yaffas documentation


Table of Contents

1. Installation
1.1. System requirements
1.2. Procedure
1.3. First steps
1.4. Additional Steps
1.5. Updating
1.6. Opening the administration web interface
1.7. Usage
2. System
2.1. Services
2.2. Certificate / Key Management
3. Network
3.1. Configuration
3.2. SNMP
4. Accounts
4.1. Authentication Server
4.2. User Management
4.3. Group Management
4.4. Admin password
5. Maintenance
5.1. Save Configuration
5.2. Log file viewer
5.3. Notification
5.4. Support
6. Mailserver
6.1. Fetchmail Mail Retrieval
6.2. Mailserver Configuration
6.3. Mail Queue
6.4. Mail Alias Configuration
6.5. Security
6.6. Bulk Mailing
7. License
7.1. Zarafa Subscription
8. Zarafa
8.1. Groupware Configuration
8.2. Resources
8.3. Zarafa Setup
8.4. Allocation of Email Addresses
8.5. Zarafa WebAccess/WebApp
8.6. Zarafa Backup
8.7. Microsoft Outlook Connection
8.8. Backup Path

Chapter 1. Installation

yaffas has to be installed on a freshly set up Linux distribution. At the moment Ubuntu 10.04/12.04, Debian 6/7 and Red Hat 5/6 are officially supported. The following steps describe how yaffas can be installed. There are packages available for both 32bit and 64bit architectures.

1.1. System requirements

  • Ubuntu Server 10.04/12.04, Debian 6/7 or Red Hat Enterprise Linux 5/6
  • Correctly configured fully qualified hostname
  • Static IP address

yaffas can be installed on a preconfigured Zarafa system, however, please be aware that your configuration will be overwritten and that you can loose your data!

Please also make sure that your MySQL password does not contain a hash sign (#) since there is a problem with the current configuration management.

1.2. Procedure

yaffas can be installed from the repositories described below for the two supported Linux distributions.

1.2.1. Installation on existing server

Right now the installation on an existing server is not recommended and not supported. Before considering to go this way, either wait for one of the next releases or install on a clean machine and migrate your data to the new system.

If you still wish to install it on an existing server make sure you have a backup or make a copy of your actual machine.

To install yaffas on such a system, install the packages as described below, but skip the installation wizard (change /opt/yaffas/etc/webmin/webmin.acl symlink to point to webmin.acl-global instead of -setup), as it would delete all your data.

You will have to do several configuration changes on your own. You can figure out the necessary details by inspecting the relevant resources (/opt/yaffas/share/yaffas-upgrade/, /opt/yaffas/share/yaffas-ldap/, and the source code of the packages as found on http://www.github.com/bitbone/yaffas/).

We invite you to ask for community support for this installation path, which we will monitor closely on the forum and possibly create a standardized procedure from this.

1.2.2. Ubuntu Server

Adding required repositories

Add the following repositories in order to install yaffas and required dependencies via the standard apt commands.

Ubuntu 10.04 LTS

echo "deb http://repo.yaffas.org/releases/latest/lucid ./" >> /etc/apt/sources.list

Ubuntu 12.04 LTS

echo "deb http://repo.yaffas.org/releases/latest/precise ./" >> /etc/apt/sources.list

Ubuntu 14.04 LTS

echo "deb http://repo.yaffas.org/releases/latest/trusty ./" >> /etc/apt/sources.list

Please also ensure that the universe repository is enabled (check via grep universe /etc/apt/sources.list).

[Note]

If you need a proxy to download from internet, just set the "http_proxy" variable

export http_proxy="http://<user>:<password>@<your-proxy>:<port>"
export HTTP_PROXY="$http_proxy"

You should later make this setting permanent by setting the proxy in the user interface (Network > Configuration > HTTP Proxy). This will also ensure that all supported services can properly use the proxy (such as ClamAV’s freshclam).

Import package key

wget -O - http://repo.yaffas.org/repo.deb.key | apt-key add -

Install the packages

apt-get update
apt-get install yaffas

This will install yaffas base modules and zarafa.

During the installation zarafa, mysql, openldap, postfix and many other dependencies are installed.

The package manager will usually ask questions for some packages. You can skip all of these by pressing "enter" when the dialog pops up. The configuration of these will be done by the yaffas installation procedure later.

