Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

Groupware Server With Group-Office, Postfix, Dovecot And SpamAssassin On Debian Lenny (5.0)


Introduction

In this howto I will explain how you can set up a groupware server using:

  1. The Debian Linux operating system (http://www.debian.org)
  2. Group-Office for managing the mailboxes and groupware functions like e-mail, shared calendars, file sharing etc. (http://www.group-office.com)
  3. Postfix with virtual accounts in MySQL . (http://www.postfix.org)
  4. Dovecot IMAP (http://www.dovecot.org)
  5. SpamAssassin spam filter(http://spamassassin.apache.org)
  6. A vacation perl script that will handle out-of-office replies

Set up the Debian installation

Download the Debian 5 net installer and install the base system. Just follow the Debian installation instructions and install as little software as possible. You can get Debian at http://www.debian.org.

When you got Debian up and running run the following command to install all the required packages:

apt-get install php5 php5-mysql php5-imap php5-gd php5-cli php5-curl apache2 postfix postfix-mysql mysql-server mysql-client phpmyadmin subversion dovecot-imapd libemail-valid-perl libmail-sendmail-perl spamassassin spamc zip tnef libwbxml2-utils sudo openssl pyzor razor rsync mailutils libmime-charset-perl libmime-encwords-perl

 

Set up Group-Office

Now that all the required software is installed we can setup Group-Office. Get the Community or Professional version from: http://www.group-office.com. You need at least version 3.01-stable-2.

Unpack the tar archive:

# cd /var/www
# tar zxf groupoffice-com-3.01-stable-2.tar.gz
# mv groupoffice-3.01-stable-2 groupoffice

Create a directory for the Group-Office protected user files:

# mkdir /home/groupoffice
# chown www-data:www-data /home/groupoffice

Create a directory for the Group-Office public files:

# mkdir /var/www/local
# chown www-data:www-data /var/www/local

You can choose 3 different locations for the config.php file that is used by Group-Office:

  1. Inside the Group-Office source directory (/var/www/groupoffice/config.php)
  2. One level higher then the Apache document root (/var/config.php)
  3. In /etc/groupoffice/[Apache server_name]/config.php

It’s best to keep the config.php file out of the source directory. This way you can upgrade easier later. We will make apache the owner temporarily so that the install script can write to it.

# touch /var/config.php
# chown www-data /var/config.php

Now launch http://your.server/groupoffice/install/ and follow the instructions on screen. Choose “Create new database” and use the root user to create a new database called “groupoffice”.
When you’ve completed the installation you must change the ownershop of the config.php file.

# chown root /var/config.php

Edit the Group-Office config.php file and add:

$config['postfixadmin_autoreply_domain']="autoreply.example.com";

Make sure the domain matches with the vacation transport of postfix you will add later.

Now Group-Office is up and running!

Configure Postfix

Postfix must be configured to use MySQL:

The following variables in main.cf. Start with filling some basic info:

# postconf -e ‘myhostname = mx-1.example.com’
# postconf -e ‘smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)’
# postconf -e ‘biff = no’
# postconf -e ‘append_dot_mydomain = no’
# postconf -e ‘myorigin = example.com’
# postconf -e ‘mydestination = $myhostname, localhost, locahost.localdomain’
# postconf -e ‘mynetworks = 127.0.0.0/8’
# postconf -e ‘recipient_delimiter = +’
# postconf -e ‘inet_interfaces = all’
# postconf -e ‘proxy_read_maps = $local_recipient_maps $mydestination \
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps \
$virtual_mailbox_domains $relay_recipient_maps $relay_domains \
$canonical_maps $sender_canonical_maps $recipient_canonical_maps \
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps’

# postconf -e ‘smtpd_recipient_restrictions = \
permit_mynetworks, \
reject_unauth_destination, \
reject_rbl_client zen.spamhaus.org, \
reject_rbl_client list.dsbl.org, \
permit’
# postconf -e ‘message_size_limit=52428800’
# postconf -e ‘mailbox_size_limit=0’

Now configure it for virtual users in MySQL:

