Mailserver – CentOS 7, SOGo, LDAP

Ziel ist es einen Mailserver zu installieren, bei dem sich User per Weboberfläche mit ihren Windows Active Directory Credentials authentifizieren können.

Die verwendeten Komponenten lauten wie folgt:

OS : CentOS 7
Webserver: Apache2
PHP 7.2
Maria DB
phpMyAdmin
Postfix
Dovecot & Pigeonhole
SOGo
Quota
NTP

hostname = sogo01
FQDN = sogo01.vm.local
10.0.2.15 sogo01.vm.local
10.0.2.16 vdc1.vm.local
LDAP Base: cn=Users,dc=vm,dc=local
LDAP ServiceUser: dn = cn=Dovecot,ou=Services,dc=vm,dc=local; dnpass = D0v3c0t
User: joe,rootPW
PW: rootPW

Inhaltsverzeichnis

0. SELinux
1. Hostname
2. Static IP
3. EPEL & Remi repositories hinzufügen
4. Nano
5. Apache2
6. MariaDB
7. PHP 7.2
8. phpMyAdmin
9. vmail User
10. Postfix
11. SSL Zertifikat
12. Dovecot & Pigeonhole (Managesieve)
13. Sogo
14. Quota
15. Server-Info / Server-Status
16. FastCGI
17. HTTPS
18. NTP

0. SELinux

SELINUX=disabled

1	SELINUX=disabled

reboot

1. Hostname

sogo01.vm.local

1	sogo01.vm.local

127.0.0.1 localhost.localdomain localhost
10.0.2.15 sogo01.vm.local sogo01

1 2	127.0.0.1 localhost.localdomain localhost 10.0.2.15 sogo01.vm.local sogo01

2. Static IP

Infos vorher mit “ip a” und “ip r” holen (MAC,Netmask,Gateway)

Entweder:
system-config-network

Oder:

#HWADDR=08:00:27:be:ba:fe
TYPE=Ethernet
BOOTPROTO=none
# Server IP #
IPADDR=10.0.2.15
# Subnet #
PREFIX=24
# Set default gateway IP #
GATEWAY=10.0.2.2
# Set dns servers #
DNS1=8.8.8.8
DNS2=8.8.4.4
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
# Disable ipv6 #
IPV6INIT=no
NAME=enp0s3
# This is system specific and can be created using 'uuidgen enp0s3' command #
UUID=061a8c9f-115a-46e0-b19d-c90879ca619a
DEVICE=enp0s3
ONBOOT=yes

#HWADDR=08:00:27:be:ba:fe

TYPE=Ethernet

BOOTPROTO=none

# Server IP #

IPADDR=10.0.2.15

# Subnet #

PREFIX=24

# Set default gateway IP #

GATEWAY=10.0.2.2

# Set dns servers #

DNS1=8.8.8.8

DNS2=8.8.4.4

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

# Disable ipv6 #

IPV6INIT=no

NAME=enp0s3

# This is system specific and can be created using 'uuidgen enp0s3' command #

UUID=061a8c9f-115a-46e0-b19d-c90879ca619a

DEVICE=enp0s3

ONBOOT=yes

service network restart

3. EPEL & Remi repositories hinzufügen

yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum -y check-update
yum -y upgrade

4. Nano

yum -y install nano

5. Apache2

yum -y install httpd

systemctl enable httpd
systemctl start httpd

firewall-cmd –permanent –zone=public –add-service=http
firewall-cmd –permanent –zone=public –add-service=https
firewall-cmd –permanent –zone=public –add-service=imaps

firewall-cmd –permanent –zone=public –add-service=smtps
firewall-cmd –permanent –zone=public –add-service=smtp-submission
firewall-cmd –permanent –zone=public –add-service=smtp

firewall-cmd –reload

6. MariaDB

yum -y install mariadb-server
systemctl start mariadb
systemctl enable mariadb

mysql_secure_installation

Remote User erstellen da root user gesperrt ist:
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO remote@’localhost’ IDENTIFIED BY ‘rootPW’ WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit

7. PHP 7.2

yum -y install yum-utils
yum-config-manager –enable remi-php72
yum -y update
yum -y install php72 mod_php php-mcrypt php-curl php-ldap php-zip php-fileinfo php-fpm php-imap php-mysqlnd php-pecl-memcached php-gd php-mbstring php-xml

cgi.fix_pathinfo=1 #Ent-Kommentieren

1	cgi.fix_pathinfo=1 #Ent-Kommentieren

systemctl restart httpd

Test:

<?php
// Show all information, defaults to INFO_ALL
phpinfo();
?>

<?php

// Show all information, defaults to INFO_ALL

phpinfo();

sogo01.vm.local/test/phpinfo.php

8. phpMyAdmin

yum -y install wget
mkdir /usr/share/phpmyadmin
cd /usr/share/phpmyadmin
wget https://files.phpmyadmin.net/phpMyAdmin/4.7.9/phpMyAdmin-4.7.9-all-languages.tar.gz
tar xfvz phpMyAdmin-4.7.9-all-languages.tar.gz
rm -f phpMyAdmin-4.7.9-all-languages.tar.gz
mv phpMyAdmin-4.7.9-all-languages/* .
rm -rf phpMyAdmin-4.7.9-all-languages/
chown -R apache:apache .
chmod -R 755 .
chown root:apache /var/lib/php/*

cp config.sample.inc.php config.inc.php

[...]
$cfg['blowfish_secret'] = 'ein geheimes Passwort, welches auch gewiss nicht zu kurz ist';
[...]

[...]

$cfg['blowfish_secret'] = 'ein geheimes Passwort, welches auch gewiss nicht zu kurz ist';

[...]

<Directory /usr/share/phpmyadmin/>
AddDefaultCharset UTF-8

<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
#Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin

AddDefaultCharset UTF-8

# Apache 2.4

#Require ip 127.0.0.1

#Require ip ::1

Require all granted

</RequireAny>

</IfModule>

# Apache 2.2

Order Deny,Allow

Deny from All

Allow from 127.0.0.1

Allow from ::1

</IfModule>

</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin

Alias /phpMyAdmin /usr/share/phpmyadmin

systemctl restart httpd

9. vmail User

useradd -u 6000 vmail -d /var/vmail
mkdir /var/vmail
chown vmail:vmail /var/vmail

10. Postfix

yum -y install postfix #vorinstalliert auf CentOS 7

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no

smtpd_tls_cert_file=/etc/letsencrypt/live/vm.local/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/vm.local/privkey.pem

smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient= no

smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth_dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps

#smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-sender-login-maps.cf

smtpd_sender_restrictions = permit_mynetworks
permit_sasl_authenticated
#reject_unknown_sender_domain
#reject_non_fqdn_sender
#reject_unlisted_sender
#reject_unauth_pipelining
#reject_authenticated_sender_login_mismatch

smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
#reject_unauth_destination
#reject_unknown_recipient_domain
#reject_non_fqdn_recipient
#reject_unlisted_recipient
#reject_sender_login_mismatch
#reject_unauth_pipelining

myhostname = sogo01.vm.local
alias_maps =
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
#relayhost = os-mail-02.opti-serv.bruchsal
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.2.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual mailboxes
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf
virtual_minimum_uid = 104
virtual_transport = dovecot
local_transport = virtual
virtual_uid_maps = static:6000
virtual_gid_maps = static:6000
dovecot_destination_recipient_limit = 1
home_mailbox = Maildir/

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

biff = no

append_dot_mydomain = no

#delay_warning_time = 4h

readme_directory = no

smtpd_tls_cert_file=/etc/letsencrypt/live/vm.local/fullchain.pem

smtpd_tls_key_file=/etc/letsencrypt/live/vm.local/privkey.pem

smtpd_use_tls=yes

#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_security_level = may

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_reject_unlisted_recipient= no

