Zarafa Community Edition – Multiple Domains, Postfix, z-push

logo_zarafaAppropriate first post is all about migrating to a VPS server, running Zarafa Community Edition.

This guide does assume you know how to use apt-get and download and extract tar and zip files.  It does not cover the installation of each component on a step by step basis, more the unique configuration changes that were needed to get it all to work together.

System

  • Debian 7
  • NetOrigin VPS One (1 GIG RAM,  25GIG Storage)

A quick mention of NetOrigin the VPS provider; who have provided prompt response to any queries. The VPS was previously running as backup MX, DNS with RSYNC to backup email from a local linux server. When we rebuilt it had a solid up time of 380+ days.

Basic Steps

  • Install MySQL
  • Install Postfix
  • Install Webmin
  • Configure firewall to block unwanted SSH and Webmin access
  • Install Zarafa
  • Configure Zarafa for multi company
  • Configure Zarafa for IMAP and POP3
  • Configure Zarafa Quota Settings (My basic VPS only has 50GIG)
  • Configure Postfix to deliver to Zarafa
  • Configure Postfix for multiple domains
  • Configure Postfix Alias / Forwards (in MySQL)
  • Install SASL
  • Configure SASL for IMAP authentication
  • Configure Postfix for SASL
  • Configure Firewall to port forward port 26 to 25 to allow SMTP access when providers block port 25 (eg Telstra).
  • Install z-push
  • Configure z-push
  • Install imapsync
  • Sync user IMAP accounts from old server to new
  • Install PostGrey
  • Configure Postfix for Greylisting (SPAM control)

Installation Guides

  • For installing Zarafa follow the already available documentation.
  • MySQL, Postfix and Postgrey can be installed from apt-get.
  • z-push is a downloaded archive from sourceforge.
  • imapsync is available from github and provide simple instructions

NOTE:  z-push installation, please follow instructions in the INSTALL file once extracted, documentation on website is not up to date.

 

Basic Firewall Settings

Using iptables all traffic by default is being blocked, except ports we allow

Allowed TCP

-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports www,https,pop3,smtp,imap,imaps,pop3s,236,53,26

Allowed UDP

-A INPUT -p udp -m udp --dport 53 -j ACCEPT

SMTP 26, Redirect port 26 to port 25

-A PREROUTING -p tcp -m tcp --dport 26 -j REDIRECT --to-ports 25

Zarafa Configuration Changes

/etc/zarafa/server.cfg

Quota settings, quota is disabled by default.

quota_warn              = 100
quota_soft              = 150
quota_hard              = 200

Enable multi-tenancy environment

enable_hosted_zarafa = true
storename_format = %f(%c)
loginname_format = %u@%c

/etc/zarafa/gateway.cfg

Enable/disable POP3, and POP3 listen port

pop3_enable     =       yes
pop3_port       =       110

Enable/disable IMAP, and IMAP listen port

imap_enable     =       yes
imap_port       =       143

Zarafa Company Setups (Multi Domain)

zarafa-admin --create-company domain.com
zarafa-admin -g admin@domain.com

Zarafa User Creation

zarafa-admin -c user@domain.com -p password -e user@domain.com -f "User 1"

Zarafa POP3 and IMAP (disabled by default)

zarafa-admin -u user@domain.com --enable-feature pop3
zarafa-admin -u user@domain.com --enable-feature imap

Zarafa  Quota Overrides

zarafa-admin  -u user@domain.com  --qo 1  --qw 500  --qs 800  --qh 1000

Postfix Configuration

/etc/postfix/main.cf

myhostname = mail.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
localhost.domain.com, localhost
mydestination = localhost
virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf, mysql:/etc/postfix/mysql-forwards.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_transport = lmtp:127.0.0.1:2003
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# delivery restrictions ( postgrey, msg size and SASL)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023
message_size_limit = 30720000
smtpd_helo_required = yes
# trivial rewrite
swap_bangpath = no
append_at_myorigin = no
allow_percent_hack = no

/etc/postfix/mysql-domains.cf

user = root
password = xxxxxx
hosts = 127.0.0.1
dbname = zarafa
query = select value from objectproperty where propname='companyname' and value='%s'

/etc/postfix/mysql-users.cf

user = root
password = xxxxxx
hosts = 127.0.0.1
dbname = zarafa
query = select value from objectproperty where objectid=(select objectid from objectproperty where value='%s' limit 1) and propname='emailaddress';

/etc/postfix/mysql-forwards.cf

user = root
password = xxxxxx
hosts = 127.0.0.1
dbname = zarafa
query = SELECT destination FROM forwardings WHERE source='%s'

NOTE: This table is not part of zarafa and needs to be created manually.

