Benutzer-Werkzeuge

Webseiten-Werkzeuge


linux:kolab

Kolab 3.1 on Debian 7

Kolab ist eine Groupwarelösung mit integriertem Mail, Kalender, Filesharing, Task Management und Addressbuch.

Vorbereitung

Es sollten vor der Installation MX und PTR Records für das System vorhanden sein!
Repositories hinzufügen

nano /etc/apt/sources.list
# Kolab
deb http://obs.kolabsys.com:82/Kolab:/3.1/Debian_7.0/ ./
deb http://obs.kolabsys.com:82/Kolab:/3.1:/Updates/Debian_7.0/ ./

Repository Keys hinzufügen

wget http://obs.kolabsys.com:82/Kolab:/3.1/Debian_7.0/Release.key
apt-key add Release.key
rm -rf Release.key
wget http://obs.kolabsys.com:82/Kolab:/3.1:/Updates/Debian_7.0/Release.key
apt-key add Release.key
rm -rf Release.key
apt-get update && apt-get upgrade

Packages aus den Kolab Repositories bevorzugen

nano /etc/apt/preferences.d/kolab
Package: *
Pin: origin obs.kolabsys.com
Pin-Priority: 501

Installation

apt-get install kolab kolab-mta postfix-ldap postfix
setup-kolab
freshclam
reboot

Postfix konfigurieren

nano /etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/apache2/ssl/wiki.crt
smtpd_tls_key_file = /etc/apache2/ssl/wiki.pem
# Optionale Zwischen-CA
# smtpd_tls_CAfile = /etc/apache2/ssl/ia-CA.crt

DKIM

apt-get install opendkim opendkim-tools
mkdir -p /etc/opendkim/example.com/
chown -R opendkim:opendkim /etc/opendkim
cd /etc/opendkim/example.com/
opendkim-genkey -r -h rsa-sha256 -d example.com -s mail
mv mail.private mail
chown opendkim:opendkim ./*

Create a TXT DNS Entry in the following format:

cat /etc/opendkim/example.com/mail.txt
mail._domainkey.example.com IN TXT "v=DKIM1; h=rsa-sha256; k=rsa;p=AySFjB......xorQAB" 
nano /etc/opendkim/KeyTable
example.com example.com:mail:/etc/opendkim/example.com/example.com
nano /etc/opendkim/SigningTable
  • @example.com example.com
nano /etc/opendkim/TrustedHosts
127.0.0.1
lola.ns.cloudflare.com (this is DNS server you'll get from your provider)
example.com
chown opendkim:opendkim /etc/opendkim/KeyTable
chown opendkim:opendkim /etc/opendkim/SigningTable
chown opendkim:opendkim /etc/opendkim/TrustedHosts
nano /etc/opendkim.conf
# Enable Logging
Syslog yes
SyslogSuccess yes
LogWhy yes

# User mask
UMask 002

# Always oversign From (sign using actual From and a null From to prevent malicious signatures header fields (From and/or others) between the signer and the verifier)

OversignHeaders From

# Our KeyTable and SigningTable
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

# Trusted Hosts
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts

# Hashing Algorithm
SignatureAlgorithm rsa-sha256

# Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops
AutoRestart Yes

# Set the user and group to opendkim user
UserID opendkim:opendkim

# Specify the working socket
Socket inet:8891@localhost
/etc/init.d/opendkim restart
/etc/init.d/postfix restart

Doppelte Signaturen vermeiden

nano /etc/postfix/main.cf
  # OpenDKIM
  milter_default_action = accept
  milter_protocol = 2
  smtpd_milters = inet:localhost:8891
  non_smtpd_milters = $smtpd_milters
nano /etc/postfix/master.cf

Nach 127.0.0.1:10025 inet n - n - - smtpd suchen
und no_milters bei receive_override_options hinzufügen.
Beispiel: -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

/etc/init.d/postfix restart
/etc/init.d/amavis restart
linux/kolab.txt · Zuletzt geändert: 2014/03/10 22:08 von Madic