debian woes

[awarelearn]

I am running Scalix 10 on Ubuntu and wanted to check out Scalix 11, so I decided to setup a development box, install Scalix 11 and test it before deploying in the office.

I can't get it to install under Ubuntu as it needs Apache 2.2 and Ubuntu doesn't have it available in dapper.

This is my latest installation test (I have tried the Makefile provided in the wiki, which installs an early release and webmail gives me an expired error, the etch install script gives me the same problem that I have now).

Scalix Install Notes

Install Debian 3.1
upgrade to Etch

installed common stuff, (ssh, proftpd, mc, zip, unzip)

download Scalix-11.0.1-GA.debian.tgz
tar xvzf Scalix-11.0.1-GA.debian.tgz

mkdir -p /home/packages/binary
cp scalix-debian-11.0.1-GA/software/scalix_server/*.deb /home/packages/binary
cp scalix-debian-11.0.1-GA/third_party/libical/*.deb /home/packages/binary
cd /home/packages
dpkg-scanpackages binary /dev/null | gzip -9c > binary/Packages.gz
nano -w /etc/apt/sources.list

Code: Select all

   deb http://debian.yorku.ca/debian/ etch main contrib non-free
   deb-src http://debian.yorku.ca/debian/ etch main

   deb http://security.debian.org/ etch/updates main
   deb file:///home/packages binary/


apt-get update
apt-get install sun-java5-jre apache2 (installs java 1.5.10 and apache 2.2)
apt-get remove exim4-daemon-light
apt-get install scalix-server postfix
/opt/scalix/bin/ommakeom
(check for errors)

cd /home/<username>
./install.sh (custom scalix config program)

Code: Select all

#!/bin/bash

echo -n "What should the name of your primary mailnode be? "; read mnode
echo -n "Please enter the admin password for the Scalix admin user (sxadmin)? "; read admpwd
echo -n "Please enter a password for the ldap query user? "; read ldappwd
echo -n "Please enter a password for the db user? "; read dbpwd
echo -n "Please enter the external ip address of your Scalix box? "; read ip

tomcatport=8080
ldomain=$(hostname -d)
host=$(hostname)
fqdn=$(hostname -f)
short=${host:0:1}${host: -1:1}



# Setup mailnode
export PATH=/opt/scalix/bin:$PATH
##ommakeom              #Already done
sxconfig --set -t general.usrl_cn_rule='G S'
sxconfig --set -t general.usrl_authid_rule='l@'
sxconfig --set -t orniasys.name_part_1='"C" <S>' -t orniasys.domain_part_1="$ldomain"
omaddmn -m $mnode
omrc -n
omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin
omconfenu -n "sxadmin/$mnode"
omlimit -u "sxadmin/$mnode" -o -i 0 -m 0
omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn
omaddpdl -l ScalixUserAdmins/$mnode
omaddpdl -l ScalixUserAttributesAdmins/$mnode
omaddpdl -l ScalixGroupAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode
omon -s all

cd /tmp

apt-get install scalix-postgres scalix-tomcat-connector scalix-tomcat
apt-get install scalix-mobile scalix-platform scalix-res scalix-sac \
        scalix-sis scalix-swa

# Setup DB
cd /opt/scalix-postgres/bin
  ./sxpsql-setpwd $dbpwd
  ./sxpsql-whitelist 127.0.0.1 $ip

# Configure Scalix
files="/var/opt/scalix/sx/webmail/swa.properties /var/opt/scalix/sx/caa/scalix.res/config/ubermanager.properties
       /var/opt/scalix/sx/res/config/res.properties /var/opt/scalix/sx/platform/platform.properties
       /var/opt/scalix/sx/mobile/mobile.properties /var/opt/scalix/sx/sis/sis.properties"

for file in $files; do
sed -e "s;%LOCALDOMAIN%;$ldomain;g" \
    -e "s;%LOCALHOST%;$fqdn;g" \
    -e "s;%PLATFORMURL%;$fqdn;g" \
    -e "s;__SECURED_MODE__;false;g" \
    -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \
    -e "s;__KERBEROS_REALM__;;g" \
    -e "s;__FQHN_FOR_KDC_HOST__;;g" \
    -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \
    -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \
    -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \
    -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \
    -e "s;__CONFIGURED__;true;g" \
    -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \
    -e "s;__TOMCAT_PORT__;$tomcatport;g" \
    -e "s;localhost;$fqdn;g" \
    -e "s;%SIS-LANGUAGE%;English;g" \
    -e "s;%INDEX-WHITELIST%;$fqdn;g" \
    -e "s;%SEARCH-WHITELIST%;$fqdn;g" \
    $file > $file.neu
mv $file.neu $file
done

