RSS

First Steps with Scalix Admin Console and Scalix Web Access

October 13, 2009

Uncategorized

Scalix

Linux Administrator’s Guide

Scalix email and calendaring, HP OpenMail, and Samsung Contact: these three names
stand for some of the most powerful open-source-based groupware solutions available.
This book sets out to explain their fundamentals to Linux administrators.

Since the early 90s, Hewlett Packard had earned many awards for its mail server, and
OpenMail was said to be more scalable, reliable, and better performing than any other
mail and groupware server. After only a few years, the product had managed to conquer
the United States’ fortune 1000 almost entirely. Scalix Inc., a member of the Xandros
family, has continued this story in the last years: several reviewers claim that it has better
Outlook support than MS Exchange.

With the right know-how, Scalix can be easily managed. Several thousand mailboxes are
possible on a single server; Web-GUIs and command line tools help the administrator;
and Scalix integrates easily with other professional tools, be it OpenVPN, Nagios
monitoring or others.

During its history of almost 20 years, many tools and programs were developed for
Scalix to help the admin in his/her daily work. While the official documentation has
several thousand pages, which are not all up-to-date, this book tries to give a detailed
overview from installation to advanced setups and configuration in big companies.

With this book, I want to provide both a concise description of Scalix’ features and an
easy-to-use introduction for the inexperienced. Admins, consultants, and teachers will all
find this book a helpful base for daily work and training. Though there are many other
possible ways to success in the described scenarios, the ones presented have been tested
in many setups and have been selected for simplicity reasons.

High-end email and groupware is a domain where only few vendors can provide
solutions. This is not the realm of Microsoft, and it has never been. It is where companies
like HP, Novell or Scalix offer reliable and scalable products. And, Scalix is the only one
that has licenced parts under a free and open-source licence. The software is free for up to
10 users, easy-to-use, and offers a lot of possible features ranging from caldav or syncml
to clusters.

What This Book Covers

Chapter 1 will cover how email became a communication standard, what RFCs are, and
where you can find the relevant ones. After a short glance on how email works, the
related protocols: SMTP, POP, IMAP, and MAPI are explained in brief as well as LDAP,
X500, MIME, and SOAP. An overview of the groupware market, including the various
definitions of the latter by different vendors closes the chapter.

Chapter 2 will start with the history of Scalix groupware. We’ll see what a mail node is
and where to get more information on Scalix terms like the indexing server, daemons,
and services. The chapter will also deal with the protocols supported by Scalix, the
license involved, and the packages offered by Scalix.

Chapter 3 describes the standard installation of Scalix software on OpenSUSE 10.2 and
Fedora Core 5.

Chapter 4 deals with advanced installation techniques. First, you will learn about how to
get the graphical installation on Windows systems by using NoMachine NX Terminal
software. The second part of this chapter shows a typical text-based installation. As an
example, we show how the graphical installer is used to correctly uninstall a Scalix
server. The last example shows upgrading and reconfiguration of the Scalix server.

Chapter 5 deals with the Scalix Administration Console (SAC). We will take a short tour
through the interface, add a first user, and have a closer look at the available
configuration options.

Chapter 6 will cover how to deploy Scalix Connect for Microsoft Outlook, to your
Windows clients. After that, the integration of the supported Scalix groupware client
Evolution and other IMAP mail clients is shown.

Chapter 7 covers the most important configuration files and commands of Scalix.

Chapter 8 deals with standard Scalix monitoring tools and the integration of Scalix in
your centralized Nagios monitoring. After some details on Scalix administration
programs like omstat and omlimit, we see how Outlook clients can be monitored. In the
end, some of our Nagios scripts and configuration files serve to add another host to an
existing Nagios configuration.

Chapter 9 will deal with several recommendations that make your Scalix server safe—
like minimizing the number of services running and listening. We will set up a firewall
that allows Scalix users to connect. After that we will set up Stunnel to provide SSLencrypted
Scalix services. Then, we will use OpenVPN to protect the server. Last but not
least, we will have a look at the services running and discuss advanced possibilities of
securing the server.

