Author Topic: Zarafa & Zentyal 3.5  (Read 7875 times)

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #15 on: July 31, 2014, 11:09:08 am »
Damn looks like I haven't documented it.

Its a single line in postfix main.cf

where you set the virtual transport.

I am also presuming you installed the mail but turned off all the zentyal services.

Code: [Select]
But when I edit /etc/postfix/main.cf and add the following info,
Code:
virtual_mailbox_domains = mydomain.com, example.org, example.net
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:localhost:2003

postfix is just not forwarding the mails to the zarafa MTA

Anyone running 3.3 or less with Zarafa running would they /etc/postfix/main.cf

I think the above single line of virtual_transport = lmtp:localhost:2003 is all that is needed.

Then this is where I stopped as wasn't sure about distribution groups.

I think what I will do is alter the script to use the dovecot user and details and add that line. To the .mas template of zentyal or each reboot we will be back to square one.

Was there anything else you had to do manually to get to this stage?

Yeah also add to init.d so it runs at start.
« Last Edit: July 31, 2014, 11:17:14 am by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #16 on: July 31, 2014, 05:00:21 pm »
Yes, I did install Zentyal Mail services & disable pop3, pop3s, imap, imaps. I think that's what you're asking? And no, I've done nothing more than what I've already described to get this far.

I have a Zentyal 3.2 with Zarafa running. In that /etc/postfix/main.cf file I have a line "virtual_transport = dovecot". That's exactly the same as what the 3.5 box has.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #17 on: July 31, 2014, 05:23:49 pm »
The zarafa mta is lmtp:localhost:2003

So it needs to be edited it was the only thing missing

Someone with an older version with Zarafa installed may confirm this.

I guess we need to do a post hook on the mail with a grep for that line and piped to a sed to change it.

Lol did I just write that change it manually for now and restart postfix and see how things go.


A sed pattern will do it as there is only a singular virtual_transport = dovecot I guess
« Last Edit: July 31, 2014, 05:41:11 pm by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #18 on: August 01, 2014, 02:16:21 am »
Correct again Stuart. I editing /usr/share/zentyal/stubs/mail/main.cf.mas as follows:-

--------------------------------------------------------
# virtual_transport = dovecot
virtual_transport = lmtp:localhost:2003
--------------------------------------------------------

So now that setting sticks after reboot, & yes, mail is now being delivered to the zarafa mailboxes. However:-

This just confirms for me that my Zentyal 3.2 box (Zarafa 7.1.7) routes mail differently (or at least the settings would make you think so). In both /usr/share/zentyal/stubs/mail/main.cf.mas & /etc/postfix/main.cf on the Zentyal 3.2 box, the setting is:

virtual_transport = dovecot

Gotta go now. Will look into all that further & get back.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #19 on: August 01, 2014, 11:31:20 am »
It must be my legendary memory only did that script a couple of weeks ago.

It rings a bell but let me check. I can't be dovecot as that is an imap server and our imap server is Zarafa.

http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html-single/#_MTAIntegration

Tose hopefully after we can document all this in the communtiy wiki.

Code: [Select]
5.4.1. Configure ZCP Postfix integration with OpenLDAP
The Postfix MTA can connect to an OpenLDAP server to resolve primary mail addresses and aliases of users and groups. The Postfix package in most Linux distributions has LDAP support enabled by default. To read more about Postfix LDAP support see the LDAP README on the Postfix website.
All Postfix configuration files can be found in /etc/postfix directory. The main configuration file is logically called main.cf
By default Postfix will only accept incoming emails from localhost. To accept emails from the complete network, configure the following option:
inet_interfaces = all
In order to make Postfix aware of the local emaildomains, add the following line to the main.cf.
virtual_mailbox_domains = example.com, example.org, example.net
Postfix will now see the configured domains as it’s local email domains, however to accept incoming emails Postfix will do a recipient check. Add the following lines to the main.cf to have Postfix use LDAP for looking up (valid) recipients:
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_transport = lmtp:127.0.0.1:2003
All incoming emails are delivered to the LMTP service of the zarafa-dagent. The delivery needs to be done on the primary mail address of a user. For resolving the primary mail address of the user, create the file /etc/postfix/ldap-users.cf and add the following lines:
server_host = localhost
search_base = ou=Users,dc=example,dc=com
version = 3
scope = sub
query_filter = (&(objectClass=posixAccount)(mail=%s))
result_attribute = mail
For lookups of mail aliases create the file /etc/postfix/ldap-aliases.cf and add the following lines:
server_host = localhost
search_base = ou=Users,dc=example,dc=com
version = 3
scope = sub
query_filter = (&(objectClass=posixAccount)(zarafaAliases=%s))
result_attribute = mail
The search base of users and aliases need to match the search base of the LDAP server. After the configuration files have been changed Postfix need to be restarted:
/etc/init.d/postfix restart
Make sure the zarafa-dagent is run as a daemon and started at boot time.
For RPM based distributions use:
chkconfig zarafa-dagent on
/etc/init.d/zarafa-dagent start
For Debian based distributions enable the zarafa-dagent by setting the option DAGENT_ENABLED to yes in the file /etc/default/zarafa-dagent. To enable the zarafa-dagent at boot time use:
update-rc.d zarafa-dagent defaults
Note
It is advised to enable logging of the zarafa-dagent when running in LMTP mode for monitoring purposes. Enable the logging options in the zarafa-dagent in /etc/zarafa/dagent.cfg.

