Kerio MailServer

From Gentoo Linux Wiki

[edit] Introduction

Kerio MailServer (KMS), now known as Kerio Connect ^(02-09-2010), is a closed source based mail server for Windows, Mac OS X, and Linux that offers comparable features to Microsoft's Exchange mail server as well as a separate Linux-based GUI application for administrative purposes. While Kerio does not officially support most Linux distributions such as Gentoo, it does not discourage its use in such unsupported distributions either. This page will therefore serve to illustrate how an administrator may install and configure Kerio MailServer/Connect to work on his or her Gentoo-based server.

[edit] Prerequisites

The following is a list of known requirements for the full and stable operation of Kerio Mailserver. Some features may not work should these requirements not be met.

• sys-libs/glibc-2.5 or higher for functional operation of the webmail feature is required. Older versions of glibc may also work with the glibc-compat20 USE flag enabled.
• sys-libs/libstdc++-v3. This package is required if you're using a version of Kerio Mailserver older than version 6.4.0. Newer versions should not be affected by the absence of this package.
• app-emulation/emul-linux-x86-baselibs is required for 64-bit support.
• app-emulation/emul-linux-x86-compat is required for 64-bit support.
• app-arch/rpm2targz (optional). This package is used in this guide to unpack the rpm-compressed archive containing the server files. For this guide this package is a requirement; however, other methods to unpack the archive may alternatively be used. Support for app-arch/rpm and other such archive utilities will not however be provided by this guide should you choose to use them.
• KMS Linux Server RPM Package. You may find the latest version of the KMS server package on the KMS Downloads page and older versions in the Kerio Legacy Downloads page.
• KMS Linux Server Administrative GUI RPM Package (optional). Also located on the KMS Downloads page, this package is meant for GUI-based administration and should be installed on a client system rather than on the server itself. A Windows-based version of the administration client exists as well.
• Have root access to the server as all of the installation instructions below must be run as root (or with root privileges).

[edit] Installation

• Step 1. Download the KMS server RPM archive to a temporary location (/tmp/kms for example) and unpack it using rpm2targz:

• Step 2. Create a working path for the server package (/opt/kerio/mailserver will be used by default):

• Step 3. Move the contents of the temporary directory (/tmp/kms) to your new working directory (/opt/kerio/mailserver):

• Step 4. Change the permissions of the working directory to something secure (ie. root:root).

• Step 5 (Optional). If you wish to change the storage location of your mail files you should do so now. By default Kerio will store mail in the server directory under /opt/kerio/mailserver/store. Should you change its location be sure to indicate the new location during the wizard configuration process or the default location will be used. You may also edit the storage directory any time during normal server operation via the administration GUI or via editing the configuration file directly.
• Step 6. Run the KMS Configuration Wizard to setup your mail server:

• Step 7. Secure your configuration files as in step 4:

• Step 8. Create the /etc/init.d/keriomailserver and /etc/conf.d/keriomailserver files (documented below) and start your server. Should everything work correctly up until now you may connect to your server through the administration GUI and begin modifying your mail server as needed. Optionally you may include your mail server to be started at boot:

[edit] Optional Components

The following is a list of additional programs you may wish to use alongside Kerio MailServer.

[edit] ClamAV

Clam AntiVirus is an open source anti-virus toolkit that is specifically targeted at mail server and gateway integration. It introduces a full set of features including a scalable, multi-threaded daemon designed for email scanning and is developed under the GPL license. It is officially supported by Kerio Technologies, Inc.. Prior to Kerio MailServer version 6.7.2 and immediately following ClamAV version 0.95.* there was an intermittent period of incompatibility between the two programs. Versions of Kerio MailServer starting with version 6.7.2 and above are known to be fully compatible with the most recent versions of ClamAV.

[edit] Installation

• You may simply emerge the latest version of (app-antivirus/clamav) and configure it according to your needs.
  • Please remember to exclude, within the ClamAV configuration file, your mailstore directory or you may experience many issues including a hefty degradation in performance.

