Moderators: ScalixSupport, admin
Code: Select all
SCALIX 11.1 ON CENTOS 5
== setup OS ==
install OS with: httpd (apache2), modSSH, posgreSQL, sendmail-cf, clamAV, stunnel
install other scalix dependencies (see scalix documentation)
make stunnel certificate file:
$ cd /etc/pki/tls/certs/
$ make stunnel.pem
$ chmod 400 stunnel.pem
set up /etc/stunnel/stunnel.conf as follows:
# Path to certificate file.
#
cert = /etc/pki/tls/certs/stunnel.pem
# Are we client or server?
# Set to "no" for Server mode.
#
client = no
# Services for secure tunnelling:
#
[pop3s]
accept = 995
connect = 110
[imaps]
accept = 993
connect = 143
[ssmtp]
accept = 465
connect = 25
install crypto-utils (missing in centOS install for some reason)
You can use crypto-utils-2.3 from fedora6
now make the SSL certificate (valid 2 years):
$ genkey --days 730 FQDN
edit /etc/httpd/conf.d/ssl.conf
for 'SSLCertificateFile' set /etc/pki/tls/certs/FQDN.cert
for 'SSLCertificateKeyFile' set /etc/pki/tls/private/FQDN.key
$ /etc/init.d/httpd restart
== install Scalix ==
= scalix 10.x to 11.x =
copy entire scalix directory:
$ rsync -ravz oldserver:/var/opt/scalix newserver:/var/opt
= scalix 11.x to 11.x =
copy ONLY messages:
$ rsync -ravz oldserver:/var/opt/scalix/**/s/ newserver:/var/opt/scalix/**/s
where ** is the 2 letter name of the directory (may change)
hostname must be exactly the same as old server, ip can be different
Rename the name of the release, in /etc/redhat-release
replace original with:
Red Hat Enterprise Linux Server release 5 (Tikanga)
start the scalix-installer...
If user ID for the 'scalix' user are different, start the installer, and have the user admin panel open. Hit refresh to see when the
scalix user is created. AS SSON as the user apears in the list, run this:
$ find -user $OLD_USERID -exec chown -R scalix.scalix {} \;
(would be better to know the user ID of the to-be-created scalix user and run the command before!)
If the installer crashes, run above find command again, then re-run installer to set the configuration.
might need to run:
$ ompatchom
if there were problems.
After the scalix install you should revert redhat-release to original
You should be able to run:
$ /etc/init.d/scalix start
check running scalix processes
$ omstat -s
$ omstat -a
== Post Install ==
= SSH fix =
If modSSH was instaled before scalix, it should be picked up and tomcat will run in SSH mode, however there might be 404 error
accessing FQDN/webmail.
in:
/etc/opt/scalix-tomcat/connector/ajp/instance-mail.conf
/etc/opt/scalix-tomcat/connector/jk/instance-mail.conf
find a line like <VirtualHost FQDN:443>, change to:
<VirtualHost *:443>
$ /etc/init.d/httpd restart
$ /etc/init.d/scalix-tomcat restart
= Startup Sequence =
scalix
postgres
tomcat
ldapmapper
sendmail
= Stop Open Relay =
/var/opt/scalix/ml/s/sys/smtpd.cfg
SMTPFILTER=TRUE
#RELAY accept ALL
RELAY accept 127.0.0.1
#RELAY accept .domain.com
RELAY Log_Reject ALL
= Force HTTPS =
/etc/opt/scalix-tomcat/connector/jk/instance-mail.conf
/etc/opt/scalix-tomcat/connector/ajp/instance-mail.conf
after:
<VirtualHost FQDN:80>
Include /etc/opt/scalix-tomcat/connector/jk/app-mail.*.conf
add:
<LocationMatch "^/sac/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
<LocationMatch "^/webmail/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
Users browsing this forum: No registered users and 2 guests