I am going to run through the install again but dont have the VM I created it on so will have to do new from fresh.

I think I will go right through and make it complete.

I am going to have a look at the code posted in contrib section of the zentyal git of all the dropped modules.

IE Zarafa. I had a go but it didn't start well things don't seem to be as there documentation and basically my irc and emails received no reply
« Last Edit: August 01, 2014, 11:39:17 am by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #20 on: August 02, 2014, 06:49:01 am »
Ok, mystery solved as regards the way Zentyal 3.2 routes mail from postfix. There is a file "/etc/postfix/transport" which appears to define unique transport methods on a domain or recipient address basis. Mine looks like this:-

--------------------------------------------------
ham@lloydcorporate.com dovecot
spam@lloydcorporate.com dovecot
lloydcorporate.com   lmtp:127.0.0.1:2003
ham@tosi.id.au dovecot
spam@tosi.id.au dovecot
tosi.id.au   lmtp:127.0.0.1:2003
--------------------------------------------------

So only the mail addressed to the Zarafa Virtual Domains is forwarded by lmtp. My Zentyal 3.5 box has no such file.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #21 on: August 02, 2014, 07:49:52 pm »
Yeah I forgot that you could run pop on dovecot and imap on zarafa so you could have them working at the same time.

All depends if the are setup as a zarafauser or not.

Starts getting hard work that and I am going to assume that we are just going to use Zarafa.

So the transport map in main.cf should suffice. I am not going to do the option of running non zarafa mail users in this example at least.

I am pushing my scripting ability and these are just working hacks

Would you check these two out for me.

I apologise as Doh! what about the user ldap zarafa attributes to say they are a zarafa user.

I have done a script called zarafa-user
Code: [Select]
sudo bash zarafa-user 'User CN'
wrap in single quotes because of the space

Code: [Select]
./zarafa-user 'Stuart Naylor'
Zentyal still adds CN's as givenName Surname which personal opinion I don't understand
But just if you fall foul wondering why its not the samaccountname

Please give these a go.
The install should be OK but verifies these work.

Many Apols

I would have to hack the zentyal code so the defaults get added on normal Zentyal user creation.
Possible just haven't

Will have to see what needs to be done next.

Mail should work

Hopefully all good for a community module.

For other users.

install samba and mail but turn off all the zentyal mail ports so just smtp is running

Code: [Select]
ldbedit -e nano -H /var/lib/samba/private/sam.ldb '(samaccountname=Administrator)'
Change zarafaAdmin = 1 to make Zarafa administrator

Many apols as totally forgot about user attributes. I had already done that bit on my test VM
« Last Edit: August 02, 2014, 08:06:54 pm by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #22 on: August 03, 2014, 01:27:14 am »
Stuart,

I completely agree about not catering for zarafa and non-zarafa mail transport.

Thanks for the zarafa-user script. That made me think, what about my current 3.5 install? It doesn't have those attributes set yet. Not even "zafafaUser". But if I create a new user in Zentyal, that user can login to Zarafa webapp straight up & send/receive mail. Just makes me wonder what the "zarafaUser" attribute actually does?