Only if you are asked for a MySQL server root password you should enter a password and note it down as you will be asked for MySQL credentials when first using yaffas.

images/en/1_mysql_thumb.png images/en/2_mysql_repeat_thumb.png

Leave the LDAP configuration values without changes:

images/en/3_ldap_thumb.png images/en/4_ldap_thumb.png images/en/5_ldap_thumb.png images/en/6_ldap_thumb.png images/en/7_ldap_thumb.png images/en/8_ldap_thumb.png images/en/9_ldap_thumb.png

For postfix configuration select the "local only" type:

images/en/10_postfix_thumb.png images/en/11_postfix_thumb.png images/en/12_postfix_thumb.png

Use the default values for kerberos configuration:

images/en/13_kerberos_thumb.png images/en/14_kerberos_thumb.png images/en/15_kerberos_thumb.png

1.2.3. Debian 6 and 7

Adding required repositories

Just add our repository as described below in order to install yaffas and required dependencies via the standard apt commands.

For Debian 6:

echo "deb http://repo.yaffas.org/releases/latest/squeeze ./" >> /etc/apt/sources.list

For Debian 7:

echo "deb http://repo.yaffas.org/releases/latest/wheezy ./" >> /etc/apt/sources.list
[Note]

If you need a proxy to download from internet, just set the "http_proxy" variable

export http_proxy="http://<user>:<password>@<your-proxy>:<port>"
export HTTP_PROXY="$http_proxy"

You should later make this setting permanent by setting the proxy in the user interface (Network > Configuration > HTTP Proxy). This will also ensure that all supported services can properly use the proxy (such as ClamAV’s freshclam).

Import package key

wget -O - http://repo.yaffas.org/repo.deb.key | apt-key add -

Install the packages

apt-get update
apt-get install yaffas

This will install yaffas base modules and zarafa.

During the installation zarafa, mysql, openldap, postfix and many other dependencies are installed.

The package manager will usually ask questions for some packages. You can skip all of these by pressing "enter" when the dialog pops up. The configuration of these will be done later by the installation wizard.

Only if you are asked for a MySQL server root password you should enter a password and note it down as you will be asked for MySQL credentials when first using yaffas.

images/en/1_mysql_thumb.png images/en/2_mysql_repeat_thumb.png

Leave the LDAP configuration values without changes:

images/en/3_ldap_thumb.png images/en/4_ldap_thumb.png images/en/5_ldap_thumb.png images/en/6_ldap_thumb.png images/en/7_ldap_thumb.png images/en/8_ldap_thumb.png images/en/9_ldap_thumb.png

For postfix configuration select the "local only" type:

images/en/10_postfix_thumb.png images/en/11_postfix_thumb.png images/en/12_postfix_thumb.png

Use the default values for kerberos configuration:

images/en/13_kerberos_thumb.png images/en/14_kerberos_thumb.png images/en/15_kerberos_thumb.png

1.2.4. Red Hat Enterprise Linux

The installation on Red Hat Enterprise Linux is similar.

[Note]

If you need a proxy to download from internet, just set the "http_proxy" variable

export http_proxy="http://<user>:<password>@<your-proxy>:<port>"
export HTTP_PROXY="$http_proxy"

You should later make this setting permanent by setting the proxy in the user interface (Network > Configuration > HTTP Proxy). This will also ensure that all supported services can properly use the proxy (such as ClamAV’s freshclam).

Adding the required repositories

The yaffas packages will require some dependencies. As these dependencies are not part of the standard RHEL repository, the following two repositories have to be added to the installed system.

Repositories for RHEL 5

Run the following command to install the EPEL repository:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

If the above referenced URL is no longer functional because a newer version of the package is available, then you can still get the latest version from this address: http://download.fedoraproject.org/pub/epel/5/i386/repoview/epel-release.html

Then, depending on your architecture, run the following commands to add the RPMforge repository:

rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

or

rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Repositories for RHEL 6

Run the following command to install the EPEL repository:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

If the above referenced URL is no longer functional because a newer version of the package is available, then you can still get the latest version from this address: http://download.fedoraproject.org/pub/epel/6/i386/repoview/epel-release.html

Then, depending on your architecture, run the following commands to add the RPMforge repository:

rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

or

rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[Note]

For Red Hat Enterprise Linux systems it is necessary to subscribe to the "RHEL Server Optional" channel. This is not done by default.

yaffas repository

After the extra repositories are added, the yaffas repository has to added:

Create a file "yaffas.repo" in folder /etc/yum.repos.d with the following contents:

[yaffas]
name = yaffas $releasever
baseurl = http://repo.yaffas.org/releases/latest/rhel/$releasever
enabled = 1
protect = 0
gpgcheck = 1
priority = 1

Additionally, the EPEL configuration has be to changed due to a recent dependency problem. To do that, add the following line at the end of the [epel] block in /etc/yum.repos.d/epel.repo (after gpgkey=...):

exclude=clamav* clamd* amavisd*

Import GPG keys

rpm --import http://repo.yaffas.org/repo.rpm.key

Package installation

yum install yaffas
[Note]

