Linux Administrator’s Guide
Scalix email and calendaring, HP OpenMail, and Samsung Contact: these three names stand for some of the most powerful open-source-based groupware solutions available. This book sets out to explain their fundamentals to Linux administrators.
Since the early 90s, Hewlett Packard had earned many awards for its mail server, and OpenMail was said to be more scalable, reliable, and better performing than any other mail and groupware server. After only a few years, the product had managed to conquer the United States’ fortune 1000 almost entirely. Scalix Inc., a member of the Xandros family, has continued this story in the last years: several reviewers claim that it has better Outlook support than MS Exchange.
With the right know-how, Scalix can be easily managed. Several thousand mailboxes are possible on a single server; Web-GUIs and command line tools help the administrator; and Scalix integrates easily with other professional tools, be it OpenVPN, Nagios monitoring or others.
During its history of almost 20 years, many tools and programs were developed for Scalix to help the admin in his/her daily work. While the official documentation has several thousand pages, which are not all up-to-date, this book tries to give a detailed overview from installation to advanced setups and configuration in big companies.
With this book, I want to provide both a concise description of Scalix’ features and an easy-to-use introduction for the inexperienced. Admins, consultants, and teachers will all find this book a helpful base for daily work and training. Though there are many other possible ways to success in the described scenarios, the ones presented have been tested in many setups and have been selected for simplicity reasons.
High-end email and groupware is a domain where only few vendors can provide solutions. This is not the realm of Microsoft, and it has never been. It is where companies like HP, Novell or Scalix offer reliable and scalable products. And, Scalix is the only one that has licenced parts under a free and open-source licence. The software is free for up to 10 users, easy-to-use, and offers a lot of possible features ranging from caldav or syncml to clusters.
What This Book Covers
Chapter 1 will cover how email became a communication standard, what RFCs are, and where you can find the relevant ones. After a short glance on how email works, the related protocols: SMTP, POP, IMAP, and MAPI are explained in brief as well as LDAP, X500, MIME, and SOAP. An overview of the groupware market, including the various definitions of the latter by different vendors closes the chapter.
Chapter 2 will start with the history of Scalix groupware. We’ll see what a mail node is and where to get more information on Scalix terms like the indexing server, daemons, and services. The chapter will also deal with the protocols supported by Scalix, the
license involved, and the packages offered by Scalix.
Chapter 3 describes the standard installation of Scalix software on OpenSUSE 10.2 and Fedora Core 5.
Chapter 4 deals with advanced installation techniques. First, you will learn about how to get the graphical installation on Windows systems by using NoMachine NX Terminal software. The second part of this chapter shows a typical text-based installation. As an example, we show how the graphical installer is used to correctly uninstall a Scalix server. The last example shows upgrading and reconfiguration of the Scalix server.
Chapter 5 deals with the Scalix Administration Console (SAC). We will take a short tour through the interface, add a first user, and have a closer look at the available configuration options.
Chapter 6 will cover how to deploy Scalix Connect for Microsoft Outlook, to your Windows clients. After that, the integration of the supported Scalix groupware client Evolution and other IMAP mail clients is shown.
Chapter 7 covers the most important configuration files and commands of Scalix.
Chapter 8 deals with standard Scalix monitoring tools and the integration of Scalix in your centralized Nagios monitoring. After some details on Scalix administration programs like omstat and omlimit, we see how Outlook clients can be monitored. In the end, some of our Nagios scripts and configuration files serve to add another host to an existing Nagios configuration.
Chapter 9 will deal with several recommendations that make your Scalix server safe—like minimizing the number of services running and listening. We will set up a firewall that allows Scalix users to connect. After that we will set up Stunnel to provide SSLencrypted Scalix services. Then, we will use OpenVPN to protect the server. Last but not least, we will have a look at the services running and discuss advanced possibilities of securing the server.
Chapter 10 will discuss how to backup and restore a Scalix mail server—for small and large environments.
Chapter 11 will cover how to administrate Scalix in sync with data stored in remote directories. This chapter starts with an explanation of how Scalix delivers its information in LDAP-style and rounds up with a guide on how to integrate Scalix with an external
Microsoft Active Directory.
Chapter 12 starts with questions that you have to ask yourself before you set up any multi-server environment with Scalix. After that, we see two examples as to how a High Availability (HA) setup might look like.
Chapter 13 will cover how to integrate measures against spam and viruses in Scalix.
Bibliography contains a comprehensive list of all the links used through out the book.
First Steps with Scalix Admin Console and Scalix Web Access
This chapter deals with the Scalix Administration Console (SAC). This web interface is the central point of administration for the Scalix server. User, group, and resource management are done here as well as controlling services and settings. In this chapter, we will take a short tour through the interface, add a first user, and have a closer look at the configuration options available for him/her. Towards the
end, we will test the account by logging into the web client, and sending (and receiving) emails.