Great work yet again Stuart. Will run through it again as a fresh install, hopefully later today, and report results back here.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #23 on: August 03, 2014, 01:58:31 am »
Code: [Select]
zarafaAccount: 1
zarafaAdmin: 1
zarafaDisabledFeatures: pop3
zarafaEnabledFeatures: imap
zarafaQuotaHard: 1200000000
zarafaQuotaOverride: 1
zarafaQuotaSoft: 1100000000
zarafaQuotaWarn: 1000000000
zarafaUserServer: zent1

zarafaAccount=1 is important and that must of been used for either dovecot or zarafa. I could send but couldn't receive until that was set?

I can add these when you create a user or mail account zarafa is using the standard mail attributes

I will have a look at hiding all the system users and groups next.
showInAdvancedViewOnly: TRUE is only on a few objects or Hint: Use the zarafaAccount attribute in the filter to differentiate
Code: [Select]
##########
# Misc. settings

# Attribute which indicates if the user should be hidden from addressbook
ldap_addressbook_hide_attribute = zarafaHidden

# LDAP object search filter. %s in this filter will be replaced with
# the object being searched.
# Hint: Use the zarafaAccount attribute in the filter to differentiate
# between non-zarafa and zarafa objects.
# Default: empty
# ADS recommended: (anr=%s)
# OpenLDAP optional: (|(mail=%s*)(uid=%s*)(cn=*%s*)(fullname=*%s*)(givenname=*%s*)(lastname=*%s*)(sn=*%s*))
ldap_object_search_filter = (anr=%s)

Then its about working out shared contact list and dist groups.

In fact here is the full administrator account

Code: [Select]
objectClass: fetchmailUser
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: user
objectClass: userZentyalMail
objectClass: zarafaUser
cn: Administrator
instanceType: 4
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=office,DC=zentyal,DC
 =lan
accountExpires: 9223372036854775807
adminCount: 1
badPasswordTime: 0
badPwdCount: 0
codePage: 0
countryCode: 0
description: Built-in account for administering the computer/domain
distinguishedName: CN=Administrator,CN=Users,DC=office,DC=zentyal,DC=lan
fetchmailAccount: stuartiannaylor@inbox.com:pop3:my.inbox.com:110::phone4394
 01
gidNumber: 2512
homeDirectory: \\zent1.OFFICE.ZENTYAL.LAN\Administrator
homeDrive: H:
isCriticalSystemObject: TRUE
lastLogoff: 0
lastLogon: 0
logonCount: 0
mail: Administrator@zentyal.lan
mailbox: zentyal.lan/Administrator/
mailHomeDirectory: /var/vmail/
mailquota: 0
memberOf: CN=Administrators,CN=Builtin,DC=office,DC=zentyal,DC=lan
memberOf: CN=Domain Admins,CN=Users,DC=office,DC=zentyal,DC=lan
memberOf: CN=Enterprise Admins,CN=Users,DC=office,DC=zentyal,DC=lan
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=office,DC=zentyal,DC=la
 n
memberOf: CN=Schema Admins,CN=Users,DC=office,DC=zentyal,DC=lan
name: Administrator
objectGUID:: Yp+EBRGkv0SIYmVQGOlSSA==
objectSid:: AQUAAAAAAAUVAAAAqBn7Al1FSGbTMZ2u9AEAAA==
primaryGroupID: 513
pwdLastSet: 130514302870000000
sAMAccountName: Administrator
sAMAccountType: 805306368
uidNumber: 2500
userAccountControl: 512
userMaildirSize: 0
uSNChanged: 4962
uSNCreated: 3545
whenChanged: 20140802195152.0Z
whenCreated: 20140802051658.0Z
zarafaAccount: 1
zarafaAdmin: 1
zarafaDisabledFeatures: pop3
zarafaEnabledFeatures: imap
zarafaQuotaHard: 1200000000
zarafaQuotaOverride: 1
zarafaQuotaSoft: 1100000000
zarafaQuotaWarn: 1000000000
zarafaUserServer: zent1

There is also a bug with zarafa-search which and upgrade with the libkyoto(something) fixed.

