Scalix mit Debian Etch

Aus Neobikers Wiki
Zur Navigation springen Zur Suche springen

Vorbereitung

Etch Installation in XEN DomU

Ich starte mit der Installation auf einer frischen Etch-Installation unter XEN. Der Einfachheit halber benutze ich die xen-tools.

apt-get install xen-tools
vi /etc/xen-tools/xen-tools.conf
#
# ...
lvm = vg
debootstrap = 1
#
##
#  Disk and Sizing options.
##
#
size   = 4Gb      # Disk image size.
memory = 128Mb    # Memory size
swap   = 128Mb    # Swap size
# noswap = 1      # Don't use swap at all for the new system.
fs     = ext3     # use the EXT3 filesystem for the disk image.
dist   = etch     # Default distribution to install.
image  = sparse   # Specify sparse vs. full disk images.
dhcp = 1
#
# Default kernel and ramdisk to use for the virtual servers
#
kernel = /boot/vmlinuz-2.6.18-4-xen-686
initrd = /boot/initrd.img-2.6.18-4-xen-686
#
# The default mirror for debootstrap which can be used to install
# Debian Sid, Sarge, and Etch.
#
mirror = http://ftp.de.debian.org/debian/
# ...

Etch-DomU starten

xen-create-image --hostname=scx
vi /etc/xen/scx.cfg
xm create -c /etc/xen/scx.cfg
...
ethtool -K eth0 tx off
vi /etc/network/interfaces
# uncomment ethtool
# post-up ethtool -K eth0 tx off

Zusätzliche Pakete installieren

Jetzt die notwendigen Pakete installieren:

  • Apache, Sendmail
  • Postgres
  • Kerberos
  • SASL2
  • diverse Libraries
  • Sun Java
  • gawk, wget, elinks, ethtool, less, host
apt-get install -u apache2 sendmail sendmail-doc
apt-get install -u postgresql
apt-get install -u krb5-config krb5-doc krb5-user libkadm55 libkrb53
apt-get install -u saslauthd libsasl2-modules libsasl2-gssapi-mit sasl2-bin libssl0.9.7
apt-get install -u libxml2 libglib2.0-0 libstdc++2.10-glibc2.2 libstdc++5
apt-get install -u sun-java5-jre
apt-get install -u gawk elinks wget w3m less ethtool host

Sendmail konfigurieren

Folgendes habe ich angepasst:

  • Smarthost (s.o.)
  • Debug Level
  • Interface nicht nur an 127.0.0.1 binden
  • Masquerading
  • Amavisd-new integrieren

Ich fange mit Amavisd-new, Amavisd-Milter und Clamav an. Amavisd-milter habe ich aus den Sourcen übersetzt:

apt-get install -u build-essential amavisd-new clamav

cd /usr/src
wget http://downloads.sourceforge.net/amavisd-milter/amavisd-milter-1.2.1.tar.gz
tar xvzf amavisd-milter-1.2.1.tar.gz
cd amavisd-milter-1.2.1
./configure
make
make install
mv /usr/local/sbin/amavisd-milter /usr/sbin/amavisd-milter

vi /etc/init.d/amavisd-milter #(siehe unten)
chmod 755 /etc/init.d/amavisd-milter
update-rc.d amavisd-milter defaults

vi /etc/default/amavisd-milter #(siehe unten)
mkdir /var/lib/amavis/amavisd-milter
chown amavis:amavis /var/lib/amavis/amavisd-milter
chmod 750 /var/lib/amavis/amavisd-milter

Das Konfigfile für amavisd-milter /etc/default/amavisd-milter

### /etc/sysconfig/amavisd-milter
### Configuration options for amavisd-milter
### Suitable for Redhat & SuSE systems.
#
### Location of milter binary.
MILTER="/usr/local/sbin/amavisd-milter"

### Amavisd's homedir.
### This should match the '$MYHOME' directive in amavisd.conf
AMAVIS_HOME="/var/run/amavis"
MILTER_HOME="/var/lib/amavis/amavisd-milter"

### User that amavisd-milter will run as.
### For RH/CentOS/Fedora set to "amavis"
### For SuSE set to "vscan"
MILTER_USER="amavis"

### This is the socket used for communication between sendmail <--> milter
### It must correspond to the "S=" variable of the milter definition in sendmail.cf
### Note the variable substitution!
MILTER_SOCKET="local:$AMAVIS_HOME/amavisd-milter.sock"

### This is the socket used for communication between amavisd <--> milter
### It must correspond to the value of "$unix_socketname" in amavisd.conf
### Note the variable substitution!
AMAVISD_SOCKET="$AMAVIS_HOME/amavisd.sock"

### Pid file
### Note the variable substitution!
MILTER_PID="$AMAVISD_HOME/amavisd-milter.pid"

### All the args to milter
MILTER_FLAGS="-s $MILTER_SOCKET -p $MILTER_PID -w $MILTER_HOME -S $AMAVISD_SOCKET"

Das Init-Script für amavisd-milter /etc/init.d/amavisd-milter

#! /bin/sh
### BEGIN INIT INFO
# Provides:          amavisd-milter
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Amavisd Milter Interface
# Description:       Start amavisd-milter to allow scanning of mail by amavisd-new
#
### END INIT INFO

# Author: neobiker neobiker@friedrichnet.de
#
# Please remove the "Author" lines above and replace them
# with your own name if you copy and modify this script.

