How To Setup a DavMail Exchange Gateway on a Debian 7 VPS

Introduction

In case your school or workplace utilizes Microsoft Exchange for E-mail, then you may want access of your Exchange E-mail account from those E-mail clients who do not provide support to Exchange protocol.

DavMail offers a solution byconverting Microsoft Exchange to open protocols like IMAP,POP, SMTP, Carddav, LDAP and Caldav.

Installation

A few additional dependencies are required by Davmailfor proper working. These can be installed with apt:

sudo apt-get install default-jre libswt-gtk-3-java libswt-cairo-gtk-3-jni

Debian packagehas been made available by theDavMail project on their website through [SourceForge (http://sourceforge.net/projects/davmail/files/davmail/).

The most recent Debian package can be downloaded with wget:

wget http://sourceforge.net/projects/davmail/files/davmail/4.4.1/davmail_4.4.1-2225-1_all.deb

NowDavMailcan be installed with dpkg:

sudo dpkg -i davmail_4.4.1-2225-1_all.deb

Basic Configuration

By default, the configuration file of DavMaildoes not exist. You can use any text editor of yours for creating one:

sudo nano /etc/davmail.properties

DavMailshould be set to server mode so that X11 is not required by it:

davmail.server=true

Now remote mode needs to be enabled and bind address needs to be set to the IP address of your droplet or it can be set blank:

davmail.allowRemote=true
davmail.bindAddress=

Set davmail.url  to your Outlook Web Access/ Outlook Web App URL, that generally ends in/owa:

davmail.url=https://yourcompany.com/owa

Your connection mode should be set to:

davmail.enableEws=auto

Your port options need to be set:

davmail.imapPort=993
davmail.smtpPort=465
davmail.ldapPort=636
davmail.popPort=995
davmail.caldavPort=8443

Now save and close the configuration file.

Create A SSL Certificate

For enabling the SSL encryption, a SSL certificate and SSL private key is required in the PEM format. In casethe certificate has been bought from a Certificate Authority, then you should already possess your key and certificate. If this is the case, then continue to the section of Configuring SSL below. Alternatively, a self-signed certificate can be generated by following the steps given.

Use OpenSSL for generating a RSA key:

sudo openssl genrsa -out /usr/lib/ssl/private/davmail.key 2048

Ensure that root owns the key and all the permissions are properly set:

sudo chown root:root /usr/lib/ssl/private/davmail.key
sudo chmod 600 /usr/lib/ssl/private/davmail.key

Now, a certificate signing request is to be created:

sudo openssl req -new -key /usr/lib/ssl/private/davmail.key -out /usr/lib/ssl/certs/davmail.csr

Multiple questions will now be asked by OpenSSL. Common Nameis the only important field that needs to be set to your droplet’s IP address or its domain name which email clients (like davmail.mydomain.com or 123.123.123.123) can then access.You can leave all the other fields with anything or can set them to their defaults just by just pressing enter:

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
    -----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:New York
Locality Name (eg, city) [Default City]:New York City
Organization Name (eg, company) [Default Company Ltd]:Lolcats United
Organizational Unit Name (eg, section) []:Keyboard Cat Department
Common Name (eg, your name or your server's hostname) []:mydomain.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Use your private key for signing the certificate and the expiration date can be set using the -days argument:

sudo openssl x509 -req -signkey /usr/lib/ssl/private/davmail.key -in /usr/lib/ssl/certs/davmail.csr -out /usr/lib/ssl/certs/davmail.crt -days 365

The certificate will expire in a year (365 days) with these settings.

Now you possess an SSL certificate of your own!

Configuring SSL

Since you now possess your own SSL certificate, convert it to a format that can be understood byDavMail. The examples that follow will utilize the certificate and key that were generated above. In case a certificate is purchased from a Certificate Authority, then those files should be utilized instead of davmail.key and davmail.crt.

You need to begin by joining cat with yourkey and certificate file:

sudo -s cat /usr/lib/ssl/private/davmail.key /usr/lib/ssl/certs/davmail.crt > /usr/lib/ssl/certs/davmail.pem
exit

Again, permissions need to be set so that key file can only be accessed by the root:

sudo chown root:root /usr/lib/ssl/certs/davmail.pem
sudo chmod 600 /usr/lib/ssl/certs/davmail.pem

Now your combined certificate and key needs to be converted to a pkcs12 file:

sudo openssl pkcs12 -export -in /usr/lib/ssl/certs/davmail.pem -out /usr/lib/ssl/certs/davmail.p12 -name “davmail”

Prompt will be given for entering an export password and this field can not be left blank!

