How can we help?




Follow

SINGLE SERVER: INSTALLATION GUIDE

Steve Webb -

What is atmail suite

atmail suite is a browser-based email client and comprises of the email client and JMAP API.  This can be integrated with atmail DAV to provide contacts and calendar as well.

What is atmail mail server

The atmail mail server provides admin users with a GUI to perform many of the admin tasks related to running an email system. 

Some of the functionality provided by the mail server is:

  • the ability to create domains, accounts, sub-domains, and reset passwords.
  • Control settings related to IMAP, POP, and SMTP.
  • Integration of mail server and atmail suite.

Purpose of this guide

The instructions that follow will take you through the installation steps for atmail suite and then atmail mail server on a single node server.

Pre-installation notes

SYSTEM REQUIREMENTS

Before you install the atmail suite, please make sure you meet the minimum system requirements.  

Minimum system software requirements

Operating System - CentOS 7.x only

Postfix

If you are planning to use the atmail mail server, you will need to remove the Postifx MTA daemon, that is installed by default on CentOS 7.

As you will notice, Postfix is started and listens on localhost on port 25. Proceed with Postfix MTA service removal by issuing the following commands.

systemctl stop postfix
systemctl disable postfix
yum remove postfix -y

MariaDB

MariaDB must be installed and configured before installation of atmail suite or atmail mail server software.

yum install mariadb mariadb-server -y -q

Once the installation is complete, enable MariaDB to start on boot and start the service:

systemctl enable mariadb
systemctl start mariadb

Ensure that the MariaDB service is active:

systemctl status mariadb
● mariadb.service - MariaDB database server
 Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
 Active: active (running) since Mon 2019-12-09 16:05:34 AEST; 2s ago
 Process: 18325 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
 Process: 18237 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 18324 (mysqld_safe)
 CGroup: /system.slice/mariadb.service
 ├─18324 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
 └─18487 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file...

Finally, run the mysql_secure_installation script:

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: *********
Re-enter new password: *********
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
The root password for mariaDB has been set to none.  If you set a password, you will need to remember to supply it when installing mail server and atmail suite.

 Test if you are able to run mariaDB

mysql -u root -p
Enter password: *********
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> exit
Bye

OpenSSL

OpenSSL must be installed and configured before installation of atmail suite or atmail mail server software.

yum install openssl openssl-libs -y -q

Firewalld

Ensure you have the appropriate firewalld configuration as this will ensure that the correct ports are opened.  By default, all ports other than 22 will be closed.

Check if firewalld is enabled and started

systemctl is-enabled firewalld
enabled

If this command do not return enabled you should perform the next command
systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

Start firewalld

systemctl start firewalld
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-06-27 16:53:32 AEST; 5s ago

List allowed services

firewall-cmd --list-service
dhcpv6-client ssh

Add required services: HTTPS, SMTP, IMAP, POP3, DAV, DHCP (May be required in a testing environment).

firewall-cmd --zone=public --add-service=smtp --add-service=smtps --add-service=imap --add-service=imaps --add-service=pop3 --add-service=pop3s --add-service=https --add-service=dhcp --permanent
success
firewall-cmd --zone=public --add-port=587/tcp --add-port=8443/tcp --permanent
success

Reload firewalld

firewall-cmd --reload
success

List allowed services and ports. Check for previously added additions. Please note, by default Exim does not have a service running on 587/tcp so this addition is optional.

firewall-cmd --list-all | grep 'services\|ports' | head -n 2
services: dhcp dhcpv6-client https imap imaps pop3 pop3s smtp smtps ssh
ports: 8443/tcp 587/tcp

 Further information on the use of firewalld can be seen at on our Help Centre page firewalld 

Extra Packages for Enterprise Linux (EPEL)

Some packages are available from the EPEL repository

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y

atmail Public Software Repository

 It is now possible to connect to the atmail Public Software Repository and allow yum to install the latest software releases directly.