smtpd_sasl_type=dovecot

smtpd_sasl_path=private/auth_dovecot

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

broken_sasl_auth_clients = yes

smtpd_sasl_security_options = noanonymous

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps

#smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-sender-login-maps.cf

smtpd_sender_restrictions = permit_mynetworks

permit_sasl_authenticated

#reject_unknown_sender_domain

#reject_non_fqdn_sender

#reject_unlisted_sender

#reject_unauth_pipelining

#reject_authenticated_sender_login_mismatch

smtpd_recipient_restrictions = permit_mynetworks

permit_sasl_authenticated

#reject_unauth_destination

#reject_unknown_recipient_domain

#reject_non_fqdn_recipient

#reject_unlisted_recipient

#reject_sender_login_mismatch

#reject_unauth_pipelining

myhostname = sogo01.vm.local

alias_maps =

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = localhost

#relayhost = os-mail-02.opti-serv.bruchsal

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.2.0/24

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

# Virtual mailboxes

virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf

virtual_mailbox_base = /var/vmail/

virtual_mailbox_domains = hash:/etc/postfix/virtual_domains

virtual_mailbox_limit = 0

virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf

virtual_minimum_uid = 104

virtual_transport = dovecot

local_transport = virtual

virtual_uid_maps = static:6000

virtual_gid_maps = static:6000

dovecot_destination_recipient_limit = 1

home_mailbox = Maildir/

bind = yes
bind_dn = cn=dovecot,ou=services,dc=vm,dc=local
bind_pw = D0v3c0t
server_host = ldap://10.0.2.16:389
search_base = cn=Users,dc=vm,dc=local
domain = vm.de
#query_filter = (&(mail=%s)(mailEnabled=TRUE))
result_attribute = userPrincipalName

bind = yes

bind_dn = cn=dovecot,ou=services,dc=vm,dc=local

bind_pw = D0v3c0t

server_host = ldap://10.0.2.16:389

search_base = cn=Users,dc=vm,dc=local

domain = vm.de

#query_filter = (&(mail=%s)(mailEnabled=TRUE))

result_attribute = userPrincipalName

bind = yes
bind_dn = cn=dovecot,ou=Services,dc=vm,dc=local
bind_pw = D0v3c0t
server_host = ldap://10.0.2.16:389
search_base = cn=Users,dc=vm,dc=local
domain = vm.de
#query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
result_attribute = userPrincipalName, sAMAccountName

bind = yes

bind_dn = cn=dovecot,ou=Services,dc=vm,dc=local

bind_pw = D0v3c0t

server_host = ldap://10.0.2.16:389

search_base = cn=Users,dc=vm,dc=local

domain = vm.de

#query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))

result_attribute = userPrincipalName, sAMAccountName

# Domain Anything
vm.de    OK

1 2	# Domain Anything vm.de OK

postmap hash:/etc/postfix/virtual_domains

[...]
submission inet n - - - - smtpd
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes

[...]

#+
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}

[...]

submission inet n - - - - smtpd

smtps inet n - - - - smtpd

-o smtpd_tls_wrappermode=yes

[...]

dovecot unix - n n - - pipe

flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}

Rechte für die Dateien vergeben
cd /etc/postfix
chown -R root:postfix *
chmod 644 main.cf
chmod 644 master.cf
chmod 644 ldap_*
chmod 644 virtual_*
postfix check
systemctl start postfix
systemctl enable postfix

11. SSL Zertifikat

deb http://ftp.debian.org/debian stretch-backports main

1	deb http://ftp.debian.org/debian stretch-backports main

apt-get update
apt-get install python-certbot-apache -t stretch-backports

certbot certonly –webroot -d bebeidon.de
/etc/httpd/

certbot certonly –webroot -d cloud.bebeidon.de
/etc/httpd/

systemctl enable certbot.timer
systemctl start certbot.timer

Pfad anpassen in main.cf & dovecot.conf & apache

[...]
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/vm.local/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vm.local/privkey.pem
[...]

[...]

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/vm.local/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vm.local/privkey.pem

[...]

