Re-posted from: www.daijoubu.ws/the-easiest-mail-server-is-also-the-best/

During my struggle trying to set up the best, most reliable, mail server possible, I tried several configurations, both ready-to-use, like iRedMail, as well as very customized setups, which included the likes of Postfix + Courier + PostgreSQL authentication/vmail + Horde Groupware + spamfilters/anti-viruses/greylistings.

It’s not an easy task, but two tools makes it extremely straightforward: Yaffas + Zarafa.
And I’m really baffled on why it’s not widely adopted/documented.

Yaffas is a server administration framework, focused on groupware/mail, but not restricted to that. It sports a great ajab web interface for administering common server tasks, like managing users, installing ssl certs, whitelisting hostnames, etc. You can even start/stop/restart services, shutdown and reboot your server, and download log files. It’s also totally FOSS.

The main feature is Zarafa, an awesome and complete groupware client, including mail, calendar, tasks and notes. Its WebApp UI is beautiful, easy and intuitive. You can demo it here: https://demo.zarafa.com/webapp

Zarafa uses its own IMAP/POP3 server, or MDA (mail delivery agent), and also a CalDAV/iCal server (calendar and tasks), but no CarDAV server (contacts) or any way to sync its notes. We have a way to address the lack of contacts sync, which we explain later.

Yaffas + Zarafa Mail Server How-To
This tutorial will be using Ubuntu 12.04 Server as our operating system. There are also repositories for Debian and RHEL, and you can always install it from source. Adapting it to your system should be just a few minimal changes.

This tutorial assumes that your OS is brand new and clean, installed specific for this purpose. Yaffas installation makes changes and overrides several configuration files. If you install it in a production environment it will break your stuff!
Preparing your server
It’s recommended to use at least 512MB of memory, which still is a bit low. SpamAssassin, Amavids-new and ClamAV will probably not start using this setting. We will address this and provide more stability adding some SWAP memory:

To make sure you don’t already have a SWAP partition, check your current SWAP status:

swapon -s

If none filename, type or size appears, you don’t have one, so:

dd if=/dev/zero of=/swap bs=1024 count=2097152

mkswap /swap

chown root:root /swap

chmod 0600 /swap

swapon /swap

echo /swap swap swap defaults 0 0 >> /etc/fstab

This will add 2GB of SWAP. Again, check the current SWAP status with:

swapon -s

Let’s also set your FQDN as your hostname:

hostname cloudmail.com

This will change the /etc/hostname file and sets your hostname on-the-fly, without the need to reebot your server. Ubuntu stores hostnames in /etc/hosts too, so it’s safe to add yours there, before any other hostnames listed (eg. localhost).

Adding repo and installing
echo “deb http://repo.yaffas.org/releases/latest/precise ./” >> /etc/apt/sources.list

wget -O – http://repo.yaffas.org/repo.deb.key | apt-key add –

apt-get update

apt-get install yaffas

This automatically installs Postfix (SMTP server, aka MTA, aka the one which send emails), MySQL (database used by several applications to store data), OpenLDAP (user management), a complete set of security tools (SpamAssassin, Amavids-new, ClamAV and Policyd-weight), Apache (webserver, mainly used by Zarafa, since Yaffas uses its own Perl webserver), Fetchmail (optional mail retriever, starts disabled), and the whole Zarafa suite.

Initial components onfiguration
Upon installation, Yaffas will prompt you with some configuration screens, starting with Kerberos:

 

 

Leave them all untouched, except the hostname section, where you need to enter the hostname you set earlier.

You’ll them be prompted with MySQL and LDAP password. These are very important and sensitive stepts. Create strong passwords and store them in a safe place for later. LDAP will also ask you some more questions, leave them unchanged, with default values. Last one is Postfix, choose “Local only” and enter your hostname as your FQDN.

Initial Yaffas configuration
Yaffas’ server run on port 10000. To access it, point your browser to:

 

 

https://cloudmail.com:10000
It comes with a basic self-signed SSL cert and your browser will complain about this. Allow exception and connect anyways. Username is admin and password is yaffas. Following are the 5 steps needed to configure Yaffas:

1/5 Yaffas’ Wizard/Quick Setup will run on this initial configuration;

2/5 First proper step is to change your admin password;

3/5 Configure MySQL connection with credentials you created earlier;

4/5 Mail server settings, using your FQDN/hostname on Primary domain name. Other 3 inputs are only need if using smarthost;

5/5 This last step is critical. This will create your first user and enable local authentication. Only fill these inputs if your language is ENGLISH, otherwise leave them blank. Why? One might ask. Simple: By setting this now, Yaffas will also create Zarafa’s folders used by mails, calendars, tasks and contacts, influencing later steps, and you won’t be able to change them afterwards.

Using Yaffas
I won’t explain in every detail how to use Yaffas, just the common tasks and steps necessary to get your mail server up and running.

the-easiest-mail-server-is-also-the-best-6the-easiest-mail-server-is-also-the-best-7the-easiest-mail-server-is-also-the-best-8
anteriorpróximo
Now login to Yaffas using the “admin” username and your password. First thing you need to do is set your language. On the top-right section, in “Languages” menu.