SAC at a Glance
Point your Browser to the URL of your Scalix server, following this syntax:
http://<servername>/sac. A pop-up window with the Administration Console Login is opened. If you are using Firefox or another browser with pop-up suppression, perhaps the configuration will need some corrections. Allow the Scalix server to open popups. In Firefox, you can easily configure this by clicking in the yellow bar on top of the displayed page. Other browsers may require editing the preferences. Otherwise, Scalix will provide a web page for you with a link, which opens the Admin Console in the same browser window.
On Scalix 11, the Scalix Administration Login looks like this:
Enter the Administrator’s name in the field Login ID, exactly as configured during installation. Activate the reminder that you are connected via http and not through https by clicking on option field Not using a secure https connection. Once we have configured https for Scalix, the login dialog will not provide this option anymore.
However, enabling https is not that easy, and therefore not standard in Scalix, except for the installations on Red Hat Enterprise. We will deal with this topic later in the chapter on Security.
Click on the button Login to start the Administration console.
A First Look Around
- A menu with icons called Toolbar
- A list view on the lower left named Contents Pane and
- The main window on the right, called Display Pane
The icons in the menu bar let you choose the administration task you want to accomplish, the content pane lists the possible entries that can be edited, and the options and parameters of a selected entry are presented in the display pane.
By clicking on one of the icons on the Toolbar, you can access the different sections of the Scalix Administration Console. The first three sections are about users, groups, and resources, and will be used in daily administration for adding, deleting or modifying these objects. The section Plugins offers a management GUI for your own or third-party Scalix plug-ins. The Server Info icon leads to a concise list of running services, where the administrator can set the log level of these services and browse through the services’ log files. The Settings Icon allows you to set preferences for the server and new users. A concise online help is available, and the icons Refresh and Logout complete the menu bar’s icons.
Navigating in the Admin Console
A nice gadget in SAC is the little icon on the top left of the main window.Surrounded by four arrows, this icon displays the icon of the current section and enables the administrator to navigate in a quick and easy manner through the administration console.
Clicking the up or down arrows will select and activate the next entry upwards or downwards in the list view to the left, and the left/right arrows navigate you back and forth in a browser-like fashion.
Users, Groups, Resources…
Now click on the Users icon in order to switch to the user management dialog. Click on the entry of the only user present at this time, sxadmin.
For every user, there are six tabs where the user information is stored. The tab General holds the most important information: Username, Display Name, and Email address. This information is all that is necessary to add an user and use the new account. The other tabs contain contact information, group memberships, and administrative delegations. The mailbox quota, that is the amount of storage that the
user’s account may sum up to, is configured in the Mail dialog. On the Advanced tab, the administrator can add a role to the user, decide whether this user is a Standard or a Premium User, and give him a different authentication ID.
There are other features in the Admin Console that you will be using frequently once you are master of some Scalix users. One of them is probably the button Change Password on the lower right corner leading directly to the password dialog. This button is present in every user’s configuration dialog.
Filtering the List
In a large environment, the list view can be very long, and it may be tricky to find a user, group or resource in time. Thus, Scalix offers filters that can be combined and configured to reduce the displayed objects to a manageable amount. In the standard setup, a drop-down menu allows you to select the displayed user type, with special features like Logged in Users. Specifying a part of the username in the Name field will automatically display only the usernames in the list fitting to this mask.
The Edit button filter on the top right edge of the list pane is an especially useful helper in large environments. Normally, Scalix only returns the first 100 entries, but this can be configured. Here, the administrator may define extended filter criteria to avoid long listings ,for example, of users or groups. Click on it to receive the following dialog:
Because a typical Scalix environment may consist of several thousand users, the Admin Console can manage a scenario consisting of multiple Scalix servers and mailnodes. Each arrow that you set in this tiny dialog adds a drop-down menu or entry field to the list of available filters in the list view. This co nvenient feature enables the administrator to search and find a user much faster than in any other groupware solution I know.
Adding a User
Let’s ad d a first user now. Click on the Users icon in the menu bar, and then on the Create User(s) button in the lower half of the list view. Again, a pop-up window appears. It is called Create New User and offers several fields where the administrator
can enter the user data. All that is needed for a new user is a name, an email address, and a password. The email address is generated automatically from the user name and the domain name, so all we need to enter here is our name and a password:
Nevertheless, the adminisrator can choose several interesting settings here. One of them is selecting the user type. Whereas a Scalix Premium user has full access to the groupware (including MS Outlook), the Standard user will only have groupware in the Scalix webclient. An Internet mail user is barely an entry in the global address book for an email account for SMTP, POP, and IMAP.
Four options in the lower half can be either checked or unchecked. Locking new users or forcing them to change passwords on first login are features that may be useful for security aware administrators. If you do not want the new user to access the Scalix Web client SWA (Scalix Web Access), then deselect this arrow.
Like some other groupware servers, Scalix supports delegating email features to a colleague while the user is on holiday. Identifying the sender in a delegate’s outgoing mail may be tricky, and thus there is a feature enabling special headers in the email that contains information on the sender. If you check the setting Add Sender header to delegate’s outgoing messages, any mail sent from this user on behalf of someone else will contain a header identifying him.