CREATE TABLE `forwardings` (
`source` VARCHAR(80) NOT NULL,
`destination` TEXT NOT NULL,
PRIMARY KEY (`source`)
)
COLLATE='latin1_swedish_ci'
ENGINE=InnoDB;

Example SQL Insert

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('info@domain.com', 'user1@domain.com user2@domain.com');

 Imapsync

Assisted to migration from dovecot to zarafa.
https://gist.github.com/facelordgists/8660827

apt-get update && apt-get upgrade
apt-get install libdate-manip-perl libterm-readkey-perl libterm-readkey-perl libdigest-hmac-perl libdigest-hmac-perl libdate-manip-perl libmail-imapclient-perl makepasswd rcs perl-doc git
cd /tmp
git clone git://github.com/imapsync/imapsync.git
cd imapsync
sh examples/install_modules_linux.sh
make install
apt-get install make

Command to run to sync from OLDSERVER to NEWSERVER

imapsync --host1 OLDSERVER --user1 user@domain.com --password1 xxxxxx --host2 NEWSERVER --user2 user@domain.com --password2 xxxxx

SASL

Authenticate again Zarafa IMAP

Install libsasl2

apt-get install libsasl2-modules

Ensure correct permissions for salauthd

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
chmod a+rx /var/spool/postfix/var/run/saslauthd

/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

/etc/default/saslauthd

MECHANISMS="rimap"
MECH_OPTIONS="127.0.0.1"
THREADS=0
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

/etc/postfix/main.cf

# sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_recipient_restrictions = permit_sasl_authenticated

Note: permit_sasl_authenticated will include options keep this options and add permit_sasl_authenticated

z-push

Download from here http://z-push.sourceforge.net/download
Follow instructions in the INSTALL file once extracted, documentation on website is not up to date.

we created a copy of /etc/apache2/sites-available/zarafa-webapp and named it mail.domain.com.conf

The used a2ensite to enable to site in apache

a2ensite mail.domain.com.conf

Changes made to /etc/apache2/sites-available/mail.domain.net.conf

Comment out /webapp alias

# Alias /webapp /usr/share/zarafa-webapp

Create the Microsoft-Server-ActiveSync alias

Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php

Create the AutoDiscover xml

Alias /AutoDiscover/AutoDiscover.xml /usr/share/z-push/autodiscover.php

PHP options for z-push in

<Directory /usr/share/z-push>
 php_flag magic_quotes_gpc off
 php_flag register_globals off
 php_flag magic_quotes_runtime off
 php_flag short_open_tag on
 </Directory>

Virtual host settings

Virtual host listening to mail.* for hosted sites.
 <VirtualHost *:80>
 ServerName mail.domain1.com
 ServerAlias mail.domain2.com
 UseCanonicalName off
 DocumentRoot /usr/share/zarafa-webapp
 </VirtualHost>

Z-push AutoDiscover

This file is not part of z-push, we need to create this an place it in /usr/share/z-push/autodiscover.php

<?php// Change this to http if you don't want ssl encryption   
   $protocol = "https";// Build the full URL to Microsoft-Server-ActiveSync   
   $asUrl = $protocol + "://" + $_SERVER['SERVER_NAME'] + "/Microsoft-Server-ActiveSync";
   //get raw POST data so we can extract the email address
   $data = file_get_contents("php://input");
   preg_match("/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $data, $matches);
   //set Content-Typeheader("Content-Type: application/xml");?>
<?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture>
<User>
<DisplayName><?php echo $matches[1]; ?></DisplayName>
<EMailAddress><?php echo $matches[1]; ?></EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url><?php $asUrl ?></Url>
<Name><?php $asUrl ?></Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>

Z-Push Device

Windows Mobile 8.1

Need to disable PROVISIONING or it would not sync with
error “85010013”
We weren’t able to apply the security policy that’s required by {domain}

http://www.zarafa.com/wiki/index.php/Z-Push_Provisioning

/usr/share/z-push/config.php

define('PROVISIONING', false);
define('LOOSE_PROVISIONING', true);

NOTE: This will also disable the ability to wipe your phone remotely.” in this case we don’t really want this feature anyway it’s more for convenience to have ActiveSync email.

 iOS6 and iOS7

Tested – ok

PROVISIONING is OFF

Credits

SASL permissions – http://www.jimmy.co.at/weblog/?p=52

6 Comments

  1. pedro teran

    hi, I had a bug after followin your tutorial.

    I’m sending emails fine, creating them and everything. but when receiving mails from my same domain or others like gmail I’m having this error to=, relay=none, delay=0.24, delays=0.06/0/0.17/0, dsn=5.4.6, status=bounced (mail for xxxxxx.com loops back to myself) under /var/log/mail.log
    any idea?

    Reply
  2. support (Post author)

    I think your postfix setup is not 100% correct. Perhaps this link may help.

    Reply
  3. Michel

    Hello
    I have no errors
    Except, how to add aliases, accounts?
    Thank you
    Michel

    Reply
    1. support (Post author)

      Hi, Check the section starting with /etc/postfix/mysql-forwards.cf

      You need to create a table in Zarafa.

      CREATE TABLE `forwardings` (
      `source` VARCHAR(80) NOT NULL,
      `destination` TEXT NOT NULL,
      PRIMARY KEY (`source`)
      )
      COLLATE=’latin1_swedish_ci’
      ENGINE=InnoDB;

      Add add your aliases

      INSERT INTO `forwardings` (`source`, `destination`) VALUES (‘info@domain.com’, ‘user1@domain.com user2@domain.com‘);

      Reply
      1. Michel

        Hello
        I misspoke.
        I ask you with the zarafa-admin command.
        Is it possible now to day today, adding alias to an account?
        Thank you, great tutorial
        Michel

        Reply
        1. support (Post author)

          Zarafa just has one email address as a user. You can use the method in the article of mysql-forwards.cf and the database table or postfix

          See this thread.
          https://forums.zarafa.com/showthread.php?1052-Multiple-email-addresses-per-user

          Reply

Leave a Comment

Your email address will not be published. Required fields are marked *