Well, a few days of messing around (and some positively annoying head-scratching figuring out some problems) has finally resulted in Open-Xchange running quite happily, on CentOS 4.2. Yet another distro, I know. But, thanks to Mike for pointing me in the direction of CentOS, which I’d been meaning to try for a while, and the excellent script from Giorgio Tobia, everything’s up + running. But, there is a definate lack of information about actually configuring Open-Xchange, as it’s assumed you already know a hell of a lot about Posfix, Cyrus-IMAP, Tomat, etc.
So, with a number of problems resolved, I figured it would be a good idea to group together all my resources for anyone else encountering problems (or simply for my reference when I’m building another server!).
First off, most of the install is based straight from the guide by Giorgio Tobia which may be worth a read. However, I’ve grouped everything together, taken out alternative ideas if you’re running Fedora instead of CentOS, etc. and added in a number of configuration options.
Install Base CentOS server
Grab a copy of CentOS from a local mirror - CentOS 4.2 is the latest at the time of writing. You’ll actually only need the first CD, as we’ll be performing a minimal install. Once downloaded and burnt to CD, reboot and run through the installer. Pick ‘Custom’ install if you want to play with additional settings, paying attention to how you want your partition scheme laying out. I think it’s sensible to have /var/spool/imap on it’s own partition at the very least. You can leave the firewall turned on, and enable any services you require. Giogio’s guide recommends turning off SELinux - I haven’t tried it with it turned back on. Finally, at the package selection stage, choose ‘Minimal’.
Once installed and rebooted, login and run a yum update via
yum update
There may well be a few packages coming down but shouldn’t take too long with a decent connection. Reboot once finished to ensure it runs latest kernel image if one was downloaded, then you’re ready to start installing Open-Xchange!
Open-Xchange install
For installing Open-Xchange, grab the install script tarball by Giorgio, along with his pre-compiled OpenLDAP rpm’s for CentOS. You can compile these yourself if you wish, but he advises it will take a while and does!
Unpack the tarballs as follows:
tar xvzf ox_install.tar.gz
tar xvzf ox_install_centos_rpms.tar.gz
You should now find within ‘oxtempdir/rpms‘, the three extracted OpenLDAP rpm’s. Next, you will need the following Java packages which must be downloaded from Sun manually as the licence agreements must be accepted first:
Copy all these files to the ‘oxtempdir/sources‘ directory, then change to the ‘oxtempdir‘ and run the Open-Xchange install script:
./ox_install.sh
This will prompt for a few responses at the start of the install:
- Set your domain name (i.e. example.com)
- Set the name of your organization: (do not use quotes)
- Set release number of Open-Xchange (i.e. 0.8.0-6)
- Set your language (EN, DE, NO, IT, FR, NL, BR, RU, CO)
- Set your LDAP password
- Do you want to compile Openldap on your own? y for yes, n for no (choose ‘n’ to use the OpenLDAP rpm’s previously extracted)
- Do you want to crypt communications with your apache server with SSL? y for yes, n for no
- Do you want to automatically delete all installation files? y for yes, n for no
Then sit back and wait a while! Feel free to browse through the script to see what it’s actually doing, and please direct any comments back to Giorgio. Basically it pulls down a load of packages + dependencies via yum, installs apt, grabs some more packages, sets up your Postgresql database, downloads + installs Open-Xchange, configures your OpenLDAP server, installs Apache + Tomcat including associated Java classes (including optionally enabling SSL communications if selected), etc. then tidies up a few things ready for you to use.
It should be noted that during the install script, when prompted for passwords for Open-Xchange and your Postgresql database, these can be whatever you want. The script seems to indicate you have to use the password ‘openexchange‘, but this is not the case.
Configuring Open-Xchange
With the install script finished, it looks like everything is up + running. However, there’s a number of things which can be changed to improve the way the system responds and Open-Xchange works.