 To configure your server to use the repository run

bash <(curl -s https://repo.atmail.com/add_repo)

This completes the setup of the server and it is now ready for the atmail software.

atmail suite Installation Notes

  • Use yum to install the atmail-common rpm.
yum install atmail-common -y
    Creating group atmail ..... [ OK ]
    Creating user atmail ..... [ OK ]
    Switching SELinux to permissive mode ..... [ OK ]
  • Use yum to install the atmail-api rpm.
yum install atmail-api -y
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-11.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Remove /etc/atmail/api/.master on slave nodes
Created symlink from /etc/systemd/system/multi-user.target.wants/apiserver.service to /usr/lib/systemd/system/apiserver.service.
  • Configure the atmail API server. Please note that your browser will need to resolve the entry placed in the URL Hostname fieldIn the example below, your browser will try to resolve https://atmail8test/login. If testing, the easiest way is to use the servers IP address or check the current server hostname with
hostname

Then run the following command using the root password you set in the MariaDB installation

/usr/bin/atmail-api-install
Enter DB Host [ localhost ] :
Enter DB Port [ 3306 ] :
Enter DB user that has create user/grant access [ root ] :
Enter root password [  ] : *********
Enter URL Hostname where atmail services will be found [ atmail8test ] :
Will the API provision contacts/calendars/myfiles [ yes ] :
Enter MAX ZIP DOWNLOAD in bytes [ 32000000 ] :
DAV provisioning has been enabled - you will need to update api.conf with details provided by dav install
Is this a webmail ONLY install ? (ie no mailserver) yes/no [ no ] :
Enter your atmail ID : <atmail ID>
Enter you licence key : <atmail suite licence key>
Configure NginX [ yes ] :

Create the apiadmin profile:

source /etc/profile.d/atmail-apiadmin.sh

Create an admin user by running the following command with your values for username and password

apiadmin user add <username> <password> --role=admin
  • Restart API service
systemctl restart apiserver
  • Check the status of apiserver and ensure it is active and running.
systemctl status apiserver
● apiserver.service - atmail-api - jmap api for atmail webmail
  Loaded: loaded (/usr/lib/systemd/system/apiserver.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/apiserver.service.d
           └─depends.conf
  Active: active (running) since Fri 2020-03-20 15:16:40 GMT; 3min 21s ago
     Docs: http://www.atmail.com/
 Main PID: 21002 (apiserver)
   CGroup: /system.slice/apiserver.service
           └─21002 /usr/bin/apiserver -config /etc/atmail/api/api.conf

Mar 20 15:16:40 atmail8test systemd[1]: Started atmail-api - jmap api for atmail webmail.
Mar 20 15:16:40 atmail8test apiserver[21002]: apiserver redirecting output to log file: /var/log/atmail/api.log
  • Use yum to install the atmail-webmail rpm.
yum install atmail-webmail -y

Configure the atmail webmail

/usr/bin/atmail-webmail-configure
Enter URL Hostname for atmail services [ atmail8test ] :
Enter brand name for webmail (will be shown in browser tab/title bar) [ ] :
Configure NginX [ yes ] :
  • Restart NGINX
systemctl restart nginx
  • OPTIONAL: DAV PROVIDES BOTH CONTACTS AND CALENDAR SERVICES. 

Use yum to install the atmail-dav rpm.

yum install atmail-dav -y
Generating self-signed cert

Configure the atmail DAV service using the same MariaDB root password

/usr/bin/atmail-dav-install
Enter DB Host [ localhost ] :
Enter DB Port [ 3306 ] :
Enter DB user that has create user/grant access [ root ] :
Enter root password [  ] : *********
Configure NginX [ yes ] :
Configure PHP-FPM [ yes ] :
Would you like the api.conf updated to include dav DSN yes/no [ yes ] :
  • Restart services.
systemctl restart php-fpm nginx apiserver

Your atmail suite rpm installation is now complete!

