blog:set_up_davmail_gateway
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
blog:set_up_davmail_gateway [2018-10-11 15:06] – brb | blog:set_up_davmail_gateway [2018-10-11 16:40] (current) – brb | ||
---|---|---|---|
Line 47: | Line 47: | ||
===== Create A SSL Certificate ===== | ===== Create A SSL Certificate ===== | ||
- | In order to enable SSL encryption, you will need a SSL certificate and SSL private key in the PEM format. If you have purchased a certificate from a Certificate Authority, then you should already have your certificate and key. If so, continue | + | Use the Letsencrypt Certbot |
- | Generate a RSA key with OpenSSL: | ||
- | |||
- | <code class=" | ||
- | Make sure the key is owned by root and permissions are set properly: | ||
- | |||
- | <code class=" | ||
- | sudo chmod 600 / | ||
- | Now, create a certificate signing request: | ||
- | |||
- | <code class=" | ||
- | OpenSSL will now ask you several questions. The only important field is **Common Name**, which should be set to the domain name or IP address of your droplet which will be accessed by your E-mail clients (e.g. davmail.mydomain.com or 123.123.123.123). The other fields can be left at their defaults by just pressing enter or can be filled in with anything: | ||
- | |||
- | <code class=" | ||
- | What you are about to enter is what is called a Distinguished Name or a DN. | ||
- | There are quite a few fields but you can leave some blank | ||
- | For some fields there will be a default value, | ||
- | If you enter ' | ||
- | ----- | ||
- | Country Name (2 letter code) [XX]:US | ||
- | State or Province Name (full name) []:New York | ||
- | Locality Name (eg, city) [Default City]:New York City | ||
- | Organization Name (eg, company) [Default Company Ltd]: | ||
- | Organizational Unit Name (eg, section) []:Keyboard Cat Department | ||
- | Common Name (eg, your name or your server' | ||
- | Email Address []: | ||
- | |||
- | Please enter the following ' | ||
- | to be sent with your certificate request | ||
- | A challenge password []: | ||
- | An optional company name []:</ | ||
- | Sign the certificate request using your private key, setting the expiration date with the '' | ||
- | |||
- | <code class=" | ||
- | With the settings above, the certificate will expire in 365 days (a year). | ||
- | |||
- | You now have your own SSL certificate! | ||
===== Configuring SSL ===== | ===== Configuring SSL ===== | ||
- | Now that you have your SSL certificate, | + | cd to ''/ |
- | + | ||
- | Start by combining your certificate and key file with cat: | + | |
- | + | ||
- | <code class=" | + | |
- | exit</ | + | |
- | Once again, set permissions so only root can access the key file: | + | |
- | + | ||
- | <code class=" | + | |
- | sudo chmod 600 / | + | |
- | Now convert | + | |
- | + | ||
- | <code class=" | + | |
- | You will be prompted to enter an export password. This can not be blank! | + | |
- | + | ||
- | You must set a password or DavMail will not work properly. | + | |
- | + | ||
- | Set permissions: | + | |
- | < | + | < |
- | sudo chmod 600 /usr/lib/ | + | #!/bin/bash |
- | Now open your DavMail configuration again: | + | sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -certfile cert.pem -out /etc/ |
+ | </ | ||
- | <code class=" | ||
Add the following configuration options to inform DavMail of the location of the pkcs12 file you just generated and the passphrase you set: | Add the following configuration options to inform DavMail of the location of the pkcs12 file you just generated and the passphrase you set: | ||
<code class=" | <code class=" | ||
davmail.ssl.keystoreFile=/ | davmail.ssl.keystoreFile=/ | ||
- | davmail.ssl.keyPass=password | + | davmail.ssl.keyPass=PASSWORD |
- | davmail.ssl.keystorePass=password</ | + | davmail.ssl.keystorePass=PASSWORD</ |
Both '' | Both '' | ||
Line 125: | Line 72: | ||
The Debian package we downloaded eariler does not contain an init script, so we must create our own. | The Debian package we downloaded eariler does not contain an init script, so we must create our own. | ||
+ | |||
+ | You can also try starting davmail using | ||
+ | sudo davmail / | ||
+ | | ||
+ | To have a proper startup job is better, of course: | ||
Create a new file with your favorite text editor: | Create a new file with your favorite text editor: | ||