Click on the Next button to proceed. The dialog window contact information holds eighteen fields where you can enter administrative user data like telephone number, department or address.
If the option Display in address book is checked, the data entered here will be displayed in the Scalix address book and is thus available to other users. Click on the Next button again.
In the last dialog, during creation of a user, the administrator may choose the groups that the new user is a member of. After installation, there are only four groups available with different functions. The members of these groups have special administrative rights, which our standard user does not need.
Click on the button Finish to complete the process of adding a new user to the Scalix system. By the way, you can click this button at any time. Once you have entered a user name and a password, then you do not need to enter any address data.
The Scalix administrator can access all user data at any time later via the Scalix Admin Console. All dialogs are present, identically, in the user management. An admin is allowed to edit user name and user data, and there are some small but useful features.
Playing with Filters
This might be a good time to play with the filters: In the field Name in the list view, enter one or more letters that are different from the one your user’s name starts with. The user will then disappear from the list. In the example above, if I type “, the user
sxadmin will vanish from the list, and after having typed Mart, my list is empty.
Do you notice the little crown on the head of the new user? Scalix Premium Users can be identified by this cap and a green shirt. Standard Users like the admin account sxadmin are dressed in blue.
The Scalix user management offers some more features worth mentioning. If you click on the Add Address button, additional email addresses for this user account are added. You can add addresses and collect the email on one particular account. Simply select real name, user part, and domain part of the email address. The drop-down menu shows that Scalix is capable of administrating multiple domains on one server.
In the dialogs Member of and Manager of, this user can be assigned as a member or manager of Scalix groups. Click on the Advanced tab to edit the user’s login name.
In Standard setup, Scalix uses the full email address as login name for all access to the Scalix system. This makes perfect sense for most users, because they only have to remember the email address and password. However, being lazy, I prefer a handy, short login name like “mfeilner” in addition to the email address [email protected] Especially, since the Scalix login is case sensitive.
Enter the login name for this user in the field Authentication ID. There are three other interesting options on this page:
- Under some circumstances, for example if a user has met the maximum amount of failed logins, his account will be locked. This is marked in the Scalix Admin Console by an arrow in the check box is locked. Un-checking this checkbox may be a regular administrative task for users with a bad memory, but sometimes if you want to lock out a user, this is the right place to do so.
- With Smart Cache, a copy of the mailbox is stored on the user’s client. Smart Cache can be enabled or disabled globally or on a per-user base. Enabling the Smart Cache is a task that may take some time for large mail boxes, but it is worth it. However, if you decide to let some users have other caching settings than the server default, please note that this cannot be reversed anywhere other than from the command line.
- Indexing speeds up most of Scalix groupware actions. The index contains meta information on mail, contacts, and appointments helpful for searches. However, such an index needs to be built before it can be used. The Scalix Indexing Service (SIS) builds this index automatically. This dialog allows the administrator to deactivate the Indexing Service for a single user. The Recreate SIS index button helps if you receive error messages about a corrupt index.
Testing the New Account—Logging into SWA
Immediately af ter clicking on the button “Save” in SAC, the user can log in to the web client (or connect through Outlook) using his short ID. The URL of the webmailer is simply http://<servername>/webmail, in our example setup, it is http://scalixbook.org/webmail.
The Scalix Web Access (SWA) is a full-featured standard Webclient. It supports drag’n’drop actions in Ajax-style and has a front end that is very similar to Outlook, which makes it easy for newbies. Again, a menubar is accompagnied by a list view and a main window. Furthermore, a calendar view at the bottom rounds up this groupware client. The proprietary versions of SBE and EE, contain some features that are very helpful to Admins of larger companies. Perhaps the most valuable option is the Recovery folder that every user has by default. This folder contains all deleted emails for the last week. This may significantly reduce the amount of calls from your users.
Sending the First Email
Our server is c onfigured, the user account has a mail address, and the user is logged in. All that is left to do is checking if the user can send and receive emails. Click on the New button to start editing your first email. A pop-up window with the title “New Message” will appear. As you can see, the editor window is kept as close to the Outlook look and feel. By the way, both HTML and clear text email are supported.
In the first step, local delivery is checked: Enter your own email address in the To: field, some text in the subject and the body of the mail and click on the button Send. Don’t hesitate to click on the Button Send/Recieve in SWA. The mail is being delivered locally, so it should be in the Inbox instantaneously. Unread messages are displayed in bold characters.
Second step, test the email functionality from and to the outside world. Send an email from either of the configured mail addresses to an external recipient and confirm the success. Answer to the emails and check your Inbox. In most cases, Scalix simply works after installation.
In this chapter, we learned how to start and use the Scalix Administation Console. We added a user, looked at advanced filter and search criteria, and changed some advanced settings for this user. After that we logged in as the new user and tested the Scalix server by sending a local email.