# Do NOT "set -e"

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Amavisd Milter Interface"
NAME=amavisd-milter
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS=""
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
PIDFILE=$MILTER_PID

START="--start --quiet --pidfile $PIDFILE --name ${NAME} --startas ${DAEMON}"
STOP="--stop --quiet --pidfile $PIDFILE --name ${NAME}"

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
                || return 1
        start-stop-daemon ${START} -- $DAEMON_ARGS \
                || return 2
        # Add code here, if necessary, that waits for the process to be ready
        # to handle requests from services started subsequently which depend
        # on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
        RETVAL="$?"
        [ "$RETVAL" = 2 ] && return 2
        # Wait for children to finish too if this is a daemon that forks
        # and if the daemon is only ever run from this initscript.
        # If the above conditions are not satisfied then add some other code
        # that waits for the process to drop all resources that could be
        # needed by services started subsequently.  A last resort is to
        # sleep for some time.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ "$?" = 2 ] && return 2
        # Many daemons don't delete their pidfiles when they exit.
        rm -f $PIDFILE
        return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
        #
        # If the daemon can reload its configuration without
        # restarting (for example, when it is sent a SIGHUP),
        # then implement that here.
        #
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
        return 0
}

case "$1" in
  start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  #reload|force-reload)
        #
        # If do_reload() is not implemented then leave this commented out
        # and leave 'force-reload' as an alias for 'restart'.
        #
        #log_daemon_msg "Reloading $DESC" "$NAME"
        #do_reload
        #log_end_msg $?
        #;;
  restart|force-reload)
        #
        # If the "reload" option is implemented then remove the
        # 'force-reload' alias
        #
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
                do_start
                case "$?" in
                        0) log_end_msg 0 ;;
                        1) log_end_msg 1 ;; # Old process is still running
                        *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
          *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
  *)
        #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 3
        ;;
esac

exit 0

Smarthost unter z.B. /etc/mail/m4/provider.m4 eintragen

define(`SMART_HOST', `mail.1und1.de')

Die MAILER Definitionen sollten ans Ende der Konfiguration verschoben werden, sonst tritt eine Fehlermeldung auf. Die Sendmail Konfiguration ist unter /etc/mail/sendmail.mc

dnl # ...
define(`confLOG_LEVEL',`15')dnl #### only until Config is OK ####
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission')dnl
dnl #
dnl # SASL / TLS
dnl #
include(`/etc/mail/sasl/sasl.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl
define(`confCRL\', `/etc/mail/tls/revocation.list\')dnl
dnl #
define(`confCONTROL_SOCKET_NAME',`/var/run/sendmail/mta/smcontrol-rx')dnl
dnl #
dnl #
dnl # Masquerading options
dnl #
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`scx.neobiker.de')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
dnl #
dnl # use MILTER API
dnl #
define(`MILTER', 1)dnl
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/run/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl
dnl #
dnl # Default Mailer setup
dnl #
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

Jetzt die neue sendmail.cf generieren.

cd /etc/mail
sendmailconfig
make

# und neu starten
/etc/init.d/amavisd restart
/etc/init.d/amavisd-milter restart
/etc/init.d/sendmail restart

Scalix Installation

Sourcen laden und unter /usr/src auspacken

cd /usr/src
wget http://downloads.scalix.com/.community/11.0.2.1/scalix-11.0.4-GA-debian-intel.tgz
tar xvzf scalix-11.0.4-GA-debian-intel.tgz
cd /usr/src/scalix-debian-11.0.4-GA/software/scalix-server

dpkg -i ../../third_party/libical/i386/libical*.deb
dpkg -i scalix-server_*.deb

export PATH=/opt/scalix/bin:$PATH

echo -n "What should the name of your primary mailnode be? "; read mnode

ldomain=$(hostname -d)
host=$(hostname)
fqdn=$(hostname -f)
short=${host:0:1}${host: -1:1}

# Initialize the Scalix Message Store 
ommakeom

# Set Generation Rules for Display Name, Login Name and Internet Address
sxconfig --set -t general.usrl_cn_rule='S, G'
sxconfig --set -t general.usrl_authid_rule='gs@'
sxconfig --set -t orniasys.name_part_1='"C" <G.S>' -t orniasys.domain_part_1=$ldomain