<code class=" | <code class=" | ||
- | Copy and paste the following into the file: | + | Copy and paste the following into the file: [[: |
- | <code class=" | ||
- | ### BEGIN INIT INFO | ||
- | # Provides: | ||
- | # Required-Start: | ||
- | # Required-Stop: | ||
- | # Default-Start: | ||
- | # Default-Stop: | ||
- | # Short-Description: | ||
- | # Description: | ||
- | ### END INIT INFO | ||
- | # Author: Jesse TeKrony <jesse ~at~ jtekrony ~dot~ com> | + | Save and close the file. |
- | PATH=/sbin:/ | + | Mark the script executable, start the service, and enable it at boot: |
- | DESC=" | + | |
- | NAME=davmail | + | |
- | CONFIG=/ | + | |
- | DAEMON=/ | + | |
- | DAEMON_ARGS=" | + | |
- | PIDFILE=/ | + | |
- | SCRIPTNAME=/ | + | |
- | LOGFILE=/ | + | |
- | # Exit if the package is not installed | + | <code class=" |
- | [ -x "$DAEMON" | + | sudo service davmail start |
+ | sudo update-rc.d davmail defaults</ | ||
- | # Read configuration variable file if it is present | + | ===== Client Configuration ===== |
- | [ -r / | + | |
- | # Load the VERBOSE setting and other rcS variables | + | Now that the server is running, you are ready to configure your E-mail clients. |
- | | + | |
- | # Define LSB log_* functions | + | ==== Mail setup ==== |
- | . / | + | |
- | # | + | Create a new account, using the " |
- | # Function that starts | + | |
- | # | + | |
- | do_start() | + | |
- | { | + | |
- | start-stop-daemon | + | |
- | || return 1 | + | |
- | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ | + | |
- | $DAEMON_ARGS >> $LOGFILE 2>&1 & | + | |
- | [ $? != 0 ] && return 2 | + | |
- | echo $! > $PIDFILE | + | |
- | exit 0 | + | |
- | } | + | |
- | # | + | Specific instructions for Thunderbird, |
- | # Function that stops the daemon/service | + | |
- | # | + | |
- | do_stop() | + | |
- | { | + | |
- | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE | + | |
- | RETVAL=" | + | |
- | [ " | + | |
- | start-stop-daemon --stop --quiet --oknodo --retry=0/ | + | |
- | [ " | + | |
- | rm -f $PIDFILE | + | |
- | return " | + | |
- | } | + | |
- | case " | + | You should now be able to send/ |
- | start) | + | |
- | [ " | + | |
- | do_start | + | |
- | case " | + | |
- | 0|1) [ " | + | |
- | 2) [ " | + | |
- | esac | + | |
- | ;; | + | |
- | stop) | + | |
- | [ " | + | |
- | do_stop | + | |
- | case " | + | |
- | 0|1) [ " | + | |
- | 2) [ " | + | |
- | esac | + | |
- | ;; | + | |
- | status) | + | |
- | | + | |
- | ;; | + | |
- | restart|force-reload) | + | |
- | log_daemon_msg " | + | |
- | do_stop | + | |
- | case " | + | |
- | 0|1) | + | |
- | do_start | + | |
- | case " | + | |
- | 0) log_end_msg 0 ;; | + | |
- | 1) log_end_msg 1 ;; # Old process is still running | + | |
- | *) log_end_msg 1 ;; # Failed | + | |
- | esac | + | |
- | ;; | + | |
- | *) | + | |
- | # Failed to stop | + | |
- | log_end_msg 1 | + | |
- | ;; | + | |
- | esac | + | |
- | ;; | + | |
- | *) | + | |
- | echo " | + | |
- | exit 3 | + | |
- | ;; | + | |
- | esac</ | + | |
- | Save and close the file. | + | |
- | Mark the script executable, start the service, and enable it at boot: | + | ==== Calendar setup in Thunderbird ==== |
- | <code class=" | + | In the thundebird calendar create a new networked calendar |
- | sudo service | + | Name: your-company |
- | sudo update-rc.d davmail defaults</ | + | Location: https://your-company.tld:8443/users/ |
+ | |||
+ | ==== LDAP Directory setup in Thunderbird ==== | ||
+ | |||
+ | The following worked for me to connect to an exchange server through | ||
+ | |||
+ | In the address book set up a new server | ||
+ | Name: your-company | ||
+ | Hostname: your-server | ||
+ | Base DN: ou=people | ||
+ | Port number: 636 | ||
+ | Bind DN: your-name@your-company | ||
- | ===== Client Configuration ===== | ||
- | Now that the server is running, you are ready to configure your E-mail clients. Create a new account, using the " | ||
- | You will get warnings from your E-mail clients because you are using a self-signed certificate. It is safe to accept the certificate in this case, because you are the one who created it. | ||
- | Specific instructions for Thunderbird, | ||
- | You should now be able to send/ | ||
Ref: Original by Jesse TeKrony [[https:// | Ref: Original by Jesse TeKrony [[https:// |
blog/set_up_davmail_gateway.1539263196.txt.gz · Last modified: 2018-10-11 15:06 by brb