If running the above command leads to a conflict between php-common and php53-common on RHEL5, then this is because of a packaging bug. You can work around this by running

yum remove php53 php53-common
yum install php php-ldap php-mapi php-pecl-json

before re-running

yum install yaffas

1.3. First steps

After installation, the yaffas web interface is accessible at the following URL: https://<your-server's-ip>:10000

The username is "admin" and password is "yaffas".

images/en/yaffas/16_login_thumb.png

On first login, the setup assistant will be launched.

images/en/yaffas/17_setup_thumb.png

[Warning]

The setup procedure will change the following settings and data will be deleted or overwritten:

  • existing LDAP tree
  • slapd configuration
  • Samba configuration
  • smbldap-tools configuration
  • postfix configuration
  • zarafa configuration
  • MySQL configuration (optimizations for Zarafa will be made)

The installer will ask you to change the default admin password.

images/en/yaffas/18_setup_basic_thumb.png

Next you will have to specify a MySQL server for Zarafa. The given user must have enough persmissions to access (or create) the given database.

images/en/yaffas/19_setup_zarafa_thumb.png

In the next step, the mail server parameters will be configured. A primary mail domain (e.g. machinename.example.org) has to be configured, a smart host (and the required authentification data) has only be specified, if the yaffas server should forward all outgoing mails to the given host.

images/en/yaffas/20_setup_mailserver_thumb.png

In the last step, you have the opportunity to enable local authentication and create a first user for your system.

images/en/yaffas/21_setup_createuser_thumb.png

If you decide not to create a local user now, an authentication server has to be configured after finishing the setup wizard.

On Red Hat Enterprise Linux you also need to start the required services and configure them for automatic start at boot. This is can be done in "System → Services". Since by default an iptables firewall is active in Red Hat Enterprise Linux, the ports for the needed services have to be opened manually.

The next step should be to configure the mail server. Without a working mail server configuration some parts of the system will not work. It will also not be possible to create resources for Zarafa when no local domain is set for the mail server.

Now you can go Accounts → User Management and create some users.

After this step you should be able to login to Zarafa WebAcess if you go to https://<your-server’s-ip>/webaccess or WebApp https://<your-server’s-ip>/webapp

[Important]

The language in the yaffas UI has to be set for the folders in Zarafa to be created in the right language. This should be done prior to the creation of users.

1.4. Additional Steps

Additional features like brick-level backups and the Multi-User-Calendar plugin for WebAccess can be enabled by manually installating the package zarafa-backup or zarafa-webaccess-muc respectiveley (using yum install on RHEL and apt-get install on Debian/Ubuntu). This will only work if you have a commercial Zarafa license.

1.5. Updating

Every networked system should regularly be updated with the latest security fixes. This is valid for your fresh yaffas system as well, of course. In addition, we regularly provide updated packages for both Zarafa and yaffas components so that you can get the latest bug fixes and improvements.

Therefore it is important for you to check for updates periodically.

On Debian/Ubuntu systems, please use apt-get update && apt-get upgrade and confirm.

[Important]

Always choose to keep any config files which apt may want to overwrite. Do not overwrite them. Doing so would probably break your installation! In other words, just press ENTER (which chooses the default answer of [N]o when you are asked.

On RHEL systems, please use yum upgrade and confirm. == Basic usage instructions

1.6. Opening the administration web interface

The yaffas administration interface is accessible through https:// using the previously configured ip address on port 10000. If you used the address 192.168.100.100, for instance, the complete address would look like this:

https://192.168.100.100:10000/

images/en/yaffas/22_overview_thumb.png

1.7. Usage

The main interface is split into the navigation area on the left side and the content area on the right. Use your mouse to select the category you wish to access in the navigation menu. A sub-menu with the available configuration modules will open. After clicking on one of these modules, the available sub-sections will appear on the right in the content area.

[Note]

Many functions which work on specific objects (such as the user administration) are available by using the context menu. The context menu can be opened by right-clicking on an entry in the relevant table.

More-specific descriptions can be found in the following chapters.

Chapter 2. System

2.1. Services

2.1.1. Start and Stop Services

By selecting the menu item "services" the state of each system service can be shown. If you right click on a service, you can start, stop or re-start the service. Furthermore, you can choose to start the service by booting the system and to monitor the service. Then the admin will receive an email notification if the service fails to start.

2.1.2. System Time

At this tab you can manually set the system time. Time can be set with drop-down fields and be saved afterwards.

2.1.3. Time Server

Additionally, time can be synchronized with a time server. This is possible once or in hourly or daily intervals. For this purpose enter the IP address or the hostname of the time server and choose an interval.

