Zarafa install, configure and my personal notes
A colleague of mine told me about Zarafa. I have administered both a Kerio mail server and a Zimbra mail server. Both have their pluses and minuses.
I thought I’d check out Zarafa and here are my quick thoughts:
No web gui to admin the server (minus) | Correction! There is NOW z-admin, a web interface for administering the server. At the time of my initial blog this was not available.
Command line only administration (minus) You can still use command line but most everything seems to be working well with admin tasks from the z-admin web interface.
- Good Outlook Webaccess “like” interface (neutral)
- Quick, you don’t need to throw a ton of resources at this server for it to perform, they do have server sizing requirements in their documentation
- Open Source platform, it’s my opinion that this is a BIG plus! :-)
- Optional paid support (plus)
- Value, they’re not gouging you with licensing fees (big plus)
- Multi server cluster options (huge plus)
- Using Z-Push something they develop you can sync phone’s, I’ve had mixed results but works well when it works
- …more to come when I find them.
Here are my install notes:
Install Ubuntu 12.04.x LTS <– assuming you know how to do this :P
Open a terminal and elevate your privileges: sudo -i
apt-get install mysql-server-5.5 libmysqlclient18
apt-get install apache2-mpm-prefork libapache2-mod-php5
* Follow any prompts accordingly like setting hostnames, usernames, passwords, etc
Cleanup the install, if I didn’t do this the Zarafa install doesn’t “finish” and leaves some dirty packages in /etc/init.d/ with names like “/etc/init.d/zarafa-dagent.dpkg-new”. Run this command, it won’t hurt even if you don’t need it but when I ran it (because I think there was an error that said to do so) it fixed the *.dpkg-new” business. Run: “apt-get -f install
“
I like to use a “working directory” called /var/ftp. If you want to do that you can do a “mkdir /var/ftp” then “cd /var/ftp”. We need to now get the installer package. View this site and pick your poison: http://download.zarafa.com/community/final/7.1/7.1.0-36420/
A download command I did from 12.04.x server (which is no desktop GUI, command line only) was: “wget http://download.zarafa.com/community/final/7.1/7.1.0-36420/zcp-7.1.0-36420-ubuntu-12.04-x86_64-free.tar.gz”
Now extract that (if you’re already cd’d to /var/ftp) the command I used was: “gunzip tar -xvf zcp-7.1.0-36420-ubuntu-12.04-x86_64-free.tar.gz”. That takes care of the gz piece, which dumps it to a .tar file, now run: “tar -xvf zcp-7.1.0-36420-ubuntu-12.04-x86_64-free.tar.gz” or if you want to be slick you can do “tar -xvf zcp*.gz”
You HAVE to change permissions on the directory for some reason or you get an error that says: “missing helpers.inc” when you’re clearly not so, do a: chmod -R 777 tar -xvf zcp-7.1.0-36420-ubuntu-12.04-x86_64-free <– Remember though, your version at the time you rad this might be different so it might not be 7.1.0-xxxxxxxxx.
This leaves a directory called “tar -xvf zcp-7.1.0-36420-ubuntu-12.04-x86_64-free” with world readable and world writable (you can delete it later when we’re done). “cd” into it: cd tar -xvf zcp-7.1.0-36420-ubuntu-12.04-x86_64-free.
Lets now “install” by running: ./install.sh
* Follow the prompts for hostname, etc. It checks the dependencies of like Apache, MySQL, etc.
Now, we’re hardly over. One of the cons although some might think this is a benefit is…that Zarafa doesn’t install an SMTP server. That seems weird BUT on a good note it means you can use one of many mail servers that has an SMTP service! They have a “how to” with Postfix (my choice), Qmail, Procmail, Exim4 and XMailServer here <– Click that link to their wiki.
* Don’t forget to add the local account (A local UNIX account called “vmail”) according to the WIKI.
