Bitte noch NICHT auf Produktiv Systemen verwenden, dieses HowTo ist noch nicht fertiggestellt und wird derzeit noch überarbeitet und getestet!
ToDo List:
- Bei den dovecot configs bin ich mir nicht sicher ob alles so stimmt, da müsste mal jemand drüberschauen.
- zusätzliche DNS records für CalDAV usw. müsste getestet werden - eventl. hier fündig werden:
https://docs.mailcow.email/getstarted/p ... -and-dmarc
https://github.com/mailcow/mailcow-dock ... ssues/2653
- Die EAS bzw. active sync Funktionen und Tools kann ich nicht testen, das müsste dann von Windows Usern getestet werden (frontends unter):
https://www.sogo.nu/download.html#/frontends
Ich wäre Euch sehr dankbar für's testen, erweitern und aufspüren von Fehlern um dieses HowTo fertigstellen zu können.
Vor der SOGo Installation!
Nach der Keyhelp Installation auf dem Test System eine Domain anlegen und einen Email Account zum testen mit SOGo!
SOGO Installation
Sogo Datenbank
Achtung keine Sonderzeichen im password - MyPassword anpassen
Code: Select all
mysql
CREATE DATABASE sogo CHARSET='UTF8';
CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'MyPassword';
GRANT ALL PRIVILEGES ON sogo.* TO 'sogo'@'localhost';
USE sogo;
CREATE VIEW sogo_view (c_uid, c_name, c_password, c_cn, mail) AS SELECT email_utf8, email_utf8, password, email_utf8, email_utf8 FROM keyhelp.mail_users;
flush privileges;
exit
https://www.sogo.nu/support/faq/how-to- ... ebian.html
https://www.sogo.nu/support/faq/how-to- ... buntu.html
hier für Debian 12:
Code: Select all
sudo apt-get update && sudo apt-get install apt-transport-https
sudo echo "deb [ arch=amd64 signed-by=/etc/apt/keyrings/sogo.asc ] https://packages.sogo.nu/nightly/5/debian/ bookworm bookworm" > /etc/apt/sources.list.d/sogo.list
wget -O- "https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9" | sudo tee /etc/apt/keyrings/sogo.asc
sudo apt-get update && apt-get install sogo sogo-activesync memcached dovecot-sieve dovecot-managesieved
Code: Select all
a2enmod proxy
a2enmod proxy_http
a2enmod headers
a2enmod rewrite
anpassen SOGoMailDomain, SOGoPageTitle, SOGoSuperUsernames und MyPassword wie oben
Code: Select all
mv /etc/sogo/sogo.conf /etc/sogo/sogo.bak
nano /etc/sogo/sogo.conf
{
/* ********************* Main SOGo configuration file **********************
* *
* Since the content of this file is a dictionary in OpenStep plist format, *
* the curly braces enclosing the body of the configuration are mandatory. *
* See the Installation Guide for details on the format. *
* *
* C and C++ style comments are supported. *
* *
* This example configuration contains only a subset of all available *
* configuration parameters. Please see the installation guide more details. *
* *
* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file, *
* make sure to move it away to avoid unwanted parameter overrides. *
* *
* **************************************************************************/
SOGoProfileURL = "mysql://sogo:MyPassword@localhost:3306/sogo/sogo_user_profile";
OCSFolderInfoURL = "mysql://sogo:MyPassword@localhost:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:MyPassword@localhost:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL = "mysql://sogo:MyPassword@localhost:3306/sogo//sogo_alarms_folder";
/* Mail */
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoIMAPServer = localhost;
SOGoSieveServer = sieve://127.0.0.1:4190;
SOGoSMTPServer = 127.0.0.1;
SOGoMailDomain = keyhelp.hostname.tld;
SOGoMailingMechanism = smtp;
SOGoForceExternalLoginWithEmail = YES;
//SOGoMailSpoolPath = /var/spool/sogo;
NGImap4ConnectionStringSeparator = "/";
SOGoMailMessageCheck = "every_5_minutes";
SOGoFirstDayOfWeek = 1;
SOGoLoginModule = Mail;
/* Notifications */
SOGoAppointmentSendEMailNotifications = YES;
//SOGoACLsSendEMailNotifications = YES;
//SOGoFoldersSendEMailNotifications = YES;
SOGoEnableEMailAlarms = YES;
/* Authentication */
SOGoPasswordChangeEnabled = YES;
/* LDAP authentication example */
//SOGoUserSources = (
// {
// type = ldap;
// CNFieldName = cn;
// UIDFieldName = uid;
// IDFieldName = uid; // first field of the DN for direct binds
// bindFields = (uid, mail); // array of fields to use for indirect binds
// baseDN = "ou=users,dc=acme,dc=com";
// bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
// bindPassword = qwerty;
// canAuthenticate = YES;
// displayName = "Shared Addresses";
// hostname = ldap://127.0.0.1:389;
// id = public;
// isAddressBook = YES;
// }
//);
/* LDAP AD/Samba4 example */
//SOGoUserSources = (
// {
// type = ldap;
// CNFieldName = cn;
// UIDFieldName = sAMAccountName;
// baseDN = "CN=users,dc=domain,dc=tld";
// bindDN = "CN=sogo,CN=users,DC=domain,DC=tld";
// bindFields = (sAMAccountName, mail);
// bindPassword = password;
// canAuthenticate = YES;
// displayName = "Public";
// hostname = ldap://127.0.0.1:389;
// filter = "mail = '*'";
// id = directory;
// isAddressBook = YES;
// }
//);
/* SQL authentication example */
/* These database columns MUST be present in the view/table:
* c_uid - will be used for authentication - it's the username or username@domain.tld)
* c_name - which can be identical to c_uid - will be used to uniquely identify entries
* c_password - password of the user, plain-text, md5 or sha encoded for now
* c_cn - the user's common name - such as "John Doe"
* mail - the user's mail address
* See the installation guide for more details
*/
SOGoUserSources =
(
{
type = sql;
id = users;
viewURL = "mysql://sogo:MyPassword@localhost:3306/sogo/sogo_view";
canAuthenticate = YES;
isAddressBook = YES;
userPasswordAlgorithm = crypt;
displayName = "SOGo Users";
}
);
/* Web Interface */
SOGoPageTitle = "SOGo";
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
SOGoSieveScriptsEnabled = YES;
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
//SOGoTrustProxyAuthentication = NO;
SOGoXSRFValidationEnabled = NO;
/* General - SOGoTimeZone *MUST* be defined */
SOGoLanguage = English;
SOGoTimeZone = Europe/Berlin;
//SOGoCalendarDefaultRoles = (
// PublicDAndTViewer,
// ConfidentialDAndTViewer
//);
SOGoSuperUsernames = (hostmaster@mydomain.tld); // This is an array - keep the parens!
