396 lines
13 KiB
Markdown
396 lines
13 KiB
Markdown
# Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)
|
|
|
|
[TOC]
|
|
|
|
## Requirements
|
|
|
|
* A working iRedMail server (OpenLDAP backend) on CentOS 6.
|
|
|
|
## Install SOGo
|
|
|
|
* Make sure you have EPEL repo enabled, if not, please follow [this wiki
|
|
tutorial](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F)
|
|
to enable it.
|
|
|
|
```
|
|
# yum repolist | grep -i 'epel'
|
|
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
|
|
```
|
|
|
|
* Add yum repo file `/etc/yum.repos.d/sogo.repo`:
|
|
|
|
```
|
|
[SOGo]
|
|
name=Inverse SOGo Repository
|
|
baseurl=http://packages.inverse.ca/SOGo/nightly/3/rhel/6/$basearch
|
|
gpgcheck=0
|
|
```
|
|
|
|
* Install SOGo and dependences:
|
|
|
|
```
|
|
# yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool
|
|
```
|
|
|
|
* Append an alias entry in Postfix config file `/etc/postfix/aliases`, so that
|
|
notifications of cron jobs will be sent to mail server administrator.
|
|
|
|
```
|
|
# Part of file: /etc/postfix/aliases
|
|
|
|
sogo: root
|
|
```
|
|
|
|
Execute command to update alias db:
|
|
|
|
```
|
|
# postalias /etc/postfix/aliases
|
|
```
|
|
|
|
## Create required SQL database
|
|
|
|
SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
|
|
so we need to create a database for it.
|
|
|
|
```
|
|
$ mysql -u root -p
|
|
|
|
mysql> CREATE DATABASE sogo CHARSET='UTF8';
|
|
mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
|
|
```
|
|
|
|
Note: SOGo will create required SQL tables automatically, we don't need to
|
|
create them manually.
|
|
|
|
## Configure SOGo
|
|
|
|
Default SOGo config file is `/etc/sogo/sogo.conf`. We have a sample config file
|
|
for you, just replace MySQL username/password for sogo SQL database and LDAP
|
|
basedn, bind dn/passwordthen in this file, then it's done.
|
|
|
|
With below config file, SOGo will listen on address `127.0.0.1`, port `20000`.
|
|
|
|
!!! note
|
|
|
|
Sample config file below may be out of date, please check the [latest one
|
|
in iRedMail source code repository](https://github.com/iredmail/iRedMail/blob/1.0/samples/sogo/sogo.conf).
|
|
|
|
```
|
|
{
|
|
// Official SOGo documents:
|
|
// - http://www.sogo.nu/english/support/documentation.html
|
|
// - http://wiki.sogo.nu
|
|
//
|
|
// Mailing list:
|
|
// - http://www.sogo.nu/english/support/community.html
|
|
|
|
// Enable verbose logging. Reference:
|
|
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
|
|
//ImapDebugEnabled = YES;
|
|
//LDAPDebugEnabled = YES;
|
|
//MySQL4DebugEnabled = YES;
|
|
//PGDebugEnabled = YES;
|
|
|
|
// Daemon address and port
|
|
WOPort = 127.0.0.1:20000;
|
|
|
|
// PID file
|
|
//WOPidFile = /var/run/sogo/sogo.log;
|
|
|
|
// Log file
|
|
//WOLogFile = /var/log/sogo/sogo.log;
|
|
|
|
// IMAP connection pool.
|
|
// Your performance will slightly increase, as you won't open a new
|
|
// connection for every access to your IMAP server.
|
|
// But you will get a lot of simultaneous open connections to your IMAP
|
|
// server, so make sure he can handle them.
|
|
// For debugging it is reasonable to turn pooling off.
|
|
//NGImap4DisableIMAP4Pooling = NO;
|
|
|
|
SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
|
|
OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
|
|
OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
|
|
OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";
|
|
|
|
// With 3 parameters below, SOGo requires only 9 SQL tables in total
|
|
// instead of creating 4 SQL tables for each user.
|
|
OCSCacheFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_cache_folder";
|
|
OCSStoreURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_store";
|
|
OCSAclURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_acl";
|
|
|
|
// Default language in the web interface
|
|
SOGoLanguage = English;
|
|
|
|
// Specify which module to show after login: Calendar, Mail, Contacts.
|
|
SOGoLoginModule = Mail;
|
|
|
|
// Must login with full email address
|
|
SOGoForceExternalLoginWithEmail = YES;
|
|
|
|
// Allow user to change full name and email address.
|
|
SOGoMailCustomFromEnabled = YES;
|
|
|
|
// Enable email-based alarms on events and tasks.
|
|
SOGoEnableEMailAlarms = YES;
|
|
|
|
// IMAP server
|
|
//SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
|
|
// Local connection is considered as secure by Dovecot.