To make this work with Postfix on Ubuntu 12.04.x all you do is run this command: apt-get install postfix
Follow and answer the prompts and it does everything. What you have to do now is add aliases. If you don’t do the postfix integration piece (or your mail server of choice) then you’ll get an error that says:
Relay access denied or you might also see this in a test email that bounces back “Relay access denied (state 13)”
That’s because you don’t have aliases setup correctly. To do this (if you’ve followed the tutorial on Zarafa MTA integration on the above link) simply add your users to these aliases files:
nano /etc/aliases
* add your user like:
rwolf: rwolf@xyzdomain.com
nano /etc/postfix/
Find the line: mydestination =
Add your domain like this (there are probably existing domains, just append the list):
mydestination = xyz.com, abc.com, xyz.net, abc.net
Then restart your services for postfix:
/etc/init.d/postfix reload
/etc/init.d/postfix restart
Now do some testing and you should be good to go!
Further things you will want to do is add spam filtering and spam control. Yet ANOTHER downside to Zarafa is, unlike Kerio and Zimbra there isn’t even a basic spam filter installed. I guess that’s why their download is only 41 meg :P. I would suggest that if Zarafa wants to play with the big boys they need to:
- Roll up more options for an easier install that includes Apach, MySQL and a mail server
- Include a spam filter
- Get a web admin GUI, even skilled admins would have jitters about implementing a mail system without one…but not me because I love a technical challenge ;-)
Feel free to let me know if you have any questions or issues and if the notes need some updating. It’s not exhaustive but should get anyone who knows basic stuff off the ground and to fix most of the issues you might have.
I’ve got the community edition installed and I’m liking what I see!
* IMAP SSL notes:
If you want to secure pop and imap with ssl this is what you do. Thanks for Stan Barber for his clear, concise tutorial here!
* Note, you want to leave out the -des3 part if you don’t want your server pem to have a password ;)
Finally, once all your certs are created, you should have a “server.key” and a “server.crt”…that’s what I named mine in the commands. Do a:
nano /etc/zarafa/server.cfg
In the section: ssl_private_key_file = /etc/zarafa/…wherever_your_key_is/server.key
In the section: ssl_certificate_file = /etc/zarafa/..wherever_your_key_is/server.crt
Restart the gateway server: /etc/init.d/zarafa-gateway restart
Check the log: tail /var/log/gateway.log
You should see an exit, shutdown complete, starting with no errors like “Error loading SSL context”. If you see the Error loading SSL context you’re using bad certs OR you’re pointing it at the wrong files and I’d start over :P
This did in fact stump me for a few hours because even though I had the certs created correctly. I had a boat load of certs following an error so I created more. That wasn’t the problem at all, it was the fact I was pointing it at a PEM file rather than a CRT file in the ssl certificate section. The REASON why I was using a PEM file in that section is because the default put in there by Zarafa as “default” syntax is in fact .pem not .crt…that threw me off :). You need a certificate there not a pem. UGH! After doing the above my pop and imap are now pops and imaps!
* Hey! Another “update”. When I switch from a single mode server to a “hosted” server meaning multi-tenant or multi-occupancy (so xyz.com, abc.com, def.net, etc all hosted on the server BUT kept separate in a “company”) I couldn’t deliver mail to the inbox. As soon as I switch back to “hosted = false” in the /etc/zarafa/server.cfg file it worked and mail would be delivered. This is discussed here on a Zarafa Community Forum but when I read it the other day I didn’t fully understand what it was talking about. After digging into the problem, reviewing the MTA setup I finally got it!
In these files:
/etc/postfix/main.cf
/etc/postfix/master.cf
You need to change this line:
main.cf = mailbox_command = /usr/bin/zarafa-dagent “$USER”
master.cf = flags= user=vmail argv=/usr/bin/zarafa-dagent ${user}
To this line:
main.cf = mailbox_command = /usr/bin/zarafa-dagent “$recipient”
master.cf = flags= user=vmail argv=/usr/bin/zarafa-dagent ${recipient}
I just noticed this but in the user spot I guess case sensitivity doesn’t matter :P. You think it would on a Linux server though?
MUCH THANKS TO blackjack97 on the forum! You’re my hero :) He/She was the poster with the fix, much props!