ISPConfig ist ein beliebtes Control Panel zur Verwaltung von Webseite, E-Mail Postfächern, Datenbanken etc. Ich möchte euch in diesem Artikel zeigen wie SOGo als Groupware für eure bereits laufende ISPConfig Installation genutzt werden kann.
Die SOGo Funktionen im Überblick:
- Moderner AJAX-based Webmailer (Demo Link, Benutzername: sogo1, Passwort: sogo1)
- IMAP und SMTP
- CalDAV Kalender (Apple iCal, Mozilla Ligthning / Sunbird, etc.)
- CardDAV Adressbuch (SOGo Connector für Mozilla Thunderbrird)
- Microsoft Exchange ActiveSync (zum synchronisieren von E-Mail, Kalender und Adressbuch auf Apple iOS, Android, Windows Phone und BlackBerry 10 Geräten)
Punkt 1: Installation unter Debian
Wir erstellen uns zu allererst eine Apt Source Datei. Wir nehmen Nightly da diese Version kostenlos ist. Keine Angst bei mir gab es bis heute keinerlei Probleme.
1 |
deb https://packages.inverse.ca/SOGo/nightly/5/debian/ bullseye bullseye |
Jetzt installieren wir als root den Key.
1 |
apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 |
Folgende Pakete benötigen wir.
1 |
apt-get install sogo sogo-activesync memcached dovecot-sieve dovecot-managesieved |
Ich gehe von einer bestehender ISPConfig Installation aus sowie Apache 2.4.x als Webserver. Wir aktivieren diese Module.
1 2 3 4 |
a2enmod proxy a2enmod proxy_http a2enmod headers a2enmod rewrite |
Punkt 2: Datenbank und Benutzer anlegen
Wir wechseln auf die mysql
Shell und legen Datenbank sowie Benutzer an. Das Passwort bitte generieren, in diesem Beispiel arbeite ich mit sogo
und localhost
.
1 2 3 4 5 6 7 |
CREATE DATABASE sogo CHARSET='UTF8'; CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'sogo'; GRANT ALL PRIVILEGES ON sogo.* TO 'sogo'@'localhost'; USE sogo; CREATE VIEW sogo_view (c_uid, c_name, c_password, c_cn, mail) AS SELECT email, email, password, name, email FROM dbispconfig.mail_user; flush privileges; exit |
Punkt 3: SOGo Konfiguration
Die Konfigurationsdatei kann mit den obigen MySQL Logindaten 1:1 verwendet werden. Passt bitte SOGoMailDomain, SOGoPageTitle, SOGoSuperUsernames und evtl. Passwörter an.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
{ /* ********************* Main SOGo configuration file ********************** * * * Since the content of this file is a dictionary in OpenStep plist format, * * the curly braces enclosing the body of the configuration are mandatory. * * See the Installation Guide for details on the format. * * * * C and C++ style comments are supported. * * * * This example configuration contains only a subset of all available * * configuration parameters. Please see the installation guide more details. * * * * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file, * * make sure to move it away to avoid unwanted parameter overrides. * * * * **************************************************************************/ /* Database configuration (mysql:// or postgresql://) */ SOGoProfileURL = "mysql://sogo:sogo@127.0.0.1:3306/sogo/sogo_user_profile"; OCSFolderInfoURL = "mysql://sogo:sogo@127.0.0.1:3306/sogo/sogo_folder_info"; OCSSessionsFolderURL = "mysql://sogo:sogo@127.0.0.1:3306/sogo/sogo_sessions_folder"; OCSEMailAlarmsFolderURL = "mysql://sogo:sogo@127.0.0.1:3306/sogo//sogo_alarms_folder"; /* Mail */ SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent; SOGoTrashFolderName = Trash; SOGoIMAPServer = localhost; SOGoSieveServer = sieve://127.0.0.1:4190; SOGoSMTPServer = 127.0.0.1; SOGoMailDomain = domain.de; SOGoMailingMechanism = smtp; SOGoForceExternalLoginWithEmail = YES; //SOGoMailSpoolPath = /var/spool/sogo; NGImap4ConnectionStringSeparator = "/"; SOGoMailMessageCheck = "every_5_minutes"; SOGoFirstDayOfWeek = 1; SOGoLoginModule = Mail; /* Notifications */ SOGoAppointmentSendEMailNotifications = YES; //SOGoACLsSendEMailNotifications = YES; //SOGoFoldersSendEMailNotifications = YES; SOGoEnableEMailAlarms = YES; /* Authentication */ SOGoPasswordChangeEnabled = YES; /* LDAP authentication example */ //SOGoUserSources = ( // { // type = ldap; // CNFieldName = cn; // UIDFieldName = uid; // IDFieldName = uid; // first field of the DN for direct binds // bindFields = (uid, mail); // array of fields to use for indirect binds // baseDN = "ou=users,dc=acme,dc=com"; // bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; // bindPassword = qwerty; // canAuthenticate = YES; // displayName = "Shared Addresses"; // hostname = ldap://127.0.0.1:389; // id = public; // isAddressBook = YES; // } //); /* LDAP AD/Samba4 example */ //SOGoUserSources = ( // { // type = ldap; // CNFieldName = cn; // UIDFieldName = sAMAccountName; // baseDN = "CN=users,dc=domain,dc=tld"; // bindDN = "CN=sogo,CN=users,DC=domain,DC=tld"; // bindFields = (sAMAccountName, mail); // bindPassword = password; // canAuthenticate = YES; // displayName = "Public"; // hostname = ldap://127.0.0.1:389; // filter = "mail = '*'"; // id = directory; // isAddressBook = YES; // } //); /* SQL authentication example */ /* These database columns MUST be present in the view/table: * c_uid - will be used for authentication - it's the username or username@domain.tld) * c_name - which can be identical to c_uid - will be used to uniquely identify entries * c_password - password of the user, plain-text, md5 or sha encoded for now * c_cn - the user's common name - such as "John Doe" * mail - the user's mail address * See the installation guide for more details */ SOGoUserSources = ( { type = sql; id = users; viewURL = "mysql://sogo:sogo@127.0.0.1:3306/sogo/sogo_view"; canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm = crypt; displayName = "SOGo Users"; } ); /* Web Interface */ SOGoPageTitle = "SOGo domain.de"; SOGoVacationEnabled = YES; SOGoForwardEnabled = YES; SOGoSieveScriptsEnabled = YES; //SOGoMailAuxiliaryUserAccountsEnabled = YES; //SOGoTrustProxyAuthentication = NO; SOGoXSRFValidationEnabled = NO; /* General - SOGoTimeZone *MUST* be defined */ SOGoLanguage = German; SOGoTimeZone = Europe/Berlin; //SOGoCalendarDefaultRoles = ( // PublicDAndTViewer, // ConfidentialDAndTViewer //); SOGoSuperUsernames = (name@domain.de); // This is an array - keep the parens! //SxVMemLimit = 384; //WOPidFile = "/var/run/sogo/sogo.pid"; SOGoMemcachedHost = "127.0.0.1"; /* Debug */ //SOGoDebugRequests = YES; //SoDebugBaseURL = YES; //ImapDebugEnabled = YES; //LDAPDebugEnabled = YES; //PGDebugEnabled = YES; //MySQL4DebugEnabled = YES; //SOGoUIxDebugEnabled = YES; //WODontZipResponse = YES; //WOLogFile = /var/log/sogo/sogo.log; } |
Punkt 4: Dovecot Sieve
Um die Sieve Filter in SOGo verwenden zu können muss Dovecot um folgende Einträge erweitert werden. Dovecot prüft dann beide Sieve Dateien, die von ISPConfig und von SOGo!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
