Scalix mit Debian Etch: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 430: | Zeile 430: | ||
Please configure a UTF-8 locale or setup will fail later on. | Please configure a UTF-8 locale or setup will fail later on. | ||
( | (en_US.UTF-8) | ||
EOT | EOT | ||
Zeile 626: | Zeile 626: | ||
-e "s;__TOMCAT_PORT__;$tomcatport;g" \ | -e "s;__TOMCAT_PORT__;$tomcatport;g" \ | ||
-e "s;localhost;$fqdn;g" \ | -e "s;localhost;$fqdn;g" \ | ||
-e "s;%SIS-LANGUAGE%; | -e "s;%SIS-LANGUAGE%;;g" \ | ||
-e "s;%INDEX-WHITELIST%;$ | -e "s;%INDEX-WHITELIST%;$ip;g" \ | ||
-e "s;%SEARCH-WHITELIST%;$ | -e "s;%SEARCH-WHITELIST%;$ip;g" \ | ||
-e "s;%INDEXADMIN-WHITELIST%;$ | -e "s;%INDEXADMIN-WHITELIST%;$ip;g" \ | ||
$file > $file.neu | $file > $file.neu | ||
mv $file.neu $file | mv $file.neu $file |
Aktuelle Version vom 16. Februar 2010, 19:19 Uhr
Vorbereitung
Ich habe Scalix in einer XEN-DomU installiert. Das ist natürlich optional. Ausserdem verwendet Scalix sendmail anstatt Exim als smtp-daemon. Analog zur Exim Installation habe ich sendmail in einer Dual-sendmail Konfiguration zusammen mit amavisd-new installiert, welche spamassassin und clamav als Spam- und Virenscanner integriert.
Etch Installation in XEN DomU
Ich starte mit der Installation auf einer frischen Etch-Installation unter XEN. Der Einfachheit halber benutze ich die xen-tools.
apt-get install xen-tools
Konfigdatei /etc/xen-tools/xen-tools.conf:
# # ... lvm = vg debootstrap = 1 # ## # Disk and Sizing options. ## # size = 4Gb # Disk image size. memory = 256Mb # Memory size swap = 512Mb # Swap size # noswap = 1 # Don't use swap at all for the new system. fs = ext3 # use the EXT3 filesystem for the disk image. dist = etch # Default distribution to install. image = full # Specify sparse vs. full disk images. # # Uncomment and adjust these network settings if you wish to give your # new instances static IP addresses. # gateway = 192.168.2.1 netmask = 255.255.255.0 # # Uncomment this if you wish the images to use DHCP # #dhcp = 1 # # Default kernel and ramdisk to use for the virtual servers # kernel = /boot/vmlinuz-2.6.18-6-xen-686 initrd = /boot/initrd.img-2.6.18-6-xen-686 # # The default mirror for debootstrap which can be used to install # Debian Sid, Sarge, and Etch. # mirror = http://ftp.de.debian.org/debian/ # ...
XEN-DomU (Etch) erstellen, die DomU starten und die Netzwerkkonfiguration der DomU vornehmen:
xen-create-image --hostname=scx --ip=192.168.2.51 vi /etc/xen/scx.cfg # XEN-Config Anpassungen xm create -c /etc/xen/scx.cfg # DomU starten scp xen1:/usr/sbin/ethtool /usr/sbin # ethtool aus der Dom0 in die DomU kopieren aptitude install ethtool locales
/etc/network/interfaces: IP, DNS, Gateway etc. konfigurieren
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.2.51 gateway 192.168.2.1 netmask 255.255.255.0 dns-nameservers 192.168.2.20 dns-search zuhause.lan post-up ethtool -K eth0 tx off # The commented out line above will disable TCP checksumming which # might resolve problems for some users. It is disabled by default #
Zusätzliche Pakete installieren
Jetzt die für Scalix zusätzlich notwendigen Pakete installieren:
- Apache, Sendmail
- Postgres
- Kerberos
- SASL2
- diverse Libraries
- Sun Java, python
- gawk, wget, elinks, ethtool, less, host
- libmilter0 (ab 11.4.2, wird aber nicht unbedingt verwendet)
apt-get install -u apache2 sendmail sendmail-doc apt-get install -u postgresql apt-get install -u krb5-config krb5-doc krb5-user libkadm55 libkrb53 apt-get install -u libsasl2-modules libsasl2-gssapi-mit sasl2-bin libssl0.9.7 apt-get install -u libxml2 libglib2.0-0 libstdc++2.10-glibc2.2 libstdc++5 apt-get install -u sun-java5-jre python apt-get install -u gawk elinks wget w3m less ethtool host bzip2 apt-get install -u libmilter0
Folgendes habe ich anschliessend angepasst (siehe unten):
- Sendmail-Dual Konfiguration
- Smarthost, MasqueradeAs
- Amavisd-new, Clamav, Spamassassin integrieren
Ich fange mit Sendmail, Amavisd-new, Spamassassin und Clamav an. Für Spam- und Virenfilter verwende ich das volatile Repository, da diese Programme häufig zu aktualisieren sind und die alten Versionen aus stable teilw. Fehler produzieren (Clamav 100%CPU).
