Open-Xchange on CentOS 4.2 Guide

Well, a few days of messing around (and some positively annoying head-scratching figuring out some problems) has finally resulted in Open-Xchange running quite happily, on CentOS 4.2. Yet another distro, I know. But, thanks to Mike for pointing me in the direction of CentOS, which I’d been meaning to try for a while, and the excellent script from Giorgio Tobia, everything’s up + running. But, there is a definate lack of information about actually configuring Open-Xchange, as it’s assumed you already know a hell of a lot about Posfix, Cyrus-IMAP, Tomat, etc.

So, with a number of problems resolved, I figured it would be a good idea to group together all my resources for anyone else encountering problems (or simply for my reference when I’m building another server!).

First off, most of the install is based straight from the guide by Giorgio Tobia which may be worth a read. However, I’ve grouped everything together, taken out alternative ideas if you’re running Fedora instead of CentOS, etc. and added in a number of configuration options.

Install Base CentOS server
Grab a copy of CentOS from a local mirror – CentOS 4.2 is the latest at the time of writing. You’ll actually only need the first CD, as we’ll be performing a minimal install. Once downloaded and burnt to CD, reboot and run through the installer. Pick ‘Custom’ install if you want to play with additional settings, paying attention to how you want your partition scheme laying out. I think it’s sensible to have /var/spool/imap on it’s own partition at the very least. You can leave the firewall turned on, and enable any services you require. Giogio’s guide recommends turning off SELinux – I haven’t tried it with it turned back on. Finally, at the package selection stage, choose ‘Minimal’.

Once installed and rebooted, login and run a yum update via

yum update

There may well be a few packages coming down but shouldn’t take too long with a decent connection. Reboot once finished to ensure it runs latest kernel image if one was downloaded, then you’re ready to start installing Open-Xchange!

Open-Xchange install
For installing Open-Xchange, grab the install script tarball by Giorgio, along with his pre-compiled OpenLDAP rpm’s for CentOS. You can compile these yourself if you wish, but he advises it will take a while and does!

Unpack the tarballs as follows:

tar xvzf ox_install.tar.gz
tar xvzf ox_install_centos_rpms.tar.gz

You should now find within ‘oxtempdir/rpms‘, the three extracted OpenLDAP rpm’s. Next, you will need the following Java packages which must be downloaded from Sun manually as the licence agreements must be accepted first:

Copy all these files to the ‘oxtempdir/sources‘ directory, then change to the ‘oxtempdir‘ and run the Open-Xchange install script:

./ox_install.sh

This will prompt for a few responses at the start of the install:

  • Set your domain name (i.e. example.com)
  • Set the name of your organization: (do not use quotes)
  • Set release number of Open-Xchange (i.e. 0.8.0-6)
  • Set your language (EN, DE, NO, IT, FR, NL, BR, RU, CO)
  • Set your LDAP password
  • Do you want to compile Openldap on your own? y for yes, n for no (choose ‘n’ to use the OpenLDAP rpm’s previously extracted)
  • Do you want to crypt communications with your apache server with SSL? y for yes, n for no
  • Do you want to automatically delete all installation files? y for yes, n for no

Then sit back and wait a while! Feel free to browse through the script to see what it’s actually doing, and please direct any comments back to Giorgio. Basically it pulls down a load of packages + dependencies via yum, installs apt, grabs some more packages, sets up your Postgresql database, downloads + installs Open-Xchange, configures your OpenLDAP server, installs Apache + Tomcat including associated Java classes (including optionally enabling SSL communications if selected), etc. then tidies up a few things ready for you to use.

It should be noted that during the install script, when prompted for passwords for Open-Xchange and your Postgresql database, these can be whatever you want. The script seems to indicate you have to use the password ‘openexchange‘, but this is not the case.

Configuring Open-Xchange
With the install script finished, it looks like everything is up + running. However, there’s a number of things which can be changed to improve the way the system responds and Open-Xchange works.