12. Dovecot & Pigeonhole (Managesieve)

yum -y install dovecot dovecot-pigeonhole

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail
  }
}

service imap-login {

inet_listener imap {

port = 143

}

inet_listener imaps {

port = 993

ssl = yes

}

service auth {

unix_listener auth-userdb {

mode = 0600

user = vmail

group = vmail

}

auth_mechanisms = plain login
!include auth-ldap.conf.ext

1 2	auth_mechanisms = plain login !include auth-ldap.conf.ext

mail_location = maildir:~/Maildir
mail_privileged_group = mail

1 2	mail_location = maildir:~/Maildir mail_privileged_group = mail

hosts = 10.0.2.16
dn = cn=Dovecot,ou=Services,dc=vm,dc=local
dnpass = D0v3c0t
auth_bind = yes
ldap_version = 3
base = cn=Users,dc=vm,dc=local
scope = subtree
user_attrs = \
=home=/var/vmail/%{ldap:sAMAccountName}, \
=mail=maildir:/var/vmail/%{ldap:sAMAccountName}/Maildir, \
=quota_rule=*:bytes=%{ldap:postOfficeBox}
#default_pass_scheme = CRYPT
user_filter = (&(objectClass=user)(sAMAccountName=%n))
pass_attrs = sAMAccountName=user,userPassword=password
pass_filter = (&(objectClass=user)(sAMAccountName=%n))
iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=user)

hosts = 10.0.2.16

dn = cn=Dovecot,ou=Services,dc=vm,dc=local

dnpass = D0v3c0t

auth_bind = yes

ldap_version = 3

base = cn=Users,dc=vm,dc=local

scope = subtree

user_attrs = \

=home=/var/vmail/%{ldap:sAMAccountName}, \

=mail=maildir:/var/vmail/%{ldap:sAMAccountName}/Maildir, \

=quota_rule=*:bytes=%{ldap:postOfficeBox}

#default_pass_scheme = CRYPT

user_filter = (&(objectClass=user)(sAMAccountName=%n))

pass_attrs = sAMAccountName=user,userPassword=password

pass_filter = (&(objectClass=user)(sAMAccountName=%n))

iterate_attrs = sAMAccountName=user

iterate_filter = (objectClass=user)

cp /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf.ext

ssl = yes
ssl_cert = </etc/letsencrypt/live/vm.local/fullchain.pem
ssl_key = </etc/letsencrypt/live/vm.local/privkey.pem

ssl = yes

ssl_cert = </etc/letsencrypt/live/vm.local/fullchain.pem

ssl_key = </etc/letsencrypt/live/vm.local/privkey.pem

!include_try /usr/share/dovecot/protocols.d/*.protocol
!include conf.d/*.conf
!include_try local.conf
listen = *
auth_mechanisms = plain login
log_timestamp = "%Y-%m-%d %H:%M:%S "

passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
user = root
}

service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
}
protocol sieve {
managesieve_max_line_length = 65536
managesieve_implementation_string = dovecot
log_path = /var/log/dovecot-sieve-errors.log
info_log_path = /var/log/dovecot-sieve.log
}
plugin {
sieve = ~/Maildir/dovecot.sieve
sieve_global_path = /etc/dovecot/sieve/default.sieve
sieve_dir = ~/Maildir/sieve
sieve_global_dir = /etc/dovecot/sieve/global/
}
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = $mail_plugins autocreate sieve quota
postmaster_address = admin@vm.local
hostname = sogo01.vm.local
auth_socket_path = /var/run/dovecot/auth-master
log_path = /var/log/dovecot-lda-errors.log
info_log_path = /var/log/dovecot-lda.log
}
protocol lmtp {
mail_plugins = $mail_plugins autocreate sieve quota
log_path = /var/log/dovecot-lmtp-errors.log
info_log_path = /var/log/dovecot-lmtp.log
}
mail_gid = 6000
mail_uid = 6000

!include_try /usr/share/dovecot/protocols.d/*.protocol

!include conf.d/*.conf

!include_try local.conf

listen = *

auth_mechanisms = plain login

log_timestamp = "%Y-%m-%d %H:%M:%S "

