Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)

Attention

Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

Requirements

Install SOGo

# yum repolist | grep -i 'epel'
epel              Extra Packages for Enterprise Linux 6 - x86_64          11,109
[SOGo]
name=Inverse SOGo Repository
baseurl=http://packages.inverse.ca/SOGo/nightly/3/rhel/6/$basearch
gpgcheck=0
# yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool
# Part of file: /etc/postfix/aliases

sogo: root

Execute command to update alias db:

# postalias /etc/postfix/aliases

Create required SQL database

SOGo will store some data (e.g. user preferences, sieve rules) in SQL database, so we need to create a database for it.

$ mysql -u root -p

mysql> CREATE DATABASE sogo CHARSET='UTF8';
mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';

Note: SOGo will create required SQL tables automatically, we don't need to create them manually.

Configure SOGo

Default SOGo config file is /etc/sogo/sogo.conf. We have a sample config file for you, just replace MySQL username/password for sogo SQL database and LDAP basedn, bind dn/passwordthen in this file, then it's done.

With below config file, SOGo will listen on address 127.0.0.1, port 20000.

Note

Sample config file below may be out of date, please check the latest one in iRedMail source code repository.

{
    // Official SOGo documents:
    //  - http://www.sogo.nu/english/support/documentation.html
    //  - http://wiki.sogo.nu
    //
    // Mailing list:
    //  - http://www.sogo.nu/english/support/community.html

    // Enable verbose logging. Reference:
    // http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
    //ImapDebugEnabled = YES;
    //LDAPDebugEnabled = YES;
    //MySQL4DebugEnabled = YES;
    //PGDebugEnabled = YES;

    // Daemon address and port
    WOPort = 127.0.0.1:20000;

    // PID file
    //WOPidFile = /var/run/sogo/sogo.log;

    // Log file
    //WOLogFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
    // connection for every access to your IMAP server.
    // But you will get a lot of simultaneous open connections to your IMAP
    // server, so make sure he can handle them.
    // For debugging it is reasonable to turn pooling off.
    //NGImap4DisableIMAP4Pooling = NO;

    SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
    OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";

    // With 3 parameters below, SOGo requires only 9 SQL tables in total
    // instead of creating 4 SQL tables for each user.
    OCSCacheFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_cache_folder";
    OCSStoreURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_store";
    OCSAclURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_acl";

    // Default language in the web interface
    SOGoLanguage = English;

    // Specify which module to show after login: Calendar, Mail, Contacts.
    SOGoLoginModule = Mail;

    // Must login with full email address
    SOGoForceExternalLoginWithEmail = YES;

    // Allow user to change full name and email address.
    SOGoMailCustomFromEnabled = YES;

    // Enable email-based alarms on events and tasks.
    SOGoEnableEMailAlarms = YES;

    // IMAP server
    //SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
    // Local connection is considered as secure by Dovecot.
    SOGoIMAPServer = "imap://127.0.0.1:143/";

    // SMTP server
    SOGoMailingMechanism = smtp;
    SOGoSMTPServer = 127.0.0.1;
    //SOGoSMTPAuthenticationType = PLAIN;

    // Enable managesieve service
    //
    // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
    //          webmail, don't use sieve service in both webmails, otherwise
    //          it will be messy.
    //
    //SOGoSieveServer = sieve://127.0.0.1:4190;
    //SOGoSieveScriptsEnabled = YES;
    //SOGoVacationEnabled = YES;
    //SOGoForwardEnabled = YES;

    // Memcached
    SOGoMemcachedHost = 127.0.0.1;

    SOGoTimeZone = "America/New_York";

    SOGoFirstDayOfWeek = 1;

    SOGoRefreshViewCheck = every_5_minutes;
    SOGoMailReplyPlacement = below;

    SOGoAppointmentSendEMailNotifications = YES;
    SOGoFoldersSendEMailNotifications = YES;
    SOGoACLsSendEMailNotifications = YES;

    // PostgreSQL cannot update view
    SOGoPasswordChangeEnabled = YES;

