModule mod_jk.c>

# Set the jk log level [debug/error/info]
JkLogLevel          info
# Select the log format
JkLogStampFormat   "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions          +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

Include /etc/opt/scalix-tomcat/connector/jk/app-*.conf
Include /etc/opt/scalix-tomcat/connector/jk/workers.conf

</IfModule>

# ---------------------------------------------------------------------------
# mod_jk connector configuration (part specific to Debian)
# ---------------------------------------------------------------------------

<IfModule mod_jk.c>
# Where to put jk logs
# Update this path to match your logs directory location
# (put mod_jk.log next to access_log)
JkLogFile     /var/log/apache2/mod_jk.log
</IfModule>

Quellen

[1] Scalix Wiki: Manuelle Installation unter Etch

[2] Linux Magazin Online: Mail Server