Sendmail unter Debian Etch
Unter Debian ist standardmässig Exim als Maildaemon installiert. Scalix verwendet und konfiguriert sendmail.
Hier beschreibe ich meine sendmail Installation unter Debian Etch zusammen mit amavisd-new, clamav und spamassassin.
Wenn die Email-Konfiguration mit sendmail funktioniert, kann Scalix installiert werden. Die Scalix Installation passt die sendmail Konfiguration so an, dass Emails an den Mail-Server Scalix ausgeliefert werden.
Scalix Installation
Sourcen laden
Sourcen laden (82MB) und unter /usr/src auspacken:
cd /usr/src wget http://downloads.scalix.com/.community/11.0.4/scalix-11.0.4-GA-debian-intel.tgz tar xvzf scalix-11.0.4-GA-debian-intel.tgz
bzw. bei den neueren Versionen (inkl. Stand heute 11.4.3)
wget -c http://downloads.scalix.com/.community/11.4.2/scalix-11.4.2-GA-debian-intel.bin sh ./scalix-11.4.2-GA-debian-intel.bin
Installation
Das Pakage von 11.0.4 war bei mir korrupt, in einem Tomcat-Paket ist ein Syntaxfehler. Den behebe ich zuerst:
cd /usr/src/scalix-debian-11.0.4-GA/software/scalix_server mkdir -p new/DEBIAN old mv scalix-tomcat_5.5.16-263_all.deb old dpkg -x old/scalix-tomcat_5.5.16-263_all.deb new dpkg -e old/scalix-tomcat_5.5.16-263_all.deb new/DEBIAN vi new/DEBIAN/postinst # ... Zeile 21 die überflüssige ')' entfernen /opt/scalix-tomcat/bin/sxtomcat-create-instance "" # ... dpkg -b new scalix-tomcat_5.5.16-263_all_patched.deb
Jetzt kann man die Scalix-Pakete installieren (Bitte neue Versionen aus dem Wiki verwenden!):
/usr/src/scx-install-lenny.sh
#!/bin/bash # Scalix 11.x install script # Author: neobiker # Version: $Id: scx-install-lenny.sh,v 1.2 2009/07/25 15:53:32 root Exp root $ # # $Log: scx-install-lenny.sh,v $ # Revision 1.2 2009/07/25 15:53:32 root # Revision 1.1 2009/07/13 19:53:32 root # Initial revision # set -e # Adjust next settings src_dir=/usr/src # Admin password (sxadmin) admpwd=geheim # JAVA Memory usage (ca. 50% of RAM) java_mem=256 # load and decompress scalix packages scalix11version=11.4.6 scalix11downloadurl="http://downloads.scalix.com/.community/${scalix11version}/scalix-${scalix11version}-GA-unsupported-debian-intel.bin" scalix11bin=`basename $scalix11downloadurl` scalix11dir=scalix-debian-${scalix11version}-GA # Extract and install packages if [ ! -e $scalix11dir ]; then # Download Scalix 11 if [ ! -e $scalix11bin ]; then cd $src_dir wget -N $scalix11downloadurl fi sh ./$scalix11bin fi cd $scalix11dir/software/scalix_server/ # initialise variables for installation script mnode=$(hostname -s) ip=$(hostname -i) # optional: ask user or comment out # -------- echo -n "Name of your mailnode [$mnode] ? " read a ; [ -n "$a" ] && mnode=$a echo -n "Admin password for Scalix admin user (sxadmin) [$admpwd] ? " read a ; [ -n "$a" ] && admpwd=$a dbpwd=$admpwd echo -n "Please enter a password for the db user [sxadmin-password] ? " read a ; [ -n "$a" ] && dbpwd=$a ldappwd=$admpwd echo -n "Please enter a password for the ldap query user [sxadmin-password] ? " read a ; [ -n "$a" ] && ldappwd=$a echo -n "Please enter the external ip address of your Scalix box [$ip]? " read a ; [ -n "$a" ] && ip=$a echo -n "Please enter JAVA Memory usage (e.g. 50% of total MEM) [$java_mem]? " read a ; [ -n "$a" ] && java_mem=$a # modify scalix deb packages (for lenny) fix_scalix_debs () { deb=`/bin/ls -1 scalix-${1}*.deb` if [ -e "$deb" ]; then [ -d old ] || mkdir old [ -d new_$1 ] && rm -rf new_$1 [ -d new_$1/DEBIAN ] || mkdir -p new_$1/DEBIAN [ -e old/$deb ] || cp $deb old/$deb dpkg -x old/$deb new_$1 dpkg -e old/$deb new_$1/DEBIAN case $1 in iconv) file=new_$1/DEBIAN/preinst cat $file | sed -e 's/ "\$1" -gt 1 / -n "\$1" /g' >$file.neu mv $file.neu $file chmod a+x $file file=new_$1/DEBIAN/postrm cat $file | sed -e 's/ "\$1" -eq 0 / -z "\$1" /g' >$file.neu mv $file.neu $file chmod a+x $file dpkg -b new_$1 $deb ;; server) file=new_$1/DEBIAN/control cat $file | sed -e 's/libsasl2,/libsasl2-2,/g' \ -e 's/libmilter[^,]*,//g' \ -e 's/libstdc++2[^,]*,//g' >$file.neu mv $file.neu $file file=new_$1/DEBIAN/postinst cat $file | sed -e "s#OMLOGFILE='~/sys/install/log'#OMLOGFILE='~/sys/install/log';#g" >$file.neu mv $file.neu $file chmod a+x $file dpkg -b new_$1 $deb ;; postgres) file=new_$1/DEBIAN/control cat $file | sed -e 's/| postgresql-client-.\..//g' \ -e 's/| postgresql-.\..//g' >$file.neu mv $file.neu $file dpkg -b new_$1 $deb ;; *) ;; esac fi } # Initialise more variables # get scalix pakage filenames: main_files, app_files, other_files # define config_files etc. # only variable settings made here until -- Step 0 -- below ! scx_main="server postgres" scx_apps="tomcat-connector tomcat_ mobile platform res sac sis swa" if [ `ls -1 scalix-*.deb 2>/dev/null | wc -l` -gt 0 ] ; then for f in `ls -1 scalix-*.deb | cut -d_ -f1`; do scalix_pakages="$scalix_pakages $f" done for f in ${scx_main}; do main_files="${main_files} "`ls scalix-${f}*.deb` dropme="${dropme} | grep -v $f" done for f in ${scx_apps}; do app_files="${app_files} "`ls scalix-${f}*.deb` dropme="${dropme} | grep -v $f" done other_files=`eval "ls -1 scalix-*.deb ${dropme}"` pid=$$ host=$(hostname -s) ldomain=$(hostname -d) fqdn=$(hostname -f) short=${mnode:0:1}${mnode: -1:1} net="$(echo $ip | cut -d. -f-3)".0/24 base=/var/opt/scalix/${short} tomcatport=80 config_files="\ ${base}/caa/scalix.res/config/ubermanager.properties \ ${base}/mobile/mobile.properties \ ${base}/platform/platform.properties \ ${base}/res/config/res.properties \ ${base}/sis/sis.properties \ ${base}/webmail/swa.properties" else echo 'Sorry, no scalix-\*.deb packages found.' echo "Please change to the directory which contains the files and try again." exit 1 fi # backup scalix config files scx_backup_config () { for f in ${config_files}; do if [ -e $f ]; then mkdir -p `dirname /var/opt/scalix/scalix-config-backup-${pid}${f}` cp ${f} /var/opt/scalix/scalix-config-backup-${pid}${f} cp ${f} ${f}.bak fi done } # show differences to new config files scx_diff_config () { for file in ${config_files}; do sed -e 's/#.*//g' \ -e '/^$/ D' \ ${file} | sort > ${file}.new sed -e 's/#.*//g' \ -e '/^$/ D' \ /var/opt/scalix/scalix-config-backup-${pid}${file} | sort > ${file}.old if ! diff -q ${file}.old ${file}.new; then echo "-------------------------------------------------" echo "Check changes in ${file}:" diff ${file}.old ${file}.new || true echo ">>> Restore old Configfile [y] ?" read a if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then cp ${file} ${file}.new.update cp /var/opt/scalix/scalix-config-backup-${pid}${file} ${file} echo "restored ${file} !!! <<<" fi echo "-------------------------------------------------" echo "" fi done echo ">>> Remove temp. Backupfiles (/var/opt/scalix/scalix-config-backup-${pid}) [y] ?" read a if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then rm -rf /var/opt/scalix/scalix-config-backup-${pid} echo "/var/opt/scalix/scalix-config-backup-${pid} deleted" fi } cat << EOT >>>> Step 0: check for old Scalix installation EOT sleep 2 # Scalix already installed, remove ? if [ -d ${base} ]; then echo "Scalix directory found: $base" echo "Remove Scalix Installation (not the datastore!) [n] ? " read a if [ "x$a" == "x" -o "x$a" == "xn" ]; then echo "leaving old Scalix installion (files) untouched" else scx_backup_config aptitude purge ${scalix_pakages} # sun-java5-jre postgresql echo "" echo "delete scalix pakages (${base}, but save the Data-Store!) [y] ? " read a if [ "x$a" == "x" -o "x$a" == "xy" ]; then if [ -d /var/opt/scalix/s.bak ]; then mv /var/opt/scalix/s.bak /var/opt/scalix/s.bak.$$ fi mv ${base}/s /var/opt/scalix/s.bak ls -l /var/opt/scalix/ du -sk /var/opt/scalix/s.bak* echo "" echo "saved data-store, delete all scalix files ${base} now [y] ?" read a if [ "x$a" == "x" -o "x$a" == "xy" ]; then scalix_config_dirs="${base} /opt/scalix* /etc/opt/scalix* /etc/init.d/scalix*" rm -rf ${scalix_config_dirs} fi fi fi fi cat << EOT >>>> Step 1a: install dependencies for Lenny Please configure a UTF-8 locale or setup will fail later on. (en_US.UTF-8) EOT sleep 2 # Remove sendmail startup links # This disables outgoing mail # /etc/init.d/sendmail stop # update-rc.d -f sendmail remove #aptitude update #aptitude upgrade aptitude install locales if [ ! $(echo "$LANG" | grep UTF-8) ]; then echo "Please set e.g. en_US.UTF-8 locale and re-login and restart script" exit 0 fi aptitude install apache2 gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 \ libglib2.0-0 libxml2 sgml-base xml-core postgresql postgresql-client \ libsasl2-modules libsasl2-2 libstdc++5 wget \ sendmail mailx elinks w3m sun-java5-jre libssl0.9.8 # fix sendmail configfile if [ -e /etc/mail/sendmail.mc ]; then grep MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.mailer.tmp grep -v MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.feature.tmp cat /tmp/sendmail.mc.feature.tmp >/etc/mail/sendmail.mc cat /tmp/sendmail.mc.mailer.tmp >> /etc/mail/sendmail.mc rm /tmp/sendmail.mc.*.tmp fi # some Lenny hacks for scalix binaries [ -e /usr/lib/libssl.so.0.9.7 ] || ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7 [ -e /usr/lib/libcrypto.so.0.9.7 ] || ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7 [ -e /usr/lib/liblber.so.2 ] || ln -s /usr/lib/liblber-2.4.so.2 /usr/lib/liblber.so.2 [ -e /usr/lib/libldap_r.so.2 ] || ln -s /usr/lib/libldap_r-2.4.so.2 /usr/lib/libldap_r.so.2 cat << EOT >>>> Step 1b: install Scalix-server EOT sleep 2 echo "continue installation [y] ? " read a ; [ -z "$a" -o "x$a" == "xy" ] || exit 0 fix_scalix_debs iconv fix_scalix_debs server fix_scalix_debs postgres export PATH=/opt/scalix/bin:$PATH dpkg -i scalix-libical_*.deb scalix-chardet_*.deb scalix-iconv-extras_*.deb dpkg -i scalix-server_*.deb # Setup mailnode ommakeom sxconfig --set -t general.usrl_cn_rule='G S' sxconfig --set -t general.usrl_authid_rule='l@' sxconfig --set -t orniasys.name_part_1='"C" <S>' -t orniasys.domain_part_1="$ldomain" omaddmn -m $mnode omrc -n omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin omconfenu -n "sxadmin/$mnode" omlimit -u "sxadmin/$mnode" -o -i 0 -m 0 omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn omaddpdl -l ScalixUserAdmins/$mnode omaddpdl -l ScalixUserAttributesAdmins/$mnode omaddpdl -l ScalixGroupAdmins/$mnode omaddpdl -l