passdb {

args = /etc/dovecot/dovecot-ldap.conf

driver = ldap

}

userdb {

args = /etc/dovecot/dovecot-ldap.conf

driver = ldap

}

protocols = imap sieve

service auth {

unix_listener /var/spool/postfix/private/auth_dovecot {

group = postfix

mode = 0660

user = postfix

}

unix_listener auth-master {

mode = 0600

user = vmail

}

user = root

}

service managesieve-login {

inet_listener sieve {

port = 4190

}

service managesieve {

}

protocol sieve {

managesieve_max_line_length = 65536

managesieve_implementation_string = dovecot

log_path = /var/log/dovecot-sieve-errors.log

info_log_path = /var/log/dovecot-sieve.log

}

plugin {

sieve = ~/Maildir/dovecot.sieve

sieve_global_path = /etc/dovecot/sieve/default.sieve

sieve_dir = ~/Maildir/sieve

sieve_global_dir = /etc/dovecot/sieve/global/

}

lda_mailbox_autocreate = yes

lda_mailbox_autosubscribe = yes

protocol lda {

auth_socket_path = /var/run/dovecot/auth-master

mail_plugins = $mail_plugins autocreate sieve quota

postmaster_address = admin@vm.local

hostname = sogo01.vm.local

auth_socket_path = /var/run/dovecot/auth-master

log_path = /var/log/dovecot-lda-errors.log

info_log_path = /var/log/dovecot-lda.log

}

protocol lmtp {

mail_plugins = $mail_plugins autocreate sieve quota

log_path = /var/log/dovecot-lmtp-errors.log

info_log_path = /var/log/dovecot-lmtp.log

}

mail_gid = 6000

mail_uid = 6000

nano /var/log/dovecot-lda-errors.log
nano /var/log/dovecot-lda.log
chown vmail:mail /var/log/dovecot-lda-errors.log
chown vmail:mail /var/log/dovecot-lda.log
chmod 644 /var/log/dovecot-lda-errors.log
chmod 644 /var/log/dovecot-lda.log

systemctl enable dovecot
chkconfig dovecot on

systemctl start dovecot

Test:

openssl s_client -connect localhost:993
a login adon rootPW
b select inbox
c logout

13. Sogo

[sogo-rhel7]
name=Inverse SOGo Repository
baseurl=http://packages.inverse.ca/SOGo/nightly/4/rhel/7/x86_64/
gpgcheck=1

[sogo-rhel7]

name=Inverse SOGo Repository

baseurl=http://packages.inverse.ca/SOGo/nightly/4/rhel/7/x86_64/

gpgcheck=1

rpm –import “https://pgp.mit.edu/pks/lookup?op=get&search=0xCB2D3A2AA0030E2C”
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sed -i ‘/enabled=1/a \
exclude=gnustep*’ /etc/yum.repos.d/epel.repo

yum update
yum -y install sogo sope49-gdl1-mysql

#rpl ‘127.0.0.1’ localhost /etc/memcached.conf

service memcached restart
chkconfig memcached on

Über phpMyADmin neuer Benutzer: sogo

chown root:sogo /etc/sogo/sogo.conf
chmod 644 /etc/sogo/sogo.conf

{
/* Database configuration (mysql:// or postgresql://) */
SOGoProfileURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_user_profile";
OCSFolderInfoURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_sessions_folder";
SOGoSQLUserProfile = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_folder_info";

/* Mail */
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoIMAPServer = imaps://localhost;
SOGoSieveServer = sieve://127.0.0.1:4190;
SOGoSMTPServer = 127.0.0.1;
SOGoMailDomain = vm.de;
SOGoMailingMechanism = smtp;
SOGoForceExternalLoginWithEmail = NO;
SOGoMailSpoolPath = /var/vmail/spool;
NGImap4ConnectionStringSeparator = "/";

/* Notifications */
SOGoAppointmentSendEMailNotifications = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoACLsSendEMailNotifications =YES;

/* Authentication */
//SOGoPasswordChangeEnabled = YES;

SOGoUserSources = (
{
type = ldap;
CNFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IDFieldName = cn;
bindFields = (sAMAccountName, mail);
baseDN = "CN=users,dc=vm,dc=local";
bindDN = "CN=dovecot,ou=Services,DC=vm,DC=local";
bindFields = (sAMAccountName, mail);
bindPassword = "D0v3c0t";
canAuthenticate = YES;
displayName = "Public";
hostname = ldap://10.0.2.16:389;
filter = "mail = '*'";
id = public;
isAddressBook = YES;
SearchFieldNames = (sAMAccountName,displayName,mail);
scope = SUB;
}
);