Missing this attribute zarafaSharedStoreOnly so on the todo

Code: [Select]
# Whether a user is a non-active user. This means that the user will
# not count towards your user count, but the user will also not be
# able to log in
# Optional, default = zarafaSharedStoreOnly
# Active directory: zarafaSharedStoreOnly
# LDAP: zarafaSharedStoreOnly
ldap_nonactive_attribute = zarafaSharedStoreOnly

/etc/mysql/my.cnf
thread_stack      = 192K change to thread_stack = 256k
/etc/zarafa/server.cfg
enable_sql_procedures = no change to enable_sql_procedures = yes

Apols its a todo list
« Last Edit: August 03, 2014, 02:58:31 am by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #24 on: August 03, 2014, 07:48:37 am »
I'm sure zarafaAccount=1 is very important for all sorts of reasons. And what I've discovered is probably not much more than an anomaly that will be of little use going forward. However, here are the ldap attributes of one of my users:-

--------------------------------------------------------------------------------------------------------------------
dn: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
cn: Craig Tosi
sn: Tosi
givenName: Craig
instanceType: 4
whenCreated: 20140803050020.0Z
whenChanged: 20140803050020.0Z
displayName: Craig Tosi
uSNCreated: 4914
name: Craig Tosi
objectGUID: ae7490b6-9563-46bb-b419-b856ccd67b8d
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/tose
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3932363027-2996284228-1642769443-1108
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: tose
sAMAccountType: 805306368
userPrincipalName: tose@CTSTEST.LAN
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ctstest,DC=lan
uidNumber: 2504
gidNumber: 2513
quota: 500
pwdLastSet: 130515156200000000
userAccountControl: 512
objectClass: top
objectClass: fetchmailUser
objectClass: posixAccount
objectClass: userZentyalMail
objectClass: person
objectClass: systemQuotas
objectClass: organizationalPerson
objectClass: user
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
uSNChanged: 4919
distinguishedName: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
------------------------------------------------------------------------------------------------------------------------------------------------------

Not a Zarafa specific attribute there, but that user can login to Zarafa Webapp & send/receive mail. What I think is happening, is that Zarafa is happy to store mail based on:-

----------------------------------------------
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
----------------------------------------------

Infact, if I look at /var/vmail it contains a folder for each of my created Zentyal users. "objectClass: userZentyalMail" may play a part also

Anyway. Didn't want to get side-tracked into this as going forward we obviously want to make Zarafa work the way it was designed & intended too, rather than some happy coincidence of it falling back to local mail storage (if infact that's what's happening).

Anyhow, off to start afresh with both your revised scripts now. Will get back with results.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #25 on: August 03, 2014, 08:45:34 am »
There is one thing that I forgot to mention.

Attachments can either be in the database or filebased.

The Zarafa-search (full text indexer) seems to be set up for filebased only. I should know but I don't think you can index blob database content.

So its a double edge sword when you backup Zarafa its a combination of messages database and file attachments or all database but no Zarafa search.

I have left it with zarafa-search and file based as with the community version there is no brick level but remember the attachment directories.

Actually I have in the past restored the database and attachments to a VM and used imapsync back to the specific user.

Any thoughts on attachment storage and the indexer? I see the indexer more important than backup ease.

I created a bulk import script that is for Openchange
https://forum.zentyal.org/index.php/topic,22477.msg86479.html#msg86479

I will do the same for Zarafa so you can quickly setup many users via a csv file.

ldap_company_type_attribute_value = organizationalUnit not really sure as I use OU's for group policies and how this works dunno.
ldap_emailaddress_attribute = mail
ldap_emailaliases_attribute = otherMailbox
Zarafa seems to suggest using zarafaAliases but otherMailbox I think is exchange compatible and Zentyal use it.
Strange really as they suggest zarafaAliases but it was set to otherMailbox.

The other stuff is the post fix and dovecot stuff. It will be possible if zarafaAccount=0 then they are a dovecot user and maybe pop on dovecot and imap on zarafa.
I have just enabled imap on zarafa but if we changed to non standard ports both could operate.
« Last Edit: August 03, 2014, 09:16:37 am by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #26 on: August 03, 2014, 10:29:42 am »
Stuart,

Ok, as regards your revised zarafa-install script, there is a problem with the setting of the "ldap_bind_user" into /etc/zarafa/ldap.cfg. I thing it's probably:-

ldapuser=$(grep 'dn =' /etc/dovecot/dovecot-ldap.conf | sed -e 's/dn = "CN=\(.*\),CN=Users,DC=office,DC=zentyal,DC=lan"/\1/')

The "DC=office" certainly isn't relevant to my install. Either that or:-

sed -i "/ldap_bind_user =/c\ldap_bind_user = CN="${ldapuser}",CN=Users,"${mybasedn} /etc/zarafa/ldap.cfg

Either way the script returns (in my case):-

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
sed: can't read =: No such file or directory
sed: can't read "CN=zentyal-mail-zentyal,CN=Users,DC=ctstest,DC=lan",CN=Users,DC=ctstest,DC=lan: No such file or directory
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

If I had even a smidgen of scripting skill I'd look into that. As it is, I just manually edited /etc/zarafa/ldap.cfg with the correct ldap_bind_user value. Reboot, & all up & running.

