Kerio MailServer

From Gentoo Linux Wiki
Jump to: navigation, search

Contents

[edit] Introduction

Kerio Connect, formerly known as Kerio MailServer (KMS) (02-09-2010), is a closed source based mail server for Windows, Mac OS X, and Linux that offers comparable features to Microsoft's Exchange mail server. While Kerio does not officially support most Linux distributions such as Gentoo, it does not discourage its use in such unsupported distributions either. This page will therefore serve to illustrate how an administrator may install and configure Kerio Connect to work on his or her Gentoo-based server.

[edit] Prerequisites

The following is a list of known requirements for the full and stable operation of Kerio Connect. Some features may not work should these requirements not be met.

  • sys-libs/glibc-2.5 or higher for functional operation of the webmail feature is required. Older versions of glibc may also work with the glibc-compat20 USE flag enabled.
  • sys-libs/libstdc++-v3. This package is required if you're using a version of Kerio MailServer older than version 6.4.0. Newer versions, namely Kerio Connect, should not be affected by the absence of this package.
  • app-emulation/emul-linux-x86-baselibs is required for 64-bit support.
  • app-emulation/emul-linux-x86-compat is required for 64-bit support.
  • app-arch/rpm2targz (optional). This package is used in this guide to unpack the rpm-compressed archive containing the server files. For this guide this package is a requirement; however, other methods to unpack the archive may alternatively be used. Support for app-arch/rpm and other such archive utilities will not however be provided by this guide should you choose to use them.
  • Kerio Connect Linux Server RPM Package. You may find the latest version of the Kerio Connect server package on the Kerio Connect Downloads page and older versions in the Kerio Legacy Downloads page.
  • Kerio Connect Linux Server Administrative GUI RPM Package (optional). Also located on the Kerio Connect Downloads page, this package is meant for GUI-based administration and should be installed on a client system rather than on the server itself. A Windows-based version of the administration client exists as well. Please note however that official Kerio support for this package in Kerio Connect versions 7.0 and above is depreciated and has been moved to a built-in web administration module.
  • Have root access to the server as all of the installation instructions below must be run as root (or with root privileges).

[edit] Installation

  • Step 1. Download the Kerio Connect server RPM archive to a temporary location (/tmp/kerio for example) and unpack it using rpm2targz:
rpm2targz kerio-connect-<version>.linux.rpm && tar xzf kerio-connect-<version>.linux.tar.gz
  • Step 2. Create a working path for the server package (/opt/kerio/mailserver will be used by default):
mkdir -p /opt/kerio/mailserver
  • Step 3. Move the contents of the temporary directory (/tmp/kerio) to your new working directory (/opt/kerio/mailserver):
mv /tmp/kerio/* /opt/kerio/mailserver/
  • Step 4. Change the permissions of the working directory to something secure (ie. root:root).
chown -R root:root /opt/kerio/mailserver && chmod -R 0740 /opt/kerio/mailserver
  • Step 5 (Optional). If you wish to change the storage location of your mail files you should do so now. By default Kerio will store mail in the server directory under /opt/kerio/mailserver/store. Should you change its location be sure to indicate the new location during the wizard configuration process or the default location will be used. You may also edit the location of the storage directory at any time during normal server operation via the administration GUI or via editing the configuration file directly.
  • Step 6. Run the Kerio Connect Configuration Wizard to setup your mail server:
./opt/kerio/mailserver/cfgwizard
  • Step 7. Secure your configuration files as in step 4:
chown root:root /opt/kerio/mailserver/mailserver.cfg && chown root:root /opt/kerio/mailserver/users.cfg
chmod 0740 /opt/kerio/mailserver/mailserver.cfg && chmod 0740 /opt/kerio/mailserver/users.cfg
  • Step 8. Create the /etc/init.d/kerioconnect and /etc/conf.d/kerioconnect files (documented below) and start your server. Should everything work correctly up until now you may connect to your server through the administration GUI ( https://<your-server-ip>:4040 ) and begin modifying your mail server as needed. Optionally you may include your mail server to be started at boot:
rc-update add kerioconnect default

[edit] Optional Components

The following is a list of additional programs you may wish to use alongside Kerio Connect:

[edit] Anti-Virus

Warning: Always be sure to check that Kerio Connect works with the latest version of your third-party anti-virus program, should you have one enabled, before upgrading or you may render your Kerio Connect installation inoperable until anti-virus support is disabled in your Kerio Connect configuration.

[edit] AVG Anti-Virus

For more, but rather limited information, see AVG's website on the AVG Anti-Virus Email Server Edition. The Kerio Knowledgebase also has an article on setting up AVG with Kerio Connect.

[edit] ClamAV

Clam AntiVirus is an open source anti-virus toolkit that is specifically targeted at mail server and gateway integration. It introduces a full set of features including a scalable, multi-threaded daemon designed for email scanning and is developed under the GPL license. It is officially supported by Kerio Technologies, Inc.. Prior to Kerio MailServer version 6.7.2, and immediately following the release of ClamAV version 0.95.*, there was an intermittent period of incompatibility between the two programs. Kerio MailServer versions 6.7.2 and 6.7.3, and all recent versions of Kerio Connect, are known to be fully compatible with the most recent versions of ClamAV.

[edit] Installation
  • You may simply emerge the latest version of (app-antivirus/clamav) and configure it according to your needs.
    • Please remember to exclude, within the ClamAV configuration file, your mailstore directory or you may experience many issues including a hefty degradation in performance.

[edit] NOD32 Anti-Virus

ESET Mail Security for Kerio Connect, offers advanced heuristics detection and cleaning via its ThreatSense® engine. More information on setting up NOD32 with Kerio Connect can be found on the Kerio Knowledgebase.

