Riaan's SysAdmin Blog

My tips, howtos, gotchas, snippets and stuff. Use at your own risk!

IMAP

Using IMAP “Shared Folders”

Or one could also call it a poor man's MS Exchange Public Folders solution. There are several solutions that might work for this but none will probably be as easy to administer as Exchange Public Folders. However this solution does work with Outlook 2007 and 2010 clients.

Operating System
Vanilla Debian Wheezy 64bit
** Pick SSH Server, Standard system utilities

Delete my user since we will use winbind users.

# deluser rrosso

Install Dovecot server.

# apt-get install dovecot-imapd

Setup Active Directory Authentication.

# apt-get install krb5-config krb5-user libkrb5-3 libpam-krb5 samba-common samba winbind smbclient 

# cat /etc/krb5.conf 
[libdefaults] 
	default_realm = DOMAIN.COM 
	dns_lookup_realm = true 
	dns_lookup_kdc = true 

[realms] 
	DOMAIN.COM = { 
		kdc = ad1.domain.com 
		admin_server = ad1.domain.com 
	} 

# kinit administrator 
Password for administrator@DOMAIN.COM: 
# klist 
Ticket cache: FILE:/tmp/krb5cc_0 
Default principal: administrator@DOMAIN.COM 

Valid starting    Expires           Service principal 
30/04/2012 10:39  30/04/2012 20:40  krbtgt/DOMAIN.COM@DOMAIN.COM 
	renew until 01/05/2012 10:39 

In /etc/samba dir:
# cat smb.conf 
[global] 
	workgroup = DOMAIN
	realm = DOMAIN.COM 
	security = ADS 
	server string = MAIL ARCHIVE SERVER 
	load printers = no 
	password server = ad1 
	password level = 8 
	username level = 8 
	local master = no 
	domain master = no 
	preferred master = no 
	encrypt passwords = yes 
	netbios name = usmailarchserver 
	client signing = yes 
	dns proxy = no 
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY 
	wins support = No 
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/ 
	idmap uid = 10000-20000 
	idmap gid = 10000-20000 
	template shell = /bin/bash 
	template homedir = /home/%D/%U 
	winbind separator = + 
	winbind enum users = Yes 
	winbind enum groups = Yes 
	winbind use default domain = Yes 
	auth methods = winbind 
[IPC$] 
        hosts allow = 127.0.0.1,172.20.0.0/16 
        hosts deny = 0.0.0.0/0 

# /etc/init.d/winbind restart 
Stopping the Winbind daemon: winbind. 
Starting the Winbind daemon: winbind. 

# net ads join -U administrator 
Enter administrator's password: 
Using short domain name -- DOMAIN 
Joined 'USMAILARCHSERVER' to realm 'domain.com' 

# /etc/init.d/winbind restart 
Stopping the Winbind daemon: winbind. 
Starting the Winbind daemon: winbind. 

# wbinfo -u | grep -i rrosso 
rrosso 

# wbinfo -g | grep -i Infrastructure 
it infrastructure 
...snip

# grep winbind /etc/nsswitch.conf 
passwd:         compat winbind	 
group:          compat winbind 

rrosso@jamaica:~$ ssh usmailarchserver

Creating directory '/home/DOMAIN/rrosso'. 
Linux usmailarchserver 3.2.0-2-amd64 #1 SMP Sun Apr 15 16:47:38 UTC 2012 x86_64

Dovecot Setup

In /etc/dovecot/conf.d folder:
# grep location * 
10-mail.conf:mail_location = maildir:~/Maildir 

# grep winbind * 
10-auth.conf:auth_winbind_helper_path = /usr/bin/ntlm_auth 

# vi 10-mail.conf 
# When creating any namespaces, you must also have a private namespace: 
namespace { 
  type = private 
  separator = / 
  prefix = 
  #location defaults to mail_location. 
  inbox = yes 
} 
namespace { 
  type = public 
  separator = / 
  prefix = Public/ 
  location = maildir:/PublicFolders 
  subscriptions = no 
} 