//SxVMemLimit = 384;
//WOPidFile = "/var/run/sogo/sogo.pid";
SOGoMemcachedHost = "127.0.0.1";
/* ActiveSync */
WOWorkersCount = 15;
WOWatchDogRequestTimeout = 59;
SOGoMaximumPingInterval = 3540;
SOGoMaximumSyncInterval = 3540;
SOGoInternalSyncInterval = 30;
/* Debug */
//SOGoDebugRequests = YES;
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
//WODontZipResponse = YES;
//WOLogFile = /var/log/sogo/sogo.log;
}
Dovecot
Code: Select all
nano /etc/dovecot/conf.keyhelp.d/90-plugins.conf
plugin {
# einfügen unter: sieve_storage = /var/mail/vhosts/%d/%n/sieve
#sieve_before=/var/mail/vhosts/%d/%n/.ispconfig-before.sieve
sieve_before = /var/mail/vhosts/%d/%n/sieve/ispconfig.sieve
sieve_dir = /var/mail/vhosts/%d/%n/sieve/
sieve_extensions = +notify +imapflags
#sieve_after=/var/mail/vhosts/%d/%n/.ispconfig.sieve
# a directory where global .sieve script can be found
sieve_global_dir = /var/mail/vhosts/sieve
# a global sieve script to use allways
sieve_global_path = /var/mail/vhosts/sieve/dovecot.sieve
sieve_max_script_size = 2M
sieve_max_actions = 100
sieve_max_redirects = 25
}
Code: Select all
nano /etc/dovecot/conf.keyhelp.d/10-services.conf
# anpassen wie hier:
service managesieve-login {
inet_listener sieve {
# port to use for managesieve
port = 4190
}
process_min_avail = 10
service_count = 1
vsz_limit = 64 M
}
Code: Select all
nano /etc/dovecot/conf.keyhelp.d/20-protocols.conf
# über: managesieve_max_line_length = 65536
protocol sieve {
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login this may differ depending on the user).
# managesieve_notify_capability = mailto
# managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify
mail_max_userip_connections = 10
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
}
Apache
Code: Select all
nano /etc/apache2/conf-available/SOGo.conf
Alias /SOGo.woa/WebServerResources/ \
/usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ \
/usr/lib/GNUstep/SOGo/WebServerResources/
<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
# Explicitly allow caching of static content to avoid browser specific behavior.
# A resource's URL MUST change in order to have the client load the new version.
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
# Enable to use Microsoft ActiveSync support
# Note that you MUST have many sogod workers to use ActiveSync.
# See the SOGo Installation and Configuration guide for more details.
#
ProxyPass /Microsoft-Server-ActiveSync \
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
retry=60 connectiontimeout=5 timeout=360
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
## adjust the following to your configuration
## and do not forget to enable the headers module
<IfModule headers_module>
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST
## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
RequestHeader unset "x-webobjects-remote-user"
# RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
</IfModule>
AddDefaultCharset UTF-8
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Proxy>
# For Apple autoconfiguration
<IfModule rewrite_module>
RewriteEngine On
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
</IfModule>
Code: Select all
chown sogo:sogo /var/run/sogo
chown sogo:sogo /etc/sogo/sogo.conf
chmod 0600 /etc/sogo/sogo.conf
chown sogo:sogo /var/spool/sogo
chmod 700 /var/spool/sogo
chmod 700 /etc/logrotate.d/sogo
systemctl enable sogo
systemctl restart dovecot
systemctl restart sogo
cat /var/log/sogo/sogo.log
a2enconf SOGo.conf
apache2ctl configtest
systemctl restart apache2
https://keyhelp.hostname.tld/SOGo
sonstiges
DNS records testen - prüfen & hinzufügen
https://docs.mailcow.email/getstarted/p ... ystem/#mtu
https://docs.mailcow.email/getstarted/p ... -and-dmarc
https://github.com/mailcow/mailcow-dock ... ssues/2653
Smartphones können über Exchange Dienste (ActiveSync) E-Mails, Kalender und Adressbuch abfragen
Thunderbird Kalender via CalDAV URL, beispielsweise:
https://mail.domain.de/SOGo/dav/name@do ... /personal/
Thunderbird Adressbuch via SOGo Connector, download hier:
https://sogo.nu/download.html#/frontends
Quellenangabe
https://adminforge.de/mailserver/ispcon ... ctivesync/