Your "zarafa-user" script worked as intended, adding the nine zarafa attributes to the user I ran it against.

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #27 on: August 03, 2014, 10:55:53 am »
Doh!

Lol will get on just had to go out.

The script is recreating the full DN so I don't need to extract the user then later add to the basedn to make the full dn.

I will sort it.

Hey don't worry sed and regex expressions to extract text hate them as much as they confuse me.

Stupid mistake.

PS having your input is invaluable many thanks

"zarafa-user" script I will hack the zentyal mail functions so it works automatically through the gui.

What I will do is separate the ldif from the script and the ldif will just act as a user template for those settings.

I am going to do that this afternoon.

Zarafa search has bug which is due to an external library and apt-get upgrade should fix things.
I use webmin as its a gui and it will force upgrades because you can select individual items.
If you have a prob its something called libkyoto(something) :)

Code: [Select]
libkyotocabinet-dev amd64 Kyoto Cabinet is a library of routines for managing a database. New version 1.2.76-4 Trusty
libkyotocabinet16 amd64 Kyoto Cabinet is a library of routines for managing a database.

You could force an upgrade but that will pull in everything.

apt-get install -f libkyotocabinet16 probably better

I suggest installing webmin and creating a network service on port 10000 and allowing on the firewall.
I turn off the automatic start and use service webmin start when I need it or is it /etc/init.d/webmin start and sometimes remember to stop it when finished
I bolt down the server after completed.
All the scripts are written through the webmin file manager copy and paste in wordpad or anything in windows has a different codepage or something, its a world of hell if you do.
There is a utility dos2unix but the above does the job.
Also Apache directory studio is just fantastic for ldap the more I use it the more I find how good it is.
In the context menu (right click) in advanced you can export any selection as ldif pairs.
« Last Edit: August 03, 2014, 12:44:40 pm by StuartNaylor »

tose

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +5/-0
    • View Profile
Re: Zarafa & Zentyal 3.5
« Reply #28 on: August 03, 2014, 04:22:32 pm »
Ok, just reran your newly revised zarafa-install script on a fresh install & all good.

Just a thought (because it tripped me up untill I recalled I'd missed something). How hard would it be to disable POP3, POP3S, IMAP, IMAPS in the Zentyal Mail module as part of your install script?  I know I've seen where that's set in the past but it's after midnight here & I'm not finding it.

Sleep time for me

StuartNaylor

  • Guest
Re: Zarafa & Zentyal 3.5
« Reply #29 on: August 03, 2014, 05:37:26 pm »
Pretty easy.

There are two levels at the user and at the server. To be honest user level doesn't make an awful lot of sense to me. Guess it just stops external access.
Providing that webapp or webaccess isn't public?
/etc/zarafa/gateway.cfg
Code: [Select]
##############################################################
# GATEWAY SETTINGS

server_bind = 0.0.0.0

# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
server_socket = http://localhost:236/zarafa

# Set this value to a name to show in the logon greeting to clients.
# Leave empty to use DNS to find this name.
server_hostname =

# Whether to show the hostname in the logon greeting to clients.
server_hostname_greeting = no

# drop privileges and run the process as this user
run_as_user =

# drop privileges and run the process as this group
run_as_group =

# create a pid file for stopping the service via the init.d scripts
pid_file = /var/run/zarafa-gateway.pid

# run server in this path (when not using the -F switch)
running_path = /

# create memory coredumps upon crash in the running_path directory
coredump_enabled = no

# enable/disable POP3, and POP3 listen port
pop3_enable = yes
pop3_port = 110

# enable/disable Secure POP3, and Secure POP3 listen port
pop3s_enable = no
pop3s_port = 995

# enable/disable IMAP, and IMAP listen port
imap_enable = yes
imap_port = 143

# enable/disable Secure IMAP, and Secure IMAP listen port
imaps_enable = no
imaps_port = 993

# Only mail folder for IMAP or all subfolders (calendar, contacts, tasks, etc. too)
imap_only_mailfolders = yes

# Show Public folders for IMAP
imap_public_folders = yes

# IMAP clients may use IDLE command
imap_capability_idle = yes

# The maximum size of an email that can be uploaded to the gateway
imap_max_messagesize = 128M

# Override the e-mail charset and generate using utf-8 (when imap data is not present on the item)
imap_generate_utf8 = no