[edit] Sophos® SAVI

Sophos Anti-Virus Engine (SAVI) requires no additional configuration for Kerio Connect beyond enabling it in the Administration GUI. In addition to activating the SAVI engine, you may also activate an additional, third-party anti-virus engine if you wish that will run in conjunction with it. Please see the Sophos website for additional information on the SAVI engine.

[edit] Other Security Tools

[edit] ASSP

The Anti-Spam-SMTP-Proxy service is an excellent, open source alternative to Kerio Connect's built-in spam filtering implementation and offers a host of features, many of which are not found in Kerio Connect. While ASSP acts as a transparent SMTP filtering proxy, it's also capable of scanning incoming and outgoing mail using the ClamAV anti-virus program along-side any other local anti-virus scanning program you may have installed. A brief list of ASSP's features:

  • Easy (optional) browser-based setup.
  • Native SSL-support. Works even if your MTA doesn't support it.
  • Resending of blocked email to the original recipients.
  • Improved HELO handling.
  • Individual weighting of different DNSBL lists.
  • Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA doesn't support it.
  • Automatic whitelisting - emails generated by users on the server will never be blocked.
  • Makes use of honeypot type spambucket addresses to automatically recognize spam and update your spam database.
  • Bayesian filter intelligently classifies email into spam and non-spam.
  • Active user community and email list for support questions.
  • Source code included if you need to customize your installation.
  • Can block spam-bombs (when spammers forge your domain in the from field) and fake Bounces.

You may try the outdated and no longer maintained version of ASSP in portage via emerging the mail-filter package. Or for more current and updated features you may simply compile ASSP from source. Installation is very simple either way.


Note: ASSP works well with the latest versions of ClamAV (0.9.5x) and may be an excellent alternative to using the built-in, third-party ClamAV support within Kerio Connect, which has been known to have compatibility issues with ClamAV in the past.

[edit] Start-up Scripts

File: /etc/init.d/kerioconnect
#!/sbin/runscript
#
# /etc/init.d/kerioconnect  Script to start and stop Kerio Connect

# The Kerio Connect executable creates the pid file within /var/run
# The location of the PID cannot therefore, unfortunately, be changed.
KERIO_PIDFILE=/var/run/kms.pid

depend () {
        need net
	use clamd
	provide mta
	}


start() {
	        [ -f ${KERIO_DIR}/mailserver ] || eend "Kerio Connect not installed"

		        if [ -f ${KERIO_PIDFILE} ]; then
				rm -f "${KERIO_PIDFILE}"
			fi

			ebegin "Starting Kerio Connect: "
				ulimit -c unlimited
				ulimit -s $KERIO_STK_SIZE
				ulimit -n $KERIO_DESC_SIZE

	start-stop-daemon --start --quiet --make-pidfile --chdir ${KERIO_DIR} --exec ${KERIO_DIR}/mailserver --pidfile ${KERIO_PIDFILE} --name mailserver
eend $?
	}
	
stop() {
		ebegin "Shutting down Kerio Connect: "
		start-stop-daemon --stop -P -R $STOPTIME --pidfile ${KERIO_PIDFILE} --chdir ${KERIO_DIR} --exec ${KERIO_DIR}/mailserver
eend $?

		PID=`pidof mailserver`
		# Amount of time to wait before uncleanly killing the
		# mailserver process.
			for ((i = 0; i < $KILLTIME; i++)); do
				if [ ! "${PID}" ];
				then
					break;
				else
					sleep 1;
					echo -ne "."
				fi
			done
		
		# Force unclean shutdown
		if [ -n "${PID}" ];
		then
			echo
			ebegin "Forcing Kerio Connect Shutdown..."
			
			kill -9 $PID
			rm -rf "${KERIO_PIDFILE}"
			eend $?
		fi

	}

restart () {

		PID=`pidof mailserver`
		if [ -n "${PID}" ];
		then
			ebegin "Restarting Kerio Connect: "

			svc_stop
			sleep 5
			svc_start
			
			eend $?
		else
			eend "Nothing to restart!"
		fi

	}


Note: Make sure you modify the KERIO_DIR directive with the location of your working server directory.
File: /etc/conf.d/kerioconnect
# Kerio Connect Services Configuration File

KERIO_DIR=/opt/kerio/mailserver

#Maximum stack size
# default value: 2048
KERIO_STK_SIZE=2048

#Maximum number of file descriptors
# default value: 4096
KERIO_DESC_SIZE=4096

# The amount of time, in seconds, for the start-stop-daemon
# to wait before attempting to stop Kerio Connect again after the first
# "stop" command is received. The daemon will only retry
# stopping the mailserver process once and will then fallback to the method
# mentioned below.
# Default: 60
STOPTIME=60

# This is the amount of time, in seconds, that you wish
# to wait for the start-stop-daemon to "cleanly" shutdown
# down the mailserver process before issuing SIGKILL to
# "uncleanly" shutdown the process. This wait time is
# compounded by the value set for the STOPTIME variable above.
#
# Note: Killing Kerio Connect before it has had time to process
# mail and other such items can be catastrophic to your
# mailserver's data. It's suggested that you set this value to
# something very high in order to avoid data loss.
# Default Value: 300 (5mins)
KILLTIME=300

[edit] Credits

This article and its contents were made possible by the contributions of the following people/groups:

  • drfli - For his init.d script example on the official Kerio forums.
  • Kerio Technologies Inc. - For the amazing product this article was written for.
Retrieved from "http://en.gentoo-wiki.com/wiki/Kerio_MailServer"
Personal tools