If you do not run your own NTP server in your network, just enter pool.ntp.org (or a local version such as us.pool.ntp.org). This address refers to a cluster of lots of publicly available NTP servers (see NTP Pool Project).

For this to work, a working DNS server has to be set up.

2.1.4. Restart / Shutdown

At the tab "Shutdown System" you can reboot or shut down the system.

2.2. Certificate / Key Management

Certificates and keys are required to encrypt communications with the web interface as well as the mail traffic. They guarantee the authenticity, confidentiality and integrity of the data to third parties. Free signed SSL certificates are available at http://www.cacert.org.

Under the menu item "Certificate / Key Management" they can be managed. You can even create certificates and sign it with your own key. You can also import or delete existing certificates.

2.2.1. Manage Certificates

Using the tab "Manage Installed Certificates" all certificates existing on the system are displayed. If you want to delete a certificate, tick the box on the left of the certificate and click on the button "delete". The default certificate "default.crt", which is used for all services of the system, cannot be deleted.

[Note]

If you want to replace "default.crt", you must either create a new certificate for all services or import an existing certificate.

2.2.2. Create Own Certificates

To create a certificate yourself, click on the tab "Generate Self Signed Certificate and Key", fill in all fields and create the certificate by clicking on "Generate Key". If you choose "all" at the drop-down field "service", you can create a default certificate. This is always used if no other certificates are available specific to a service. All other choices for "service" create a certificate for the respective service.

2.2.3. Upload Certificates

If you want to upload an existing certificate, click on the tab "Upload Certificate" and click on "Browse" to choose the file from your hard disk. Select the file with the certificate and click "Open". After the dialog closed itself you have to select the service to which your certificate shall apply. Finally, you should delete any remaining duplicates.

Currently only PEM-encoded certificates with the private key and the actual certificate concatenated are supported. These files usually have the file extension ".pem" or ".crt". If you have seperate files for the private key and the certificate, you can combine them using

cat private.key cert.crt > combined.pem

A properly formatted file should look like this:

-----BEGIN PRIVATE KEY-----
...encoded key...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...encoded certificate...
-----END CERTIFICATE-----
[Important]

Currently there is a bug preventing error messages from being shown when problematic certificates are uploaded. These certificates will not be installed and the action will fail silently. Therefore, please double-check that your certificate is PEM-encoded and that it contains first the private key and then the certificate. Also ensure that the private key is not encrypted.

Chapter 3. Network

3.1. Configuration

3.1.1. Basic Configuration

Basic network configurations can be set under the menu item "Networking" → "Configuration" at the tab "Base Settings".

[Note]

Type the name of the computer into the field "Host Name". With this name the computer will be reachable in the network. The name is also used in the Windows network. The "Domain Name" must be formatted as required in RFC 1034 (e. g. "bitbone.de"). The "Workgroup" is required for Windows networks.

3.1.2. Proxy Settings

The settings for HTTP proxy are required for downloading yaffas updates if your network doesn’t have a direct internet access.

Please type the address into the field "Proxy" and and the port of your HTTP proxy server into the second field. If your proxy needs user authentication, enter the required data in "User" and "Password". Confirm with "Save".

3.1.3. Interface Configuration

Each available interface has an own tab for it’s basic settings at the "Interface" tabs.

If your network contains multiple network areas and the mail server or individual workstations are located in a different network, the default gateway must be specified. In this case the address of your DNS server must be entered in the field "DNS Server IP". You can also enter several search domains, which are used for resolving host names if a full name is not provided.

The settings for each interface are only active when the interface is activated. If multiple interfaces are activated simultaneously, the settings for all interfaces can be processed.

By clicking the button "New Virtual IP Address" you can configure an additional IP address for the associated interface. For this virtual interface you can use the same values as used for a usual interface.

[Note]

Currently neither DHCP nor bridged or bonded network interfaces are supported. If you save the interface configuration while using DHCP the interface will be switched to a static address.

3.2. SNMP

Click the checkbox under the menu item "Networking → SNMP Configuration" to enable access via SNMP protocol. You can set the password for SNMP access in the field "Community".

[Important]

Using SNMP data is generally transmitted unencrypted via network. For your own safety, please choose another password than "root" or the administrator’s password!

The field "Access For" defines who has access to the SNMP agent. The entry "default" means, that only requests from the local machine are allowed.

You can enter a single IP address or a subnet following the CIDR-pattern address/mask (e. g. 192.168.0.1/24).

