Manual Installation

From Scalix Wiki
Revision as of 06:16, 31 March 2006 by 64.32.173.111 (Talk) (Network Configuration)

Jump to: navigation, search

System Prerequisites

Available Hardware Platforms

Scalix Community Edition Raw software is currently available as a i386 build only. It will run on i386 and x86_64 Intel and AMD platforms.

Minimum System Requirements

  • Pentium 4 or better CPU
  • 512 MB RAM
  • 1 GB of free diskspace after OS Installation
  • Network Interface

Linux Distributions

  • Fedora Core 4
  • OpenSuSE Linux 10.0
  • Debian Sarge i386 (stable)

System Preparation

The following items may be helpful in preparing your system for Scalix Installation:

Network Configuration

  • Make sure you have at least one properly configured network interface.
  • It is best to use a static IP address; running a Scalix server on a machine using DHCP is not recommended.
  • Correct hostname resolution/DNS setup is vital. We recommend the use of DNS in a Scalix/mail environment. File-based hostname resolution can be used (/etc/hosts). However, the following should always be true:
    • Your system should have a fully-qualified hostname, i.e. scalixraw.company.com or myraw.home.local
    • The "hostname" command should return the short hostname, while the "hostname --fqdn" command should return the fully-qualified hostname
    • Both the hostname and the fully-qualified hostname should resolve to the system's IP address (not the loopback 127.0.0.1 IP address)
    • The special name "localhost" should resolve to 127.0.0.1
    • The IP address of the system should reverse-resolve to the fully-qualified hostname (not the short hostname or localhost)

Disk/File System Configuration

  • Scalix Software is installed in /opt. You need 200 MB in this directory
  • Scalix Data is kept in /var/opt/scalix. You need a minimum of 200 MB plus the size of any mailboxes. We recommend you make /var/opt/scalix a separate file system
  • We recommend you put /var/opt/scalix on an LVM logical volume for online backup (this needs Snapshot functionality) and size management
  • Most Scalix systems are installed using an ext3 file system on Linux; however, most local file systems (XFS, Reiser) should work as well
  • For performance reasons (small, synchronous I/O operations), we do not recommend you run Scalix off an NFS file system

Disabling Conflicting Services

Scalix comes with its own POP3, IMAP, LDAP and SMTP services; these might conflict with components already installed on the system.

  • Check for processes listening on the POP3 and IMAP ports. Use the 
    lsof -i :110
    and 
    lsof -i :143
    commands for this. If you see any process/service running, shut it down and disable it from being started with system startup
  • Check for processes listening on the standard LDAP port. Use the 
    lsof -i :389
    command for this. If you see any process/service running, you will need to use an alternate port number for Scalix LDAP. Please see below for details.
  • Check for processes listening on the standard SMTP port. Use the 
    lsof -i :25
    command for this. With Sendmail installed (required), it is normal that Sendmail listens on 127.0.0.1:25. However, it should not listen on your external IP address. If you see any process/service listening on the external IP address, reconfigure your MTA. If your current MTA is not Sendmail, retry after removing your current MTA and replacing it with Sendmail.

Software Selection

The following additional packages that come with the OS distribution are usually needed after base installation (all references to debian package names are from the Sarge stable release):

  • Apache Webserver 2.x
    • on debian, this is the apache2 package
  • Gnu AWK
    • on debian, this is the gawk package
  • Kerberos (MIT Kerberos 5)
    • on debian, these are the krb5-config, krb5-doc, krb5-user, libkadm55 and libkrb53 packages
  • libglib2
    • on debian, this is the libglib2.0-0 package
  • libstdc++
    • on debian, this is the libstdc++2.10-glibc2.2 package
  • libxml2
    • on debian, these are the libxml2, sgml-base and xml-core packages
  • SASL2 and modules for plain, crammd5 and gssapi (for MIT Kerberos)
    • on debian, these are the libsasl2-modules and libsasl2-gssapi-mit packages
  • Sendmail (possibly replacing default-install Postfix or Exim)
    • on debian, this is the sendmail package
  • W3M text-based web browser
    • on debian, this is the w3m package

Required 3rd Party Software

The following third party software is required to run a Scalix server:

  • Sun Java
    Scalix requires a Sun Java JRE or JDK version 1.5.0_04 or higher patch revision. On RPM-based systems, an appropriate RPM is available from Sun. Sun currently does not provide .deb packages. Decent instructions on how to generate a .deb package from Sun's download can be found here. It seems that the instructions provided for testing apply to Sarge stable; the control files mentioned were there. Note that if you use a JRE some of the commands will not be needed or look slightly different.
  • Apache Tomcat
    Scalix requires a Apache Tomcat Application server of version 5.0.28. This is available from the Apache Tomcat project. For installation, you should just untar this under /opt (as /opt/jakarta-tomcat-5.0.28). You should then create a symbolic link called /opt/scalix-tomcat. You will then need to make some modifications to the system as detailed below.
    Note: Scalix plans to provide customized Tomcat packages in both rpm and deb formats in the near future.
    • Because we're using Java 1.5, you will need to remove one of the libary files that ship with Tomcat 5.0: 
      rm /opt/scalix-tomcat/common/endorsed/xml-apis.jar
    • Add the following lines to the beginning of your /opt/scalix-tomcat/bin/setclasspath.sh file: 
      PATH=$PATH:/opt/scalix/bin
      JAVA_HOME=/usr/local/lib/jre           # Make this /usr/local/lib/jdk when using a JDK
      JAVA_OPTS="-server -Xms128m -Xmx128m"  # Make this 1/2 your RAM or 512 whichever is less
      export JAVA_HOME JAVA_OPTS
    • When using a JRE as opposed to a JDK, change the line reading 
      if [ ! -x "$JAVA_HOME"/bin/java -o ! -x "$JAVA_HOME"/bin/jdb -o ! -x "$JAVA_HOME"/bin/javac ]
      to 
      if [ ! -x "$JAVA_HOME"/bin/java]
    • Integrate scalix-tomcat into your system startup. Create a /etc/init.d/scalix-tomcat script as per below, the execute the a 
      update-rc.d scalix-tomcat defaults 22
      command.
#! /bin/sh
#

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="Scalix Tomcat"
NAME=scalix-tomcat
CATALINA_HOME=/opt/scalix-tomcat; export CATALINA_HOME
DAEMON=/opt/scalix-tomcat/bin/startup.sh

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

#
#       Function that starts the daemon/service.
#
d_start() {
        $CATALINA_HOME/bin/startup.sh
} 

#
#       Function that stops the daemon/service.
#
d_stop() {
       $CATALINA_HOME/bin/shutdown.sh
}

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        d_start
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        d_stop
        echo "."
        ;;
  restart|force-reload)
        #
        #       If the "reload" option is implemented, move the "force-reload"
        #       option to the "reload" entry above. If not, "force-reload" is
        #       just the same as "restart".
        #
        echo -n "Restarting $DESC: $NAME"
        d_stop
        sleep 1
        d_start
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

Creating a Scalix Group and User (optional)

Installation of the Scalix server package will automatically create a Unix group called "scalix" and a Unix user with the same name. The user id for this user will be automatically chosen and most files associated with Scalix data will be owned by this user. If you want to have control over the user id, you can create the user manually before installing the Scalix server package.

If you create the group and/or user manually, make sure the following applies:

  • The group must be called "scalix"
  • The user must be called "scalix"
  • The user must have a home directory of /var/opt/scalix
  • There should not be any files (profile files, etc.) copied to the user's home directory
  • The user should have it's primary group set to "scalix"
  • It is recommended to use /bin/true as the login shell for the "scalix" user so that the user cannot login to the system interactively. In addition, the password for the user should be locked.
  • If your OS offers the concept of a "server" or "service" user, the Scalix user should be created as one.

Setting up your user's environment

It is recommended to add the /opt/scalix/bin and /opt/scalix/diag directories to your admin user's (initially root!) PATH. It is also recommended to add /opt/scalix/share/man to your MANPATH to be able to access the reference man pages that come with Scalix server.


Downloading and Installing the Scalix Raw Packages

The Scalix Raw packages can be downloaded here. You will need packages for the following modules appropriate for your platform:

  • scalix-server-*: the actual Scalix Server software
  • scalix-swa-*: the Scalix Web Access webclient; this can be installed on the same machine as the Scalix server or on a separate webserver
  • scalix-sac-*: the Scalix Admin Server; if you want to use the Scalix Admin Console, this must be installed on the Scalix server machine
  • scalix-res-*: the Scalix Remote Execution Service; this is the management agent used by the Scalix Admin Server. This is required on all systems that are managed by a Scalix Admin Server. As Scalix CE Raw is limited to single server configurations, this must be installed on the single Scalix server machine.
  • libical: this is a Scalix adaption/compile based on an OpenSource implementation of a RFC-compliant ical library available from the Free Association project. The projects homepage is on SourceForge. Scalix provides source and binary packages in .rpm and .deb format on the Scalix CE Raw download site.

