This is an old revision of the document!
Editions: http://www.zarafa.com/content/editions
Web Client: http://www.zarafa.com/content/webapp
Mobility: http://www.zarafa.com/content/mobility
http://www.unixmen.com/install-zarafa-centos-6-5-alternative-microsoft-exchange-mail-server/
http://wiki.centos.org/OzydeJong/CentOS6_ZarafaServer7
http://wiki.centos.org/OzydeJong/CentOS6_ZarafaServer7_Z-push1
Perform a Minimal Install.
Change the SSH port and firewall.
Install some prerequisites, start some services and reboot:
yum install file libxslt poppler-utils unzip sysstat mysql-server mysql php php-cli w3m httpd \ vim-enhanced wget libicu boost man postfix telnet cyrus-sasl-plain chkconfig postfix on chkconfig saslauthd on chkconfig mysqld on chkconfig httpd on reboot
Secure MySQL:
/usr/bin/mysql_secure_installation
selinux:
http://www.zarafa.com/wiki/index.php/Zarafa_Selinux_policy
setsebool httpd_can_network_connect=1
The community edition is available in the EPEL Repo. Use that for the community edition.
Download then copy the install tarball to the Zarafa server:
scp -vP 2222 Desktop/zcp-7.1.8-44004-rhel-6-x86_64-evaluation.tar.gz root@zarafa.mydomain.com:~
The community edition is easily installed with packages from the EPEL repo, but you must create the MySQL database yourself.
Configure the EPEL Repo.
yum install zarafa zarafa-webaccess
Extract the tarball:
tar -xzvf zcp-7.1.8-44004-rhel-6-x86_64-free.tar.gz cd zcp-7.1.8-44004-rhel-6-x86_64-free
Install a prerequisite and launch the installer:
rpm -ivh catdoc* ./install.sh
vim /etc/sysconfig/zarafa ZARAFA_LOCALE="en_US" ZARAFA_USERSCRIPT_LOCALE="en_US"
vim /etc/zarafa/server.cfg attachment_compression = 9
If you want to store attachments in the MySQL database instead:
attachment_storage = database
service zarafa-server restart
zarafa-admin -c admin -P -f "System Administrator" -e admin@yourdomain.tld -a 2
'a' is the admin level, (0) = user, (1) = admin, (2) = organisation admin
You can check whether this worked with
zarafa-admin -l zarafa-admin --details <username>
Users must have system accounts and Zarafa accounts.
postconf -e "myhostname = zarafa.virtualarchitects.com" postconf -e 'mydomain = virtualarchitects.com' postconf -e 'myorigin = $mydomain' postconf -e 'inet_interfaces = all' postconf -e 'inet_protocols = all' postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain' postconf -e 'mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.10.0.0/16, 198.167.188.32/27, 198.167.189.16/28' postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command = /usr/bin/zarafa-dagent "$USER"' postconf -e 'smtpd_sasl_authenticated_header = yes' # SSL Related Entries postconf -e 'smtpd_tls_auth_only = yes' postconf -e 'smtpd_tls_security_level = may' postconf -e 'smtpd_tls_key_file = /etc/zarafa/ssl/zarafa.key' postconf -e 'smtpd_tls_cert_file = /etc/zarafa/ssl/zarafa.crt' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' postconf -e 'smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'broken_sasl_auth_clients = yes'
Uncomment the submission
and smtps
sections:
vim /etc/postfix/master.cf
Restart Postfix and check the configuration:
service postfix restart postconf -n
https://forums.zarafa.com/showthread.php?7786-SASL-and-postfix-TLS-with-centos-6
https://www.linux-answered.com/2012/04/25/enable-secure-imap-and-pop3-on-zarafa/
vim /etc/sysconfig/saslauthd SOCKETDIR=/var/run/saslauthd MECH=rimap FLAGS="-c -r -O 127.0.0.1"
Generate a private key:
mkdir /etc/zarafa/ssl/ cd /etc/zarafa/ssl/ openssl genrsa -out zarafa.key 1024
Generate a certificate (valid for 10 years):
openssl req -new -x509 -key zarafa.key -out zarafa.crt -days 3650
vim /etc/zarafa/gateway.cfg # File with RSA key for SSL ssl_private_key_file = /etc/zarafa/ssl/mykey.pem #File with certificate for SSL ssl_certificate_file = /etc/zarafa/ssl/cacert.pem # enable/disable POP3, and POP3 listen port pop3_enable = no pop3_port = 110 # enable/disable Secure POP3, and Secure POP3 listen port pop3s_enable = yes pop3s_port = 995 # enable/disable IMAP, and IMAP listen port imap_enable = no imap_port = 143 # enable/disable Secure IMAP, and Secure IMAP listen port imaps_enable = yes imaps_port = 993
Web Access is the basic web interface.
rm /etc/httpd/conf.d/welcome.conf
vim /etc/httpd/conf/httpd.conf DocumentRoot "/usr/share/zarafa-webaccess"
service httpd restart
http://www.zarafa.com/wiki/index.php/Securing_Zarafa_WebAccess_with_SSL
Web App is the advanced HTML5 web interface and it requires SSL.