Chapter 2. Before Installing the SCOoffice Mail Server

Table of Contents

Planning a SCOoffice Mail Server Configuration
Number of Mail and Calendar Clients
Mail Quotas
Junk Mail Filtering
Optional SCOoffice Mail Connector for Microsoft Outlook
Calendar Options
Local or Remote LDAP Server
Component File Locations
Local System User Accounts
High Availability Journalling Filesystem
System Requirements
UnixWare 7.1.2 (Open UNIX 8) Requirements
Installation Options
How the SCOoffice Mail Server Alters Your System
Using SSL Certificates
Installation and Configuration Overview

This chapter presents important information you need to consider before installing the SCOoffice Mail Server:

Planning a SCOoffice Mail Server Configuration

We recommend that you consider the following factors before installing the SCOoffice Mail Server. Doing so will allow you to administer the SCOoffice Mail Server more efficiently and better accommodate the changing needs of your system:

Note

We recommend installing the SCOoffice Mail Server on a clean, freshly-installed system that is dedicated for mail server use.

Number of Mail and Calendar Clients

Estimate the number of mail clients your system must service for a reasonable period of time into the future. This will help you determining licensing and system hardware needs. Based on these decisions, you might also want to set mail quotas for client users.

Mail Quotas

The SCOoffice Mail Server allows you to set quota limits on the size of users' mailstores, which include their inboxes and folders. Default quotas can be assigned such that each new user's account is created with the same quota; to do so, set the DefaultQuotaLimit ACL (Access Control List) attribute as described in the msgaclset(8) manual page. Individual user mail quotas can be managed with the Server Manager as described in “Managing Mail Users”. Because there are no global controls for mail quotas, we recommend that you set quota policy before creating SCOoffice Mail Server users.

Junk Mail Filtering

The SCOoffice Mail Server provides protection against junk mail (unsolicited email or spam). Because filtering can be implemented globally or per user, we recommend that you set junk mail policies before creating mail client users.

The following mail filters can be controlled from administrative interfaces:

built-in junk mail filter

This simple filter diverts any mail not directly addressed to a SCOoffice Mail Server user or alias. Diverted mail can be sent to a folder or destroyed. This eliminates messages without a To: or CC: line; doing so prevents the delivery of Blind CC (bcc) messages, a major vehicle for unsolicited email. This filter is intended to be managed by individual users; when global access permissions are granted, users can turn the filter on and off, and can modify the behavior of the filter with exception lists. This filter acts when mail is delivered to individual mailboxes.

There are two levels of administrative control for this filter:

  • At the command line, a default value can be set using the msgaclset(8) --spamfilterenabled option, which turns it on or off at user creation. That is, if the default is set on, all users have filtering enabled when their accounts are created. Initial default settings can be modified using the msgaclset(8) utility; these settings cannot be managed globally.

  • In the Server Manager, users can be globally granted or denied permission to change their own junk mail settings. If granted, client users can use the Preferences Manager to turn filtering on or off and manage exception lists, as described in Chapter 5 “Avoiding Junk Mail”. The administrator can also manage individual client junk mail preferences manually with the msgusermod(8) utility.

Realtime Blackhole List (RBLSM)

This subscription service provided by Mail Abuse Prevention System LLC (MAPSSM) creates intentional network outages (blackholes) for the purpose of limiting the transport of known unsolicited mass email. RBL filtering takes place as mail is received by the SCOoffice Mail Server.

RBL access can be controlled in the Server Manager (in the System menu under Junk Mail) although you must subscribe to the service before mail is filtered. For more information, see the MAPS RBL website:

http://mail-abuse.org/rbl/

You can also configure Postfix manually to use RBL. For more information, see "Postfix Configuration - UCE Controls" in the Wietse's Postfix Project documentation.

Warning

RBL provides comprehensive and strict protection that is not appropriate for all mail systems. After initial RBL configuration, it is very likely that some legitimate messages will not be delivered to your SCOoffice Mail Server system until it is fully configured. You should familiarize yourself thoroughly with the RBL service before implementing it.

RBL and the BCC filter can be used together, because they are applied at different points in the mail delivery cycle. However, RBL is applied first and it is the stricter filter. Therefore, individual user's exception lists could only remove messages already filtered by RBL, not admit messages already excluded by RBL.

Many modern mail clients include their own junk mail filtering. These can also be used in conjunction with RBL and BCC filters, although mail client filtering takes place last in the mail delivery cycle and therefore exerts least control in a multi-filter environment.