/* Web Interface */
SOGoSupportedLanguages = ("German");
SOGoPageTitle = BebeidonMailz;
SOGoVacationEnabled = YES;
SOGoVacationDefaultSubject = "Abwesenheitsnotiz";
SOGoForwardEnabled = YES;
SOGoSieveScriptsEnabled = YES;
SOGoMailAddOutgoingAddresses = YES;
SOGoSelectedAddressBook = collected;
SOGoRefreshViewIntervals = (5,10,30,60);
SOGoRefreshViewCheck = every_10_minutes;
SOGoDefaultCalendar = personal;
SOGoDayStartTime = 7;
SOGoDayEndTime = 21;
SOGoFirstDayOfWeek = 1;
SOGoMailCustomFromEnabled = NO;
SOGoMailReplyPlacement = above;
//nur an interne Adressen weiterleiten: (nur extern wäre "2")
SOGoForwardConstraints = 1;
SOGoMailComposeWindow = "popup";
//SOGoAnimationMode = "normal";
//SOGoAnimationMode = "limited";
SOGoAnimationMode = "none";
SOGoCalendarDefaultRoles = ("PublicViewer","ConfidentialDAndTViewer","ObjectCreator");
SOGoNotifyOnExternalModifications = YES;
SOGoCalendarDefaultReminder = "-PT30M";
SOGoCalendarWeekdays = ("MO", "TU", "WE", "TH", "FR");
//SOGoEnableEMailAlarms = YES;
//SOGoTrustProxyAuthentication = NO;
//SOGoXSRFValidationEnabled = YES;
//SOGoFaviconRelativeURL = "http://i.imgur.com/aaW2vsd.png";
//SOGoMailUseOutlookStyleReplies = YES;
//SOGoMailAuxiliaryUserAccountsEnabled = YES;

/* General - SOGoTimeZone *MUST* be defined */
SOGoLanguage = German;
SOGoTimeZone = Europe/Berlin;
//SOGoSuperUsernames = (sogo1, sogo2); // This is an array - keep the parens!
SxVMemLimit = 2384;
//WOPidFile = "/var/run/sogo/sogo.pid";
SOGoMemcachedHost = "127.0.0.1";

/* Debug */
//SOGoDebugRequests = YES;
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
//WODontZipResponse = YES;
//WOLogFile = /var/log/sogo/sogo.log;
}

100

101

102

103

{

/* Database configuration (mysql:// or postgresql://) */

SOGoProfileURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_user_profile";

OCSFolderInfoURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_folder_info";

OCSSessionsFolderURL = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_sessions_folder";

SOGoSQLUserProfile = "mysql://sogo:rootPW@localhost:3306/sogo/sogo_folder_info";

/* Mail */

SOGoDraftsFolderName = Drafts;

SOGoSentFolderName = Sent;

SOGoTrashFolderName = Trash;

SOGoIMAPServer = imaps://localhost;

SOGoSieveServer = sieve://127.0.0.1:4190;

SOGoSMTPServer = 127.0.0.1;

SOGoMailDomain = vm.de;

SOGoMailingMechanism = smtp;

SOGoForceExternalLoginWithEmail = NO;

SOGoMailSpoolPath = /var/vmail/spool;

NGImap4ConnectionStringSeparator = "/";

/* Notifications */

SOGoAppointmentSendEMailNotifications = YES;

SOGoFoldersSendEMailNotifications = YES;

SOGoACLsSendEMailNotifications =YES;

/* Authentication */

//SOGoPasswordChangeEnabled = YES;

SOGoUserSources = (

{

type = ldap;

CNFieldName = sAMAccountName;

UIDFieldName = sAMAccountName;

IDFieldName = cn;

bindFields = (sAMAccountName, mail);

baseDN = "CN=users,dc=vm,dc=local";

bindDN = "CN=dovecot,ou=Services,DC=vm,DC=local";

bindFields = (sAMAccountName, mail);

bindPassword = "D0v3c0t";

canAuthenticate = YES;

displayName = "Public";

hostname = ldap://10.0.2.16:389;

filter = "mail = '*'";

id = public;

isAddressBook = YES;

SearchFieldNames = (sAMAccountName,displayName,mail);

scope = SUB;

}

);

/* Web Interface */

SOGoSupportedLanguages = ("German");

SOGoPageTitle = BebeidonMailz;