[edit] ASSP

The Anti-Spam-SMTP-Proxy service is an excellent, open source alternative to Kerio MailServer's built-in spam filtering implementation and offers a host of features, many of which are not found in KMS. While ASSP acts as a transparent SMTP filtering proxy, it's also capable of scanning incoming and outgoing mail using the ClamAV anti-virus program along-side any other local anti-virus scanning program you may have installed. A brief list of ASSP's features:

• Easy (optional) browser-based setup.
• Native SSL-support. Works even if your MTA doesn't support it.
• Resending of blocked email to the original recipients.
• Improved HELO handling.
• Individual weighting of different DNSBL lists.
• Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA doesn't support it.
• Automatic whitelisting - emails generated by users on the server will never be blocked.
• Makes use of honeypot type spambucket addresses to automatically recognize spam and update your spam database.
• Bayesian filter intelligently classifies email into spam and non-spam.
• Active user community and email list for support questions.
• Source code included if you need to customize your installation.
• Can block spam-bombs (when spammers forge your domain in the from field) and fake Bounces.

You may try the outdated and no longer maintained version of ASSP in portage via emerging the mail-filter package. Or for more current and updated features you may simply compile ASSP from source. Installation is very simple either way.

[edit] Start-up Scripts

#!/sbin/runscript
#
# /etc/init.d/keriomailserver  Script to start and stop Kerio MailServer 

# The KMS executable creates the pid file within /var/run
# The location of the PID cannot therefore, unfortunately, be changed.
KERIO_PIDFILE=/var/run/kms.pid

depend () {
        need net
	use clamd
	provide mta
	}


start() {
	        [ -f ${KERIO_DIR}/mailserver ] || eend "Kerio MailServer not installed"

		        if [ -f ${KERIO_PIDFILE} ]; then
				rm -f "${KERIO_PIDFILE}"
			fi

			ebegin "Starting Kerio MailServer: "
				ulimit -c unlimited
				ulimit -s $KERIO_STK_SIZE
				ulimit -n $KERIO_DESC_SIZE

	start-stop-daemon --start --quiet --make-pidfile --chdir ${KERIO_DIR} --exec ${KERIO_DIR}/mailserver --pidfile ${KERIO_PIDFILE} --name mailserver
eend $?
	}
	
stop() {
		ebegin "Shutting down Kerio MailServer: "
		start-stop-daemon --stop -P -R $STOPTIME --pidfile ${KERIO_PIDFILE} --chdir ${KERIO_DIR} --exec ${KERIO_DIR}/mailserver
eend $?

		PID=`pidof mailserver`
		# Amount of time to wait before uncleanly killing the
		# mailserver process.
			for ((i = 0; i < $KILLTIME; i++)); do
				if [ ! "${PID}" ];
				then
					break;
				else
					sleep 1;
					echo -ne "."
				fi
			done
		
		# Force unclean shutdown
		if [ -n "${PID}" ];
		then
			echo
			ebegin "Forcing Kerio MailServer Shutdown..."
			
			kill -9 $PID
			rm -rf "${KERIO_PIDFILE}"
			eend $?
		fi

	}

restart () {

		PID=`pidof mailserver`
		if [ -n "${PID}" ];
		then
			ebegin "Restarting Kerio MailServer: "

			svc_stop
			sleep 5
			svc_start
			
			eend $?
		else
			eend "Nothing to restart!"
		fi

	}

# Kerio MailServer Services Configuration File

KERIO_DIR=/opt/kerio/mailserver

#Maximum stack size
# default value: 2048
KERIO_STK_SIZE=2048

#Maximum number of file descriptors
# default value: 4096
KERIO_DESC_SIZE=4096

# The amount of time, in seconds, for the start-stop-daemon
# to wait before attempting to stop KMS again after the first
# "stop" command is received. The daemon will only retry
# stopping KMS once and will then fallback to the method
# mentioned below.
# Default: 60
STOPTIME=60

# This is the amount of time, in seconds, that you wish
# to wait for the start-stop-daemon to "cleanly" shutdown
# down the KMS process before issuing SIGKILL to
# "uncleanly" shutdown the process. This wait time is
# compounded by the value set for the STOPTIME variable above.
#
# Note: Killing KMS before it has had time to process
# mail and other such items can be catastrophic to your
# mailserver's data. It's suggested that you set this value to
# something very high in order to avoid data loss.
# Default Value: 300 (5mins)
KILLTIME=300

[edit] Credits

This article and its contents were made possible by the contributions of the following people/groups:

• drfli - For his init.d script example on the official Kerio forums.
• Kerio Technologies Inc. - For the amazing product this article was written for.