Make sure you edit ‘/etc/yum.conf‘ to stop OpenLDAP being updated with a newer version not compiled with ACI support. If any glaring security updates are released requiring updates to OpenLDAP, these will have to be done manually unfortunately. Add the following line to ‘yum.conf‘:

exclude=openldap

I’m assuming you’ll want the mailbox folders to be created automatically on logging in – it’s fairly common sense. Edit ‘/srv/ox/etc/webmail/webmail.properties‘ and set:

user.default.folder.autocreate=true

Within ‘/etc/imap.conf‘, it should already be setup to create the required folders, however it does not auto-subscribe to them. Fairly silly, as when you login you will only see ‘Inbox’ unless you go into your mail settings, select ‘Folders’, and manually subscribe. Your ‘/etc/imap.conf‘ should contain the following:

autocreateinboxfolders: Trash | Drafts | Spam | Sent
autosubscribeinboxfolders: Trash | Drafts | Spam | Sent

This way, when your users first login, the mailbox folders are created, subscribed to, and automatically displayed. Easy!

Adding users can either be done with the built-in Open-Xchange scripts, found under ‘/srv/ox/sbin‘, or via Giorgio’s script, found with ‘oxtempdir‘. The script is called ‘useradd_ox.sh‘ and before running it, you will need to edit the script to provide the default maildomain, password, timezone, etc. You then simply add a new user with:

useradd_ox.sh username

And you will then be prompted for the firstname and surname, whilst the script then adds them to the OpenLDAP structure and Postgresql database.

Tinkering with Open-Xchange
The rest of the changes are purely down to preference. We mainly use the webmail features and that’s it, so the groupware isn’t widely used. To facilitate this, ‘login.pm‘ can be adjusted to make webmail the default option whilst logging in. Also, as we only use the EN localisation, you can get rid of the drop-down box and simply tell the system to use EN (or whatever localisation you want). For adjusting the default re-direct to load webmail rather than groupware, edit ‘/var/www/cgi-bin/login.pm‘ and change:

print $cgi->popup_menu(-name=>'whereto',
-values=>['/servlet/intranet?SITE=beforeAuth&sessionID=',
'/servlet/webmail?SITE=mauth&sessionID='],
-labels=>\%labels,
-default=>'servlet/intranet?SITE=beforeAuth&sessionID=');

to:

print $cgi->popup_menu(-name=>'whereto',
-values=>['/servlet/intranet?SITE=beforeAuth&sessionID=',
'/servlet/webmail?SITE=mauth&sessionID='],
-labels=>\%labels,
-default=>'/servlet/webmail?SITE=mauth&sessionID=');

The key change is the last line where you set default option to ‘/servlet/webmail‘ rather than ‘/servlet/intranet‘. When you reload your front page, ‘Webmail’ should now be the default action.

To force the default language and thus remove an un-necessary drop-down box, further down within ‘/var/www/cgi-bin/login.pm‘ edit the section to read:

# Hide the language choice - tell it we want EN
print "";

#print $cgi->start_Tr();
#print $cgi->start_td({-align => 'right', -valign => 'middle', -class => 'tds'});
#print $cgi->font({-class => 'text'}, 'Language:');
#print $cgi->end_td();
#print $cgi->start_td({-valign => 'middle', align => 'left', -class => 'tds'});
#print $cgi->popup_menu(-name=>'whichlang', -values=> $languages, -default=>$default_lang);
#print $cgi->end_td();
#print $cgi->end_Tr();

Again, once reloading the page you should find that lanuage
drop-down box has disppeared, and upon logging in, you’re automatically taken through with EN set as the localisation. This leaves a much cleaner login screen with the user only required for their username + password to access webmail.

