Walkthrough of a Groupware server setup on Slackware
This page to be used to create the "GOALS" page later. Yeah..doing it this way is back-asswards..but I always DID program first THEN make a flowchart! :)
The purpose of this project is to use our newfound LDAP knowledge to integrate other non Samba projects into LDAP. Specifically projects that will allow us to make a functional email/groupware server that will alleviate the user communities (erroneous) idea that they NEED a groupware server from Microsoft. This means providing MTA, pop3, IMAP, anti-spam, anti-virus, calendaring, and webmail functionality to our users.
The question now is what products should be used and how are they to be integrated. One pre-canned solution, Zimbra, has been created to solve this need. Other projects can be configured and customized to work together to solve particular needs.
The current list of projects and applications to be used to create this groupware server include...
- postfix - the MTA (Message Transport Agent)
- egroupware - the calendaring/collaboration server (PROVIDES webmail and web calendaring functionality)
- clamav - anti-virus
- spamassassin - anti-spam
- courier-imap - the MS / MSA (Message Store / Message Storage Agent)
- tequila - web based administration of virtual users and virtual domains
...in conjunction with supporting applications such as...
- MySQL - database server in which egroupware settings and data are to be stored
- OpenLDAP - stores the account information
- openssl - create certificates
- PHP - provide programming support to run egroupware
- PEAR - application support for egroupware
- SASL - Authentication layer that will be used by SMTP AUTH to prevent relaying.
- Thunderbird, iMail/iCal, MS Ouchlook - the MUAs (Message User Agents) and calendars
RTCG SAYS:
The focus in learning how to create this OSEK server is to understand what each application does, how it works and how each application relates to the other applications. Just as one builds the foundation of a house first so must a good foundation, the most basic of setups, exists on which to add the other applications. Determining the most basic setup needed means identifying the common denominator between the applications to be used and setting up only those components needed to provide the basic operation of an email delivery(MTA), storage(MS) and pickup(MUA). Once this basic functionality works using the common denominators, additional functionality can be added and tested.
Specific questions --or-- 'in other words'
- Q. Are new accounts created using tequila or egroupware
- If the "Auto create account records for authenticated users" option is selected in the egroupware setup, then new users created in Tequila will be automatically created in egroupware upon their first successful login. Reference link
Note 1: Verify how well egroupware plays with users from different virtual domains. Is one egw install per virtual domain necessary?Note 2: egw *may* be able to handle creating virtual email users. It appears that the postfix user account information would be stored in MySQL. What functionality is NOT included in the egw "add-on LDAP Manager" (See: the Virtual users and domain wiki page), documentation on this postfix wiki site, and the egw documentation file './admin/doc/README.ldapman'
- Q. Is MySQL needed and what role would it play?
- Yes. But what for? It is DEFINITELY needed for egw to store the local admin information and configuration, but the user account information SHOULD be stored in the LDAP database defined in the configuration.
- Q. What exact role will LDAP play?
- LDAP will be used to store the account information
- Q. What exact role does Tequila play?
- Manage virtual users/virtual domains (unless this can be done through egw) and provide out-of-office (vacation) auto-replies. Tequila will also provide mailing list/alias functionality. Q. Does EGW provide mailing list/alias functionality?
- Q. What exact roles does egroupware play?
- EGW provides a web-based interface for users to access and share, calendar (with the ability to share/export/import -- compatible with iCal), online address book and web-based e-mail. There are a number of EXTRA tools that egw provides, and those can be set to be used as the admin sees fit (see the egroupware page for a comprehensive list of WHAT it can do).
- Q. How/where are email users stored? In a flat file, LDAP or SQL database???
- Email users account information is stored in LDAP, postfix is configured to look to LDAP for authentication(cite reference), the IMAP server is set to look to LDAP for authentication (cite reference) while the IMAP server stores the user's mail into Maildirs.
- '''Q. Can dovecot be used as a replacement for Courier-IMAP when using Tequila? -or- What is it about Courier-IMAP that makes it work with tequila?
- Answer needed
- Outside the scope option Can postfix be setup to TARPIT (delaying the response (5.x.x
response, specifically) your server sends after a certain number of invalid RCPT TO: commands)
- what effect with this have on RECEIVING valid emails if all of the available receive threads are taken up by tarpitted connections
- What about NDR (non delivery reports) that are sent to forged addresses???
- ALTERNATIVE: use iptables rate-limiting "-m" on connections that spam X number of invalid ip addresses.
RTCG SAYS:
At this point, with Thunderbird being our MUA, our basic server setup will consist of:
- a working LDAP server with a tree structure that supports
- Tequla's ability to create accounts
- Courier-IMAP/Authldaprc 's ability to authenticate with appropriate attributes
- Egroupware's ability to authenticate.
All of the products can be configured to point to the correct context. The issue is ensuring that the appropriate schema files are used and that they are all compatible with each other--meaning that tequila stores account information in the attributes that authldaprc and egw will use.
- Postfix, the MTA, is configured for LDAP so that
- "Virtual delivery" ensures that all email is delivered to ONE user
- "mydestination" is configured to look up local domains in LDAP
and - "virtual_maps" are stored in LDAP so that lookups can see the mailAlternateAddress as an alias ( What the heck does this mean)
- Courier-IMAP's Authldaprc is configured to provide the virtual user IMAP authentication against an LDAP backend.
Start with base Slack installation
Satisfies Apache, PHP, Pear, MySQL, OpenSSL
This should be pretty straight forward and mostly at default.
OpenLDAP
Upgrade stock OpenLDAP client with server modules.
Need to provide documentation/script to accomplish this.
perl
Install additional perl modules to satisfy requirements of other packages (don't forget the "force install" command!)
Update CPAN
| Perl modules that will need to be updated along with the name of the application requiring the module. |
#A 'Bundle' to optimize the behaviour of CPAN.pm Bundle::CPAN #Tequila Date::Calc HTML::Template MIME::Lite Net::LDAP Net::SSLeay #Spamassassin Net::DNS (skip test) Mail::SPF Mail::SPF::Query IP:Country Mail::Audit::Razor Net::Ident IO::Socket::INET6 IO::Socket::SSL Compress::Zlib Mail::DomainKeys Mail::DKIM LWP::UserAgent HTTP::Date Encode::Detect Mail::SpamAssassin |
Attempt to script the above from the command line.
postfix
Install postfix with appropriate options
make makefiles \ CCARGS="-I/usr/include/ -DHAS_LDAP \ -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl \ -DUSE_TLS -I/usr/include/openssl" \ AUXLIBS="-L/usr/lib -lldap -L/usr/lib -llber \ -L/usr/lib -lsasl2 \ -L/usr/lib -lssl -lcrypto" |
Are these ALL the options needed to build postfix with ldap support?
IMAP server
Install Courier-IMAP server
Install AuthLIB
Install courier imap daemon
Install maildrop (virtual users)
Spam fighting tools
Spamassassin (more perl modules?? or should we satisfy them above? -- Satisfy them above - make a complete list of all perl modules needed and install them all in one fell swoop)
Shared calendaring
egroupware (What are the prerequisites? Mysql?)
LDAP integration with egw. egw LDAP readme Only the inetorgperson.schema is NECESSARY. (is rfc schema not necessary? It looked as though it was directed toward SuSE users that the rfc schema was not needed)
LDAP integration - egw and the LDAP Address book
Web based administration of the postfix server.
Tequila?? -or-
Webmin -or-
egroupware??
Webmin -or-
egroupware??
Anti-virus tool
ClamAV
Mailing lists
Mailman (is this needed or will tequila or egw provide this?)