You will probably want to use one of the following combinations of BCC filtering defaults and mail client user access permissions:

BCC filter defaultuser access filter behavior
ononFilter on for all users, individual users can turn it on/off and control exception lists.
offonFilter off for all users, individual users can turn it on/off and control exception lists.
offoffFilter off for all users, individual users cannot control filter; mail filtering must be handled by RBL or mail client software.

Optional SCOoffice Mail Connector for Microsoft Outlook

SCOoffice Mail Connector for Microsoft Outlook provides access to advanced features of Microsoft Outlook. SCOoffice™ Mail Connector provides complete mapping and synchronization of the user's mail and special folders to the Cyrus IMAP server using the IMAP protocol. MAPI is not used. This feature enables the sharing of the special folders such as calendar, contacts, journal, notes, and tasks. The sharing of the special folders marks the introduction of meaningful collaboration with Outlook on an IMAP based messaging platform. The collaborative features of Outlook that were once available only with Exchange are now available to SCOoffice Mail Server.

SCOoffice Mail Connector for Microsoft Outlook is a separately licensed product provided on a separate CD with the SCOoffice Mail Server product. See the documentation on that CD for more information.

Calendar Options

The SCOoffice Mail Server provides two calendar solutions:

Outlook "free/busy" calendar support

The SCOoffice Mail Server includes default support for the Microsoft Outlook "free/busy" calendar feature. When scheduling a meeting or other activity, this feature allows the person who is scheduling the meeting to see when others are free or busy.

SCOoffice Mail Connector for Microsoft Outlook

The calendar and other special folders in Microsoft Outlook can be shared using the optional SCOoffice Mail Connector for Microsoft Outlook. This feature permits users to access and update shared calendars. See “Optional SCOoffice Mail Connector for Microsoft Outlook” for more information.

When mail client users configure their Outlook software for the SCOoffice Mail Server using the Outlook Configuration Tool, calendar configuration information is downloaded automatically, including:

  • free/busy configuration.

Before installing and deploying a calendaring solution, we recommend that you consider these points:

  • Identify which client users are appropriate for the available solutions:

    • Outlook Free/Busy; Outlook only.

    • SCOoffice Mail Connector for Microsoft Outlook; Outlook only.

  • If you are deploying a new SCOoffice Mail Server installation, note that Outlook 2000 and Outlook 98 clients must be configured in Internet Email Only mode for Outlook free/busy calendaring, and in Corporate/Workgroup mode to use in the SCOoffice Mail Connector for Microsoft Outlook.

    Note

    Outlook 2002 (XP) clients automatically detect mode requirements, and do not have to be reconfigured.

  • If you require multiple calendar nodes, we recommend that you estimate the number of calendar users, group them logically, and create the nodes before creating SCOoffice Mail Server users. Otherwise, user accounts must be upated manually with calendar information.

For more information on SCOoffice Mail Server calendar solutions, see Chapter 6 “Calendar Configuration”.

Local or Remote LDAP Server

Determine whether the LDAP server component of the SCOoffice Mail Server will be located on the same host system as other SCOoffice Mail Server components or on a different system. LDAP is the only SCOoffice Mail Server component that can be located on a remote system. See “Configuring a Remote OpenLDAP Server” in the Administrator's Guide for more information.

Note

This is an advanced configuration procedure that requires extensive LDAP knowledge and experience.

Component File Locations

SCOoffice Mail Server components are installed in default locations. They can be moved, but doing so after the SCOoffice Mail Server is serving mail will cause a disruption in mail services. See Chapter 6 “Managing SCOoffice Mail Server Components” in the Administrator's Guide for more information.

Local System User Accounts

When you install the system that will host the SCOoffice Mail Server, you have the opportunity to create system user accounts, each of which has a user ID and associated login name. The SCOoffice Mail Server also uses its own mail User ID for IMAP authentication and other purposes.

During installation of the system on which you will run the SCOoffice Mail Server, we recommend that you not create accounts for any user for whom you intend a SCOoffice Mail Server account.

You can create system users with the same IDs as those used by the SCOoffice Mail Server. By default, email sent to the address username@hostname.domain.com will be delivered on the system to the file /var/mail/username. Email sent to user@domain.com will be sent to the SCOoffice Mail Server mail store. Note that the User ID is distinct from the first element of the email address and that they can be different from each other.