# postconf -e ‘virtual_alias_domains =’
# postconf -e ‘virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf’
# postconf -e ‘virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf’
# postconf -e ‘virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf’
# postconf -e ‘virtual_mailbox_base = /vmail’
# postconf -e ‘virtual_minimum_uid = 150’
# postconf -e ‘virtual_uid_maps = static:150’
# postconf -e ‘virtual_gid_maps = static:8’
# postconf -e ‘virtual_create_maildirsize = yes’
# postconf -e ‘virtual_mailbox_extended = yes’
# postconf -e ‘virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf’
# postconf -e ‘virtual_mailbox_limit_override = yes’
# postconf -e ‘virtual_maildir_limit_message = “The user you are trying to reach has exceeded their quota.”‘
# postconf -e ‘virtual_overquota_bounce = yes’
# postconf -e ‘transport_maps = proxy:mysql:/etc/postfix/mysql_virtual_transports.cf’
# postconf -e ‘relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf’

We will use Dovecot delivery:

# postconf -e ‘virtual_transport=dovecot’
# postconf -e ‘dovecot_destination_recipient_limit=1’
# postconf -e ‘transport_maps = hash:/etc/postfix/transport’
# postconf -e ‘smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit’
# postconf -e ‘vacation_destination_recipient_limit = 1’

Create the transport db:

# cd /etc/postfix
# postmap transport

Postfix was installed with MySQL support, but that doesn’t mean it already knows how to use our database. It needs to be provided with various SQL-query information for each type of table in our database. This information is stored in the MySQL files defined in the main.cf file:

/etc/postfix/mysql_virtual_alias_maps.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_aliases
select_field = goto
where_field = address
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_domains_maps.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

/etc/postfix/mysql_virtual_mailbox_limit_maps.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_mailboxes
select_field = quota
where_field = username
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_mailbox_maps.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_mailboxes
select_field = maildir
where_field = username
additional_conditions = and active = '1'

/etc/postfix/mysql_virtual_transports.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = transport
where_field = domain
additional_conditions = and active = '1'

/etc/postfix/mysql_relay_domains_maps.cf:

user = vmail_user
password = vmail_user_password
hosts = localhost
dbname = groupoffice
table = pa_domains
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1' and active = '1'

Add the mail user:

# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c “Virtual Mailbox” vmail
# mkdir /vmail
# chmod 770 /vmail/
# chown vmail:mail /vmail/

Edit Postfix master.cf:

Alter the first line with the smtp service:

smtp      inet  n       -       -       -       -       smtpd
	-o content_filter=spamassassin

After that line add:

spamassassin unix -     n       n       -       -       pipe
	user=spamd argv=/usr/bin/spamc -f -e
	/usr/sbin/sendmail -oi -f ${sender} ${recipient}
dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

At the interfaces to non-Postfix software add:

vacation    unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Set up SpamAssasin

# groupadd -g 5001 spamd
# useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
# mkdir /var/lib/spamassassin
# chown spamd:spamd /var/lib/spamassassin

To start the server in /etc/default/spamassassin set:

ENABLED=1

You can tweak SpamAssassin yourself in /etc/spamassassin/local.cf.

 

Set up vacation

The vacation script is a Perl script that will handle automtic replies when a user is out of office.

Copy scripts/vacation.pl to /var/spool/vacation/vacation.pl and edit the database connection properties.

# mkdir /var/spool/vacation
# useradd -r -d /var/spool/vmail -s /sbin/nologin -c “Virtual vacation” vacation
# chown -R vacation:vacation /var/spool/vacation/
# chmod 700 /var/spool/vacation/
# chmod 750 /var/spool/vacation/vacation.pl
# touch /var/log/vacation.log /var/log/vacation-debug.log
# chown vacation:vacation /var/log/vacation*

Create /etc/postfix/transport. Make sure the domain matches the postfixadmin_autoreply_domain you configured in the Group-Office config.php file before.

autoreply.example.com vacation:

 

Set up Dovecot

Dovecot is a fast IMAP deamon and it can also check user quota and filter Spam to the spam folder. Change / add these values to /etc/dovecot.conf:

#Enable IMAP and IMAPS
protocols = imap imaps 
#Listen on all IP addresses
listen = *
#configure the location of our virtual mailboxes
mail_location = maildir:/vmail/%d/%u
# Group to enable temporarily for privileged operations. Currently this is
# used only for creating mbox dotlock files when creation fails for INBOX.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
mail_privileged_group = mail
# Grant access to these supplementary groups for mail processes. Typically
# these are used to set up access to shared mailboxes. Note that it may be
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
mail_access_groups = mail
# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
first_valid_uid = 150
last_valid_uid = 150

Inside the protocol imap { } section change:
mail_plugins = quota imap_quota
Inside the protocol lda { } section change:
postmaster_address = postmaster@intermesh.nl
mail_plugin_dir = /usr/lib/dovecot/modules/lda
mail_plugins = cmusieve quota
#the globalsieverc script will filter spam messages to the Spam folder 
global_script_path = /var/vmail/globalsieverc
Inside auth default { } section change:
auth default {
 mechanisms = plain
 passdb sql {
	 args = /etc/dovecot/dovecot-sql.conf
 }
 userdb sql {
	 args = /etc/dovecot/dovecot-sql.conf
 }
 user = nobody
 socket listen {
	 master {
	 path = /var/run/dovecot/auth-master
	 mode = 0660
	 user = vmail
	 group = mail
 }
 	client {
	 path = /var/spool/postfix/private/auth
	 mode = 0660
	 user = postfix
	 group = postfix
	}
}
plugin {
  quota = maildir:storage=512000
}

Also comment out the passdb pam section or you will get a very slow Dovecot connection!

/etc/postfix/dovecot-sql.conf:

driver = mysql
connect = host=localhost dbname=groupoffice user=vmail_user password=vmail_user_pass
default_pass_scheme = PLAIN-MD5
user_query = SELECT '/vmail/%d/%n' AS home, 'maildir:/vmail/%d/%n' AS mail, 150 AS uid, 8 AS gid, CONCAT('maildir:storage=', quota) AS quota FROM pa_mailboxes WHERE username = '%u' AND active = '1'
password_query = SELECT username AS user, password, '/vmail/%d/%n' AS userdb_home, 'maildir:/vmail/%d/%n' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM pa_mailboxes WHERE username = '%u' AND active = '1'

Create globalsieverc script:

# mkdir /var/vmail/

Edit /var/vmail/globalsieverc:

require "fileinto";
if exists "X-Spam-Flag" {
  fileinto "Spam";
}

Set correct permissions:

# chown vmail:mail -R /var/vmail

Install the serverclient

The serverclient module for Group-Office can automatically create new mailboxes when you create a new user. Install the module and add the following to the Group-Office config.php file:

Note: If you have multiple Group-Office installations and one to manage Postfix, you can add these values to: /etc/groupoffice/globalconfig.inc.php. All Group-Office installations will use these values then. You probably want to configure the serverclient_domains per installation in their config.php files.

#GO will connect to this installation to add a mailbox
$config['serverclient_server_url']='http://localhost/groupoffice/';
#The admin account of GO. Remember to change the password here too if you change it.
$config['serverclient_username']='administrator';
$config['serverclient_password']='somepass';
#comma separated list of mailbox domains
$config['serverclient_domains']='intermeshdev.nl';
#The email account properties that will be added for the user
$config['serverclient_mbroot'] = '';
$config['serverclient_use_ssl'] = '0';
$config['serverclient_novalidate_cert'] = '0';
$config['serverclient_type']='imap';
$config['serverclient_host']='localhost';
$config['serverclient_port']=143;
$config['serverclient_smtp_host']='localhost';
$config['serverclient_smtp_port']=25;
$config['serverclient_smtp_encryption']='';
$config['serverclient_smtp_username']='';
$config['serverclient_smtp_password']='';

The module will connect using curl functions so the php5 curl extension is required for this to work.

 

Finished!

Now it should work! Restart Postfix, SpamAssassin and Dovecot and start testing!

Log in to Group-Office and add a domain and mailbox. Now go to the e-mail module and add an e-mail account:

E-mail -> Settings -> Accounts -> Add

Enter:

Host: localhost
User: user@example.com
Pass: The password you set

Now send a test mail!

Comments

comments