When login to Yaffas, you’ll always land on “Information” page, a dashboard containing all the information you need to monitor your server, like memory usage, average load and file system stats. Behind that submenu is “Services”, a list of all the services pertinent to your mail server, you can start, stop, restart and remove services from boot easily. Also in this page you have system clock, clock sync server and power off/reboot tabs.

On that same menu, at the first item, you can configure SSL certs for your mail server. That’s a very nice tool which handles creation and signing of keys and certs. You’ll probably want a commercial cert, signed by a trusted authority. Yaffas got you covered here, you can easily upload your certs and everything will be automatically configured.

Create and Upload SSL certs
Create your certificate’s CSR and KEY files with:

openssl req -out cloudmail.com.csr -new -newkey rsa:2048 -nodes -keyout cloudmail.com.key

The certificate provider you choose will ask for the contents of CSR file generated above in order to create your certificate. Provide it and they will send you another file, a CRT file containing the proper certificate. Upload it to your server. Yaffas needs the contents of KEY and CRT combined into a single PEM file. You can do this with:

cat cloudmail.com.key yourcert.crt > cloudmail.com.pem

Now download this file back to your computer, go to Yaffas administration System > Certificate / Key Management > Upload Certificate, and upload your certificate.

Configuring Zarafa
Now go to Zarafa menu, Configuration submenu. Activate POP and IMAP, you can also configure the max size of attachments, default mail quota and days to keep mails in trash.

That’s all you’ll need to do for basic Zarafa configuration. Everything’s already set up.

Authentication method and user creation
Go to “Accounts” menu, “Authentication” server, and select the Local Authentication method, which is the local OpenLDAP server you have configured before.

In “User Management” you can create, edit and delete users. Go to “Add User” and enter your user’s username, First Name, Surname, email, password and of this user is a Zarafa admin. You can define individual mailbox quota or use the default quota you defined earlier.

Using Zarafa’s WebApp
Access Zarafa’s client (WebApp):

 

 

https://cloudmail.com/webapp

You can only login with your username (not the email) and password. Zarafa will ask you some basic information the first time you access it, the most important one being your language, which will define your whole interface locale. Configure it according to your needs.

Zarafa features a beautiful and easy to use AJAX interface, with email, calendar, contacts, tasks and notes.

Thunderbird integration
First we need to open Postfix’s secure ports 465 and 587:

nano /etc/postfix/master.cf

Remove # from submission … line, exit saving the file.

Create a new account in Thunderbird and it will probably detect all ports and set automatic configuration but it could complain about your username. This happens because Zarafa Gateway will also only login with your LDAP username and its not always the same as the prefix of your email.

For example, you have a user named johndoe with john@cloudmail.com as his email, in this case Thunderbird will assume that the username is john.

If this happens just fix your username and you are good to go.

Calendar and Tasks sync
Install Lightning add-on, which will handle Calendars and Tasks for Thunderbird: https://addons.mozilla.org/pt-br/thunderbird/addon/lightning/

To sync your calendar, create a new calendar in Thunderbird’s Calendar tab, selecting WebDAV method and using this location (and username/password):

http://cloudmail.com:8080/caldav
To sync your tasks, create another calendar, with this location (and username/password):

http://cloudmail.com:8080/caldav/username/tasks
The last piece of this link will depende of your language. If it is brazilian portuguese, it will be tarefas instead of tasks.

Contacts sync
Unfortunately, Zarafa does not come with a ready-to-use CardDAV, but thanks to ZeGuiGui (original author) and Bokxing IT (current developer) there is an add-on using SabreDAV addressing this. The current development is being made in GitHub. We need git to clone it from source:

apt-get install git

Now go to /var/www and clone the repo:

git clone https://github.com/bokxing-it/sabre-zarafa.git

Change the ownership of sabre-zarafa/data and sabre-zarafa/debug.txt to the webserver’s user:

chown www-data:www-data /var/www/sabre-zarafa/data

chmod 0750 /var/www/sabre-zarafa/data

chown www-data:www-data /var/www/sabre-zarafa/debug.txt

chmod 0640 /var/www/sabre-zarafa/debug.txt

Create Sabre-Zarafa Apache’s configuration file:

nano /etc/apache2/sites-available/sabre-zarafa

And put the content if this Gist inside it:

Now enable Apache’s mod_rewrite:

a2enmod rewrite

Enable the Sabre-Zarafa file:

a2ensite sabre-zarafa

Restart Apache:

service apache2 restart

Thunderbird also does not have any CardDAV support by default, but you can accomplish that with SOGo Connection add-on: http://www.sogo.nu/files/downloads/extensions/sogo-connector-17.0.4.xpi

Now open Thunderbird’s Address Catalog, go to “File”, “New”, “Remote Address Book”, enter a name for this Catalog, and this location:

http://cloudmail.com/sabre-zarafa/addressbooks/username/Contacts/
Like tasks sync, the last piece of this URL depends on your languages. Contacts if you speak english and Contatos, if you speak brazilian portuguese, for example.

That’s it. Now you have a complete mail server, with desktop mail clients and mobile exchange integration.