ScalixAdmins/$mnode cat >> ${base}/s/sys/general.cfg <<EOT # # The CDA service (used for "type down" in some clients) is more # efficient if it can check the directory change log before attempting # to update the access tables that it uses. One slow machines, it may # also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check # interval from five minutes to an hour. # CDA_USE_CHANGE_LOG=TRUE # CDA_CHECKTIME=60 # # These tweaks limit the number and rate of IMAP connections to the # server. The IMAP_CONNECTION_LIMIT simply restricts the total number of # connections to the server. Note that many IMAP clients have several # connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts # the rate at which clients can connect to the server, in this case, at # most 10 connections per second. If clients try to connect faster # than that, the IMAP server simply slows down the rate at which it will # accept new connections. # IMAP_CONNECTION_LIMIT=500 IMAP_CONNRATE_LIMIT=10 # # The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection # will wait for a command before terminating the connection. The default # setting, and the minimum required setting, is 30 minutes. Some # clients "refresh" their connection once every thirty minutes # exactly -- but if they are a little bit late, the server drops their # connection. Setting a timeout of 31 minutes avoids this problem. # IMAP_IDLE_TIMEOUT=31 # # This tweak arranges for Local Delivery to automatically create a # message store for users created without one. # Users added with the bulk-add mechanism used by the # wizard do not have a message store. So setting this tweak allows # them to receive mail before they are initially signed on. # LD_CREATE_MESSAGE_STORE=TRUE # # These three tweaks allow users to sign on using an alias. Only # system-defined aliases are permitted and it the alias name is ignored # for the purposes of message creation and so on. # # Note that changing these settings normally requires restarting Scalix. # UAL_SIGNON_ALIAS=YES UAL_SIGNON_ALIAS_CONFIG=SYS UAL_USE_SIGNON_ALIAS=FALSE EOT chmod 444 ${base}/s/sys/general.cfg omon -s all cat << EOT >>>> Step 2: install Scalix packages EOT sleep 2 dpkg -i --force-overwrite scalix-tomcat_*.deb scalix-tomcat-connector_*.deb dpkg -i --force-overwrite scalix-postgres_*.deb #set JAVA Memory usage file=/etc/opt/scalix-tomcat/scalix-tomcat.conf if [ -e $file ]; then sed -e "s;Xms256;Xms${java_mem};g" \ -e "s;Xmx256;Xmx${java_mem};g" \ $file > $file.neu mv $file.neu $file fi # Setup DB /opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd #/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip /opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $net dpkg -i --force-overwrite \ scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \ scalix-sis_*.deb scalix-swa_*.deb cat << EOT >>>> Step 3: configure Scalix EOT sleep 2 # Configure Scalix for file in ${config_files}; do sed \ -e "s;%LOCALDOMAIN%;$ldomain;g" \ -e "s;%LOCALHOST%;$fqdn;g" \ -e "s;%IMAPHOST%;$fqdn;g" \ -e "s;%SMTPHOST%;$fqdn;g" \ -e "s;%DBHOST%;$fqdn:5733;g" \ -e "s;%DBPASSWD%;$dbpwd;g" \ -e "s;%LDAPPORT%;389;g" \ -e "s;http://%PLATFORMURL%:8080/api;http://$fqdn/api;g" \ -e "s;%PLATFORMURL%;http://$fqdn/api;g" \ -e "s;swa.platform.enabled=false;swa.platform.enabled=true;g" \ -e "s;__SECURED_MODE__;false;g" \ -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \ -e "s;__KERBEROS_REALM__;;g" \ -e "s;__FQHN_FOR_KDC_HOST__;;g" \ -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \ -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \ -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \ -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \ -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \ -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \ -e "s;__CONFIGURED__;true;g" \ -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \ -e "s;__TOMCAT_PORT__;$tomcatport;g" \ -e "s;localhost;$fqdn;g" \ -e "s;%SIS-LANGUAGE%;;g" \ -e "s;%INDEX-WHITELIST%;$ip;g" \ -e "s;%SEARCH-WHITELIST%;$ip;g" \ -e "s;%INDEXADMIN-WHITELIST%;$ip;g" \ $file > $file.neu mv $file.neu $file done # some (optional) GERMAN settings for file in ${config_files}; do sed \ -e "s;ubermanager.console.defaultCountry=US;ubermanager.console.defaultCountry=DE;g" \ -e "s;ubermanager.console.defaultLanguage=AMERICAN;ubermanager.console.defaultLanguage=GERMAN;g" \ -e "s;swa.user.locale=en_US;swa.user.locale=de_DE;g" \ -e "s;swa.user.preferredDateTimeFormat=1;swa.user.preferredDateTimeFormat=2;g" \ -e "s;swa.user.dateSeparatorChar=/;swa.user.dateSeparatorChar=.;g" \ -e "s;swa.user.weekStart=0;swa.user.weekStart=1;g" \ -e "s;swa.user.defaultCalendarView=0;swa.user.defaultCalendarView=2;g" \ ${file} > ${file}.new mv $file.new $file done [ -e /var/opt/scalix/scalix-config-backup-${pid} ] && scx_diff_config # Write Ldappassword to psdata file=${base}/caa/scalix.res/config/psdata echo "$ldappwd" > ${file} chown root:root $file chmod 400 $file # check files and permissions file=$base/s/Copyright/OM-LDAP [ -e $file ] || touch $file omcheck -s | sh cat << EOT >>>> Step 4: setup apache, restart Scalix(-tomcat) EOT sleep 2 # Setup Apache [ -e /etc/apache2/conf.d/scalix-web-client.conf ] || \ ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d/scalix-web-client.conf cat << EOT > /etc/apache2/conf.d/scalix-access.conf <Location /> Allow from all </Location> EOT file=/etc/opt/scalix-tomcat/connector/ajp/instance-$mnode.conf if [ ! -e $file ]; then echo 'Include /etc/opt/scalix-tomcat/connector/ajp/app-*.conf' > $file fi files="/etc/opt/scalix-tomcat/connector/ajp/*-$mnode.*conf \ /etc/opt/scalix-tomcat/connector/jk/*-$mnode.*conf" for file in $files; do if [ -e $file ]; then sed -e 's;<VirtualHost;#<VirtualHost;g' \ -e 's;</VirtualHost;#</VirtualHost;g' \ $file > $file.neu mv $file.neu $file fi done /etc/init.d/apache2 restart # Restart Tomcat /etc/init.d/scalix-tomcat restart cat << EOT ##################################################### # You should now be able to access scalix at: # http://$fqdn/sac # http://$fqdn/webmail ##################################################### EOT if [ -e /var/opt/scalix/s.bak ]; then cat << EOT # restore your old scalix data-store with: # - stop scalix > for f in /etc/rc1.d/K*scalix*; do \$f stop; done # - restore the data-store > mv /var/opt/scalix/s.bak $base/s # - and start scalix again > for f in /etc/rc2.d/S*scalix*; do \$f start; done # for f in /etc/rc1.d/K*scalix*; do \$f stop; done mv $base/s $base/s.new mv /var/opt/scalix/s.bak $base/s for f in /etc/rc2.d/S*scalix*; do \$f start; done # # if SAC Login fails, try this ommodu sxqueryadmin -p $ldappwd EOT fi
Jetzt sollte man sich in o.g. URL als sxadmin und dem vorher definierten Password einloggen können. Als sxadmin kann man in der Scalix Admin Console (SAC) neue User anlegen.
