How To Setup a DavMail Exchange Gateway on a Debian 7 VPS


In case your school or workplace utilizes Microsoft Exchange for E-mail, then you may want access of your Exchange E-mail account from those E-mail clients who do not provide support to Exchange protocol.

DavMail offers a solution byconverting Microsoft Exchange to open protocols like IMAP,POP, SMTP, Carddav, LDAP and Caldav.


A few additional dependencies are required by Davmailfor proper working. These can be installed with apt:

sudo apt-get install default-jre libswt-gtk-3-java libswt-cairo-gtk-3-jni

Debian packagehas been made available by theDavMail project on their website through [SourceForge (

The most recent Debian package can be downloaded with wget:


NowDavMailcan be installed with dpkg:

sudo dpkg -i davmail_4.4.1-2225-1_all.deb

Basic Configuration

By default, the configuration file of DavMaildoes not exist. You can use any text editor of yours for creating one:

sudo nano /etc/

DavMailshould be set to server mode so that X11 is not required by it:


Now remote mode needs to be enabled and bind address needs to be set to the IP address of your droplet or it can be set blank:


Set davmail.url  to your Outlook Web Access/ Outlook Web App URL, that generally ends in/owa:


Your connection mode should be set to:


Your port options need to be set:


Now save and close the configuration file.

Create A SSL Certificate

For enabling the SSL encryption, a SSL certificate and SSL private key is required in the PEM format. In casethe certificate has been bought from a Certificate Authority, then you should already possess your key and certificate. If this is the case, then continue to the section of Configuring SSL below. Alternatively, a self-signed certificate can be generated by following the steps given.

Use OpenSSL for generating a RSA key:

sudo openssl genrsa -out /usr/lib/ssl/private/davmail.key 2048

Ensure that root owns the key and all the permissions are properly set:

sudo chown root:root /usr/lib/ssl/private/davmail.key
sudo chmod 600 /usr/lib/ssl/private/davmail.key

Now, a certificate signing request is to be created:

sudo openssl req -new -key /usr/lib/ssl/private/davmail.key -out /usr/lib/ssl/certs/davmail.csr

Multiple questions will now be asked by OpenSSL. Common Nameis the only important field that needs to be set to your droplet’s IP address or its domain name which email clients (like or can then access.You can leave all the other fields with anything or can set them to their defaults just by just pressing enter:

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:New York
Locality Name (eg, city) [Default City]:New York City
Organization Name (eg, company) [Default Company Ltd]:Lolcats United
Organizational Unit Name (eg, section) []:Keyboard Cat Department
Common Name (eg, your name or your server's hostname) []
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Use your private key for signing the certificate and the expiration date can be set using the -days argument:

sudo openssl x509 -req -signkey /usr/lib/ssl/private/davmail.key -in /usr/lib/ssl/certs/davmail.csr -out /usr/lib/ssl/certs/davmail.crt -days 365

The certificate will expire in a year (365 days) with these settings.

Now you possess an SSL certificate of your own!

Configuring SSL

Since you now possess your own SSL certificate, convert it to a format that can be understood byDavMail. The examples that follow will utilize the certificate and key that were generated above. In case a certificate is purchased from a Certificate Authority, then those files should be utilized instead of davmail.key and davmail.crt.

You need to begin by joining cat with yourkey and certificate file:

sudo -s cat /usr/lib/ssl/private/davmail.key /usr/lib/ssl/certs/davmail.crt > /usr/lib/ssl/certs/davmail.pem

Again, permissions need to be set so that key file can only be accessed by the root:

sudo chown root:root /usr/lib/ssl/certs/davmail.pem
sudo chmod 600 /usr/lib/ssl/certs/davmail.pem

Now your combined certificate and key needs to be converted to a pkcs12 file:

sudo openssl pkcs12 -export -in /usr/lib/ssl/certs/davmail.pem -out /usr/lib/ssl/certs/davmail.p12 -name “davmail”

Prompt will be given for entering an export password and this field can not be left blank!

A password must be set for DavMailto work properly.

Permissions can be set by:

sudo chown root:root /usr/lib/ssl/certs/davmail.pem
sudo chmod 600 /usr/lib/ssl/certs/davmail.pem

Now DavMail configuration needs to be opened again:

sudo nano /etc/

The configuration options provided below inform DavMail of the pkcs12 file’s location that was just generated and the set passphrase:


Both davmail.ssl.keyPass  and davmail.ssl.keystorePass  should possess the exact value. The configuration file needs to be saved.

You can now utilize your SSL certificate as DavMail stands configured.

Start DavMail

As the Debian package that was earlier downloaded does not include an init script, therefore we need to create our own.

A new file can be created using your favored text editor:

sudo nano /etc/init.d/davmail

The following should be copied and pasted into the file:

#! /bin/sh
# Provides:          davmail
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: DavMail Exchange gatway
# Description:       A gateway between Microsoft Exchange and open protocols.

    # Author: Jesse TeKrony <jesse ~at~ jtekrony ~dot~ com>

    DESC="Davmail Exchange gateway"

    # Exit if the package is not installed
    [ -x "$DAEMON" ] || exit 0

    # Read configuration variable file if it is present
    [ -r /etc/default/$NAME ] && . /etc/default/$NAME

    # Load the VERBOSE setting and other rcS variables
    . /lib/init/

    # Define LSB log_* functions
    . /lib/lsb/init-functions

    # Function that starts the daemon/service
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
            || return 1
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
            $DAEMON_ARGS >> $LOGFILE 2>&1 &
        [ $? != 0 ] && return 2
        echo $! > $PIDFILE
        exit 0

    # Function that stops the daemon/service
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
        [ "$RETVAL" = 2 ] && return 2.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ "$?" = 2 ] && return 2
        rm -f $PIDFILE
        return "$RETVAL"

    case "$1" in
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
           status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
        log_daemon_msg "Restarting $DESC" "$NAME"
        case "$?" in
            case "$?" in
                0) log_end_msg 0 ;;
                1) log_end_msg 1 ;; # Old process is still running
                *) log_end_msg 1 ;; # Failed to start
            # Failed to stop
            log_end_msg 1
        echo "Usage: $SCRIPTNAME {start|stop|status|restart| force-reload}" >&2
        exit 3

Now save and close the file.

The script can be marked as executable, the service can be started, and it can be enabled at boot:

sudo chmod +x /etc/init.d/davmail
sudo service davmail start
sudo update-rc.d davmail defaults

Client Configuration

Now that you have a running server, you can begin configuring your E-mail clients. You can utilize the “manual” options of your E-mail client for creating a new account. Both the SMTP and IMAP server will be your droplet’s IP address or domain name, according to the Common Name that you have used on your SSL certificate. Your email address without domain name will be the username for bothSMTP and IMAP. For instance: [email protected] is your email ID, so tom is your username. Ensure that both SMTP and IMAP have been set for utilizing SSL/TLS and not STARTTLS.

Some email clients of yours will generate warnings as a self-signed certificate is being used by you. However, since you created it yourself, accepting it is safein this case.

For particular instructions on Mac OSX, Thunderbird andiOS, visit DavMail’s website.

You can now utilize your Microsoft Exchange E-mail account with open technologies for sending or receiving your E-mail!







KB Admin has written 28 articles

Leave a Reply