# Write Ldappassword to psdata
cd /var/opt/scalix/sx/caa/scalix.res/config
echo "$ldappwd" > psdata
chown root:root psdata
chmod 400 psdata

/etc/init.d/scalix-tomcat restart
/etc/init.d/scalix restart
/etc/init.d/scalix-postgres restart


The above works, to a degree. Scalix installs, I can check it with lsof -i and see that it is listening. I can telnet the box under port 25, 143 and 110. login under sxadmin in pop (from telnet)
I can't get scalix-tomcat to work. It installs scalix-tomcat-connector that appearently starts looking for /htdocs and everything in debian is /var/www and it all breaks. I can't even call up a test.html in /var/www. If I move the scalix-tomcat-connector out of /etc/apache2/conf.d/ folder apache2 starts working properly again.


I am right now install OpenSuSE 10.1 (my DVD finally downloaded) to try the install and test scalix.

It shouldn't be this difficult.
Suggestions:
put the debian packages in a repository on a server some place that we can add to our /etc/apt/sources.list
Fix the scripts in the debian packages that get run after the apt-get install or dpkg-reconfigure. Parts of the above install.sh could be included into the packages confg script to check if /var/opt/scalix exists and start ommakeom or patchom to create the data store. Ask the user questions like passwords and autoconfig the files.


I still don't know why tomcat isn't working, it creates about 20 instances all listening on 8009 and 8005. if I try to hit the page (http://192.168.1.19:8009), I just get a blank page.

Beyond that, how do you setup a SmartHost with Auth. My test machine at home is connected to Bell Canada's sympatico (DSL). Sympatico blocks all port 25 traffic (virus and spam provention), I need to configure sendmail (or postfix, if I can get it installed with scalix) to send all mail to smtphm.sypatico.ca with a username and password for auth.
All references that I have found, show to add the SmartHost into the .mc or .cf files but they don't authenticate and all my test mail gets deferred.

I would also like to thank the person who created the original version of the script that I am using. It's a big timesaver from going into all the config files and setting things up by hand.

Thanks[/code]

[florian]

We're working on making the debian install more flexible and stable. Stay tuned.

For your SmartHost configuration, search for authentication and smarthost in the forum, you should find hints using the AccessDB feature of sendmail.

Florian.

[mrhaarmann]

Hi, tomcat is working, if it is listening to port 8009, but this is not a http port.
So you cannot connect with http://your_server:8009. 8009 is a AJP Port which is used to forward requests from a webserver (mostly apache will do the job using a mod_jk or mod_proxy.
You can also turn on a http connector in tomcat by modifying the server.xml file, which contains a commented http connector. Just uncomment the section and restart tomcat.

Marcus

[awarelearn]

It turns out the problem was actually the /etc/apache2/mod-available/proxy.conf was denying me.

I've modified my install script to install from a base debian 'etch'.
It installs sendmail, mailscanner, f-prot, clamav (I like to have mailscanner use 2 virus checkers) spamassassin, razor.
It installs and setup scalix using apt-get, so it gets all of the dependencies and copies some patch files.

it seemed to fine on my last attempt as I am able to send mail out (had to reconfiure send mail to auth with sympatico, my ISP who blocks all port25 traffic) and fetchmail is bringing in the mail from an external account.

I am working on some scripts ( based on the wiki) to feed ham and spam to to spamassassin and get my contact list to create a whitelist for mailscanner.
I also am working on SSL and getting my pocketPC to sync.

I did run into a problem that in the webmail, you get an error if you try to create a rule.

[SirAdam]

What have you changed in your proxy.conf?
Mine seems to deny me as well.

it looks like

Code: Select all

<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off

<Proxy *>
AddDefaultCharset on
Order deny,allow
Deny from all
Allow from localhost
</Proxy>

# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>


Regards

[awarelearn]

<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off

<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
Allow from <DomainName>
</Proxy>

# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>


I know this isn't secure, but it is working for now, at least until I get it figured out
[/i]

[awarelearn]

For other Debian users, I got SSL working by the following:

cd /etc/apache2
mkdir ssl
cd ssl
openssl genrsa 1024 > server.key
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.crt
<< This generates a self signed cert, of course you can use one that you purchased >>

/var/opt/scalix/sx/res/config/res.properties

Code: Select all

res.tomcat.tcp.port=443


/etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf

Code: Select all

#<VirtualHost scalix.mydomain:80>
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
#</VirtualHost>
<VirtualHost scalix.mydomain:443>
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
        Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
</VirtualHost>


/etc/apache2/ports.conf

Code: Select all

Listen 80
Listen 443


I believe that's it, I was documenting things as I went, but ended up playing with other files like /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf but my apache is using ajp, so I didn't add it here.