High Availability Journalling Filesystem

Filesystem journalling protects against data loss when a system unexpectedly loses power without the appropriate shutdown procedure. The EXT3 journalling filesystem is supplied as an optional filesystem with Caldera OpenLinux Server 3.1.1. The default filesystem on SCO Linux and UnitedLinux is the Reiser filesystem, which is also a journaling filesystem. The EXT3 journaling filesystem is optional on SCO Linux and UnitedLinux.

In a SCOoffice Mail Server environment, filesystem journalling affords the greatest protection to the Postfix queue directory (/var/spool/postfix), which contains email content. In addition, because most files do not remain long in the volatile mail queue, they are usually written only to the journal and deleted from there, with negligible performance overhead.

To take full advantage of journalling filesystem high availability, you will probably want the Postfix queue directory on a separate partition. If so, you must configure this partition before installing the SCOoffice Mail Server.

To implement filesystem journalling on a SCOoffice Mail Server system, we recommend that you:

  • Use data=journal journalling mode for the $queue_directory (usually /var/spool/postfix)

  • Mount the $queue_directory using the noatime option. Postfix disregards inode access times, so there is a small performance gain by setting this option.

  • Use the chattr(1) command to set the filesystem for synchronous updates:

    chattr -R -S /var/spool/postfix

  • Do not use data=journal journalling mode for the /var/log directory. The default mode affords the same protections for appended files, and it is faster. This usually means separate partitions for /var/log and /var/spool/postfix.

  • Disable the write-cache for your drive:

    hdparm -W0 /dev/hda

  • Use the elvtune(8) utility to tune disk performance and interactiveness:

    elvtune -r 4096 -w 8192
    On soft-RAID devices, you need to use elvtune on each physical drive.

For example, after following these guidelines the mount(8) command would show a configuration similar to the following:

/dev/hda3 on /          type auto (rw,errors=remount-ro)
/dev/hda1 on /boot      type ext3 (rw)
/dev/hda6 on /var/spool type ext3 (rw,data=journal,noatime)
/dev/hda7 on /var/log   type ext3 (rw)

For more information about onfiguring journalling filesystems with Postfix, see:

http://www.stahl.bau.tu-bs.de/~hildeb/postfix/ext3.shtml

System Requirements

Platform:Any of the following:

- SCO Linux
- UnitedLinux
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Server 3.1.1
- UnixWare 7 with Linux Kernel Personality 
  (including Open UNIX 8)

RAM:

minimum 64Mb system + 1Mb per user,
512Mb recommended (in addition to 
platform requirements)

Disk space:

minimum 40Mb system + appropriate 
mailbox allocation per user (in 
addition to platform requirements)

Networking:

TCP/IP networking with DNS name
resolution configured

Installation profile:

OpenLinux or LKP: ‘Web Server’ or 
‘All Packages’ 

 

SCO Linux: ‘Default System for SCO Linux’ or
 ‘Default System for UnitedLinux’

Language support:English, French, German, Italian, Polish, and Spanish

Note

We recommend installing the SCOoffice Mail Server on a clean, freshly-installed system that is dedicated for mail server use.

Compatible software products (such as calendar and backup solutions) may have additional RAM and disk space requirements.

Your designated SCOoffice Mail Server system must also satisfy basic system requirements. In particular:

  • Caldera OpenLinux 3.1 and greater includes the 2.4 kernel compiled to support up to 64GB of RAM. As a result, the kernel and Caldera OpenLinux (and hence the SCOoffice Mail Server) will only function on systems that support the PAE (Physical Address Extensions) standard. Such CPUs include the following:

    Intel Celeron
    Intel Pentium Pro
    Intel Pentium II
    Intel Pentium III
    Intel Pentium 4
    AMD Athlon
    AMD Duron
    AMD Thunderbird
     
    
  • Although UnixWare 7 and SCO Linux run on the following CPUs, Caldera OpenLinux running under LKP does not run on them or on anything earlier:

    Intel Pentium
    Intel Pentium MMX
    AMD K6 and K6 2

For more information, see:

Do not attempt to install the SCOoffice Mail Server on a system with a Microsoft Windows® operating system already installed. The installation will fail in unpredictable ways. The autorun.inf facility is included on the media distribution only for the purpose of displaying release documentation.

