Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: edform on January 18, 2009, 01:01:30 PM
-
There's been quite a bit of discussion here recently about extending SME with a more universally acceptable groupware product than the Horde Suite and I've been looking at Kerio Mailserver as a possible candidate. Kerio isn't free, but it is cheap and works extremely well, so I'm happy to use it if I can integrate it into an SME server without loosing the features of SME that I value...
A first rate file and print server
A secure combined firewall and web-cache
A management interface that even I can understand.
To get Kerio working I began by disabling the standard SME services that occupy ports 25, 110, 119, 143, 465, 563, and 995 using the Service Control contribution in Server manager. I should have disabled the webservers on ports 80 and 443 and the LDAP stuff on 389 and 636 as well because Kerio, which is completely self-contained, wants to use all those ports, but I wasn't sure about stopping the webservers or the LDAP servers. I then loaded Kerio with yum and it's rpm package and changed its webserver ports to 8080 and 4430. After adding the kerio server start command to rc.local I now have a fully working server that survives reboots and at least one SME software update run from the server manager. It also allows users to authenticate to the mail server from the SME authorisation database, so no laborious double database entry for new users.
At my low-level of competence this seems a potentially powerful way to get round the difficulties of incorporating some very desirable software packages into the SME structure. In Kerio's case the built in backup system is good enough to consider dealing with SME upgrades by backing up the stores, removing the product [yum remove kerio...], upgrading the server, killing the unwanted services again and then reinstalling Kerio and restoring the backup, but perhaps that won't be necessary - I'll try upgrading to 8 beta over my current 7.4 system later today.
Before getting too caried away, however, I'd like to get some knowledgeable comments on this way of doing things. The obvious questions are...
1. Given that my desired application provides its own services, both standard and secure, for SMTP, POP3, IMAP, LDAP and HTTP, can I safely dispense with those functions from SME, and can I do this by actually removing the components with yum remove?
2. Will it be necessary to carry out a separate operation to alter the template system so as to detach the setup templates for those services that are not required, or can they be left intact?
3. If the answer to (1) is yes, what relationship to the SME firewall do the new components have? Is the system still protected or are the third-party services loopholes?
4. Finally, with an eye on other software products, how far can SME component removal be pushed before the system itself is killed - I know, for example, that I can't turn off MySQL because the user databases are stored in it, but what is the minimum SME structure?
Ed Form
-
Hello Ed,
At the fist a good place to make this aktion.
I have a few thing's to say.
The horde "groupware" just a littele part is only the webclient site for your acces to the mail boxe's on base off Imapi. Every webbased imapi tool you can install on you sme box to connect to your IMAPI service
Kerio Mailserver is a installation off a complete new mail server implemtation on the sme box (and what you say it's cost money)
I read you stops a lot off service's on your box to get Kerio running, are the Ibay's still running to acces these over the web?
What you do is very high impakting on the standard sme installing (if you modefy a lot, think also on the updating procces of the SME part's (YUM update all) and you own new installed part.
These are some key not's on your writting, But it's nice to read how are you working with your system, and please keep on posting your work here.
regards
John
-
and please keep on posting your work here.
I'd rather see people putting their howto's in the wiki, and reference them from the forum topics.
-
I'd rather see people putting their howto's in the wiki, and reference them from the forum topics.
I fear this won't be a Howto, or anything like one, for some time yet! :hammer:
Ed Form
-
Kerio is more of a competitive product to SME than an app that could be placed on SME. Kerio can do just about everything that SME can do if you are willing to pay for it.
I believe there are much better groupware apps out there that could replace Horde, such as Zarafa.
Kerio does have better overall mailserver functionality than SME, but not by a large margin. I believe you are overlooking the fact that the vast majority of SME's mailserver functionality is under the hood, not visible from the server-manager.
IMO, your time would be better spent identifying those features in Kerio that are currently not available in SME and working with developers to implement them.
-
Kerio is more of a competitive product to SME than an app that could be placed on SME. Kerio can do just about everything that SME can do if you are willing to pay for it.
This is true as well as wrong. It depends on your goals and on what you focus on. I have a (small) Kerio installation running for over 1 1/2 year now. And I decided to use SME as the base, because of its fast and easy installation with reproducible results. And last but not least because of the backup features available on SME.
The decision for Kerio was made because of the push sync features for mobile devices. It pushes mails, calendar, addresses etc to iPhones, Nokias etc via ActiveSync out of the box without any hassle or ongoing maintenance. The web gui is very clear, extremly fast and well localized. As it is very similar to the Outlook design, almost no user education or support is needed.
Yes, you have to pay licence fees, but I don't think that the TCO is necessarily higher compared to OSS groupware.
-
Ed,
could you provide some details how configure Kerio to alllows users to authenticate against a SME user database? did you use IMAP?
Thanks,
Michael
-
Kerio is more of a competitive product to SME than an app that could be placed on SME. Kerio can do just about everything that SME can do if you are willing to pay for it.
The full list of programs that the Kerio people do could probably be used on top of a bare Linux Server install to produce something with much of the functionality of SME, but with none of the convenience or simplicity of use and certainly none of the confidence I've developed over a lot of years of using it. My interest in Kerio, which is exclusively in their mail server, is more as an example of superior replacement functionality that can only be implemented by disabling the corresponding functions in SME. I intend to look at other programs that may be capable of implementation through the same approach, Kerio just happens to be the one closest to my needs and which is self-contained.
I believe there are much better groupware apps out there that could replace Horde, such as Zarafa.