# Creating the Default Mailnode 
omaddmn -m $mnode

# Starting the Server Daemons
omrc -n

# Creating the Default Admin User
echo -n "Please enter the admin password for the Scalix admin user (sxadmin)? "; read admpwd

omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin

# Configuring the Admin User
omconfenu -n "sxadmin/$mnode"
omlimit -u "sxadmin/$mnode" -o -i 0 -m 0

# Creating the LDAP Query User
echo -n "Please enter a password for the ldap query user? "; read ldappwd

omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn

# Creating the Standard Scalix Admin Groups
omaddpdl -l ScalixUserAdmins/$mnode
omaddpdl -l ScalixUserAttributesAdmins/$mnode
omaddpdl -l ScalixGroupAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode

cat >>/var/opt/scalix/${short}/s/sys/general.cfg <<EOF
#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server. Note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most 10 connections per second. If clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is 30 minutes. Some
# clients "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users created without one.
# Users added with the bulk-add mechanism used by the
# wizard do not have a message store. So setting this tweak allows
# them to receive mail before they are initially signed on.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to sign on using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
# 
# Note that changing these settings normally requires restarting Scalix.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE
EOF


# Starting Scalix Services
omon -s all

# Installing the Scalix Server package
# ein Deb-Paket (scalix-tomcat_*.deb) hat einen Fehler im Install-Skript.
# Der muss zuerst behoben werden (Deb auspacken, Syntax Error korrigieren, Deb-Paket neu erstellen)
dpkg -i scalix-postgres_*.deb scalix-tomcat-connector_*.deb scalix-tomcat_*.deb \
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
        scalix-sis_*.deb scalix-swa_*.deb

# Setup DB
/opt/scalix-postgres/bin/sxpsql-init                  # To create the database and tables
echo -n "Please enter a password for the db user? "; read dbpwd

/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd

echo -n "Please enter the external ip address of your Scalix box? "; read ip

/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip

# Setting up Scalix-Tomcat
vi /etc/opt/scalix-tomcat/scalix-tomcat.conf
# Set RAM Usage to 50% of complete RAM (or other, e.g. 40M)
# JAVA_OPTS="-server -Xms40m -Xmx40m"

# Configure Scalix
tomcatport=80
base=/var/opt/scalix/${short}
files="$base/webmail/swa.properties \
       $base/caa/scalix.res/config/ubermanager.properties \
       $base/res/config/res.properties \
       $base/platform/platform.properties \
       $base/mobile/mobile.properties \
       $base/sis/sis.properties"

for file in $files; do
sed -e "s;%LOCALDOMAIN%;$ldomain;g" \
    -e "s;%LOCALHOST%;$fqdn;g" \
    -e "s;%PLATFORMURL%;$fqdn;g" \
    -e "s;__SECURED_MODE__;false;g" \
    -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \
    -e "s;__KERBEROS_REALM__;;g" \
    -e "s;__FQHN_FOR_KDC_HOST__;;g" \
    -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \
    -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \
    -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \
    -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \
    -e "s;__CONFIGURED__;true;g" \
    -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \
    -e "s;__TOMCAT_PORT__;$tomcatport;g" \
    -e "s;localhost;$fqdn;g" \
    -e "s;%SIS-LANGUAGE%;German;g" \
    -e "s;%INDEX-WHITELIST%;$fqdn;g" \
    -e "s;%SEARCH-WHITELIST%;$fqdn;g" \
    $file > $file.neu
mv $file.neu $file

done

# Write Ldappassword to psdata
cd ${base}/caa/scalix.res/config
echo "$ldappwd" > psdata
chown root:root psdata
chmod 400 psdata
cd

# Restart Tomcat
/etc/init.d/scalix-tomcat restart

# Setup Apache
ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d
cat << EOF > /etc/apache2/conf.d/scalix-access.conf
<Location />
        Allow from all
</Location>
EOF
/etc/init.d/apache2 restart

cat << EOT
#####################################################
# You should now be able to access scalix at:
# http://$fqdn/sac
# http://$fqdn/webmail
#####################################################
EOT


Not yet used: Dual-Konfiguration für amavisd-new Integration

mkdir /var/spool/mqueue-rx
chown root:amavis /var/spool/mqueue-rx
chmod 700 /var/spool/mqueue-rx

mkdir /var/lib/sendmail/host_status

m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-rx.mc > /etc/mail/sendmail-rx.cf
m4 /usr/share/sendmail/cf/m4/cf.m4 /etc/mail/hostname-tx.mc > /etc/mail/sendmail.cf

/usr/sbin/sendmail -C /etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp
/usr/sbin/sendmail -L sm-mta-tx -bd -q15m
/usr/sbin/sendmail -Ac -L sm-msp-queue -q10m

Quellen

[1] Scalix Wiki: Manuelle Installation unter Etch

[2] Linux Magazin Online: Mail Server