HowTo - The Perfect CentOS 5 and Scalix 11.4.3 Email Server Install

Introduction

This guide will show you how to install a Linux email server. After completion, you'll have the following capabilities:

• Retrieve email from a remote POP account and deliver it to a local user
• Access your email locally, through webmail or Outlook/Thunderbird
  
• Access your email remotely, through webmail, while on the road (if you choose to)

The environment that this server will integrate into is as follows:

• Website hosted by an outside service
• POP email accounts hosted by the same outside service
• High-speed Internet connection
• An Internet router/firewall device

Because this server is geared towards a small (and possibly medium) sized business, I do not want that business to host the website and the email. Why? The website for a business has to be up 24/7/365 with 99.99% uptime. A small business (in my opinion) can neither afford the infrastructure to maintain such a system, nor can they afford to hire talented personnel to maintain it. And even with all that hardware and expertise, all it takes is a power failure to last longer than your battery backups, and you're down.

For this tutorial, we're going on the assumption that your company is called Example. Your website is called Example.com. And, one of your email addresses is sales@example.com. All this is hosted by XYZ company, whose website is xyz.com.

Here's the software we're going to install.

• CentOS 5 Linux distribution
• Scalix Collaboration Suite - Community Edition

I've chosen this configuration for two reasons. One, they are both available free of charge. Second, they can both be upgraded to a paid-for version for the purpose of support.

CentOS is a clone of Red Hat Enterprise Linux. Upgrading from CentOS to RHEL is rather smooth, and would be done for the purpose of having paid support. Scalix offers the Community Edition free of charge. You'll have unlimited webmail users, and 10 premium users (that is, 10 users able to connect to Scalix with Outlook). They also have a paid-for network edition. Upgrading is smooth as well.

So you can start off by not shelling out one dime to get a working setup for testing and deployment. And, you can upgrade to paid-for support at any time. Now that's sweet!!

I'll also mention that Scalix is a Xandros company. Xandros produces Linux. (Xandros is based on Debian. I prefer Debian over Red Hat. Well, at least I prefer apt over yum, and Synaptic over YumEx, but that's grounds for a flame war!) That would lead me to believe that Xandros would be better than CentOS for installing Scalix. And that may be. But CentOS has proven to be a reliable distro to run Scalix. CentOS is directly based on RHEL. Right now, I have a server in place that hasn't been rebooting in over 260 days. Feel free to draw your own conclusion.

What You'll Need

Scalix recommends a RAID 1+0 configuration, as it is heavy on the disk I/O. I use RAID 1. I gain redundancy, but I loose speed because I'm not using RAID 0. The only loss of speed is with the webmail interface. If a user has hundreds of emails in one folder, accessing them could be a bit of a pain. But if things are kept fairly tidy, you won't notice a thing. Outlook connects fine. So does Thunderbird through IMAP. Also, my entire first disk is mirrored to the second disk, including swap. This way, if one disk completely dies, I'm still up and running.

• A late model computer (somewhere in the 2+ Gigahertz range)
• At least 1 Gigabyte of RAM
• 2 identical hard drives (for a RAID 1 setup, more for RAID 1+0)
• CentOS installation media, downloadable from here
  

The exact partitioning scheme is up to you. I cannot cover that here. I'm going to use the default partition scheme the CentOS installer uses. So, let's get going!

Installing CentOS

---

Insert installation media in the CD/DVD drive and boot the computer. Press 'Enter' to boot the system

This screen presents you with the option to test your media. Typically, one should test the ISO image downloaded before you burn it to disk to insure the download didn't get mangled. This check eliminates the possibility of a bad burn. It's highly recommended you do this test, and not skip it.


This screen presents you with the option to test your media. Typically, one should test the ISO image downloaded before you burn it to disk to insure the download didn't get mangled. This check eliminates the possibility of a bad burn. It's highly recommended you do this test, and not skip it.


I love it when this happens! Press OK, and on the next screen press Continue.


This is self-explanatory. Click Next


Select your language.


Select your keyboard


This warning only shows up if you are using a new disk, or a disk without a partition table. Click on Yes.


For this tutorial, I'm going with the default layout. This will give you an LVM setup, with everything thrown in one partition. Click Next. Another window will open warning that all data will be destroyed. Click Yes. (If you choose something different, help yourself!)


Now it's time to configure the network.

1. Click on Edit under Network Devices.
2. Click on Manual configuration under Enable IPv4 support
3. Enter your IP address (192.168.1.2)
4. Enter your Netmask (255.255.255.0)
5. Uncheck IPv6 support.
6. Click OK
7. Enter server.local.zzz in the hostname area (next to manually)
   
8. Enter your Gateway address (probably 192.168.1.1)
   
9. Enter your Primary DNS server (probably 192.168.1.1)

Item 7 matches the host.domain.tld convention
Items 8 and 9 should be the address of your router

Click Next


Select your timezone. And select whether your hardware clock uses UTC. If the time on your hardware clock is set to local time, uncheck it.