Chapter 10 will discuss how to backup and restore a Scalix mail server—for small and
large environments.

Chapter 11 will cover how to administrate Scalix in sync with data stored in remote
directories. This chapter starts with an explanation of how Scalix delivers its information
in LDAP-style and rounds up with a guide on how to integrate Scalix with an external
Microsoft Active Directory.

Chapter 12 starts with questions that you have to ask yourself before you set up any
multi-server environment with Scalix. After that, we see two examples as to how a High
Availability (HA) setup might look like.

Chapter 13 will cover how to integrate measures against spam and viruses in Scalix.

Bibliography contains a comprehensive list of all the links used through out the book.

First Steps with Scalix Admin Console and Scalix Web Access

This chapter deals with the Scalix Administration Console (SAC). This web interface
is the central point of administration for the Scalix server. User, group, and resource
management are done here as well as controlling services and settings. In this
chapter, we will take a short tour through the interface, add a first user, and have
a closer look at the configuration options available for him/her. Towards the
end, we will test the account by logging into the web client, and sending
(and receiving) emails.

SAC at a Glance

Point your Browser to the URL of your Scalix server, following this syntax:
http://<servername>/sac. A pop-up window with the Administration Console
Login is opened. If you are using Firefox or another browser with pop-up
suppression, perhaps the configuration will need some corrections. Allow the Scalix
server to open popups. In Firefox, you can easily configure this by clicking in the
yellow bar on top of the displayed page. Other browsers may require editing the
preferences. Otherwise, Scalix will provide a web page for you with a link, which
opens the Admin Console in the same browser window.

Logging In

On Scalix 11, the Scalix Administration Login looks like this:

Enter the Administrator’s name in the field Login ID, exactly as configured during
installation. Activate the reminder that you are connected via http and not through
https by clicking on option field Not using a secure https connection. Once we have
configured https for Scalix, the login dialog will not provide this option anymore.
However, enabling https is not that easy, and therefore not standard in Scalix, except
for the installations on Red Hat Enterprise. We will deal with this topic later in the
chapter on Security.

Click on the button Login to start the Administration console.

A First Look Around

The Scalix Administration Console is a Web application provided by a Tomcat
application server. The only requirement for it is a modern browser supporting
JavaScript. Firefox and Internet Explorer do fine, Konqueror may work soon. The
Admin Console window is split in three parts:

  • A menu with icons called Toolbar
  • A list view on the lower left named Contents Pane and
  • The main window on the right, called Display Pane

The icons in the menu bar let you choose the administration task you want to
accomplish, the content pane lists the possible entries that can be edited, and the
options and parameters of a selected entry are presented in the display pane.

By clicking on one of the icons on the Toolbar, you can access the different sections
of the Scalix Administration Console. The first three sections are about users, groups,
and resources, and will be used in daily administration for adding, deleting or
modifying these objects. The section Plugins offers a management GUI for your own
or third-party Scalix plug-ins. The Server Info icon leads to a concise list of running
services, where the administrator can set the log level of these services and browse
through the services’ log files. The Settings Icon allows you to set preferences for the
server and new users. A concise online help is available, and the icons Refresh and
Logout complete the menu bar’s icons.

Navigating in the Admin Console

A nice gadget in SAC is the little icon on the top left of the main window.
Surrounded by four arrows, this icon displays the icon of the current section and
enables the administrator to navigate in a quick and easy manner through the
administration console.

Clicking the up or down arrows will select and activate the next entry upwards or
downwards in the list view to the left, and the left/right arrows navigate you back
and forth in a browser-like fashion.

Users, Groups, Resources…

Now click on the Users icon in order to switch to the user management dialog. Click
on the entry of the only user present at this time, sxadmin.