All the actual html content for controlling how the groupware + webmail is displayed can be found under ‘/srv/ox/share/groupware/data/templates/EN/‘ and ‘/srv/ox/share/webmail/data/templates/EN/‘ respectively. I haven’t really edited the groupware section as we’re not utilising it much, but the webmail screen has been changed quite a bit.

First area you might wish to change is ‘loadmain.htm‘ which controls the framesets for displaying the webmail area. We’ve found the default layout annoying, with not enough space shown on the right hand side for scrolling through messages. To adjust this, edit ‘loadmain.htm‘ and change the second instance of declaring the frameset to something such as:

document.writeln('');

When initially opening the webmail screen, the bottom right-hand side displays a load of user information which although can be useful if someone is encountering a problem, could be considered confusing for a normal user. I changed this to display a few paragraphs explaining basic use of the e-mail system, how to change a password, etc. It’s ‘main.htm‘ that needs editing – simply add another row in the table before it starts listing name, e-mail, client info, etc. and enter whatever content you wish.

To add a link to the personal settings area that allows the changing of password, user contact information, etc. you need to edit ‘left_top.htm‘ and insert the following wherever you want the button to appear within the existing list:


Settings

Personal Settings

Still within editing your menu’s, I changed the bottom menu to handle logging out, rather than simply closing the window. In order to change the button for logging out, replace those two lines with the following:


Close

Logout

I also took this a step further by adjusting the actual logout process to re-direct back to the login page rather than simply closing the window. This was to facilitate tabbed-browsing users from not experiencing any quirks whereby the whole browser would close rather than the individual tab. Some recommend closing the window for added security, but I don’t quite follow that train of thought. Instead, edit ‘logout.htm‘ and remove all the lines for the JavaScript, and simply add the following into the ‘head‘ section to redirect the browser back to the login page after 2 seconds:

Aliases and mailing groups
Using aliases is fairly straightforward for providing additional aliases for users. For example, although your IMAP mailboxes work as ‘ifoulds, for example, you could create an alias allowing someone to send an e-mail to ‘iain‘. To do this, simply edit ‘/etc/aliases‘ as follows:

iain: ifoulds

where the first name is the alias you wish to create, and the second name is the actual existing system user. In order for these new aliases to take effect, you then need to inform Postfix to update it’s database:

postalias /etc/aliases

However, taking things a step further which is something I really struggled with – trying to figure out how to use IMAP shared mail folders for direct mail delivery, configuring groups of users and assigning them to these shared folders, etc. You can also create groups within ‘aliases‘ to control such mailing lists, which although doesn’t provide any management features such as managing subscriptions, providing a shared folder for users to connect to view archived messages, etc., it was perfect for what we were after. Upon sending an e-mail to the group, Postfix simply forwards the e-mail to each member of the group, meaning it simply pops-up directly in their inbox. To do this, edit ‘/etc/aliases‘ as follows:

mailgroup:
ifoulds,
jdoe,
mmouse

You simply add the usernames to the list, and then tell Postfix to update it’s database:

postalias /etc/aliases

This is one of those things which is a pretty widely-used feature of mail servers, but unless you already know the ins + outs, is very poorly documented. I stumbled across it by accident!

Conclusions
Although from a management point of view this is a big change from our old SuSE Linux Openexchange server, the front-end is no different for the users. It is a little more fiddly managing things from the command line, but just as quick as using a web front-end. OxAdm is a fairly well used PHP admin tool for Open-Xchange, though will require a few extra packages installing through yum first:

yum -y install php php-ldap php-pgsql php-imap

The installation from Giorgio really was a massive help, and a few hours tinkering with the nuts + bolts of Open-Xchange to see how it works made things a lot clearer. Just a shame there’s no guide already setup on how to make basic changes to appearance, layout, mailing groups, etc.

If you have problems, please try the Open-Xchange forums first, which although are not terribly active and often filled with people saying they have the same problems, there are solutions available if you browse around. For problems with the installation, please get in touch with Giogio. Any comments on my guide – either leave your comments here or drop me an e-mail.

