get SOGo, iRedmail and Samba 4 AD DS in perfect harmony.
Introduction
Every small business needs mail. Below is a guide to get a powerful mailserver up and running in just hours. All three parts are opensource.
iRedmail is a powerful mailserver suite that is really easy to configure.The server suite contains both mail server, anti spam, anti malware and other good programs and features that secures mail. The installation script will ask you a few questions to configure the suite. It will then download all components from repositories and install them. It is very convinient. And on top it will configure a firewall.
SOGo is the webmail component. It also has got a calendar and, if chosen, a global address book. This webmail has got an appeling interface and is really easy to configure for one or multiple maildomains.
Samba 4 AD DS is the identity provider. Both iRedmail and SOGo will use it for authentication. If desired you can always use it as a domain controller for a Microsoft AD DS equivalent and join both Windows- and Linuxcomputers to it and serve home- and common directories.
The server suites mentioned are all very powerful and enterprise ready. This means that you can start out with a single server for the SOHO business and expand as needed.
In this guide I am configuring one (1) server to handle two (2) mail domains. And it is as easy as outlined below! This is of course not my doing and I should not be thanked for the possibility to use the server programs and initial configurations. I have merely compiled this guide from various sources. Direct your gratitude to the open source community in general and the iRedmail team, the Samba team and the SOGo team in particular.
Thank you
Davor Vusir
Installing iRedmail
Start with installing iRedmail by following ths guide. Choose the OpenLDAP alternative, skip the tests and skip installing Roundcube. It will be replaced with SOGo later on.
Edit /etc/postfix/transport and add the other maildomains.
Change the following line in /etc/postfix/ad_sender_login_maps.cf, /etc/postfix/ad_virtual_group_maps.cf and /etc/postfix/ad_virtual_mailbox_maps.cf:
search_base = cn=users,dc=datadilikatesser,dc=se to search_base = dc=datadilikatesser,dc=se
Continue with editing /etc/default/slapd. Uncomment #SLAPD_NO_START=1. And stop slapd by typing service slapd stop.
Change the following line in /etc/dovecot/dovecot-ldap.conf:
base = cn=Users,dc=datadilikatesser,dc=se to base = ou=%d,dc=datadilikatesser,dc=se.
And restart Dovecot: service dovecot restart.
At the bottom of /etc/amavis/conf.d/50-user you find the LDAP-query for OpenLDAP. Replace that part with the following:
# Integrate Amavisd-new with OpenLDAP.
$enable_ldap = 1; # 1 -> enable, 0 -> disable.
$default_ldap = {
hostname => "127.0.0.1",
port => 389,
version => 3,
tls => 0,
timeout => 120,
base => "ou=%d,dc=datadilikatesser,dc=se",
scope => "sub",
query_filter => "(&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))",
result_attribute => "userPrincipalName",
bind_dn => "cn=vmailer,cn=users,dc=datadilikatesser,dc=se",
bind_password => "Pa$$w0rd",
};
And restart Amavis: service amavis restart
Installing Samba 4 AD DS
# Integrate Amavisd-new with OpenLDAP.
$enable_ldap = 1; # 1 -> enable, 0 -> disable.
$default_ldap = {
hostname => "127.0.0.1",
port => 389,
version => 3,
tls => 0,
timeout => 120,
base => "ou=%d,dc=datadilikatesser,dc=se",
scope => "sub",
query_filter => "(&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))",
result_attribute => "userPrincipalName",
bind_dn => "cn=vmailer,cn=users,dc=datadilikatesser,dc=se",
bind_password => "Pa$$w0rd",
};
And restart Amavis: service amavis restart
Installing Samba 4 AD DS
Install all the required development packages needed for compiling Samba 4.Add libpam0g-dev to the list of packages to install. Then build it and install.
This takes some time. Meanwhile you create the startup script
Add PAM Winbind support. Have a look att Iabsis' instructions.