[florian]

I'm a bit surprised about the res-properties change. Are you sure your SAC works now?

Florian.

[awarelearn]

Nope, webmail worked but SAC didn't
I changed res.properties back to port 80 and uncommented in
/etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf

Code: Select all

<VirtualHost scalix.mydomain:80>
    Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
</VirtualHost>


restarted scalix, scalix-tomcat and apache2 and its working now.

I don't understand why, port 80 needs to be working for sac when you are logging in through 443

I can't login to the mobile client either (never tried before setting up ssl) It gives me an invalid username or password.
My scalix-mobile.log is empty

SAC and Webmail are working fine.

[florian]

sac consists of two parts, the actual management server that you talk to with your client and the management agent, res. as the server and agent could reside on mulitple machines in larger multi-server environments, they also talk http to each other.

you can make this http connection also use https, but that's a lot more complex as you'll need to teach the http client (which in this case is the management server) to be able to verify the ssl certificate. in the case of a self-signed certificate, that's non-trivial. there is also a https option in res.properties that would need to be set next to the portnumber.

if you don't require that addtional level of security (and you don't on a singled server ), then i would not go down that route.

for the mobile web client, this talks to the messaging services platform using http, so it would also be good to check the scalix-api logfile and also config files for both the mobile client and the platform.

Florian.

[awarelearn]

It seemed to be some configuration problem.

In platform.properties my ldap port wasn't set and hibernate.connection.url was missing :5733

It was a pain trying to find this as api.log and mobile.log were empty.

api was fixed with the ldap.port getting set as the api wasn't starting due to an error in the config file.

mobile was fixed with the hibernate.connection.url as the api couldn't connect to postgres as the url was wrong.

also as I was now going through every config and log file to find out what was happening. I set in sis.properties:

Code: Select all

# lock down requests from given IP addresses only
# default = empty
index.client.whitelist=192.168.1.19,127.0.0.1

## hard max number of results to return
search.max.results=200

# lock down requests from given IP addresses only
# default = empty
search.client.whitelist=192.168.1.19,127.0.0.1


which cleared an error in the log that sis was being refused. (I had the whitelist=<fqdn> not the IP address)

Mobile is now working from the browser on my desktop and the pocket pc

[florian]

well, if you were using one of the installer-supported platforms all that and more would have taken 'bout 15 minutes!

i can feel your pain. that's community stuff sometimes. I spent most of my day today trying to get gforge.org up and running.

Florian.

[mister.koz]

Greetingz, hope this thread isn't completely dead!

I have just installed scalix on debian etch line for line to the script at the top, most impressed it seems like its worked nicely appart from using the web components.

After installing, i noticed there were no conf's in the apache2/conf.d folder so i added the needed files and file links ( thanks to http://www.scalix.com/wiki/index.php?title=Manual_Installation_Debian_Etch ) and tried again, i have gone through each of the installation scripts with a very fine comb and found that this one seems to be lacking the setup of the conf files in

Code: Select all

/var/opt/scalix/<instance>/tomcat/conf/

so i made links to the ones in

Code: Select all

/opt/scalix-tomcat/conf/

Still no joy! then i noticed my server.xml file had a zero length.... my question is can anyone send me the contents of theirs so i may extract the relevant info from it?

Code: Select all

scalix-mobile_11.0.2.23_all.deb
scalix-platform_11.0.2.23_all.deb
scalix-postgres_11.0.2.23_all.deb
scalix-res_11.0.2.23_all.deb
scalix-sac_11.0.2.23_all.deb
scalix-server_11.0.2.17_i386.deb
scalix-sis_11.0.2.23_all.deb
scalix-swa_11.0.2.23_all.deb
scalix-tomcat_5.5.16-195_all.deb
scalix-tomcat-connector_11.0.0.181_all.deb


if it helps

thanx in advance

[mister.koz]

Ok, i disassembled the .debs and found a file called "server.xml.in" i have coppied this across (just for a test cause i am outa opitions) and scalix-tomcat is running, now i am getting a 404 from tomcat, can't find /webmail/ i presume the server.xml points to where the home directory is but i haven't the faintest idea of how to configure it....

will keep posting until i fix it!

[mister.koz]

Just read the server.xml file end to end a couple of times, it looks like about 400 lines of "i have allot to learn" help!

Where i think i am at:
-Apache2 stuff sorted
-Scalix installed
-tomcat listening and reacting

it looks like catalina doesn't know where the /webmail/ folder is, i am making an assumption that this information should be in the server.xml file but i am no authority on tomcat.

anybody?