= Reconfigure ZEG v3.0.2 into a usable non-test system = [[https://sourceforge.net/projects/sogo-zeg/|ZEG v3.0.2]] is a great pre-built VM for you to test SOGo, but it is already set up for the domain `@example.com`. While this is fine for testing, I wanted to reconfigure it as a usable proper email server. Through a lot of trial and error, and 4 reinstalls(!) of the VM, I managed to get a working system for my own domain name. '''Please note this is specifically for v3.0.2, other versions may differ, and I reconfigure the locale for UK English use''' Below is a list of steps to take in order to remove the example set up, and reconfigure it for your own domain: == Phase 1 == 1. Install into Virtual Box, change the NIC from "NAT" to "Bridged" if you want it to be internet-accessible 1. Remove the "vagrant" shared folder as it won't exist and will throw an error 1. Boot the VM and log in as sogo and `sudo bash` so you can make changes 1. Change the sogo password to something more secure 1. Edit `/etc/network/interfaces.d/eth0.cfg` and add your static IP address details etc. IPv6 configuration also works on this image. See [[http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/|this page]] for syntax 1. Change the timezone if you're not in the US: `dpkg-reconfigure tzdata` 1. Reboot == Phase 2 == 1. Log in and `sudo bash` so you can make changes 1. `apt-get update` - Get new repository details 1. `apt-get upgrade` - Update installed programs from repository 1. `apt-get install rpl console-data` - Install string replacement command and locale changer helper 1. `locale-gen en_GB` - Generate (UK) locale 1. `locale-gen en_GB.UTF-8` - Generate UTF-8 (UK) locale 1. `dpkg-reconfigure keyboard-configuration` - Choose localized keyboard (if required) 1. `rpl 'en_US.UTF-8' 'en_GB.UTF-8' /etc/default/locale` - Make the change permanent (if required) 1. `update-rc.d chef-client disable` - Disable chef (I don't use it) 1. `update-rc.d puppet disable` - Disable puppet (I don't use this either) 1. `apt-get install htop sysv-rc-conf` - Not essential, but useful 1. Reboot == Phase 3 == This following section is the most complicated. There may be easier ways to do this, but I have not found it yet. Anyway, it's scriptable, so it's not a big deal now that I've figured it out. '''Note: This will break any config you have done for the example.com domain''' Firstly, stop the services: {{{ /etc/init.d/sogo stop /etc/init.d/samba stop service postfix stop }}} To make things generic (and save repetition), I've separated my details from the commands entered, so configure some environment variables for use later: {{{ DNSSERVERS= DOMAINNAME=mynewdomain.com HOSTNAME=mail BASEDN='dc=mynewdomain,dc=com' NETBIOSDOMAIN=MYNEWDOMAIN TZ='Europe/London' }}} Note `NETBIOSDOMAIN` needs to be 15 characters or less Replace various strings in config files: {{{ rpl '8.8.4.4' '$DNSSERVERS' /etc/samba/smb.conf rpl 'example.com' '$DOMAINNAME' /etc/samba/smb.conf rpl 'EXAMPLE' '$NETBIOSDOMAIN' /etc/samba/smb.conf rpl 'example.com' '$DOMAINNAME' /etc/mailname rpl 'sogo.example.com' '$HOSTNAME.$DOMAINNAME' /etc/postfix/main.cf rpl 'dc=example,dc=com' '$BASEDN' /etc/postfix/people.ldap rpl 'dc=example,dc=com' '$BASEDN' /etc/saslauthd.conf rpl 'sogo.example.com sogo' '$HOSTNAME.$DOMAINNAME $HOSTNAME' /etc/hosts rpl 'dc=example,dc=com' '$BASEDN' /etc/sogo/sogo.conf rpl 'America/Montreal' '$TZ' /etc/sogo/sogo.conf rpl 'root@example.com' 'root@$DOMAINNAME' /etc/dovecot/dovecot.conf rpl 'dc=example,dc=com' '$BASEDN' /etc/dovecot/dovecot-ldap-ZEG.conf.ext echo $HOSTNAME > /etc/hostname }}} Reboot == Phase 4 == Now you can provision your new domain {{{ samba-tool domain provision openchange_provision --realm=$DOMAINAME }}} Make sure that the details you enter here are the same as the details you entered above in [[#Phase 3]]. So long as you don't get any errors, the system is now ready to create users. When you create users (via the Configuration web page Account Provisioning instructions), the username has to be in the format of the email address you want to use. Also, you may need to use the following command: {{{ samba-tool domain passwordsettings set -–max-pwd-age=0 }}} as the "--noexpiry" option when creating users is fine, but the account used for the LDAP bind may still expire! == Security == Please note that I have only done a minimal amount to secure the server. If it is going to be internet-facing, more reconfiguration should be done. Eg, make samba LDAP only listen on `localhost`.... {{{ [global] interfaces = lo bind interfaces only = yes }}} and change the LDAP auth password to something that isn't the default OpenChange one. === SSL === I used [[https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/|this link]] to create a new CA and server certificate, but anything similar will work. There are specific instructions for adding custom non-root certificates on mobile devices, which is out of scope of these instructions. If you want HTTPS only (recommended), comment out `Listen 80` in `/etc/apache2/ports.conf` and add the following into `/etc/apache2/sites-enabled/000-default.conf` in the `VirtualHost` section: {{{ SSLEngine On SSLProtocol all -SSLv3 SSLCipherSuite SSLHonorCipherOrder On SSLCertificateFile /etc/apache2/xxxxx.crt SSLCertificateKeyFile /etc/apache2/xxxxx.key }}} Even though SOGo works on HTTP without Apache config changes, to enable SSL, you need to follow the [[http://sogo.nu/files/docs/SOGoInstallationGuide.html#_apache_configuration|5.16. Apache Configuration]] instructions (subtituting 443 for 80 and https for http, obviously) and add it to the `VirtualHost` section of `000-default.conf`. If this is not done, and you log in via HTTPS, it changes the URL to HTTP. If you have any questions, feel free to email me on Chris[dot]Clemson[at]GoGreenIT[dot]Net