SOGoVacationEnabled = YES;

SOGoVacationDefaultSubject = "Abwesenheitsnotiz";

SOGoForwardEnabled = YES;

SOGoSieveScriptsEnabled = YES;

SOGoMailAddOutgoingAddresses = YES;

SOGoSelectedAddressBook = collected;

SOGoRefreshViewIntervals = (5,10,30,60);

SOGoRefreshViewCheck = every_10_minutes;

SOGoDefaultCalendar = personal;

SOGoDayStartTime = 7;

SOGoDayEndTime = 21;

SOGoFirstDayOfWeek = 1;

SOGoMailCustomFromEnabled = NO;

SOGoMailReplyPlacement = above;

//nur an interne Adressen weiterleiten: (nur extern wäre "2")

SOGoForwardConstraints = 1;

SOGoMailComposeWindow = "popup";

//SOGoAnimationMode = "normal";

//SOGoAnimationMode = "limited";

SOGoAnimationMode = "none";

SOGoCalendarDefaultRoles = ("PublicViewer","ConfidentialDAndTViewer","ObjectCreator");

SOGoNotifyOnExternalModifications = YES;

SOGoCalendarDefaultReminder = "-PT30M";

SOGoCalendarWeekdays = ("MO", "TU", "WE", "TH", "FR");

//SOGoEnableEMailAlarms = YES;

//SOGoTrustProxyAuthentication = NO;

//SOGoXSRFValidationEnabled = YES;

//SOGoFaviconRelativeURL = "http://i.imgur.com/aaW2vsd.png";

//SOGoMailUseOutlookStyleReplies = YES;

//SOGoMailAuxiliaryUserAccountsEnabled = YES;

/* General - SOGoTimeZone *MUST* be defined */

SOGoLanguage = German;

SOGoTimeZone = Europe/Berlin;

//SOGoSuperUsernames = (sogo1, sogo2); // This is an array - keep the parens!

SxVMemLimit = 2384;

//WOPidFile = "/var/run/sogo/sogo.pid";

SOGoMemcachedHost = "127.0.0.1";

/* Debug */

//SOGoDebugRequests = YES;

//SoDebugBaseURL = YES;

//ImapDebugEnabled = YES;

//LDAPDebugEnabled = YES;

//PGDebugEnabled = YES;

//MySQL4DebugEnabled = YES;

//SOGoUIxDebugEnabled = YES;

//WODontZipResponse = YES;

//WOLogFile = /var/log/sogo/sogo.log;

}

sed -i ‘s#sogo01#vm.local#g’ /etc/httpd/conf.d/SOGo.conf

sed -i ‘s#”x-webobjects-server-port” “443”#”x-webobjects-server-port” “80”#’ /etc/httpd/conf.d/SOGo.conf

sed -i ‘s#https#http#’ /etc/httpd/conf.d/SOGo.conf

Für https nach dem Loginfenster:

[...]
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "sogo01.vm.local"
RequestHeader set "x-webobjects-server-url" "https://sogo01.vm.local"

#RequestHeader set "x-webobjects-server-port" "80"
#RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
#RequestHeader set "x-webobjects-server-url" "http://%{HTTP_HOST}e" env=HTTP_HOST
[...]

[...]

RequestHeader set "x-webobjects-server-port" "443"

RequestHeader set "x-webobjects-server-name" "sogo01.vm.local"

RequestHeader set "x-webobjects-server-url" "https://sogo01.vm.local"

#RequestHeader set "x-webobjects-server-port" "80"

#RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST

#RequestHeader set "x-webobjects-server-url" "http://%{HTTP_HOST}e" env=HTTP_HOST

[...]

systemctl restart httpd
systemctl restart sogod

chown -R vmail:sogo /var/vmail
chmod -R 770 /var/vmail # evtl SOGo als vmail ausführen?

