How To Setup DavMail on CentOS 6

Introduction

---

If your workplace or school uses Microsoft Exchange for E-mail, you may wish to access your Exchange E-mail account from E-mail clients that do not support the Exchange protocol. DavMail provides a solution, translating Microsoft Exchange to open protocols like POP, IMAP, SMTP, Caldav, Carddav, and LDAP.

Installation

---

Installing DavMail on CentOS 6 will require adding a 3rd party repository. Download the .repo file and update your yum cache:

sudo curl -o /etc/yum.repos.d/home:marcindulak.repo http://download.opensuse.org/repositories/home:/marcindulak/CentOS_CentOS-6/home:marcindulak.repo
sudo yum update

Then, install DavMail with yum:

sudo yum install davmail

You will have to install an additional package so the included init script functions properly:

sudo yum install redhat-lsb-core

Basic Configuration

---

DavMail’s configuration file is located at /etc/davmail.properties. Open it in your favorite text editor:

sudo nano /etc/davmail.properties

Set DavMail to server mode so it doesn’t require X11:

davmail.server=true

Enable remote mode and set the bind address to your droplet’s IP address or set it blank:

davmail.allowRemote=true
davmail.bindAddress=

Set davmail.url to your Outlook Web App/Outlook Web Access URL, which usually ends in /owa:

davmail.url=https://yourcompany.com/owa 

The default ports that DavMail uses are non-standard, and you will probably want to change them to ease the process of setting up E-mail clients. To configure DavMail to use the default ports for SSL encrypted IMAP and SMTP, change the davmail.imapPort and davmail.smtpPort options:

davmail.imapPort=993
davmail.smtpPort=465

Save and close the configuration file.

Create A SSL Certificate

---

In order to enable SSL encryption, you will need a SSL certificate and SSL private key in the PEM format. If you have purchased a certificate from a Certificate Authority, then you should already have your certificate and key. If so, continue to the Configuring SSL section below. Otherwise, you can generate a self-signed certificate by following these steps.

Generate a RSA key with OpenSSL:

sudo openssl genrsa -out /etc/pki/tls/private/davmail.key 2048

Make sure the key is owned by root and permissions are set properly:

sudo chown root:root /etc/pki/tls/private/davmail.key
sudo chmod 600 /etc/pki/tls/private/davmail.key

Now, create a certificate signing request:

sudo openssl req -new -key /etc/pki/tls/private/davmail.key -out /etc/pki/tls/certs/davmail.csr

OpenSSL will now ask you several questions. The only important field is Common Name, which should be set to the domain name or IP address of your droplet which will be accessed by your E-mail clients (for example davmail.mydomain.com or 123.123.123.123). The other fields can be left at their defaults by just pressing enter or can be filled in with anything:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:New York
Locality Name (eg, city) [Default City]:New York City
Organization Name (eg, company) [Default Company Ltd]:Lolcats United
Organizational Unit Name (eg, section) []:Keyboard Cat Department 
Common Name (eg, your name or your server's hostname) []:mydomain.com
Email Address []:me@mydomain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Sign the certificate request using your private key, setting the expiration date with the -days argument:

sudo openssl x509 -req -signkey /etc/pki/tls/private/davmail.key -in /etc/pki/tls/certs/davmail.csr -out /etc/pki/tls/certs/davmail.crt -days 365

With the settings above, the certificate will expire in 365 days (a year).

You now have your own SSL certificate!

Configuring SSL

---

Now that you have your SSL certificate, you will have to convert it into a format DavMail understands. The following examples will use the key and certificate we generated above. If you purchased a certificate from a Certificate Authority, then use those files in place of davmail.key and davmail.crt.

Start by combining your certificate and key file with cat:

sudo cat /etc/pki/tls/private/davmail.key /etc/pki/tls/certs/davmail.crt > /etc/pki/tls/certs/davmail.pem

Once again, set permissions so only root can access the key file:

sudo chown root:root /etc/pki/tls/certs/davmail.pem
sudo chmod 600 /etc/pki/tls/certs/davmail.pem

Now convert your combined key and certificate to a pkcs12 file:

openssl pkcs12 -export -in /etc/pki/tls/certs/davmail.pem -out /etc/pki/tls/certs/davmail.p12 -name “davmail”

You will be prompted to enter an export password. This can not be blank! You must set a password, or DavMail will not work properly.

Set permissions:

sudo chown root:root /etc/pki/tls/certs/davmail.pem
sudo chmod 600 /etc/pki/tls/certs/davmail.pem

Now open your DavMail configuration again:

sudo nano /etc/davmail.properties

Add the following configuration options to inform DavMail of the location of the pkcs12 file you just generated and the passphrase you set:

davmail.ssl.keystoreType=PKCS12
davmail.ssl.keystoreFile=/etc/pki/tls/certs/davmail.p12
davmail.ssl.keyPass=password
davmail.ssl.keystorePass=password

Both davmail.ssl.keyPass and davmail.ssl.keystorePass should should have the same value. Save the configuration file.

Start DavMail

---

Because of the way Linux systems work, the ports we are using (993 and 465) require root access to open. This means the DavMail must be run as root. By default, the init script shipped with the DavMail package starts Davmail as the “davmail” user and will fail to start with our configuration. This can be fixed with a small tweak to the init script.

Make a copy of the default init script:

sudo cp /etc/init.d/davmail /etc/init.d/davmail-root

Open the copy in your favorite text editor:

sudo nano /etc/init.d/davmail-root

Search for the line in the start() function that starts with su - davmail and replace davmail with root. The line should now look like this:

[...]
su - root -s /bin/sh -c "exec nohup $DAVMAIL_HOME/davmail $DAVMAIL_CONF >> $LOGFILE 2>&1 &"
[...]

Save and close the file. Start DavMail using your modified init script:

service davmail-root start

And finally, configure DavMail to start at boot:

chkconfig davmail-root on

Client Configuration

Now that the virtal server is running, you are ready to configure your E-mail clients. Create a new account using the “manual” options of your E-mail client. Both the IMAP and SMTP server will be the domain name or IP address of your droplet, depending on what you used for the Common Name on your SSL certificate. The username for IMAP and SMTP will both be your E-mail address without the domain name. Example: Your E-mail is bob@yourcompany.com, so your username is bob. Make sure both IMAP and SMTP are set to use SSL/TLS and not* STARTTLS.

You will get warnings from your E-mail clients because you are using a self-signed certificate. It is safe to accept the certificate in this case, because you are the one who created it.

Specific instructions for Thunderbird, Mac OSX, and iOS are available at DavMail’s website.

You should now be able to send/recieve E-mail using your Microsoft Exchange E-mail account using open technologies!

<div class=“author”>Submitted by: <a href=“http://jtekrony.com”>Jesse TeKrony</a></div>