Chapter 4. Accounts

4.1. Authentication Server

The menu topic Accounts → Authentication Server leads to a page for configuring the source for authentication.

images/en/yaffas/23_authserver_thumb.png

After installation of yaffas this has to be configured first because other services depend on it. Users and groups can only be created after selecting an authentication type.

yaffas can use a local LDAP, a remote yaffas LDAP or a Microsoft Windows Active Directory domain for authentication.

When using the local LDAP for authentication the server can also be used as (LDAP) authentication server for other remote systems.

[Warning]

When changing the authentication type all settings that apply to users will be deleted. Those settings have to be re-applied after the change.

yaffas tries to find existing users in the new authentication source. Data from users that cannot be found will be deleted.

To select a type of authentication choose the tab Select authentication below the menu topic Accounts → Authentication Server

4.1.1. Local Authentication

When choosing these method a local LDAP will be used for storing users and groups. You can optionally choose to let this server be used by other servers as authentication source.

4.1.2. Yaffas LDAP Server

If you already use another yaffas server with local LDAP authentication you can enter it’s connection details here. Users and groups on the remote system can then be used on the local server.

[Note]

A yaffas server which authenticates its users against a remote server cannot act itself as an authentication server. Should this option be active it will automatically be deactivated.

The following values have to be configured to run the LDAP server:

Value Function

Server/IP

DNS name or IP address of the remote yaffas server. The remote side has to be configured to accept authentication requests.

Base DN

The base DN defines at which point in the LDAP-Tree a search for a certain object should be started.

Bind DN

The bind DN and the bind password are used for authentication against the remote LDAP server.

Bind password

The password for LDAP authentication. I case of problems with the authentication try using a CRYPT-hashed password.

4.1.3. Remote LDAP Authentication

You can use yaffas together with any remote LDAP server. Only the schema has to be installed on the remote LDAP server.

Value Function

Server/IP

Enter the remote LDAP server’s IP.

Base DN

Enter the searchbase of you LDAP server. e.g. o=yaffas,c=org

Bind DN

Enter the user dn that should be used for authentication against LDAP. e.g. cn=ldapadmin,ou=People,o=yaffas,c=org

Base DN user

Enter the part of the users subtree. e.g. ou=People

Base DN group

Enter the part of the groups subtree. e.g. ou=Groups

Bind password

Enter the password of the Bind DN user.

Search attribute user

Enter the attribute where user and group information should be searched for.

4.1.4. Active Directory

When using this type of authentication yaffas can join an Active Directory domain. All users and groups of this domain will be available in yaffas.

[Note]

When using Active Directory authentication it is advisable to enter the domain controller as first DNS server in the network configuration.

Field Function

Domain Controller

Name or IP address of the Active Directory server.

Domain

Name of the AD domain.

Domain administrator

Username of an account with administrator privileges. Used for joining the domain. This user is searched in the cn=users organization unit.

Username

User for readonly queries. Only this information will be saved. The domain administrator settings are only needed for joining the domain.

For simple queries to the domain controller a standard user account is sufficient. Please enter the account information for this.

[Warning]

If you change the active directory user, his password or the DN of your server, you have to change those in the authentication module too!

[Note]

It is currently not possible to use an Active Directory server whose workgroup is different than the domain. This is being worked on. The current status along with further information can be found in the relevant ticket.

4.2. User Management

In the UI under AccountsUser management all existing users are shown. When you have a lot of users the sort and filter options can be useful. To edit or delete an existing user you have to right-click on that user’s entry.

[Note]

The options for editing are only avaliable if you use local LDAP.

4.2.1. Adding and editing users

To create a new user open the "Add user" tab. To edit a user right click on it and select "Edit user".

The username, given name, surname and password fields are required. During editing you cannot change the username. Setting group memberships is optional. Selecting multiple groups or removing a group from the selection can be achieved by pressing <Ctrl> while clicking.

You can select which features (right now only IMAP and POP3) should be enabled or disabled for the user. The sendas configuration is needed if you want to allow other users or groups to send in the name of this user. Only selected users (use <Ctrl> or <Shift> to select multiple entries) will be given this permission.

Shared accounts are a special accounts that are not allowed to login. You have to give permissions for other users to this store to work with it. This account type will also not use a whole license. A zarafa administrator is a special user who has the permission to open and edit stores of other users. Please use this option with care!

The field "email alias" can be used to add e-mail aliases for this user. You have to insert a whole email adress as alias.

4.3. Group Management

The menu topic "Group Management" will show an overview of the available groups.

New groups can be created on the tab "Create group". After entering a name for the new group and clicking on "create" the new group will be created. Optionally a group can also have an email adress. Every account that is member of this group will receive this message.

Existing groups can be edited by right-clicking on their entry and selecting "Edit group".

