Centos scalix install

Post by ddrysdale » Fri Jun 24, am. Post by hulyom » Mon Nov 20, pm. Post by jasonxoxide » Mon Nov 20, pm. Post by hectic » Thu Nov 23, pm. Post by fjones » Sun Dec 31, pm. Privacy Terms. Quick links. There are two very specific requirements that can not be changed 1.

There must a central address book on the server, 2. Bastille-Linux will help you harden your system as a whole. For example, if you remove the AUTH extension, clients will not try to authenticate any more, so this should not be used in environments where the SMTP port is also used for authenticated message submission. As you can see the greeting line reveals the Scalix server but not its version number.

As you can see both the greeting and goodbye line reveal sensative information. It is not currently possible to configure the goodbye line, therefore the IMAP session still reveals the Scalix server but not the version number anymore.

An enhancement request has been entered on 28 AUG By default Appache supplies a lot of information about the system. In this section we will minimize the information provided. Replace this with your own page or a blank page. As you can see the telnet session reveals sensative information.

You can change this by editing the httpd. The last directive is outdated after Apache version 2. The telnet session still contains the product name but the version number and OS name are gone. You can change the product name by getting the Apache source code, edit the file httpd. However keep in mind that you can't use the Apache and associated modules security updates for your system anymore. That might impose an even bigger security risk.

I don't know the security implecation of giving the psdata file world read writes but it keeps the errors out of caa. Force your users to use the https protocol instead of the http protocol when they want to use webmail or sac.

This way the information they supply won't be send in plain text over the internet. For Scalix A point to be noted, the changes to these instance file get overwritten on each Scalix Version update, this is a known issue and would be resolved in the release after This configures the redirection from the secure ports to the non-secure ports.

You would normally not open up the non-secure ports through the firewall. If your Scalix server is accepting incoming internet mail, you would also need to open port In a multihomed or clustered environment you should use the "host:port" syntax for the accept and connect lines. Note: If using a non-default location, enter this line at the top of stunnel. Creating an stunnel map for SMTP may cause an open relay. The way that stunnel works is that it it accepts encrypted data on port X and redirects the unencrypted form of that data to port Y via the localhost interface.

In the case of SMTP, connections from localhost do not require, and in some cases forbid, user authentication for mail relay functions. Scalix 11 has a work around. Rather than redirecting to port 25; redirect to port in the stunnel.

Added By: jgravert You may contact me for Help. Look at the bottom of this documentation. I am Running Scalix Since stunnel isn't well documented I decided to write this Step by Step to assist others in their setups. But the following may help you with configuring stunnel on your server.

First verify that the stunnel package version 4. Also make sure you have openssl installed according to the Scalix Installation documentation. Please note that under some circumstances the re installation will fail when not all prerequisites were met. Before retrying the installation, please remove all scalix packages run within the directory where all Scalix.

If not, you must use absolute pathnames for all commands. On Debian and Ubuntu, before initialising the Scalix message store, you should install the libssl0. If it is not available, you can try sym-linking the libcrypto. Sym-linking is not recommended however as there are significant changes between the two versions of OpenSSL in question.

Before creating any new user, set the default rules for generating the display name shown in 'From' email headers and address book display , the login name used to log in to Scalix clients and the Internet address. The user can always be created as a limited user because the only server he is allowed to log in to is LDAP, which does not require a premium user account. Next, create the standard Scalix Admin groups for the Scalix Admin server. The names of these groups are fixed, so you must create them as follows:.

For details on these settings, please refer to the Scalix Administration Guide.