14. Quota

yum -y install quota

quota_rule = *:storage=200M

quota_grace = 10%%

plugin {
quota_warning = storage=90%% quota-warning 90 %u
}

service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail

unix_listener quota-warning {
user = vmail
group = vmail
mode = 0666
}
}

plugin {

quota = maildir:User quota:ignoreunlimited
}

plugin {
quota_exceeded_message = Quota überschritten! Löschen Sie unwichtige E-Mails!
}

quota_rule = *:storage=200M

quota_grace = 10%%

plugin {

quota_warning = storage=90%% quota-warning 90 %u

}

service quota-warning {

executable = script /usr/local/bin/quota-warning.sh

user = vmail

unix_listener quota-warning {

user = vmail

group = vmail

mode = 0666

}

plugin {

quota = maildir:User quota:ignoreunlimited

}

plugin {

quota_exceeded_message = Quota überschritten! Löschen Sie unwichtige E-Mails!

}

#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/libexec/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
From: admin@vm.local
To: $USER
Date: `date +"%a, %d %b %Y %H:%M:%S %z"`
Subject: $USER, ihr Postfach ist aktuell zu $PERCENT% gefüllt!

EOF

#!/bin/sh

PERCENT=$1

USER=$2

cat << EOF | /usr/libexec/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"

From: admin@vm.local

To: $USER

Date: `date +"%a, %d %b %Y %H:%M:%S %z"`

Subject: $USER, ihr Postfach ist aktuell zu $PERCENT% gefüllt!

EOF

chown vmail:sogo /usr/local/bin/quota-warning.sh
chmod 770 /usr/local/bin/quota-warning.sh

mail_plugins = quota

1	mail_plugins = quota

protocol imap {

mail_plugins = $mail_plugins imap_quota

}

protocol imap {

mail_plugins = $mail_plugins imap_quota

}

systemctl restart dovecot

15. Server-Info / Server-Status

[...]
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 10.0.2.16
</Location>

<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 10.0.2.16
</Location>

[...]

SetHandler server-status

Order deny,allow

Deny from all

Allow from 10.0.2.16

</Location>

SetHandler server-info

Order deny,allow

Deny from all

Allow from 10.0.2.16

</Location>

16. FastCGI

yum -y install fcgi mod_fcgid lighttpd-fastcgi
systemctl start php-fpm.service
systemctl enable php-fpm.service

17. HTTPS

[...]
<Directory />
+ SSLRequireSSL
AllowOverride none
Require all denied
</Directory>

[...]

<VirtualHost *:80>

ServerName sogo01.vm.local

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>

ServerName sogo01.vm.local

DocumentRoot /var/www/html/

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/vm.local/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vm.local/privkey.pem
</VirtualHost>

[...]

+ SSLRequireSSL

AllowOverride none

Require all denied

</Directory>

[...]

ServerName sogo01.vm.local

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

ServerName sogo01.vm.local

DocumentRoot /var/www/html/

SSLEngine On

SSLCertificateFile /etc/letsencrypt/live/vm.local/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vm.local/privkey.pem

</VirtualHost>

18. NTP

#evtl timezone einstellen:
rm /etc/localtime
ln –s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

yum install ntp
ntpdate 0.pool.ntp.org
hwclock –systohc
service ntpd start
chkconfig ntpd on

2 comments

ks98 says:

5. August 2019 at 11:37

Hallo,
ich freue mich eine aktuelle Anleitung zu dem Thema gefunden zu haben ich werde sie im laufe der Woche mal ausprobieren.

Grüße
ks98

1. root says:
  
  5. August 2019 at 13:14
  
  Hi ks98, leider ist auch dieser Artikel nicht mehr brandaktuell (März 2018). php 7.2 muss vermutlich nicht mehr so “umständlich” installiert werden, da es bereits in den Standard repositories aufgenommen wurde. Der sogo User sollte außerdem zu der vmail Gruppe hinzugefügt werden, damit Drafts undsoweiter erstellt werden können.
  Ich freue mich wenn dir der Artikel trotzdem weiterhilft.

0. SELinux

1. Hostname

2. Static IP

3. EPEL & Remi repositories hinzufügen

4. Nano

5. Apache2

6. MariaDB

7. PHP 7.2

8. phpMyAdmin

9. vmail User

10. Postfix

11. SSL Zertifikat

12. Dovecot & Pigeonhole (Managesieve)

13. Sogo

14. Quota

15. Server-Info / Server-Status

16. FastCGI

17. HTTPS

18. NTP

Leave a Reply Cancel reply