Make sure you edit ‘/etc/yum.conf‘ to stop OpenLDAP being updated with a newer version not compiled with ACI support. If any glaring security updates are released requiring updates to OpenLDAP, these will have to be done manually unfortunately. Add the following line to ‘yum.conf‘:
exclude=openldap
I’m assuming you’ll want the mailbox folders to be created automatically on logging in - it’s fairly common sense. Edit ‘/srv/ox/etc/webmail/webmail.properties‘ and set:
user.default.folder.autocreate=true
Within ‘/etc/imap.conf‘, it should already be setup to create the required folders, however it does not auto-subscribe to them. Fairly silly, as when you login you will only see ‘Inbox’ unless you go into your mail settings, select ‘Folders’, and manually subscribe. Your ‘/etc/imap.conf‘ should contain the following:
autocreateinboxfolders: Trash | Drafts | Spam | Sent
autosubscribeinboxfolders: Trash | Drafts | Spam | Sent
This way, when your users first login, the mailbox folders are created, subscribed to, and automatically displayed. Easy!
Adding users can either be done with the built-in Open-Xchange scripts, found under ‘/srv/ox/sbin‘, or via Giorgio’s script, found with ‘oxtempdir‘. The script is called ‘useradd_ox.sh‘ and before running it, you will need to edit the script to provide the default maildomain, password, timezone, etc. You then simply add a new user with:
useradd_ox.sh username
And you will then be prompted for the firstname and surname, whilst the script then adds them to the OpenLDAP structure and Postgresql database.
Tinkering with Open-Xchange
The rest of the changes are purely down to preference. We mainly use the webmail features and that’s it, so the groupware isn’t widely used. To facilitate this, ‘login.pm‘ can be adjusted to make webmail the default option whilst logging in. Also, as we only use the EN localisation, you can get rid of the drop-down box and simply tell the system to use EN (or whatever localisation you want). For adjusting the default re-direct to load webmail rather than groupware, edit ‘/var/www/cgi-bin/login.pm‘ and change:
print $cgi->popup_menu(-name=>'whereto',
-values=>['/servlet/intranet?SITE=beforeAuth&sessionID=',
'/servlet/webmail?SITE=mauth&sessionID='],
-labels=>\%labels,
-default=>'servlet/intranet?SITE=beforeAuth&sessionID=');
to:
print $cgi->popup_menu(-name=>'whereto',
-values=>['/servlet/intranet?SITE=beforeAuth&sessionID=',
'/servlet/webmail?SITE=mauth&sessionID='],
-labels=>\%labels,
-default=>'/servlet/webmail?SITE=mauth&sessionID=');
The key change is the last line where you set default option to ‘/servlet/webmail‘ rather than ‘/servlet/intranet‘. When you reload your front page, ‘Webmail’ should now be the default action.
To force the default language and thus remove an un-necessary drop-down box, further down within ‘/var/www/cgi-bin/login.pm‘ edit the section to read:
# Hide the language choice - tell it we want EN
print "<input type='hidden' name='whichlang' value='EN'/>";
#print $cgi->start_Tr();
#print $cgi->start_td({-align => 'right', -valign => 'middle', -class => 'tds'});
#print $cgi->font({-class => 'text'}, 'Language:');
#print $cgi->end_td();
#print $cgi->start_td({-valign => 'middle', align => 'left', -class => 'tds'});
#print $cgi->popup_menu(-name=>'whichlang', -values=> $languages, -default=>$default_lang);
#print $cgi->end_td();
#print $cgi->end_Tr();
Again, once reloading the page you should find that lanuage
drop-down box has disppeared, and upon logging in, you’re automatically taken through with EN set as the localisation. This leaves a much cleaner login screen with the user only required for their username + password to access webmail.
All the actual html content for controlling how the groupware + webmail is displayed can be found under ‘/srv/ox/share/groupware/data/templates/EN/‘ and ‘/srv/ox/share/webmail/data/templates/EN/‘ respectively. I haven’t really edited the groupware section as we’re not utilising it much, but the webmail screen has been changed quite a bit.
First area you might wish to change is ‘loadmain.htm‘ which controls the framesets for displaying the webmail area. We’ve found the default layout annoying, with not enough space shown on the right hand side for scrolling through messages. To adjust this, edit ‘loadmain.htm‘ and change the second instance of declaring the frameset to something such as:
document.writeln('<frameset rows="50%,50%">');</frameset>
When initially opening the webmail screen, the bottom right-hand side displays a load of user information which although can be useful if someone is encountering a problem, could be considered confusing for a normal user. I changed this to display a few paragraphs explaining basic use of the e-mail system, how to change a password, etc. It’s ‘main.htm‘ that needs editing - simply add another row in the table before it starts listing name, e-mail, client info, etc. and enter whatever content you wish.