Test your installation by connecting to webmail via your URL yourdomainname.com/login.

https://yourdomainname.com/login/

This install uses self-signed certificates, the browser may warn you that the certificate is not trusted, please acknowledge the browser warning and proceed to the site. Configuration of new certificates can be performed after atmail mail server is installed.

Post-installation notes

DAV INTEGRATION

If installing atmail-dav for contacts and calendars, the invites for an out the box install will not work as the dav sender needs to be set in the dav confilg file. 

Open the config.php file

vi /etc/atmail/dav/config.php

Find the DAV_SERVER value define('DAV_SENDER', 'noreply'); and update this to your email domain

define('DAV_SENDER', 'noreply@yourdomainname.com');

Save the update to the config.php file

Now you will be able to send calendar invites.

This completes the atmail suite installation and the server is now ready for the atmail mail server installation.

atmail mail server Installation Notes

  • Use yum to install redis.
yum install redis -y
  • Then enable and start redis
systemctl enable redis
systemctl start redis
  • Use yum to install exim.
yum install exim -y
  • Use yum to install the atmail-cosadm rpm
yum install atmail-cosadm -y
  • Use yum to install the atmail-mailserver-ansible rpm.
yum install atmail-mailserver-ansible -y
  • For single node install the atmail-mailserver-ansible-jap rpm is not needed and can be safely ignored as it has been included in the atmail-mailserver-ansible package above.
  • Use yum to install the atmail-mailserver rpm.
yum install atmail-mailserver -y
  • Configure the atmail mail server using the same MariaDB root password.
/usr/bin/atmail-mailserver-install
Enter DB host [ localhost ] : 
Enter DB port [ 3306 ] :
Enter DB Username with GRANT/CREATE ACCESS [ root ] :
Enter DB Username Password [  ] : *********
Configure Nginx [ yes ] :
Configure PHP-FPM [ yes ] :
  • Use yum to install the atmail-mailserver-plugin-WebmailIntegration rpm.
yum install atmail-mailserver-plugin-WebmailIntegration -y
  • Restart services.
systemctl restart php-fpm nginx
  • Register your license details. Access your installation via your URL yourdomainname.com/admin. 

This install uses self-signed certificates, the browser may warn you that the certificate is not trusted, please acknowledge the browser warning and proceed to the admin site.  To configure a new certificate use this guide as a reference. 

Default access details

https://yourdomainname.com/admin/
Username: admin
Password: admin
Click on Login

Register_a_license.png

Enter your atmail ID and the atmail mail server License key.

Add_new_license.png

Click on Register license key and you will receive a pop-up window entitled Insecure Password.

Security_Alert_popup.png

Click on OK to be taken to the Change Password screen. 

Set_new_admin_password.png

Enter both the old and new passwords before pressing the Change button. This will logout this session and ask you to login with the new password.

  • Go to webadmin > Services and press Publish config.Publish_config.png
  • Restart services.
systemctl restart dovecot exim php-fpm nginx
  • Configure the Webmail API

webmail_api.png

Enter the URL of the server/api, so in this example it would be https://atmail8test/api

Also add the username and password of the API user that you created with apiadmin command during the atmail Suite section.

Click on Save Settings

Post-installation notes

PHP SETTINGS

Define your timezone for php by editing php.ini and updating the variable to your timezone as displayed below. A list of valid timezones can be found at http://php.net/date.timezone

vi /etc/php.ini
[Date]                                                                                              
; Defines the default timezone used by the date functions 
; http://php.net/date.timezone                            
date.timezone = Australia/Brisbane 

After updating the php.ini file, restart services:

systemctl restart php-fpm nginx

This completes the atmail mail server installation and the server is now ready for configuration

Further Configuration

That completes the full installation of atmail suite and atmail mail sever

It is recommend you visit the links below for further configuration and setup of your installation:

Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com