    // Authentication using LDAP
    SOGoUserSources = (
        {
            type = ldap;
            hostname = "ldap://127.0.0.1:389";
            baseDN = "o=domains,dc=example,dc=com";
            //bindAsCurrentUser = YES;
            bindDN = "cn=vmailadmin,dc=example,dc=com";
            bindPassword = "SLNHxbNmFwSd55gpZACnvZdTT10zSX";
            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail";
            scope = SUB;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha.
            userPasswordAlgorithm = ssha;

            IDFieldName = mail;
            bindFields = (mail);
            CNFieldName = cn;
            // value of UID field must be unique on whole server.
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
            canAuthenticate = YES;
            displayName = "Global Address Book";
            id = ldap_auth;
            isAddressBook = YES;
        }
    );
}

Important note:

    SOGoSieveServer = sieve://127.0.0.1:4190;
    SOGoSieveScriptsEnabled = YES;
    SOGoVacationEnabled = YES;
    SOGoForwardEnabled = YES;

Configure web server

To access SOGo groupware (webmail/calendar/contact), we need to configure web server.

Apache web server

SOGo installs Apache config file /etc/httpd/conf.d/SOGo.conf by default, please open it and find below lines:

#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=360

Remove # at the beginning to enable ActiveSync support:

ProxyPass /Microsoft-Server-ActiveSync \
 http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
 retry=60 connectiontimeout=5 timeout=360
RedirectMatch ^/[Ss][Oo][Gg][Oo](.*) /SOGo$1

Nginx web server

If you're running Nginx web server configured by iRedMail, please open file /etc/nginx/conf.d/default.conf, add some lines in server {} configured for HTTPS:

server {
    listen 443;
    ...

    # Add below lines for SOGo
    # SOGo
    location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
    location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }

    # For IOS 7
    location = /principals/ {
        rewrite ^ https://$server_name/SOGo/dav;
        allow all;
    }

    location ^~ /SOGo {
        proxy_pass http://127.0.0.1:20000;
        #proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
        # forward user's IP address
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Host $host;
        proxy_set_header x-webobjects-server-protocol HTTP/1.0;
        #proxy_set_header x-webobjects-remote-host 127.0.0.1;
        #proxy_set_header x-webobjects-server-name $server_name;
        #proxy_set_header x-webobjects-server-url $scheme://$host;
    }

    location ^~ /Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
    }

    location ^~ /SOGo/Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
    }

    location /SOGo.woa/WebServerResources/ {
        alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
    }
    location /SOGo/WebServerResources/ {
        alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
    }
    location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
        alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
    }
}

Important note: You must replace path /usr/lib/GNUstep/SOGo with the real directory which contains SOGo files:

Start SOGo and dependent services

# service httpd restart     # <- restart 'nginx' service if you're running Nginx
# service memcached restart
# service sogod restart

Add Dovecot Master User, used for vacation message expiration

SOGo need a Dovecot Master User to cleanup vacation expiration, please follow our tutorial to add a Dovecot Master User for this purpose: Dovecot Master User.

After added a Dovecot Master User for SOGo, we must store its username and plain password in a separate file used by SOGo, we use /etc/sogo/sieve.cred here for example.

Create file /etc/sogo/sieve.cred, write Dovecot Master User in this file in format: username:password. For example:

my_master_user@non-exist.com:my_master_password

Set strict file owner and permission:

# chown sogo:sogo /etc/sogo/sieve.cred
# chmod 0400 /etc/sogo/sieve.cred

Add required cron jobs

Please add below cron jobs for SOGo daemon user sogo. You can add them with command: crontab -l -u sogo

# iRedMail: SOGo email reminder, should be run every minute.
*   *   *   *   *   /usr/sbin/sogo-ealarms-notify

# iRedMail: SOGo session cleanup, should be run every minute.
# Ajust the [X]Minutes parameter to suit your needs
# Example: Sessions without activity since 30 minutes will be dropped:
*   *   *   *   *   /usr/sbin/sogo-tool expire-sessions 30

# iRedMail: SOGo vacation messages expiration
# The credentials file should contain the sieve admin credentials (username:passwd)
0   0   *   *   *   /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.cred

Access SOGo from web browser

Open your favourite web browser, access URL: https://[your_server]/SOGo (the word SOGo is case-sensitive), you can login with your email account credential.

Configure your mail clients or mobile devices to use CalDav/CardDAV services

Please check our documents here to configure your mail clients or mobile devices.

References