2015-03-14 OpenChange on Centos6
OpenChange is a nice project, but the installation directions on Centos6 are weak, inconsistent in places, and just wrong in some details. openchange.bash is a script that is intended to produce a fully functional OpenChange/SOGO installation starting with a default installation of Centos6. Note that SELinux is NOT disabled.openchange.bash phase0 openchange.bash phase1 "CHANGEME" "password.change.me!" # create and install signed ssl certificates openchange.bash phase2 openchange.bash makeauser 'username' 'password'
The installation generated by this script is intended to be used as a Microsoft Exchange replacement mail server. It is not really designed as a general file/print server, but I have also not spent time specifically disabling those features. It uses sendmail/dovecot for smtp/imap mail handling. Spam and virus filtering is done with dnsbl/amavis/spamassassin/clamav. Samba provides active directory services and authentication. Sendmail smtp/auth uses saslauthd which uses samba via ldap for authentication. Dovecot uses samba via ldap for authentication. Webmail is handled by Sogo, which uses samba via ldap for authentication.
| Port | Usage |
|---|---|
| 22 | SSH for remote management |
| 25 | Sendmail smtp MTA |
| 53 | Samba dns service; /etc/resolv.conf points to localhost. |
| 88 | Samba kerberos service |
| 135 | Samba dce/rpc end point mapper service |
| 137 | Samba (udp) |
| 138 | Samba (udp) |
| 139 | Samba file/print service |
| 143 | Dovecot imap service |
| 389 | Samba ldap/AD service |
| 445 | Samba file/print service |
| 464 | Samba kerberos kpasswd service |
| 587 | Sendmail smtp MSA |
| 631 | Cups printing (udp) |
| 993 | Dovecot imap over SSL service |
| 1024 | Sampa dynamic rpc port |
| 3268 | Samba global catalog |
| 4190 | Dovecot sieve service |
| 20000 | SOGO |
Unresolved issues:
- Samba picks up the original dns server from /etc/resolv.conf and saves it in /etc/samba/smb.conf as a forwarder. I am not sure where that happens.
- It is not clear how (or if it is even possible) to configure ocsmanager to use samba via ldap for authentication. The only example attempts to fetch a clear text password from an ldap database.
- This says that we need Dovecot 2.1 to avoid proxying. It is unclear if the later words This implies that the IMAP server must accept any passwords from the host on which Samba is running apply even if we get Dovecot 2.1. Centos 6 currently has Dovecot 2.0.9, which does not support the UIDPLUS or QRESYNC extensions. Fedora has Dovecot 2.2 available, so I will try to rebuild that for Centos 6.
Resolved issues fixed in the openchange.bash script:
- /etc/sysconfig/clock contains the time zone. On Centos, that might contains spaces, but SOGO chokes on that. Even though /etc/sogo/sogo.conf contains a time zone setting, SOGO is picking it up from /etc/sysconfig/clock. The install script ensures that your time zone does not contain spaces.
- The samba rpm does not include the SysV init script, so the openchange.bash script creates one.
- The openchange-ocsmanager rpm does not include the python mapistore.so object. See http://www.sogo.nu/bugs/view.php?id=3012 for details. The openchange.bash script downloads the openchange source and does a partial rebuild to generate that object.
- Memcached and mysql are configured to only listen on localhost.
- The memcached rpm from rpmforge/extras fails to create the /var/run/memcached directory.