Provision the domain
Provision the domain by typing: samba-tool domain provision --domain=DATADILIKATESSER --adminpass=Pa$$w0rd --dns-backend=SAMBA_INTERNAL --server-role=dc --function-level=2008_R2 --use-xattr=yes --use-rfc2307 --realm=datadilikatesser.se
Add the user account used for binding to the domain by the iRedmail suite:
Add the user account used for binding to the domain by the iRedmail suite:
samba-tool user add vmailer Pa$$w0rd --description="iRedmail (Postfix/Dovecot/Amavis) LDAP Account"
Add the user account used for binding to the domain by the SOGo suite:samba-tool user add sogo Pa$$w0rd --description="SOGo LDAP Account"
Add the Postmaster account:samba-tool user add postmaster Pa$$w0rd --description="Postmaster"
Add user accounts:
samba-tool user add davor Pa$$w0rd --surname=Vusir --given-name=Davor
samba-tool user add rovad Pa$$w0rd --surname=Risuv --given-name=Rovad
And you need a e-maillist:
samba-tool group add test --group-type=Distribution --mail-address=test@datadilikatesser.se
samba-tool group addmembers test davor
samba-tool group add test --group-type=Distribution --mail-address=test@datadilikatesser.se
samba-tool group addmembers test davor
Configure Samba 4 AD DS for multiple mail domains
Start RSAT-tool "Active Directory Users and computers, click on the View menu and choose Advanced Features.
Create two OUs: vusir.se and datadilikatesser.se. Right-click the OUs and choose Properties. Click the Attribute Editor-tab, scroll down to uPNSuffixes and add the mail domain (OU vusir.se = maildomain vusir.se and so forth).
Copy one of the previlously created account to the OU and open it, click the Account-tab and select appropriate maildomain from the drop-down menu under "User logon name:". 
Now do the Postfix- and Dovecottests as documented in the iRedmailguide.
Install SOGo
Start with configuring MySQL for UTF-8:
service mysql stop
vi /etc/mysql/my.cnf
[client]
default-character-set=utf8
[mysqld]
...
character_set_server=utf8
character_set_client=utf8
[mysql]
default-character-set=utf8
service mysql start
vi /etc/mysql/my.cnf
[client]
default-character-set=utf8
[mysqld]
...
character_set_server=utf8
character_set_client=utf8
[mysql]
default-character-set=utf8
service mysql start
And add the database for SOGo:
mysql -u root -p
CREATE DATABASE `sogo` CHARACTER SET='utf8';
CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'Pa$$w0rd';
GRANT ALL PRIVILEGES ON `sogo`.* TO 'sogo'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
mysql -u root -p
CREATE DATABASE `sogo` CHARACTER SET='utf8';
CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'Pa$$w0rd';
GRANT ALL PRIVILEGES ON `sogo`.* TO 'sogo'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
And install SOGo:
apt-get install sogo sope4.9-gdl1-mysql
Edit /etc/apache2/conf.d/SOGo.conf:
## adjust the following to your configuration
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "mail.vusir.se"
RequestHeader set "x-webobjects-server-url" "https://mail.vusir.se"
Redirect permanent /index.html https://mail.vusir.se/SOGo
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "mail.vusir.se"
RequestHeader set "x-webobjects-server-url" "https://mail.vusir.se"
Redirect permanent /index.html https://mail.vusir.se/SOGo
Edit /etc/apache2/conf.d/security
ServerTokens Prod
ServerSignature Off