# Internally issue the expunge command to directly delete e-mail marked for deletion in IMAP.
imap_expunge_on_delete = no

# Store full rfc822 message during APPEND
imap_store_rfc822 = yes

# Maximum count of allowed failed IMAP command counts per client
imap_max_fail_commands = 10

# Disable all plaintext authentications unless SSL/TLS is used
disable_plaintext_auth = no

# File with RSA key for SSL
ssl_private_key_file = /etc/zarafa/gateway/privkey.pem

#File with certificate for SSL
ssl_certificate_file = /etc/zarafa/gateway/cert.pem

# Verify client certificate
ssl_verify_client = no

# Client verify file and/or path
ssl_verify_file =
ssl_verify_path =

# Accept SSLv2 only incoming connections
ssl_enable_v2 = no

# Process model, using pthreads (thread) or processes (fork)
process_model = fork

##############################################################
# GATEWAY LOG SETTINGS

# Logging method (syslog, file)
log_method = file

# Loglevel (0=no logging, 5=full logging)
log_level = 2

# Logfile for log_method = file, use '-' for stderr
log_file = /var/log/zarafa/gateway.log

# Log timestamp - prefix each log line with timestamp in 'file' logging mode
log_timestamp = 1

Which I glad you mentioned as I haven't created the certificate file

# File with RSA key for SSL
ssl_private_key_file   =   /etc/zarafa/gateway/privkey.pem

#File with certificate for SSL
ssl_certificate_file   =   /etc/zarafa/gateway/cert.pem

Also same with /etc/zarafa/ical.cfg

Code: [Select]
##############################################################
# ICAL SETTINGS

# drop privileges and run the process as this user
run_as_user =

# drop privileges and run the process as this group
run_as_group =

# create a pid file for stopping the service via the init.d scripts
pid_file = /var/run/zarafa-ical.pid

# run server in this path (when not using the -F switch)
running_path = /

# IP Address to bind to (0.0.0.0 for ANY)
server_bind = 0.0.0.0

# wether normal connections can be made to the ical server
ical_enable = yes

# port which the ical server listens on for normal connections
ical_port = 8080

# wether ssl connections can be made to the ical server
icals_enable = no

# port which the ical server listens on for ssl connections
icals_port = 8443

# default connection to the Zarafa server
# Please refer to the administrator manual or manpage why HTTP is used rather than the UNIX socket.
server_socket = http://localhost:236/zarafa

# Process model, using pthreads (thread) or processes (fork)
process_model = fork

##############################################################
# ICAL LOG SETTINGS

# Logging method (syslog, file)
log_method = file

# Loglevel (0=no logging, 5=full logging)
log_level = 2

# Logfile for log_method = file, use '-' for stderr
log_file = /var/log/zarafa/ical.log

# Log timestamp - prefix each log line with timestamp in 'file' logging mode
log_timestamp = 1

##############################################################
# ICAL SSL SETTINGS FOR INCOMING CONNECTIONS

# File with RSA key for SSL
ssl_private_key_file = /etc/zarafa/ical/privkey.pem

# File with certificate for SSL
ssl_certificate_file = /etc/zarafa/ical/cert.pem

# Verify client certificate
ssl_verify_client = no

# Client verify file and/or path
ssl_verify_file =
ssl_verify_path =

# Accept SSLv2 only incoming connections
ssl_enable_v2 = no

##############################################################
# OTHER ICAL SETTINGS

# The timezone of the system clock
server_timezone = Europe/Amsterdam

# The charset of data to expect when the client doesn't specify any
default_charset = utf-8

# Enable the iCalendar GET method for downloading calendars
enable_ical_get = yes

The services for ical I would probably add to the mail network service as they make a logical group.

Or create separate services for each protocol and use the firewall to select which are available?


 
« Last Edit: August 03, 2014, 06:02:41 pm by StuartNaylor »