Select a password for the root account. This is equivalent to Administrator for that 'other' operating system.


Here you can select additional packages. Let's just go with the default of Desktop - Gnome. Click Next.


OK, let her rip! Click Next to install.


OK, now we're done. Let's reboot!


Welcome to the first time boot screen. Just click next


Let's turn off the firewall. Why? Because our router has a firewall on it. And, if we are going to configure a firewall, we'll just use iptables to do it. So change Enabled to Disabled and click Forward. The installer will give you a warning. Just tell it Yes.


SELinux, or Security Enabled Linux adds to the security of Linux. It also adds complexity, and makes debugging your installation more difficult. Should you decide to use it, don't turn it on until after you have a working setup. Set it to Disabled and click Forward. It will warn you that you'll have to reboot. That's OK. It's one of the few times you'll have to do it!


Configure your time.

Add a user. Our username for the tutorial is user.


You can test your sound card, if one is detected. I don't have one, so I'll move past this.


If you have additional CD's with software packages on them, you can install them here. Since we don't, let's click Finish and continue with a reboot (because we changed SELinux).


Let's login.


Yep, it's Gnome. Right click on the desktop, and select Terminal. First off, we need to update the system. Even though the GUI is telling us that there are updates for the system, we'll use the command line to do the update. In the terminal, do the following.

• su - root
• Enter your root password
• yum upgrade -y

If the kernel got updated, you'll need to reboot. If not, just continue.

Install DNS

Now that the updates are done (however long that took), it's time to install the DNS server that Scalix needs. In the same terminal window (login in as root), do

• yum install -y bind caching-nameserver

Now, we need to do some configuring. Modify the following configuration files, using your favorite text editor.

/etc/hosts -- Edit this file

---

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost
192.168.1.2     server.local.zzz server

---

The last line should use your IP address, and your FQDN and hostname.

/etc/resolv.conf -- Edit this file

---

search local.zzz
nameserver 192.168.1.2

---

/etc/named.conf -- Create this file

---

include "/etc/rndc.key";
zone "local.zzz" {
type master;
file "/etc/named.zzz.fwd";
allow-update { key "rndckey"; };
notify yes;
};

zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/named.zzz.rev";
allow-update { key "rndckey"; };
notify yes;
};

options {
forwarders { 192.168.1.1; } ;
};

---

/etc/named.zzz.fwd -- Create this file

---

$TTL 14400;
@       14400   IN      SOA     server.local.zzz.        root@local.zzz. (
2009011501      ; Serial in YYYYMMDDXX - tab indented
28800           ; Refresh
3600            ; Retry
604800          ; Expire
14400           ; Default TTL
)

@     IN     NS          server.local.zzz.    ; 
@     IN     A           192.168.1.2
@     IN     MX   10     server.local.zzz.

server                  IN      A       192.168.1.2
scalix-default-mail     IN      A       192.168.1.2

---

/etc/named.zzz.rev -- Create this file

---

$TTL 14400;
@       IN      SOA     server.local.zzz.        root.local.zzz. (
2009011501      ; Serial
28800           ; Refresh
3600            ; Retry
604800          ; Expire
38400           ; Default TTL
)

IN     NS             server.local.zzz.   ; tab intented

2     IN     PTR     server.local.zzz.    ;  
2     IN     PTR     scalix-default-mail.local.zzz.

---

And, now for security, in a terminal as root, enter

• chmod 640 /etc/named.zzz*
• chmod 644 /etc/named.conf

And let's start everything up

• service named start
• chkconfig --level 2345 named on

This starts the service, and tells the computer to run named when the computer boots. Specifically, in run levels 2, 3, 4, and 5.

A few things to remember. Be sure to enter your own info in the config files. This is just a sample you can modify for yourself. And, if you modify the forward or reverse zone files, you need to index the serial number. I chose a serial number of year, month, day, version. 2008011501. You can index numbers starting from 1. But with my format, it's easier to tell if you've actually changed the serial number.

Install Scalix

---

Now, it's on to install Scalix. First, we need to install a few packages before we do that. Once again, in a terminal, as root, enter:

• yum install -y tk cyrus-sasl-md5 cyrus-sasl-plain sendmail-cf postgresql-server postgresql-libs mx compat-libstdc++-296

We're ready to install Scalix. In your terminal window, go to the location where you downloaded Scalix. If you used Firefox, it should be on the desktop of the user you created during the install (assuming you haven't changed anything). As root, enter:

• cd /home/user/Desktop
• chmod 755 scalix-11.4.3-GA-community-rhel5-intel.bin (or whatever the download name is)
• ./scalix-11.4.3-GA-community-rhel5-intel.bin
  

Now, read through the license and choose whether or not to agree to it.