4.4. Admin password

The admin password for the yaffas Web-UI can be changed after selecting this this menu topic. The password has to be entered twice before clicking on "Save".

[Important]

Passwords should not contain user related strings, dictionary words or "simple" combinations of characters (e.g. characters next to each other on the keyboard).

Chapter 5. Maintenance

5.1. Save Configuration

5.1.1. Save Configuration

At this menu item you can restore a saved configuration or save the current configuration by clicking on "Save Backupfile".

[Note]

Remember to save configurations regularly!

5.1.2. Restore Configuration

If you have to use this option, install the server with a fresh operating system, install yaffas and then select the authentication method that was used before. After selecting a configuration file, click on the button "Apply Backupfile" and the configuration file will be uploaded. This may take a few minutes.

[Warning]

Please consider that the following items will not be restored:

  • network configuration
  • admin and root password
  • settings for authentication server
  • alias settings if you use a remote authentication server
  • UI language

5.2. Log file viewer

The log file viewer enable the administrator to download log files for analysis. Just right click on the log file you wish to download and select "download". After download and saving of the selected log file it can be viewed with any text editor (e.g. Wordpad).

Examples of log files are:

file content

/var/log/maillog

postfix MTA log file. Contains information about in and outgoing mails.

/var/log/messages

less important kernel messages.

/var/log/samba/log.nmbd

messages from the NetBIOS service

/var/log/samba/log.smbd

samba server log messages

/var/log/zarafa

This directory contains zarafa logs for every component.

5.3. Notification

Error messages (disk full, license issues) from the yaffas server will be sent to this e-mail address. A local or remote address can be used. This e-mail account should be checked on a regular basis.

Please enter a valid e-mail address, so critical messages can reach an administrator and the system can be kept running.

[Note]

If you would like to enter multiple recipients you can enter an alias as recipient,e.g. "admins@localhost", then you can set "admins" as alias under Mail alias configuration and supply the addresses of the recipients.

5.4. Support

The menu topic Support offers the option to download a file which can assist in solving problems and speed up searching for bugs.

yaffas is a free community project, so no support is included. Support can be performed by anybody who knows his way around yaffas and linux.

The bitbone AG offers a commercial and supported derivate of yaffas named bitkit|SOLUTIONS.

Chapter 6. Mailserver

6.1. Fetchmail Mail Retrieval

Fetchmail is used for retrieving emails from external email accounts. You can make a new entry for fetchmail at the tab "Add Query".

"Server Name" is the designation for the settings that will be saved. If this is also the real name of the mailserver, please activate the choice box in line "Mail Server to Contact". If not, please enter the real name in this line.

Via "Polling Enabled" you can activate or deactivate retrieving mails from this mailserver. At "Protocol" you can choose the type of protocol. If the mailservice is not on the default port for the protocol, you can enter another port number at "Server Port".

At "Mailserver User Details" you can enter settings for the user, whose mails shall be retrieved. "Remote User" and "Remote Password" are the data that are sent to the mail server. You can specify at "Destination" to whom the fetched mails shall be forwarded. Choose between a local user mailbox, a mail alias or "Multidrop". In "Multidrop" mode the local part (left of the @-sign) will be evaluated and the mail will be delivered to a local user or an alias with the same name.

All other fields are optional and can be customized.

Note regarding SSL/TLS: If you want to use SSL variants (e.g. POP3S, IMAPS, …), just specify the protocol (POP3 or IMAP) and enable the Connect in SSL mode option. Do not change the default port unless needed, it will be adapted automatically. If you want to use TLS, then do not check the Connect in SSL mode option at all, fetchmail will automatically use TLS if the server advertises support for it.

6.2. Mailserver Configuration

6.2.1. Base Configuration

At the tab "Base Configuration" you can customize the configuration of your mailserver. "Mail Server Name " is the name that is sent on outgoing emails to the remote SMTP server. This setting is optional.

With the maximum mail size, the size in MB of incoming and outgoing mails can be limited. Without this option mails of unlimited size can be sent.

[Note]

The maximum size is calculated after applying the Base64 conversion of attachments. This means that about one third of the size has to be added to that value. e.g. To send a 10 MB attachment you need to enter 14 MB.

6.2.2. Local Domains

At "Local Domains" you can set domains for which the mailserver will be responsible for. Emails to these domains will be accepted and delivered locally to the users store.

[Note]

To be able to create resources for Zarafa at least one local domain other than "localhost" has to be defined.

6.2.3. Smarthost

Enter the IP address of the mailserver of your company or the provider at the tab "Smarthost". This server will be responsible for the delivery of external emails. If this mailserver requires authentication, enter the required data in "Username" and "Password". The username must contain at least two characters!