# /etc/init.d/dovecot restart 
Restarting IMAP/POP3 mail server: dovecot.

Exim4 Setup

dpkg-reconfigure exim4-config 
** Pick mail sent by smarthost; received via SMTP or fetchmail 
** Accept from all hosts by deleting 127.0.0.1 entry
** Maildir format in home directory 

In /etc/exim4 folder:
# vi exim4.conf.template 
begin routers 

# This router handles special mail addresses to be 
...snip
shared_folders: 
  debug_print = "R: shared_folders for $local_part@$domain" 
  local_parts = "hostmaster:ITAlerts" 
  driver = accept 
  transport = maildir_shared_folder 

begin transports 
...snip 
maildir_shared_folder: 
  driver = appendfile 
  maildir_format = true 
  directory = /PublicFolders/.IT.${local_part}/ 
  create_directory = false 
  check_string = "" 
  escape_string = "" 
  delivery_date_add 
  envelope_to_add 
  return_path_add 
  mode = 0777 
  no_mode_fail_narrower 
  user = mail 
  group = 10000 

# ps -ef | grep exim 
101      14450     1  0 14:29 ?        00:00:00 /usr/sbin/exim4 -bd -q30m 

** We are trying to accept hostmaster@ email straight into Maildir so disable system alias for this user. 
# grep hostmaster /etc/aliases 
#hostmaster: root 

# newaliases 

# exim4 -bt hostmaster@usmailarchserver.domain.com 
R: system_aliases for hostmaster@usmailarchserver.domain.com 
R: shared_folders for hostmaster@usmailarchserver.domain.com 
hostmaster@usmailarchserver.domain.com 
  router = shared_folders, transport = maildir_shared_folder 

# exim4 -bt ITAlerts@usmailarchserver.domain.com 
R: system_aliases for italerts@usmailarchserver.domain.com 
R: shared_folders for italerts@usmailarchserver.domain.com 
ITAlerts@usmailarchserver.domain.com 
  router = shared_folders, transport = maildir_shared_folder 

# tail -f /var/log/exim4/mainlog 
2012-05-04 15:06:21 End queue run: pid=16475 
2012-05-04 15:14:31 1SQQl9-0004IN-J6  italerts  R=shared_folders T=maildir_shared_folder 
2012-05-04 15:14:31 1SQQl9-0004IN-J6 Completed 
2012-05-04 15:17:51 1SQQou-0004JG-IE  hostmaster  R=shared_folders T=maildir_shared_folder 
2012-05-04 15:17:51 1SQQou-0004JG-IE Completed 
...snip

Add a new e-mail address to drop e-mail into Maildir Folder.

In /etc/exim4 folder:
# grep hostmaster exim4.conf.template 
  local_parts = "hostmaster:ITAlerts:backupnotifications:busapps" 

# grep hostmaster /PublicFolders/mailEnabledList 
hostmaster:.IT.hostmaster 

# /etc/init.d/exim4 reload

TODO: Documentation that I have collected and need to publish here.

  • Permissions for the mailer to drop mail into the Public Folders.
  • Change to exim lookup rules for dropping off mail.
  • Provisioning a new user to access the folders still need a home dir to be created. Document how to create and setup MailDir for a new user.
  • SSL Certificate for Outlook prompts http://paulschreiber.com/blog/2008/08/01/how-to-create-a-self-signed-ssl-certificate-for-dovecot-on-debian/
  • Ensure enough Inodes for archive disk
  • Careful of where Outlook cache folders. I had to move my Data File in outlook for this account to a large enough disk.
  • Disable Outlook IMAP Attachment Downloads
  • How to troubleshoot auth_userdb_permission issues
  • Enable Dovecot debugging
  • Howto rsync folders for backups

Some useful links I encountered:
http://www.debian-administration.org/articles/275
http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm
http://www.flatmtn.com/article/setting-exim#Exim4-6.1

admin

Bio Info for Riaan