A password must be set for DavMailto work properly.

Permissions can be set by:

sudo chown root:root /usr/lib/ssl/certs/davmail.pem
sudo chmod 600 /usr/lib/ssl/certs/davmail.pem

Now DavMail configuration needs to be opened again:

sudo nano /etc/davmail.properties

The configuration options provided below inform DavMail of the pkcs12 file’s location that was just generated and the set passphrase:

davmail.ssl.keystoreType=PKCS12
davmail.ssl.keystoreFile=/usr/lib/ssl/certs/davmail.p12
davmail.ssl.keyPass=password
davmail.ssl.keystorePass=password

Both davmail.ssl.keyPass  and davmail.ssl.keystorePass  should possess the exact value. The configuration file needs to be saved.

You can now utilize your SSL certificate as DavMail stands configured.

Start DavMail

As the Debian package that was earlier downloaded does not include an init script, therefore we need to create our own.

A new file can be created using your favored text editor:

sudo nano /etc/init.d/davmail

The following should be copied and pasted into the file:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          davmail
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: DavMail Exchange gatway
# Description:       A gateway between Microsoft Exchange and open protocols.
    ### END INIT INFO

    # Author: Jesse TeKrony <jesse ~at~ jtekrony ~dot~ com>

    PATH=/sbin:/usr/sbin:/bin:/usr/bin
    DESC="Davmail Exchange gateway"
    NAME=davmail
    CONFIG=/etc/davmail.properties
    DAEMON=/usr/bin/$NAME
    DAEMON_ARGS="$CONFIG"
    PIDFILE=/var/run/$NAME.pid
    SCRIPTNAME=/etc/init.d/$NAME
    LOGFILE=/var/log/davmail.log

    # Exit if the package is not installed
    [ -x "$DAEMON" ] || exit 0

    # Read configuration variable file if it is present
    [ -r /etc/default/$NAME ] && . /etc/default/$NAME

    # Load the VERBOSE setting and other rcS variables
    . /lib/init/vars.sh

    # Define LSB log_* functions
    . /lib/lsb/init-functions

    #
    # Function that starts the daemon/service
    #
    do_start()
    {
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
            || return 1
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
            $DAEMON_ARGS >> $LOGFILE 2>&1 &
        [ $? != 0 ] && return 2
        echo $! > $PIDFILE
        exit 0
    }

    #
    # Function that stops the daemon/service
    #
    do_stop()
    {
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
        RETVAL="$?"
        [ "$RETVAL" = 2 ] && return 2.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ "$?" = 2 ] && return 2
        rm -f $PIDFILE
        return "$RETVAL"
    }

    case "$1" in
      start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
      stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
      status)
           status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
           ;;
      restart|force-reload)
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
            do_start
            case "$?" in
                0) log_end_msg 0 ;;
                1) log_end_msg 1 ;; # Old process is still running
                *) log_end_msg 1 ;; # Failed to start
            esac
            ;;
          *)
            # Failed to stop
            log_end_msg 1
            ;;
        esac
        ;;
      *)
        echo "Usage: $SCRIPTNAME {start|stop|status|restart| force-reload}" >&2
        exit 3
        ;;
    esac

Now save and close the file.

The script can be marked as executable, the service can be started, and it can be enabled at boot:

sudo chmod +x /etc/init.d/davmail
sudo service davmail start
sudo update-rc.d davmail defaults

Client Configuration

Now that you have a running server, you can begin configuring your E-mail clients. You can utilize the “manual” options of your E-mail client for creating a new account. Both the SMTP and IMAP server will be your droplet’s IP address or domain name, according to the Common Name that you have used on your SSL certificate. Your email address without domain name will be the username for bothSMTP and IMAP. For instance: [email protected] is your email ID, so tom is your username. Ensure that both SMTP and IMAP have been set for utilizing SSL/TLS and not STARTTLS.

Some email clients of yours will generate warnings as a self-signed certificate is being used by you. However, since you created it yourself, accepting it is safein this case.

For particular instructions on Mac OSX, Thunderbird andiOS, visit DavMail’s website.

You can now utilize your Microsoft Exchange E-mail account with open technologies for sending or receiving your E-mail!

 

 

 

 

 

 

KB Admin has written 28 articles

Leave a Reply