For every user, there are six tabs where the user information is stored. The tab
General holds the most important information: Username, Display Name, and
Email address. This information is all that is necessary to add an user and use the
new account. The other tabs contain contact information, group memberships, and
administrative delegations. The mailbox quota, that is the amount of storage that the
user’s account may sum up to, is configured in the Mail dialog. On the Advanced tab,
the administrator can add a role to the user, decide whether this user is a Standard or
a Premium User, and give him a different authentication ID.

Changing Passwords

There are other features in the Admin Console that you will be using frequently once
you are master of some Scalix users. One of them is probably the button Change
Password on the lower right corner leading directly to the password dialog. This
button is present in every user’s configuration dialog.

Filtering the List

In a large environment, the list view can be very long, and it may be tricky to find a
user, group or resource in time. Thus, Scalix offers filters that can be combined and
configured to reduce the displayed objects to a manageable amount. In the standard
setup, a drop-down menu allows you to select the displayed user type, with special
features like Logged in Users. Specifying a part of the username in the Name field
will automatically display only the usernames in the list fitting to this mask.

The Edit button filter on the top right edge of the list pane is an especially useful
helper in large environments. Normally, Scalix only returns the first 100 entries, but
this can be configured. Here, the administrator may define extended filter criteria
to avoid long listings ,for example, of users or groups. Click on it to receive the
following dialog:

Because a typical Scalix environment may consist of several thousand users, the
Admin Console can manage a scenario consisting of multiple Scalix servers and
mailnodes. Each arrow that you set in this tiny dialog adds a drop-down menu
or entry field to the list of available filters in the list view. This co nvenient feature
enables the administrator to search and find a user much faster than in any other
groupware solution I know.

Adding a User

Let’s ad d a first user now. Click on the Users icon in the menu bar, and then on the
Create User(s) button in the lower half of the list view. Again, a pop-up window
appears. It is called Create New User and offers several fields where the administrator
can enter the user data. All that is needed for a new user is a name, an email address,
and a password. The email address is generated automatically from the user name
and the domain name, so all we need to enter here is our name and a password:

Nevertheless, the adminisrator can choose several interesting settings here. One of
them is selecting the user type. Whereas a Scalix Premium user has full access to the
groupware (including MS Outlook), the Standard user will only have groupware in
the Scalix webclient. An Internet mail user is barely an entry in the global address
book for an email account for SMTP, POP, and IMAP.

Four options in the lower half can be either checked or unchecked. Locking new
users or forcing them to change passwords on first login are features that may be
useful for security aware administrators. If you do not want the new user to access
the Scalix Web client SWA (Scalix Web Access), then deselect this arrow.

Like some other groupware servers, Scalix supports delegating email features to a
colleague while the user is on holiday. Identifying the sender in a delegate’s outgoing
mail may be tricky, and thus there is a feature enabling special headers in the email
that contains information on the sender. If you check the setting Add Sender header
to delegate’s outgoing messages, any mail sent from this user on behalf of someone
else will contain a header identifying him.

Click on the Next button to proceed. The dialog window contact information holds
eighteen fields where you can enter administrative user data like telephone number,
department or address.

If the option Display in address book is checked, the data entered here will be
displayed in the Scalix address book and is thus available to other users. Click on the
Next button again.

In the last dialog, during creation of a user, the administrator may choose the
groups that the new user is a member of. After installation, there are only four
groups available with different functions. The members of these groups have
special administrative rights, which our standard user does not need.

Click on the button Finish to complete the process of adding a new user to the Scalix
system. By the way, you can click this button at any time. Once you have entered a
user name and a password, then you do not need to enter any address data.

The Scalix administrator can access all user data at any time later via the Scalix
Admin Console. All dialogs are present, identically, in the user management. An
admin is allowed to edit user name and user data, and there are some small but
useful features.

Playing with Filters

This might be a good time to play with the filters: In the field Name in the list view,
enter one or more letters that are different from the one your user’s name starts with.
The user will then disappear from the list. In the example above, if I type “, the user
sxadmin will vanish from the list, and after having typed Mart, my list is empty.