Copy all the .rpm or .deb files to a temporary directory location on your server. Then, install the packages using the standard OS tools.

  • For rpm-based systems, use 
    rpm -ivh *.rpm
  • For deb-based systems, use 
    dpkg -i *.deb

In case of any missing dependencies or other errors, these should be resolved and the Scalix package installation retried before continuing.


Creating and configuring the initial Scalix Server Instance

The following assumes that you have added /opt/scalix/bin to your PATH. Otherwise, you will need to use absolute pathnames for all the commands.

Initialize the Scalix Message Store

To initialize the Scalix message store, use the 
ommakeom
command. This creates an empty message store in /var/opt/scalix and also adds config file templates for all components into this directory tree. The process will take 3-15 minutes, depending on the speed of your system. Please check the screen output for any errors or problems during the process. A log of the message store creation can also be found in /var/opt/scalix/sys/install/log. In case of any error, correct the problem and restart message store creation by using the 
ompatchom
command.

Set generation rules for display name, login name and Internet address

Before creating any new user, default rules for generating the display name (shown in 'From' email headers and address book display), the login name (used to login to Scalix clients) and Internet address should be set.

The following is a list of user attributes that can be used in those rules:
G represents the given name in mixed/original casing
S represents the surname in mixed/original casing
I represents the middle initial(s) in mixed/original casing
C represents the common name/display name in mixed/original casing (this cannot be used in the display name generation)
g, s, i and c represent the first character of the given name/surname/initials/common name in lower case
f and l represent the full given name/last name in lowercase

    • To setup generation rules for the display name, use the 
      sxconfig --set -t general.usrl_cn_rule='<rule>'
      command, e.g. 
      sxconfig --set -t general.usrl_cn_rule='S, G'
      to set the display name generation rule to Last, First.

    • To setup generation rules for the login name, use the 
      sxconfig --set -t general.usrl_authid_rule='<rule>'
      command, e.g. 
      sxconfig --set -t general.usrl_authid_rule='gs@'
      to set the login name generation rule to use the initials of the user in lowercase. If you omit the @ character from this rule, the fully-qualified domain name of the server will be appended to the login name. This is useful in multi-server environments (which are not supported for Scalix CE Raw). Please see the 
      man omaddu
      for details.

    • To setup generation rules for the internet address, use the 
      sxconfig --set -t orniasys.name_part_<n>='<rule>' -t orniasys.domain_part_<n>='<domain>'
      command, e.g. 
      sxconfig --set -t orniasys.name_part_1='"C" <G.S>' -t orniasys.domain_part_1='mycompany.com'
      to set the internet address generation rule to generate addresses in the form "Last, First" <First.Last@mycompany.com> (provided that the display name generation rule is Last, First, as C maps to the display name). Please see 
      man omiam
      for details.

      Note: You can set up to 5 internet address generation rules for the system by specifying different values from 1 to 5 for <n>.

Creating the default Mailnode

The mailnode is a organizational unit grouping users. This becomes important in multi-server setups supported for Scalix Enterprise Edition. For single-server systems, creating a single, default mailnode is usually sufficient. It is recommended to use the organization name (without any 8-bit or special characters) as the mailnode name. To create the initial mailnode and make it the default, use the 
omaddmn -m <mailnode>
command, e.g. 
ommaddmn -m mycompany
.

Setting up a non-default LDAP port number

If the system already has some LDAP service using the standard LDAP TCP port (389), this should be changed to some other port number now. Edit the /var/opt/scalix/sys/slapd.conf and change the portnumber to a different value. Scalix recommends using port 3890. The line to be changed should look like this: 
portNum          3890

Starting the server daemons

Before the first set of users can be created, the server daemons must be started. To do this, use the 
omrc -n
command. The -n option will prevent mail delivery and user signon services from being started because these are not usable at this time.