|
|
SOGoIMAPServer = "imap://127.0.0.1:143/";
|
|
|
|
// SMTP server
|
|
SOGoMailingMechanism = smtp;
|
|
SOGoSMTPServer = 127.0.0.1;
|
|
//SOGoSMTPAuthenticationType = PLAIN;
|
|
|
|
// Enable managesieve service
|
|
//
|
|
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
|
|
// webmail, don't use sieve service in both webmails, otherwise
|
|
// it will be messy.
|
|
//
|
|
//SOGoSieveServer = sieve://127.0.0.1:4190;
|
|
//SOGoSieveScriptsEnabled = YES;
|
|
//SOGoVacationEnabled = YES;
|
|
//SOGoForwardEnabled = YES;
|
|
|
|
// Memcached
|
|
SOGoMemcachedHost = 127.0.0.1;
|
|
|
|
SOGoTimeZone = "America/New_York";
|
|
|
|
SOGoFirstDayOfWeek = 1;
|
|
|
|
SOGoRefreshViewCheck = every_5_minutes;
|
|
SOGoMailReplyPlacement = below;
|
|
|
|
SOGoAppointmentSendEMailNotifications = YES;
|
|
SOGoFoldersSendEMailNotifications = YES;
|
|
SOGoACLsSendEMailNotifications = YES;
|
|
|
|
// PostgreSQL cannot update view
|
|
SOGoPasswordChangeEnabled = YES;
|
|
|
|
// Authentication using LDAP
|
|
SOGoUserSources = (
|
|
{
|
|
type = ldap;
|
|
hostname = "ldap://127.0.0.1:389";
|
|
baseDN = "o=domains,dc=example,dc=com";
|
|
//bindAsCurrentUser = YES;
|
|
bindDN = "cn=vmailadmin,dc=example,dc=com";
|
|
bindPassword = "SLNHxbNmFwSd55gpZACnvZdTT10zSX";
|
|
filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail";
|
|
scope = SUB;
|
|
|
|
// The algorithm used for password encryption when changing
|
|
// passwords without Password Policies enabled.
|
|
// Possible values are: plain, crypt, md5-crypt, ssha.
|
|
userPasswordAlgorithm = ssha;
|
|
|
|
IDFieldName = mail;
|
|
bindFields = (mail);
|
|
CNFieldName = cn;
|
|
// value of UID field must be unique on whole server.
|
|
UIDFieldName = mail;
|
|
IMAPLoginFieldName = mail;
|
|
SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
|
|
canAuthenticate = YES;
|
|
displayName = "Global Address Book";
|
|
id = ldap_auth;
|
|
isAddressBook = YES;
|
|
}
|
|
);
|
|
}
|
|
```
|
|
|
|
Important note:
|
|
|
|
* LDAP bind dn must have privilege to read and write mail accounts stored in
|
|
LDAP server, so that it can modify user password. `cn=vmailadmin,dc=xx,dc=xx`
|
|
is recommended, do __NOT__ use `cn=Manager,dc=xx,dc=xx`. You can find
|
|
`cn=vmailadmin,dc=xx,dc=xx` in iRedAdmin config file
|
|
(`/var/www/iredadmin/settings.py`).
|
|
|
|
* sieve rules generated by SOGo is not compatible with Roundcube
|
|
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
|
|
support (including forwarding and vacation support) in one of them to avoid
|
|
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
|
|
support by removing comment mark of below lines in above configuration:
|
|
|
|
```
|
|
SOGoSieveServer = sieve://127.0.0.1:4190;
|
|
SOGoSieveScriptsEnabled = YES;
|
|
SOGoVacationEnabled = YES;
|
|
SOGoForwardEnabled = YES;
|
|
```
|
|
|
|
## Configure web server
|
|
|
|
To access SOGo groupware (webmail/calendar/contact), we need to configure
|
|
web server.
|
|
|
|
### Apache web server
|
|
|
|
SOGo installs Apache config file `/etc/httpd/conf.d/SOGo.conf` by default, please
|
|
open it and find below lines:
|
|
|
|
```
|
|
#ProxyPass /Microsoft-Server-ActiveSync \
|
|
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
|
# retry=60 connectiontimeout=5 timeout=360
|
|
```
|
|
|
|
Remove `#` at the beginning to enable ActiveSync support:
|
|
|
|
```
|
|
ProxyPass /Microsoft-Server-ActiveSync \
|
|
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
|
retry=60 connectiontimeout=5 timeout=360
|
|
```
|
|
|
|
* Find string `yourhostname` in the same file, replace all `yourhostname` by
|
|
your FQDN server hostname. (Tip: you can get your FQDN hostname with command
|
|
`hostname -f`.)