6.2.4. Open Relay Subnets

For all addresses listed at the tab "Open Relay Subnets" external mail sending without authentication is possible. All networks (IP subnets) and computers (single IP addresses) should be entered for which external mail delivery without authentication shall be allowed.

However, sending mails to domains for which the mailserver is responsible is always possible. Example entry for activating a subnet: "192.168.0.0/24" - "/24" indicates the number of bits set in the netmask. The netmask would be "255.255.255.0" in this case.

[Note]

Be very careful with this option. A wrong setting could allow everyone to use you mailserver to send messages. Every spammer would be happy about a wrong setting here.

6.3. Mail Queue

The mail queue contains all emails, that could not be sent.

By right-clicking on an email, you can delete, attempt to deliver or display the selected email.

6.4. Mail Alias Configuration

At "Mail Alias" all set mail aliases - both the aliases of the system, as well as your own aliases - are displayed.

[Note]

When adding a mail alias please consider that the alias test is executed before the mailbox allocation. It may happen that emails will be assigned to another user although that user has a mailbox on the server. In such cases please check all set mail aliases.

New aliases can be defined using the tab "Add Alias". An alias can be assigned to multiple users if you select them by using <CTRL>. A user of the yaffas installation or an email address can be specified as a target.

If you want to delete an alias, please right-click on the entry in the overview at "Mail Alias" and choose "Remove".

6.5. Security

This module allows you to configure security settings for this mailserver. Currently virus and spam checking are supported. There is also support for the policy sever that allows you to reject emails based on certain criteria before even accepting it for delivery.

[Note]

When using fetchmail, Amavis and SpamAssassin will not properly scan incoming mail for viruses or spam. This happens as all mail appears to be coming from localhost (127.0.0.1), which is white-listed. Sadly, this cannot be solved in a generic way without introducing any side effects. However, this is usually not a big problem, as the external mail hoster usually provides virus scanning and spam checking already.

6.5.1. Policy Server

The policy server can decide during smtp time if a message should be accepted based on reputation of the sender.

6.5.2. SpamAssassin

SpamAssassin can classify your emails based on internal rules if a message is spam or not. Every message gets assigned points for specific attributes. If the sum of these points exceeds a certain level, the message will get marked as spam.

6.5.3. ClamAV

ClamAV scans emails for viruses. If a message contains a virus it will not be delivered to the user.

[Important]

The services SpamAssassin and ClamAV have to be started separately from the service module before they can be used by the security module. Activating the security services at the security module is not sufficient. If you started these services after activating them at the security module, the service "amavis" has to be restarted.

[Note]

If the ClamAV service will not start, it may have no virus signatures. The freshclam service draws them automatically, but requires an internet connection. A proxy server can be configured at Network Configuration if necessary. This will cause an update of the signatures via freshclam.

[Note]

Do not change /etc/amavis/conf.d/60-yaffas as it will be overwritten. If you need custom changes, put them in a new file such as 61-local. You can also override variables there if necessary.

6.6. Bulk Mailing

With this module you can send an email to all users of the system. You must insert your sender mail address, the subject of the mail and the message. After clicking on the button "Send" the email will be sent to all users that have an account.

[Note]

Please notice that it could take a few minutes until all messages have been sent to the various mailboxes.

Chapter 7. License

7.1. Zarafa Subscription

In this module you can extend the numbers of users with Outlook access to Zarafa. Three users have access via Outlook without any subscription key. If you want more users to have access you may buy a subscription pack. The subscription key has two components: a base key and an additional user key. Please insert the key into the specific (base or user) field an click the button "key upload".

At the tab "Installed Subscriptions" all licences are shown. You will get more information at the tab "Licenced Log".

Chapter 8. Zarafa

8.1. Groupware Configuration

In this module you can optimize memory (RAM) for Zarafa, define the size of attachments or the content of quota emails for users.

Click "Optimize" to optimize the memory settings on your system. This is only necessary if the size of the RAM changes. The RAM settings will be optimized for Zarafa and MySQL.

You can also set the maximum size of attachments uploadable via the Zarafa Webaccess Interface.

[Note]

This limitation does not override the setting of the mailserver. If there is a smaller size of attachments allowed, the mailserver settings are effective.

At the tab "Messages At Reaching Quota" you can customize the messages for reaching limits. The description of variables is available at the online help.