Do you notice the little crown on the head of the new user? Scalix Premium Users
can be identified by this cap and a green shirt. Standard Users like the admin account
sxadmin are dressed in blue.

The Scalix user management offers some more features worth mentioning. If you
click on the Add Address button, additional email addresses for this user account are
added. You can add addresses and collect the email on one particular account. Simply
select real name, user part, and domain part of the email address. The drop-down
menu shows that Scalix is capable of administrating multiple domains on one server.

In the dialogs Member of and Manager of, this user can be assigned as a member or
manager of Scalix groups. Click on the Advanced tab to edit the user’s login name.

In Standard setup, Scalix uses the full email address as login name for all access
to the Scalix system. This makes perfect sense for most users, because they only
have to remember the email address and password. However, being lazy, I prefer
a handy, short login name like “mfeilner” in addition to the email address
markus.feilner@scalixbook.org. Especially, since the Scalix login is case sensitive.

Enter the login name for this user in the field Authentication ID. There are three
other interesting options on this page:

  • Under some circumstances, for example if a user has met the maximum
    amount of failed logins, his account will be locked. This is marked in the Scalix
    Admin Console by an arrow in the check box is locked. Un-checking this
    checkbox may be a regular administrative task for users with a bad memory,
    but sometimes if you want to lock out a user, this is the right place to do so.
  • With Smart Cache, a copy of the mailbox is stored on the user’s client. Smart
    Cache can be enabled or disabled globally or on a per-user base. Enabling the
    Smart Cache is a task that may take some time for large mail boxes, but it is
    worth it. However, if you decide to let some users have other caching settings
    than the server default, please note that this cannot be reversed anywhere
    other than from the command line.
  • Indexing speeds up most of Scalix groupware actions. The index contains
    meta information on mail, contacts, and appointments helpful for searches.
    However, such an index needs to be built before it can be used. The Scalix
    Indexing Service (SIS) builds this index automatically. This dialog allows the
    administrator to deactivate the Indexing Service for a single user. The Recreate
    SIS index     button helps if you receive error messages about a corrupt index.

Testing the New Account—Logging into SWA

Immediately af ter clicking on the button “Save” in SAC, the user can log in to
the web client (or connect through Outlook) using his short ID. The URL of the
webmailer is simply http://<servername>/webmail, in our example setup, it is

http://scalixbook.org/webmail.

The Scalix Web Access (SWA) is a full-featured standard Webclient. It supports
drag’n'drop actions in Ajax-style and has a front end that is very similar to Outlook,
which makes it easy for newbies. Again, a menubar is accompagnied by a list view
and a main window. Furthermore, a calendar view at the bottom rounds up this
groupware client. The proprietary versions of SBE and EE, contain some features that
are very helpful to Admins of larger companies. Perhaps the most valuable option
is the Recovery folder that every user has by default. This folder contains all deleted
emails for the last week. This may significantly reduce the amount of calls from
your users.

Sending the First Email

Our server is c onfigured, the user account has a mail address, and the user is logged
in. All that is left to do is checking if the user can send and receive emails. Click on
the New button to start editing your first email. A pop-up window with the title
“New Message” will appear. As you can see, the editor window is kept as close to the
Outlook look and feel. By the way, both HTML and clear text email are supported.

In the first step, local delivery is checked: Enter your own email address in the
To: field, some text in the subject and the body of the mail and click on the button
Send. Don’t hesitate to click on the Button Send/Recieve in SWA. The mail is being
delivered locally, so it should be in the Inbox instantaneously. Unread messages are
displayed in bold characters.

Second step, test the email functionality from and to the outside world. Send an
email from either of the configured mail addresses to an external recipient and
confirm the success. Answer to the emails and check your Inbox. In most cases, Scalix
simply works after installation.

Summary

In this chapter, we learned how to start and use the Scalix Administation Console.
We added a user, looked at advanced filter and search criteria, and changed some
advanced settings for this user. After that we logged in as the new user and tested
the Scalix server by sending a local email.

email

Comments

comments

No related posts.

About krishnas

View all posts by krishnas