To add a link to the personal settings area that allows the changing of password, user contact information, etc. you need to edit ‘left_top.htm‘ and insert the following wherever you want the button to appear within the existing list:
<tr>
<td align="left" valign="middle"><a href="../umin/Login?NAS_ID=**NAS_ID**&sessionID=**NAS_ID**" target="_blank"><img src="**imageLink**/email_options_s.png" border="0" alt="Settings" title="Settings"/>
<td><a href="../umin/Login?NAS_ID=**NAS_ID**&sessionID=**NAS_ID**" target="_blank"><b>Personal Settings</b>
</a></td></a></td></tr>
Still within editing your menu’s, I changed the bottom menu to handle logging out, rather than simply closing the window. In order to change the button for logging out, replace those two lines with the following:
<tr>
<td align="left" valign="middle"><a href="**webmail**?NAS_ID=**NAS_ID**&SITE=logout&NAS_END_SESSION=TRUE&sessionID=**NAS_ID**&nlf=**NAS_LF**" target="_top"><img src="**imageLink**/email_logout_s.png" border="0" alt="Close" title="Close"/>
<td><a href="**webmail**?NAS_ID=**NAS_ID**&SITE=logout&NAS_END_SESSION=TRUE&sessionID=**NAS_ID**&nlf=**NAS_LF**" target="_top"><b>Logout</b>
</a></td></a></td></tr>
I also took this a step further by adjusting the actual logout process to re-direct back to the login page rather than simply closing the window. This was to facilitate tabbed-browsing users from not experiencing any quirks whereby the whole browser would close rather than the individual tab. Some recommend closing the window for added security, but I don’t quite follow that train of thought. Instead, edit ‘logout.htm‘ and remove all the lines for the JavaScript, and simply add the following into the ‘head‘ section to redirect the browser back to the login page after 2 seconds:
<meta http-equiv="Refresh" content="2; URL=../cgi-bin/login.pl"></meta>
Aliases and mailing groups
Using aliases is fairly straightforward for providing additional aliases for users. For example, although your IMAP mailboxes work as ‘ifoulds, for example, you could create an alias allowing someone to send an e-mail to ‘iain‘. To do this, simply edit ‘/etc/aliases‘ as follows:
iain: ifoulds
where the first name is the alias you wish to create, and the second name is the actual existing system user. In order for these new aliases to take effect, you then need to inform Postfix to update it’s database:
postalias /etc/aliases
However, taking things a step further which is something I really struggled with - trying to figure out how to use IMAP shared mail folders for direct mail delivery, configuring groups of users and assigning them to these shared folders, etc. You can also create groups within ‘aliases‘ to control such mailing lists, which although doesn’t provide any management features such as managing subscriptions, providing a shared folder for users to connect to view archived messages, etc., it was perfect for what we were after. Upon sending an e-mail to the group, Postfix simply forwards the e-mail to each member of the group, meaning it simply pops-up directly in their inbox. To do this, edit ‘/etc/aliases‘ as follows:
mailgroup:
ifoulds,
jdoe,
mmouse
You simply add the usernames to the list, and then tell Postfix to update it’s database:
postalias /etc/aliases
This is one of those things which is a pretty widely-used feature of mail servers, but unless you already know the ins + outs, is very poorly documented. I stumbled across it by accident!
Conclusions
Although from a management point of view this is a big change from our old SuSE Linux Openexchange server, the front-end is no different for the users. It is a little more fiddly managing things from the command line, but just as quick as using a web front-end. OxAdm is a fairly well used PHP admin tool for Open-Xchange, though will require a few extra packages installing through yum first:
yum -y install php php-ldap php-pgsql php-imap
The installation from Giorgio really was a massive help, and a few hours tinkering with the nuts + bolts of Open-Xchange to see how it works made things a lot clearer. Just a shame there’s no guide already setup on how to make basic changes to appearance, layout, mailing groups, etc.
If you have problems, please try the Open-Xchange forums first, which although are not terribly active and often filled with people saying they have the same problems, there are solutions available if you browse around. For problems with the installation, please get in touch with Giogio. Any comments on my guide - either leave your comments here or drop me an e-mail.
Iain Foulds, 24 years old, married to