The following variables are available:

Variable Meaning

${ZARAFA_QUOTA_NAME}

name of the Zarafa account

${ZARAFA_QUOTA_STORE_SIZE}

current size of the account

${ZARAFA_QUOTA_WARN_SIZE}

limit for a warning

${ZARAFA_QUOTA_SOFT_SIZE}

limit for a transmission lock of the account

${ZARAFA_QUOTA_HARD_SIZE}

limit for a transmission AND reception lock of the account

8.2. Resources

In this module you can create and delete resources. For deleting or modifying right-click on an existing resource and choose an action.

Please note at the creation of a new resource: A resource needs a name - this name is shown in the global adressbook - and a description. You may decide whether a resource can be booked once ("Decline Conflicts") and whether recurring appointments are permitted.

[Important]

If you want to change resource settings, you may change the properties and description but not the name!

8.3. Zarafa Setup

The configuration of yaffas & ZARAFA is done via the known interface. There are some specifics to explain:

As a matter of principle each user account in yaffas is also a Zarafa user. Please pay attention that you have a corresponding license of yaffas and of Zarafa. If you have less Zarafa user licences than yaffas users, only the users with the lowest UIDs have access to Zarafa.

8.4. Allocation of Email Addresses

The registered address at "Email Address" is also used as sender for all mails sent via web access. For a proper function please set the local domain(s) on the mailserver at first(menu Mailserver→ Configuration → Local Domains).

8.5. Zarafa WebAccess/WebApp

Insert the URL into your browser, e.g. https://zarafaserver.local/webaccess for webaccess. To reach the WebApp interface to to https://zarafaserver.local/webapp

A complete manual and current documentation of Zarafa WebAccess and WebApp can be downloaded here: http://www.zarafa.com/doc.

8.6. Zarafa Backup

With this module you can create brick-level backups of your zarafa data. You are afterwards able to restore single elements of the stores.

For the module to be usable it is necessary to manually install the package zarafa-backup (RedHat-based systems: yum install zarafa-backup, Debian-based systems: apt-get install zarafa-backup)

To create the backup select a time and day for the full and differential backup. You can select a directory on the server where you want to save the backups and configure a preserve time. After that timespan old backups will be deleted.

To restore elements select the day from you wish to restore you element and open the store and folder you need. Then add a folder or element to restore list by using the context menu. After you have selected all elements for restore you have to start the process in the restore tab.

[Important]

If you mount a share to the backup directory, make sure that symlinks are supported. If this is not the case, then differential backups are not possible and the system will do full backups.

8.7. Microsoft Outlook Connection

The client you need for connecting Microsoft Outlook is in "software" at the directory "zarafa" on your yaffas system. Please use exactly this version of the client, because it is matched with the Zarafa version used in yaffas. After updating yaffas you should always take the current version of the client out of this directory.

First, install the client on the Windows computer by double-clicking on "zarafaclient.exe" Please note: You must have administration permissions.

Start Outlook and choose the topic "Email Accounts" from menu "Extras" Create a new email account.

images/en/guides_zarafa_connect1.png

Server type must be "Additional Servers"

images/en/guides_zarafa_connect2.png

If you installed zarafaclient.exe from CD, you must now choose "Zarafa Server" If you are not able to choose "Zarafa Server", please install the Zarafa client first.

images/en/guides_zarafa_connect3.png

Please insert the data of your yaffas & ZARAFA server. You can use port 237 for an encrypted transmission (standard) or port 236 for an unencrypted connection. Use username and password like set in yaffas.

images/en/guides_zarafa_connect4.png

Please make sure that the following setting is made for the new account: "New Messages Send to" must match "Inbox User" Close Outlook and start it again. Now you can access your store and use mail, calendar or contacts… .

[Note]

Please understand that we are not able to give support to any issue of using, configuring or installing Microsoft Outlook!

8.8. Backup Path

At this point we show an unspecific way to backup the data of the server. For a successful recovery of the data the yaffas server must be on the same level of version and patches!

the paths for the backup of yaffas & ZARAFA are:

path entry

/var/log/

log-files

/data/mail/

mail boxes and Sieve filter scripts

/var/lib/fetchmail/.fetchmail-UIDL-cache

if fetchmail is used with POP3

Database MySQL (mysqldump)

all data of the Zarafa Server

/data/zarafa/

email attachments

Procedure for backup of data:

  • backup of configuration via system → save configuration
  • init 1 → change to single user mode
  • backup of single paths in a temporary directory
  • init 2 → normal mode of use
  • backup of data to an external data medium

Procedure for recovery of data:

  • recovery of configuration via system → save configuration
  • copy the data into a temporary directory
  • init 1 → change to single user mode
  • delete all files below the named paths
  • restore of single paths out of the temporary directory
  • init 2 → normal mode of use

For additional information on Zarafa backups, please refer to: http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html/_full_database_dump.html