Zuerst sollte man dem Scalix Mailserver zusätzlich die richtige (externe) Mail-Domain beibringen. Das trägt man unter "Einstellungen - Administration - Lokale Domains" ein. Bei mir sind 2 Einträge vorhanden
- neobiker.de
- Zuhause.xx
Um Ressourcen zu sparen, kann man den Speicherbedarf des Tomcat etwas zügeln (das ist im install-skript bereits eingebaut):
/etc/opt/scalix-tomcat/scalix-tomcat.conf
# Configuration file for Scalix Tomcat # The directory where Java is installed # (determined from /usr/bin/java managed by update-alternatives # by default, change to hardcoded path if needed): JAVA_HOME="`/opt/scalix-tomcat/bin/determine-java-home`" # Additional arguments to be passed to Java: JAVA_OPTS="-server -Xms40m -Xmx40m" # Maximum number of file descriptors ULIMIT_NUM_FILES="1000"
Webmail per DMZ-Proxy und SSL-Zugriff
Gesicherten Zugriff auf den Webmail Client von Scalix realisierte ich über einen Apache-Server in meiner DMZ. Hierzu installiert man das scalix-tomcat-connector Paket in der DMZ. In der Firewall muss Port 8009 von der DMZ zum Scalix-Server freigeschaltet werden.
dpkg -i scalix-tomcat-connector_11.0.4.25_all.deb
Standardmässig verwende ich SSL, das erzwinge ich mit einer Rewriting Regel in der Standardkonfiguration /etc/apache2/sites-enabled/000-default
NameVirtualHost *:80 <VirtualHost *:80> ... <IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /webmail> RewriteEngine on RewriteCond %{HTTPS} !^on$ [NC] RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] </Location> </IfModule> </IfModule> ... </VirtualHost>
/etc/apache2/sites-enabled/000-default-ssl
NameVirtualHost *:443 <VirtualHost *:443> ServerName www-dmz.neobiker.de ServerAdmin webmaster@neobiker.de DocumentRoot /var/www/ SSLEngine on # meine eigenen Certifikate meiner Server-CA SSLCertificateFile /etc/ssl/certs/dmz1_wwwCert.pem SSLCertificateKeyFile /etc/ssl/private/dmz1_www-Key.pem #SSLCertificateFile /etc/apache2/ssl/apache.pem #SSLCertificateKeyFile /etc/apache2/ssl/apache.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place RedirectMatch ^/$ /apache2-default/ </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined <IfModule mod_proxy_ajp.c> Include /etc/opt/scalix-tomcat/connector/ajp/app-scx.*.conf </IfModule> </VirtualHost>
Die Scalix-Proxy Konfigurationen: /etc/opt/scalix-tomcat/connector/ajp/app-scx.*.conf
/etc/opt/scalix-tomcat/connector/ajp/app-scx.sac.conf
ProxyPass /sac ajp://scx.neobiker.lan:8009/sac
/etc/opt/scalix-tomcat/connector/ajp/app-scx.webmail.conf
ProxyPass /webmail ajp://scx.neobiker.lan:8009/webmail
Unter Etch wird das Apache Modul mod_jk nicht mehr benötigt, da es von mod_proxy_ajp abgelöst wurde. Da ich das ajp-Modul selber in der SSL-Konfiguration includiere (vgl. oben), kommentiere ich es hier aus (entweder/oder):
/etc/apache2/conf.d/scalix-tomcat-connector.conf
# --------------------------------------------------------------------------- # Configure on-the-fly deflate compression of the pages: # --------------------------------------------------------------------------- <Location /> AddOutputFilterByType DEFLATE text/xml text/html text/css AddOutputFilterByType DEFLATE application/x-javascript </Location> # --------------------------------------------------------------------------- # mod_proxy_ajp connector configuration # --------------------------------------------------------------------------- #<IfModule mod_proxy_ajp.c> # Include /etc/opt/scalix-tomcat/connector/ajp/app*.conf #</IfModule> # --------------------------------------------------------------------------- # mod_jk connector configuration (part common to all platforms) # --------------------------------------------------------------------------- # Setup JK connector needed to run Tomcat under Apache server: <IfModule mod_jk.c> # Set the jk log level [debug/error/info] JkLogLevel info # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T" Include /etc/opt/scalix-tomcat/connector/jk/app-*.conf Include /etc/opt/scalix-tomcat/connector/jk/workers.conf </IfModule> # --------------------------------------------------------------------------- # mod_jk connector configuration (part specific to Debian) # --------------------------------------------------------------------------- <IfModule mod_jk.c> # Where to put jk logs # Update this path to match your logs directory location # (put mod_jk.log next to access_log) JkLogFile /var/log/apache2/mod_jk.log </IfModule>
Quellen
[1] Scalix Wiki: Manuelle Installation unter Etch
[2] Linux Magazin Online: Mail Server