protocols = [..] sieve plugin { [..] # ispconfig sieve script is loaded before anything else # this way ispconfig sieve script can be edited by using sive protocol # if you prefer to keep ispconfig sieve script hidden from using sive protocol # change location eg. sieve_before = /var/vmail/%d/%n/ispconfig.sieve sieve_before = /var/vmail/%d/%n/sieve/ispconfig.sieve sieve_dir = /var/vmail/%d/%n/sieve/ sieve_extensions = +notify +imapflags # the next to lines are optional but i use them so i show them # a directory where global .sieve script can be found sieve_global_dir = /var/vmail/sieve # a global sieve script to use allways sieve_global_path = /var/vmail/sieve/dovecot.sieve } service managesieve-login { inet_listener sieve { # port to use for managesieve port = 4190 } process_min_avail = 10 service_count = 1 vsz_limit = 64 M } protocol sieve { # Explicitly specify the SIEVE and NOTIFY capability reported by the server # before login. If left unassigned these will be reported dynamically # according to what the Sieve interpreter supports by default (after login this may differ depending on the user). # managesieve_notify_capability = mailto # managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mail_max_userip_connections = 10 managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 } protocol lda { [..] mail_plugins = [..] sieve } protocol lmtp { [..] mail_plugins = [..] sieve } |
Punkt 5: Apache2 Konfiguration
Die vom Paket installierte SOGo.conf kann auch verwendet werden. Aktiviert dort den ActiveSync Part (hier markiert), damit ihr auch per Smartphone via Exchange/ActiveSync auf Mail, Kalender und Adressen zugreifen könnt.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
Alias /SOGo.woa/WebServerResources/ \ /usr/lib/GNUstep/SOGo/WebServerResources/ Alias /SOGo/WebServerResources/ \ /usr/lib/GNUstep/SOGo/WebServerResources/ <Directory /usr/lib/GNUstep/SOGo/> AllowOverride None <IfVersion < 2.4> Order deny,allow Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> # Explicitly allow caching of static content to avoid browser specific behavior. # A resource's URL MUST change in order to have the client load the new version. <IfModule expires_module> ExpiresActive On ExpiresDefault "access plus 1 year" </IfModule> </Directory> ProxyRequests Off SetEnv proxy-nokeepalive 1 ProxyPreserveHost On # Enable to use Microsoft ActiveSync support # Note that you MUST have many sogod workers to use ActiveSync. # See the SOGo Installation and Configuration guide for more details. # ProxyPass /Microsoft-Server-ActiveSync \ http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ retry=60 connectiontimeout=5 timeout=360 ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0 <Proxy http://127.0.0.1:20000/SOGo> ## adjust the following to your configuration ## and do not forget to enable the headers module <IfModule headers_module> RequestHeader set "x-webobjects-server-port" "443" RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST ## When using proxy-side autentication, you need to uncomment and ## adjust the following line: RequestHeader unset "x-webobjects-remote-user" # RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" </IfModule> AddDefaultCharset UTF-8 <IfVersion < 2.4> Order deny,allow Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Proxy> # For Apple autoconfiguration <IfModule rewrite_module> RewriteEngine On RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301] RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301] </IfModule> |
Punkt 6: Dienste neustarten
Wir aktivieren SOGo für den Autostart und starten alle nötigen Dienste neu.
1 2 3 4 |
systemctl enable sogo systemctl restart sogo systemctl restart dovecot systemctl restart apache2 |
Punkt 7: Benutzen von SOGo
- Nun kann das Webinterface aufgerufen werden, beispielsweise https://mail.domain.de/SOGo
- Smartphones können über Exchange Dienste (ActiveSync) E-Mails, Kalender und Adressbuch abfragen
- Thunderbird Kalender via CalDAV URL, beispielsweise https://mail.domain.de/SOGo/dav/name@domain.de/Calendar/personal/
- Thunderbird Adressbuch via SOGo Connector, download hier https://sogo.nu/download.html#/frontends