To ensure that RPM packages required by the SCOoffice Mail Server are already on your system, select the webserver installation profile (or All Packages). Other profiles do not contain the full set of RPM packages required by the SCOoffice Mail Server. This is required for both native and LKP installations. On SCO Linux, simply accept the default package selection during installation. If you choose to alter the package selection, select one of the Default System configurations.

The following RPM packages are required by the SCOoffice Mail Server and should not be removed from your system:

apache
apache-devel
apache-doc
libpam
libpam-devel
openldap
openldap-devel
openssl
openssl-devel
openssl-devel-static
pam_ldap
perl-modules
php
php-doc

Warning

The SCOoffice Mail Server reconfigures these packages. Do not recompile or update them except as documented for product upgrades; doing so might disable the SCOoffice Mail Server.

We recommend that you use one of the following browsers for both administrative and client use:

  • Internet Explorer Version 5 or greater

  • Netscape Communicator 6 or greater

Netscape Communicator 4.7 can be used, although some features of the SCOoffice Mail Server graphical interfaces are not functional with this browser.

UnixWare 7.1.2 (Open UNIX 8) Requirements

Open UNIX 8 Supplement

We recommend that you download and install the following supplement before installing the SCOoffice Mail Server on your Open UNIX 8 system:

ou800pk4: Open UNIX 8 Release 8.0.0 Maintenance Pack 4

Fixes several performance and security problems. You must install the Maintenance Pack after installing LKP to ensure that the LKP fixes in the Maintenance Pack are installed.

It is available from the:

SCO website

http://www.sco.com/support/ftplists/ou8list.html

SCO ftp site

Enter ftp -p ftp.sco.com and change directories (cd) to pub/openunix8.

Note

You must invoke ftp in passive mode (that is, with the -p option).

Before installation, familarize yourself its cover letter. If you have already installed the SCOoffice Mail Server on your Open UNIX 8 system, the supplement can be safely installed to correct performance and logging problems after the SCOoffice Mail Server has been installed and configured.

After installing ou800pk4, use the following procedure to enable Linux syslog logging on your Open UNIX 8 system:

  1. As root, edit the file /unixware/etc/init.d/linuxrc and remove all occurences of the string K99syslog and S01syslog. This will enable Linux syslog to be started at boot time.

  2. Run the linux command to enter the LKP environment, then enter:

    cd /etc/rc.d/init.d
    ./syslog stop
    ./syslog start

    By default, Postfix logging will now be saved in the file /var/log/mail and Cyrus logging in the file /var/log/imap.

 

EELS Conflict with IMP Webmail Components on Open UNIX 8

The Enhanced Event Logging System (EELS) should not be installed on an Open UNIX 8 system with the SCOoffice Mail Server. EELS blocks port access for the mysql database, upon which the IMP webmail system depends. If you intend to implement IMP webmail on an Open UNIX 8 SCOoffice Mail Server, EELS must not be present on your system.

Installation Options

The SCOoffice Mail Server installs on :

  • SCO Linux and UnitedLinux natively

  • Caldera OpenLinux natively

  • Caldera OpenLinux under Linux Kernel Personality (LKP) for UnixWare 7 (including Open UNIX 8).

SCOoffice Mail Server operation and performance are equivalent on these platforms with comparable hardware and networking.

SCOoffice Mail Server Release 2.0 can also be installed:

on an existing SCOoffice Mail Server system

SCOoffice Mail Server Release 2.0 will detect your previously installed SCOoffice Mail Server release and upgrade it to the current version. It is not necessary to install or remove SCOoffice Mail Server maintenance packs before upgrading your system. For more information, see Chapter 3 “Installation and Removal”.

 
from the command line

SCOoffice Mail Server Release 2.0 can be installed in non-graphical mode from the command line using the install.sh -c option. For more information, see “Non-Graphical Installation and Upgrade”.

How the SCOoffice Mail Server Alters Your System

The SCOoffice Mail Server adds the following RPM packages to your system:

PackageDescription
msgSCOoffice Mail Server framework
msg-docSCOoffice Mail Server documentation
cyrus-imapdCyrus IMAP server
cyrus-saslCyrus SASL (Simple Authentication and Security Layer)
db3 (OpenLinux and UnixWare only)Berkeley DB programmatic toolkit
db3-devel (openLinux and UnixWare only)Berkeley DB header files, libraries, and documentation
dracDynamic Relay Authorization Control
gqGQ graphical browser for LDAP
horde (SCO Linux only)Horde PHP application framework
imp (SCO Linux only)Internet Messaging Program web mail
perl-Convert-ASNASN.1 Encode/Decode library for perl
perl-IMAP-AdminIMAP-Admin module for perl
perl-ldapperl interface modules for LDAP servers
postfix (OpenLinux and UnixWare only)Postfix Mail Transport Agent (MTA)

SCOoffice Mail Server components install by default on a single system. If you want to configure the SCOoffice Mail Server to use a remote LDAP server, see “Advanced OpenLDAP Configuration” in the Administrator's Guide.