Creating the default admin user

To create a default admin account, use the 
omaddu -n <fullname>/<mailnode> --class <class> -c admin -p <password> <loginname>
command, e.g. 
omaddu -n sxadmin/mycompany --class limited -c admin -p secret sxadmin
, where
    • sxadmin is the full name of the admin user as displayed in the address book
    • mycompany is the default mailnode created in the previous step
    • limited is either full or limited. When creating the admin user as a full user, this will use one of the 25 free premium mailboxes available in Scalix CE raw. However, if created as a limited user the user won't be able to use Outlook to login or access public folder information through SWA.
    • -c admin sets full admin capabilities for the user
    • secret is the users initial password
    • sxadmin is the users loginname

Configuring the admin user

The admin user is then setup as "Postmaster" to receive system error messages: 
omconfenu -n "sxadmin/mycompany"
. Also, he would be excluded from any system wide inbox quota checking: 
omlimit -u "sxadmin/mycompany" -o -i 0 -m 0

Creating the LDAP Query user

For allowing the Scalix Admin Server and Admin Console to access user information through Scalix LDAP, a system user must be created as follows:
omaddu -n   sxqueryadmin/mycompany --class limited -c admin -p pass sxqueryadmin@hostfqdn
The password of this user can be anything, but the username (sxqueryadmin) and the user's login name must match the values provided where hostname.mycompany.com is the FQDN of your server as returned by the hostname --fqdn command. The user can always be created as a limited user because the only server he is allowed to login to is LDAP which does not require a premium user account.

Creating the Standard Scalix Admin Groups

Next, the standard Scalix Admin groups for the Scalix Admin server must be created. The names of these groups are fixed so they should always be created as follows: 
omaddpdl -l ScalixUserAdmins/mycompany
omaddpdl -l ScalixGroupAdmins/mycompany
omaddpdl -l ScalixUserAttributesAdmins/mycompany
omaddpdl -l ScalixAdmins/mycompany

Adding Standard Tweak Settings

We recommend adding the following tweak settings to /var/opt/scalix/sys/general.cfg. For details on these settings, please refer to the Scalix Administration Guide.

#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server -- note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most ten connections per second; if clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is thirty minutes. Some
# clients will "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users who have been created without one.
# Users who have been added using the bulk-add mechanism used by the
# wizard will not have a message store and so setting this tweak allows
# them to receive mail before they have been signed on initially.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to signon using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
# 
# Note that changing these settings normally requires Scalix to be
# restarted.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE

Starting Scalix Services

As a final step, you should now start all services using the following command:
omon -s all

Configuring Scalix Web Applications

You will need to follow a few simple steps to integrate Scalix web applications into your Tomcat application server.

Integrating the Web Applications into Tomcat

If you have setup Scalix and Tomcat as per above, you will just need to create a few symbolic links to integrate the web applications into the Tomcat application server: 

ln -s /opt/scalix/web/scalix-res.xml   /opt/scalix-tomcat/conf/Catalina/localhost
ln -s /opt/scalix/web/scalix-admin.xml /opt/scalix-tomcat/conf/Catalina/localhost
ln -s /opt/scalix/web/scalix-caa.xml   /opt/scalix-tomcat/conf/Catalina/localhost
ln -s /opt/scalix/web/scalix-swa.xml   /opt/scalix-tomcat/conf/Catalina/localhost

Configuring Scalix Web Access

You will then need to setup a number of parameters in /etc/opt/scalix/webmail/swa.properties: 

swa.email.domain=mycompany.com                                    # Add your main domain here
swa.email.imapServer=scalix.mycompany.com                         # FQDN of your Scalix server
swa.email.smtpServer=scalix.mycompany.com                         # FQDN of your Scalix server
swa.settings.rulesWizardURL=http://scalix.mycompany.com/Scalix/rw # FQDN of your Scalix server
swa.ldap.1.server=scalix.mycompany.com                            # FQDN of your Scalix server
swa.ldap.1.port=389                                               # The port number of your 
                                                                  # Scalix LDAP server; if you 
                                                                  # have changed this from the
                                                                  # default during server install,
                                                                  # this needs to be reflected
swa.ldap.2.server=scalix.mycompany.com                            # FQDN of your Scalix server
swa.ldap.2.port=389                                               # The port number of your 
                                                                  # Scalix LDAP server; if you 
                                                                  # have changed this from the
                                                                  # default during server install,
                                                                  # this needs to be reflected