About

Senior Content Development for Microsoft writing about Azure virtual machines. Occasionally I play video games.

Posted in computing, linux, open-xchange
15 comments on “Open-Xchange on CentOS 4.2 Guide
  1. Billy says:
    Mozilla Firefox 1.0.7 Windows 2000

    Very awesome walkthrough, very awesome scripts. I did run into a problem after the installation finished and I moved on to add users. The useradd_ox script worked without errors however, the login returns authentication failed. I think it might have to do with the version as I installed 0.8.1-6 instead of the 0.8.0-6 version.

    Any input?

  2. fouldsy says:
    Mozilla Firefox 1.5.0.1 Windows XP

    Glad you found it useful, though the original install scripts were written by Giorgio Tobia – we later worked together to add in my ClamAV + SpamAssassin install scripts. I think he’s beat me on configuring the install for smartsieve-ox if you check his website too!

    As for the errors, the useradd_ox is a script Giorgio wrote, but I haven’t tried 0.8.1-6 to see if there any changes in the LDAP structure that could be causing problems, for example. Did it mention any problems creating the LDAP account or IMAP mailbox when running it, or does /var/log/maillog return any problems whilst logging? Alternatively, head to /srv/ox/sbin for the official Open-Xchange scripts for managing users + groups. The syntax is a little different, but check their adduser_ox script and see if the problems persist adding users that way.

    Let me know how it goes 🙂

  3. Billy says:
    Mozilla Firefox 1.0.7 Windows 2000

    You guys are why open source is sweeet! I didn’t have an email to respond to your response so I’m posting here again. I deleted the accounts I created with the useradd_ox script and then used the /srv/ox/sbin scripts to create new ones (different names to be sure) and the same issue. No ldap errors were reported, postgres didn’t complain either, the only errors were java exceptions and Iif I were being thorough I would go to that server and copy the errors from the log however, I am using the same process but installing 0.8.0-6 instead, just to be thorough. I’m wondering if I install that version will I be able to upgrade to the 0.8.1-6 or even the release candidate version. What I’m really inching towards is the use of the project manager’s gant chart and I don’t think it exists in the 0.8.0-6 release.

    Billy Thomas

  4. fouldsy says:
    Mozilla Firefox 1.5.0.1 Windows XP

    I’m not sure about upgrading stable to testing, but when going from stable to stable usually it’s a case of updating the database with a few queries and installing your new front-end scripts. Wouldn’t have thought it would be all that different and should be possible, but to be honest I’ve never tried it!

    If it’s throwing Java exeptions though, checkout the Open-Xchange forums to see if it’s already been covered, but that may well be the underlying cause. See what happens with 0.8.0-6 and if you’re still getting problems, see what the forums or mailing lists can offer 🙂

  5. Billy says:
    Mozilla Firefox 1.0.7 Windows 2000

    Everything is pretty smooth installing the 0.8.0-6 version so I’m assuming that the install script doesn’t work with 0.8.2-RC3 version because of the differences in the database setup. not at all sure though.

  6. fouldsy says:
    Mozilla Firefox 1.0.6 Windows XP

    At least you’ve got OX up + running though, and have a solid base to build on. If you do manage to get one of the release candidates going, it might be a good idea to let Giorgio or the folks on the OX forums know what you did to help others learn from it.

    Enjoy your shiny new system!

  7. seekuel says:
    Mozilla Firefox 1.0.7 Linux

    Greetings!

    This is my first time to use the script and instructions provided in this website. OX is now working well. Thanks for the detailed insructions.

    There is an issue with the webmail, Under the inbox folder the the drafts, sent, and trach folders are not in english. Is there a way changing this folders to english?

  8. fouldsy says:
    Mozilla Firefox 1.5.0.1 Linux

    Glad you’ve got things pretty much up running. Our system has been working perfectly for a couple of months now so it certainly holds up well!