Warning

The open source software packages listed here have been adapted for use on a SCOoffice Mail Server system. They should only be updated by SCOoffice Mail Server releases. Installing them from other sources, including non-SCOoffice Mail Server Linux distributions, might disable the SCOoffice Mail Server.

The SCOoffice Mail Server removes the following components from your system during installation:

sendmail™

Including the sendmail, sendmail-cf, and sendmail-doc packages. Configuration parameters of this and other MTAs will conflict with those of the SCOoffice Mail Server Postfix MTA. In addition to sendmail, conflicts have also been noted with qmail.

imap™

Including the imap and imap-devel packages. Configuration parameters of this and other IMAP or POP servers will conflict with those of the SCOoffice Mail Server Cyrus server.

Warning

Reinstalling any of these packages or installing new versions of them from other distributions will disable the SCOoffice Mail Server.

The SCOoffice Mail Server installation on UnixWare 7 sets the following kernel tunable parameters for the components specified:

Apache
  • SHMMAX 655576064

  • SHMSEG 15

Postfix
  • SDATLIM 0x7FFFFFFF

  • HDATLIM 0x7FFFFFFF

  • SFNOLIM 2048

  • HFNOLIM 2048

  • SVMMLIM 0x7FFFFFFF

  • HVMMLIM 0x7FFFFFFF

  • SHMMNI 1000

  • ARG_MAX 1048576

  • SFSZLIM 0x7FFFFFFF

  • HFSZLIM 0x7FFFFFFF

  • MAXULWP 65000

  • SSTKLIM 0x3FFFFFF

  • HSTKLIM 0x3FFFFFF

  • MAXLINK 32767

  • NBUF 128

  • NHBUF 32

  • MAXUP 5000

  • NPROC 12500

UNIX Domain Sockets
  • In /etc/conf/sdevice.d/ticots:

    ticots   Y   2048   0   0   0   0 \
      0   0   0   -1

Note

The installation log records this tuning activity as errors; these errors can be safely ignored.

Additional kernel tuning might be required on your UnixWare 7 system. For more information, see the Getting Started Guide in UnixWare 7 and the SCOoffice Mail Server Late News.

Using SSL Certificates

The SCOoffice Mail Server provides SSL (Secure Socket Layer) configuration by default using demonstration keys. Existing demonstration keys are backed up during the Release 2.0 installation and upgrade.

We recommend that you acquire a signed certificate and key before bringing your SCOoffice Mail Server into production. For more information, see “Enabling SSL” in the Administrator's Guide.

Installation and Configuration Overview

The basic steps to install and configure the SCOoffice Mail Server are:

  1. Plan your SCOoffice Mail Server deployment and review the “System Requirements” discussed in this chapter.

  2. Install the base platform using the web server profile as described in your platform documentation.

  3. Install the SCOoffice Mail Server as described in Chapter 3 “Installation and Removal”.

  4. If desired, install compatible software components.

  5. Point your web browser at https://hostname/msg to access the Server Manager interface, as described in Chapter 4 “Administering the SCOoffice Mail Server”.

  6. Log in to the Server Manager as admin with the password admin and change the password for this administrative account, as described in Chapter 4 “Administering the SCOoffice Mail Server”.

  7. If desired, use the msgaclset(8) utility to set default mail quotas and junk mail filtering before adding user accounts.

  8. If compatible software products are installed, configure them as desired before adding user accounts.

  9. Use the Server Manager to configure and administer your SCOoffice Mail Server mail system, adding user accounts, aliases, and domain arrangements as desired, as described in Chapter 4 “Administering the SCOoffice Mail Server”.

  10. Configure users' mail client software by instructing them to connect to https://hostname/msg from their desktop computers using personal user accounts and passwords, as described in Chapter 5 “Administering Mail Client Users”.

Consult the remainder of this document and the Administrator's Guide for more detailed instructions.