Configuring Scalix Ubermanager Admin Server

You will then need to setup a number of parameters in /etc/opt/scalix/caa/scalix.res/ubermanager.properties: 

ubermanager.query.server=scalix.mycompany.com                # FQDN of your Scalix server
ubermanager.kerberos.mode=false                              # N/A for single server
ubermanager.kerberos.principalName=                          # "   "   "      "
ubermanager.kerberos.kdc                                     # "   "   "      "
ubermanager.kerberos.realm                                   # "   "   "      "
ubermanager.query.server=scalix.mycompany.com                # FQDN of your Scalix server
ubermanager.console.externalAuth=false                       # default value
ubermanager.console.allowExternalAuthChoice=false            # default value
ubermanager.console.maxListSize=100                          # default value
ubermanager.console.localDomains=mycompany.com               # Your email domain(s)
ubermanager.console.authDomains=                             # default value
ubermanager.console.modifySyncedAuthId=false                 # default value
ubermanager.query.server.port=389                            # Scalix LDAP port number
ubermanager.configured=true                                  # to indicate file has been touched

Also, create a file called /etc/opt/scalix/caa/scalix.res/psdata and put in the sxqueryadmin password. Make sure the file is only readable by root: 

cd /etc/opt/scalix/caa/scalix.res
echo "<sxqueryadmin-password>" >psdata
chown root:root psdata
chmod 400 psdata

Configuring Scalix RES Admin Agent

You will need to adjust a few parameters in /etc/opt/scalix/res/config/res.properties: 

res.kerberos.mode=                                           # Leave empty for single server
res.kerberos.kdc=                                            # "     "     "   "      "     
res.kerberos.realm=                                          # "     "     "   "      "     
res.kerberos.allowedclients=ubermanager/scalix.mycompany.com # FQDN of your Scalix server
res.ubermanager.host=scalix.mycompany.com                    # FQDN of your Scalix server
res.tomcat.tcp.port=8080                                     # http port number of Tomcat
res.configured=true                                          # to indicate file has been touched

Restarting Tomcat

After making all these changes, you have to restart tomcat with the following command: 
/etc/init.d/scalix-tomcat restart

Integrating the Web-based Scalix Rules Wizard into Apache

You will just need to link the Apache config file into your Apache config directory:

  • For debian, execute 
    ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d
    and restart apache using 
    /etc/init.d/apache2 restart

Testing your newly installed system

You are now finished with the install. You should test a few things to make sure everything is working as designed:

  • Reboot your server. All services (Scalix Server, Tomcat and Apache) should come up on their own.
  • Check the output of omstat -a and omstat -s commands. Item Structure Server may be listed as stopped, all other daemons and services should be up and running.
  • try to access Scalix Admin Console from a browser using the http://scalix.mycompany.com:8080/sac URL. Login using your sxadmin loginname and password. Create a new user.
  • try to access Scalix Web Access from a browser using the http://scalix.mycompany.com:8080/webmail URL. Login using your newly created user. Try address book lookups. Send an email message to yourself. Try to access the web-based Scalix Rules Wizard from your Extras menu.
  • Download and install the Outlook connector. Setup a premium user. Install Outlook connector on a Windows PC. Setup an Outlook profile and access your Scalix mailbox from Outlook.

If all this works, your Scalix server is in good shape and you're ready to take it to the next level.

What's next

  • Read the docs. Check out the Administration Guide and Administration Console Guide. If you need more information, manpages contain a lot of valuable data. Start with 
    man scalix-server
  • Integrate Apache with Tomcat using mod_jk for better performance and security
  • Use mod_deflate with Apache to reduce the amount of data transmitted over the wire for SWA. This will further improve performance
  • Setup your sendmail with correct Smarthost and routing information for outbound Internet email.
  • Setup fetchmail if your email is hosted with a provider
  • Setup stunnel if you require secure SSL communication for POP, IMAP, LDAP or SMTP
  • Setup Spam Assassin for better Spam protection
  • Setup ClamAV for good open-source virus protection
  • Integrate with an external LDAP directory such as OpenLDAP, eDirectory or Active Directory
  • Setup Online Backup using LVM Snapshots

... and lot's more. Stay tuned.

Retrieved from "https://www.scalix.com/wiki/index.php?title=Manual_Installation&oldid=1290"