ServerTokens Prod
ServerSignature Off
Edit /etc/php5/apache2/php.ini
expose_php = Off
expose_php = Off
Activate needed modules:
a2enmod proxy
a2enmod proxy_http
a2enmod headers
a2enmod rewrite
a2enmod proxy
a2enmod proxy_http
a2enmod headers
a2enmod rewrite
And restart Apache: service apache2 restart
Edit /etc/sogo/sogo.conf:
{
OCSEMailAlarmsFolderURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_alarm_folder";
OCSFolderInfoURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_sessions_folder";
SOGoACLsSendEMailNotifications = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoBusyOffHours = YES;
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDandTViewer
);
SOGoContactsDefaultRoles = (
ObjectViewer
);
SOGoDayEndTime = 18;
SOGoDayStartTime = 8;
SOGoDefaultCalendar = personal;
SOGoDraftsFolderName = Drafts;
SOGoFirstDayOfWeek = 1;
SOGoFirstWeekOfYear = First4DayWeek;
SOGoFoldersSendEMailNotifications = YES;
SOGoIMAPAclConformsToIMAPExt = YES;
SOGoIMAPAclStyle = rfc4314;
SOGoIMAPServer = localhost;
SOGoLanguage = Swedish;
SOGoLoginModule = Mail;
SOGoMailMessageCheck = "every_20_minutes";
SOGoMailMessageForwarding = inline;
SOGoMailPollingIntervals = (
5,
10,
20,
30,
60
);
SOGoMailShowSubscribedFoldersOnly = YES;
SOGoMailingMechanism = smtp;
SOGoPageTitle = "Webmejlen";
SOGoProfileURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_user_profile";
SOGoSMTPServer = localhost;
SOGoSentFolderName = Sent;
SOGoSieveScriptsEnabled = YES;
SOGoSieveServer = "sieve://localhost:4190";
SOGoSupportedLanguages = (
English,
Swedish
);
SOGoTimeFormat = "%H:%M";
SOGoTimeZone = "Europe/Stockholm";
SOGoTrashFolderName = Trash;
domains ={
vusir = {
SOGoMailDomain = "vusir.se";
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = userPrincipalName;
IMAPHostFieldName = localhost;
UIDFieldName = userPrincipalName;
SOGoLDAPContactInfoAttribute = displayName;
// MailFieldNames = userPrincipalName;
SearchFieldNames = (
userPrincipalName,
displayName,
mail
);
baseDN = "ou=vusir.se,dc=vusir,dc=se";
bindAsCurrentUser = YES;
bindDN = "cn=sogo,cn=Users,dc=vusir,dc=se";
bindFields = (
userPrincipalName,
displayName,
mail
);
bindPassword = Pa$$w0rd;
canAuthenticate = YES;
displayName = "GAB - vusir.se";
hostname = "ldap://localhost:389";
id = VUSIR;
isAddressBook = YES;
type = ldap;
}
);
}; // END - vusir.se
datadilikatesser = {
SOGoMailDomain = "datadilikatesser.se";
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = userPrincipalName;
IMAPHostFieldName = localhost;
UIDFieldName = userPrincipalName;
SOGoLDAPContactInfoAttribute = displayName;
// MailFieldNames = userPrincipalName;
SearchFieldNames = (
userPrincipalName,
displayName,
mail
);
baseDN = "ou=datadilikatesser.se,dc=vusir,dc=se";
bindAsCurrentUser = YES;
bindDN = "cn=sogo,cn=Users,dc=vusir,dc=se";
bindFields = (
userPrincipalName,
displayName,
mail
);
bindPassword = Pa$$w0rd;
canAuthenticate = YES;
displayName = "GAB - datadilikatesser.se";
hostname = "ldap://localhost:389";
id = DATADILIKATESSER;
isAddressBook = YES;
type = ldap;
}
);
}; // END - datadilikatesser.se
}; // END - domains
SOGoVacationEnabled = YES;
WOLogFile = "/var/log/sogo/sogo.log";
WONoDetach = YES;
WOPidFile = "/var/run/sogo/sogo.pid";
WOWatchDogRequestTimeout = 10;
OCSEMailAlarmsFolderURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_alarm_folder";
OCSFolderInfoURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_sessions_folder";
SOGoACLsSendEMailNotifications = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoBusyOffHours = YES;
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDandTViewer
);
SOGoContactsDefaultRoles = (
ObjectViewer
);
SOGoDayEndTime = 18;
SOGoDayStartTime = 8;
SOGoDefaultCalendar = personal;
SOGoDraftsFolderName = Drafts;
SOGoFirstDayOfWeek = 1;
SOGoFirstWeekOfYear = First4DayWeek;
SOGoFoldersSendEMailNotifications = YES;
SOGoIMAPAclConformsToIMAPExt = YES;
SOGoIMAPAclStyle = rfc4314;
SOGoIMAPServer = localhost;
SOGoLanguage = Swedish;
SOGoLoginModule = Mail;
SOGoMailMessageCheck = "every_20_minutes";
SOGoMailMessageForwarding = inline;
SOGoMailPollingIntervals = (
5,
10,
20,
30,
60
);
SOGoMailShowSubscribedFoldersOnly = YES;
SOGoMailingMechanism = smtp;
SOGoPageTitle = "Webmejlen";
SOGoProfileURL = "mysql://sogo:Pa$$w0rd@localhost:3306/sogo/sogo_user_profile";
SOGoSMTPServer = localhost;
SOGoSentFolderName = Sent;
SOGoSieveScriptsEnabled = YES;
SOGoSieveServer = "sieve://localhost:4190";
SOGoSupportedLanguages = (
English,
Swedish
);
SOGoTimeFormat = "%H:%M";
SOGoTimeZone = "Europe/Stockholm";
SOGoTrashFolderName = Trash;
domains ={
vusir = {
SOGoMailDomain = "vusir.se";
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = userPrincipalName;
IMAPHostFieldName = localhost;
UIDFieldName = userPrincipalName;
SOGoLDAPContactInfoAttribute = displayName;
// MailFieldNames = userPrincipalName;
SearchFieldNames = (
userPrincipalName,
displayName,
);
baseDN = "ou=vusir.se,dc=vusir,dc=se";
bindAsCurrentUser = YES;
bindDN = "cn=sogo,cn=Users,dc=vusir,dc=se";
bindFields = (
userPrincipalName,
displayName,
);
bindPassword = Pa$$w0rd;
canAuthenticate = YES;
displayName = "GAB - vusir.se";
hostname = "ldap://localhost:389";
id = VUSIR;
isAddressBook = YES;
type = ldap;
}
);
}; // END - vusir.se
datadilikatesser = {
SOGoMailDomain = "datadilikatesser.se";
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = userPrincipalName;
IMAPHostFieldName = localhost;
UIDFieldName = userPrincipalName;
SOGoLDAPContactInfoAttribute = displayName;
// MailFieldNames = userPrincipalName;
SearchFieldNames = (
userPrincipalName,
displayName,
);
baseDN = "ou=datadilikatesser.se,dc=vusir,dc=se";
bindAsCurrentUser = YES;
bindDN = "cn=sogo,cn=Users,dc=vusir,dc=se";
bindFields = (
userPrincipalName,
displayName,
);
bindPassword = Pa$$w0rd;
canAuthenticate = YES;
displayName = "GAB - datadilikatesser.se";
hostname = "ldap://localhost:389";
id = DATADILIKATESSER;
isAddressBook = YES;
type = ldap;
}
);
}; // END - datadilikatesser.se
}; // END - domains
SOGoVacationEnabled = YES;
WOLogFile = "/var/log/sogo/sogo.log";
WONoDetach = YES;
WOPidFile = "/var/run/sogo/sogo.pid";
WOWatchDogRequestTimeout = 10;
} // END Configuration file
Done!
References:
http://www.dovecot.org/
http://iabsis.com/EN/article/35-4/Sogo-installation
http://www.iredmail.org/
http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail/
http://www.postfix.org/
http://www.samba.org/
https://wiki.samba.org/index.php/Samba_4_OS_Requirements/
https://wiki.samba.org/index.php/Samba4/HOWTO#Installing_Samba
http://www.sogo.nu/
http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf
http://www.tribalchicken.com.au/?p=56
Kommentarer
Trackback