|
|
|
|
* Append line below in `/etc/httpd/conf.d/SOGo.conf`, no matter upper or lower
|
|
case letters of `SOGo` in the url, Apache will always to https:
|
|
|
|
```
|
|
RedirectMatch ^/[Ss][Oo][Gg][Oo](.*) /SOGo$1
|
|
```
|
|
|
|
### Nginx web server
|
|
|
|
If you're running Nginx web server configured by iRedMail, please open file
|
|
`/etc/nginx/conf.d/default.conf`, add some lines in `server {}` configured for
|
|
HTTPS:
|
|
|
|
```
|
|
server {
|
|
listen 443;
|
|
...
|
|
|
|
# Add below lines for SOGo
|
|
# SOGo
|
|
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
|
|
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
|
|
|
|
# For IOS 7
|
|
location = /principals/ {
|
|
rewrite ^ https://$server_name/SOGo/dav;
|
|
allow all;
|
|
}
|
|
|
|
location ^~ /SOGo {
|
|
proxy_pass http://127.0.0.1:20000;
|
|
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
|
|
# forward user's IP address
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
#proxy_set_header Host $host;
|
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
|
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
|
|
#proxy_set_header x-webobjects-server-name $server_name;
|
|
#proxy_set_header x-webobjects-server-url $scheme://$host;
|
|
}
|
|
|
|
location ^~ /Microsoft-Server-ActiveSync {
|
|
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
|
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
|
|
}
|
|
|
|
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
|
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
|
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
|
|
}
|
|
|
|
location /SOGo.woa/WebServerResources/ {
|
|
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
|
}
|
|
location /SOGo/WebServerResources/ {
|
|
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
|
}
|
|
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
|
|
alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
|
|
}
|
|
}
|
|
```
|
|
|
|
__Important note__: You must replace path `/usr/lib/GNUstep/SOGo` with
|
|
the real directory which contains SOGo files:
|
|
|
|
* on i386 platform, it's `/usr/lib/GNUstep/SOGo`.
|
|
* on x86_64, it's `/usr/lib64/GNUstep/SOGo`.
|
|
|
|
## Start SOGo and dependent services
|
|
|
|
```
|
|
# service httpd restart # <- restart 'nginx' service if you're running Nginx
|
|
# service memcached restart
|
|
# service sogod restart
|
|
```
|
|
|
|
## Add Dovecot Master User, used for vacation message expiration
|
|
|
|
SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
|
our tutorial to add a Dovecot Master User for this purpose: [Dovecot Master User](./dovecot.master.user.html).
|
|
|
|
After added a Dovecot Master User for SOGo, we must store its username and
|
|
plain password in a separate file used by SOGo, we use `/etc/sogo/sieve.cred`
|
|
here for example.
|
|
|
|
Create file `/etc/sogo/sieve.cred`, write Dovecot Master User in this file in
|
|
format: `username:password`. For example:
|
|
|
|
```
|
|
my_master_user@non-exist.com:my_master_password
|
|
```
|
|
|
|
Set strict file owner and permission:
|
|
|
|
```
|
|
# chown sogo:sogo /etc/sogo/sieve.cred
|
|
# chmod 0400 /etc/sogo/sieve.cred
|
|
```
|
|
|
|
## Add required cron jobs
|
|
|
|
Please add below cron jobs for SOGo daemon user `sogo`. You can add them with
|
|
command: `crontab -l -u sogo`
|
|
|
|
```
|
|
# iRedMail: SOGo email reminder, should be run every minute.
|
|
* * * * * /usr/sbin/sogo-ealarms-notify
|
|
|
|
# iRedMail: SOGo session cleanup, should be run every minute.
|
|
# Ajust the [X]Minutes parameter to suit your needs
|
|
# Example: Sessions without activity since 30 minutes will be dropped:
|
|
* * * * * /usr/sbin/sogo-tool expire-sessions 30
|
|
|
|
# iRedMail: SOGo vacation messages expiration
|
|
# The credentials file should contain the sieve admin credentials (username:passwd)
|
|
0 0 * * * /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.cred
|
|
```
|
|
|
|
## Access SOGo from web browser
|
|
|
|
Open your favourite web browser, access URL: `https://[your_server]/SOGo` (the
|
|
word `SOGo` is case-sensitive), you can login with your email account credential.
|
|
|
|
## Configure your mail clients or mobile devices to use CalDav/CardDAV services
|
|
|
|
Please check our documents [here](./index.html#configure-mail-client-applications)
|
|
to configure your mail clients or mobile devices.
|
|
|
|
|
|
## References
|
|
|
|
* [SOGo web site](http://sogo.nu)
|
|
* Outlook plugins:
|
|
|
|
* [Outlook CalDav Synchronizer](https://github.com/aluxnimm/outlookcaldavsynchronizer)
|
|
|
|
> Outlook Plugin, which synchronizes events, tasks and contacts(beta) between Outlook and Google, SOGo, Horde or any other CalDAV or CardDAV server. Supported Outlook versions are 2016, 2013, 2010 and 2007.
|