The archive gets extracted, and you're presented with a readme. Read through it, and when asked if ou want to run the package that was extrated, say yes. The file executed it is ~/Desktop/scalix-11.4.3-GA/scalix-installer.


Here's the Welcome screen to the installer. Not much to do here except cancel, or go forward.


You now have two options. Install all Scalix components, or only some of them. Click forward to install ALL components.


After a short while (and a change in my screen resolution), the installer will now search for available packages to install. You should have green checkmarks next to 13 components. Click Forward.


The installer will now verify the installation environment. All should be well. Click on forward.


Everything is installed. Now it's time to configure.


Mailnode name - You can leave it as the default, which should be your hostname.


Default Address Format - Add your domain name here. local.zzz. You can change the default display if you like.


Create Admin User - sxadmin is the default administrator for the email system. Enter a password. After this, it will take a few minutes to create the message store


License Activation - Only required if you purchased Scalix. Just click Forward. A warning will pop up telling you the license key was not entered correctly. Just click OK.


Third Party Components. Click Forward to install Java


Java Runtime Configuration - Accept the defaults my clicking Forward.


Secure Communication - This is the password needed for Scalix components to talk to each other. Enter a password, and click Forward


Messaging Services (Database) - Enter a password for the PostgreSQL database.


Congratulations!! You've finished the install. Click OK to close the installer, and to open your web browser and go to the admin console.

In case this browser fails to open (as it has done to me in the past) open your browser and go to http://server/sac. You'll probably have to allow pop-ups, and refresh the page. Use the sxadmin username and the proper password. You'll also have to click on the "Not using a secure https connection" box. You can add and manage your system here.

Webmail can be accessed by pointing your browswer to http://server/webmail. Again, after you login, a popup window will apear with the webmail interface.

If you use Outlook, you'll have to download and install the connector on each Windows machine.

Getting Your Email

After configuring Scalix with a user (consult Scalix docs)Now we need a way for your email to get downloaded from your POP3 server into your Scalix server. Here's how

/home/user/.fetchmailrc -- Create this file

---

poll pop.example.com proto pop3
user sales@example.com there with password secretpassword is user sales@example.com here

---

Remeber to replace "user" with a real username. One username can download all emails for all people. Just add entries to .fetchmailrc for each user, one user per line.

/var/spool/cron/user -- Create this file

---

*/5 * * * * fetchmail -a

---

This cron file will check for new email every 5 minutes.

Backups

Backing up the server is easy. Here's a little script I use to back things up with:

scalix-backup -- create this file and give it execution permissions

---

#!/bin/bash

dest=/media/disk/
tmpath=/files/

if [ `date +%a` = "Sun" ] ; then

file=scalix-week-`date +%V`.tar
else

file=scalix-`date +%u-%a`.tar

fi

/opt/scalix/bin/omshut

tar cfP $tmpath$file /var/opt/scalix/*
tar rfP $tmpath$file /opt/scalix
tar rfP $tmpath$file /opt/scalix-chardet
tar rfP $tmpath$file /opt/scalix-libical
tar rfP $tmpath$file /opt/scalix-postgres
tar rfP $tmpath$file /opt/scalix-tomcat

/opt/scalix/bin/omrc

bzip2 -9 $tmpath$file
rm $dest$file.bz2
cp $tmpath$file.bz2 $dest$file.bz2
rm $tmpath$file.bz2

---

I create the tar file on an internal disk, compress it, and then move the file to the backup device. I do this for speed. The compression takes a really long time on a USB disk. In case you were wondering why.

Recovery

scalix-recover -- Create this file and give it execution permissions

---

#!/bin/bash

/opt/scalix/bin/omshut
rm -R /var/opt/scalix /opt/scalix*

tar xvfjP scalix.tar.bz2
/opt/scalix/bin/omrc

Access Mail Remotely

There's a few things you'll need to access the Scalix webmail interface remotely.

Assuming you have a dynamic IP address, you'll need

1. A DynDNS account (or similar)
2. A router that can be programmed with DynDNS information
3. To program the router to forward TCP port 80 to the Scalix server
4. To open port 80 in the firewall (if any) on the Scalix server

Here's the URL to access the Scalix webmail -- http://server/webmail. If you are not hosting a website on the email server, you could setup an http redirect, by creating the following file

/var/www/html/index.html -- Create this file

---

<html>
<head>
<meta equiv="refresh" content="XXX; URL=http://xx.yy.zzz/webmail">
</html>
</head>

---

XXX = the number of seconds before the page is redirected. xx.yy.zzz is the hostname you configured with DynDNS.

---

That's it! Enjoy your Scalix 11.4.3 installation on CentOS 5!