    To change the language, look for ‘my $default_lang = ‘ within ‘/var/www/cgi-bin/login.pm‘ and also ‘DEFAULT_LANGUAGE=‘ within ‘/var/lib/tomcat5/webapps/umin/WEB-INF/classes/oxuserminconfig.properties‘. Changing those values to EN should do it. Also, when adding a user account, you can specify ‘–lang=EN‘ which I think will overide the default settings if a certain user would require a different language.

  9. seekuel says:
    Mozilla Firefox 1.0.7 Linux

    Sir,

    Thanks for the reply it is a help. Sir Giorgio just updated the installation script and included oxadmin. From there I created the users and the result was that the folders in the webmail is not in english. What I did was edit the useradd_ox.sh found in the /oxtemp/.. to my preferences copy it to /sbin as well as adduser_ox located in /opt/openexchange/.. copied to /sbin. Then created a user and access the webmail. Now evrything is in english.

    Now I know that the problem is in oxadmin.

    Thanks again sir…

  10. fouldsy says:
    Mozilla Firefox 1.5.0.1 Windows XP

    Yeah, I’d noticed the updated scripts, but we already have oxadm running from a manual install. At least you’ve got it going now!

    Any other problems, either point them to the Open-Xchange forums, Giogio’s Open-Xchange page, or myself 🙂

  11. seekuel says:
    Internet Explorer 6.0 Windows XP

    Greetings

    Sir, I found out that entering freshclam in the commandline have a permission error and could not continue. This was due to the user assigned in freshclam.log its clamav.clamav this was solved by checking clam.conf found in /etc and locate the user of freshclam. The user was amavis, therefore the owner is amavis.clamav…

    A question sir, is postfix on this setup configured as open relay? if so is there a way that the open relay be deactivated?

    thanks again…

  12. seekuel says:
    Internet Explorer 6.0 Windows XP

    sorry for the last post but here is the FAQ
    http://www.ordb.org/fix/#postfix

  13. fouldsy says:
    Mozilla Firefox 1.5.0.1 Linux

    You can tell the system to use any user you wish for running the services and setting permissions. It may have been an oversight in the script when setting up the owners, I’ll check it out. At least you got it running properly on your system.

    As for Postfix, as you later point out, by default it’s not an open relay (nor would you want it to be really!), but you should also find from reading through the Postfix documentation you can limit access to a specific range of addresses or subnet to further tighten security depending on what you’re trying to do.

  14. Brynster says:
    Mozilla Firefox 3.0.1 Linux

    Hi

    thankyou for your time and effort in compiling this work through/tutorial

    But i need help, i ran through everything and followed all the instructions, however i seem to be having no joy.

    The server is set up for testing at the mo on my internal network with an IP of 10.0.0.208, however when i enter this into a web browser i get a “page cannot be displayed” error (dependant on browser but the generic error page). I can ping the server and i have installed all the php stuff you have at the end to allow web based management.

    Any further suggestions would be gratefully received

    Many thanks in advance

    Bryn

  15. fouldsy says:
    Mozilla Firefox 3.0.1 Mac OS X 10

    Bryn – been quite some time since I worked with Open-Xchange now! First guess, Apache isn’t running. If something was failing in the setup of the Open-Xchange web interface, you’d at least be getting some kind of error from Apache. Basically, Apache is the web server running the front-end for it all. OX can run quite happily I believe without this even working if you’re accessing it via mail client application and managing users from the console.

    Try restarting Apache, or checking it’s log files to see why it might be failing to start, and work you’re way up. I always found the Open-Xchange forums really helpful for these kinda things too!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

About Me

Iain Foulds, 32 years old. Originally from England, now living in Seattle, WA. I currently work as a Senior Content Developer for Microsoft writing about Azure VMs. Gamer. Very passionate about photography. Comments and opinions expressed here are my own. More...

Categories

Archives