Zarafa is pretty and works well, but it's interface - which has a number of important deficiencies - can only be customised by altering the source and recompiling. Kerio is built using CSS and text files, so is very easy to customise.
Kerio does have better overall mailserver functionality than SME, but not by a large margin. I believe you are overlooking the fact that the vast majority of SME's mailserver functionality is under the hood, not visible from the server-manager.
The web interface of SME's mailserver - that is Horde - is crude compared to Kerio, not just by a small margin but by a margin that makes Horde a near impossible sell. I also estimate that the time to extend the DIMP approach to the whole suite will be measured in years. I'm not sure what you refer to when you talk about power under the hood; the functionality that can be seen on the surface is more than sufficient for my kind of clients, but the interface is just too naff to be useable by anyone who's been exposed to a modern mail client with inline viewing of images and a slick interface. As for the many methods advanced for connecting Horde to some of these modern programs: I've tried them all and they are all far to unstable for business-critical situations. Besides, I don't want to be connected to other programs, and particularly not to Outlook - Have you used Outlook 2007? It's a disaster. I want a suite that works together from backend to client and offers an easy way to supply clients with the customisations that their businesses need. Kerio is suited to that requirement. Scalix is much better than that, but it looks like a real pig to fit into SME, so I've started with Kerio.
And, just as an aside: I've had twenty users on Horde at a single client for the last two years, and have been instructed to replace it quickly because the latest version is buggy in places that make their life very difficult. I'm going to solve that one with Scalix running on Centos on a second server, but two servers represents too much investment for the majority of my clients - hence the desire for an SME server with a nice Ajax groupware client built in - or a Windows application talking to a MySQL database
IMO, your time would be better spent identifying those features in Kerio that are currently not available in SME and working with developers to implement them.
I have no programming skills at all , but I do know what small offices need from their Groupware facilities. What I'd like to see is a community project to produce an Exchange/Outlook replacement templated into SME, with a Windows application as its client, and I'm willing to put money into the community pot to get it. Another correspondent suggested I invest in a new template for Horde but that shows a lack of understanding of the real problem - very few clients will accept an application that rewrites its entire screen each time you smile at it, no matter how well thought out its layout and graphical widgets are. In the fairly near future that very few will be no one.
Ed Form
-
Zarafa is pretty and works well, but it's interface - which has a number of important deficiencies - can only be customised by altering the source and recompiling. Kerio is built using CSS and text files, so is very easy to customise.
No developer will spend time helping on a new contrib until you have shown that there are fatal flaws with current efforts
ie create a bug outlining the problems
two actually, one in SME for tracking, one at zarafa so we can see what zarafa have to say
EDIT
the original questions have been answered if you look at the smeserver-zarafa rpm
+ http://bugs.contribs.org/show_bug.cgi?id=4907
-
Ed,
could you provide some details how configure Kerio to alllows users to authenticate against a SME user database? did you use IMAP?
Thanks,
Michael
In the add user dialogue of the Windows Mailserver administrator there is a pull-down list of authentication methods. If you choose Linux(R) Pam, and If you've set your user templates correctly, you only have to enter the username and the Full name, possibly a new email address on the next screen if you have say edform as the username and ed.form as the mail name, then click through the rest of the screens and your new user will authenticate with the password they already have in SME.
Ed Form
-
I know, for example, that I can't turn off MySQL because the user databases are stored in it, ...
That's false. mysql in SME server is only used to store imp/horde user preferences.
-
I have no programming skills at all , but I do know what small offices need from their Groupware facilities. What I'd like to see is a community project to produce an Exchange/Outlook replacement templated into SME, with a Windows application as its client
I'm with Ed.
I have seen enough interest in this idea and would love someone to start this project as I don't have the talents to do it myself. All I can help with is beta testing and documentaion.
Have a look at the following posts
http://forums.contribs.org/index.php/topic,43019.0.html and
http://forums.contribs.org/index.php/topic,43038.0.html to see that there is a lot of interest.
I'm not saying drop horde, I'm just say that the interest in this project is there enought to investigate if not start this project
I put my hand up HIGH to start this project
-
No developer will spend time helping on a new contrib until you have shown that there are fatal flaws with current efforts
ie create a bug outlining the problems
two actually, one in SME for tracking, one at zarafa so we can see what zarafa have to say
There is no point whatsoever in adding a bug in the SME-Zarafa development list since you have only what Zarafa can do to work with and cannot add the missing function - unless you feel like editing the Zarafa source and compiling from scratch. As to what Zarafa have to say: read the thread that contains this message...
http://forums.zarafa.com/viewtopic.php?f=13&t=777&p=6564&hilit=Ed+Form#p6564
They have added the feature request to their roadmap but their priorities are heavily loaded elswhere at the moment - and who can argue with that, their results to date are quite splendid.
To demand a fatal flaw is a bit strong - the program cannot make diary entries coloured to correspond with user group determined work definitions - For example, a solicitor might want 'In Court', 'Probate', 'Exchange date', etc etc to be particular colours. He will not be interested in "important, work, personal, holiday,required, travel required, prepare required, birthday, special date, and phone interview" but that's all he can have in Zarafa. This isn't a bug, nor is it a fatal flaw, it's just an ommision that makes the product a toy and not a serious groupware possibility.
EDIT
the original questions have been answered if you look at the smeserver-zarafa rpm
+ http://bugs.contribs.org/show_bug.cgi?id=4907
Thanks for that, I'll start going through the things outlined.
Ed Form
-
That's false. mysql in SME server is only used to store imp/horde user preferences.
Thanks for that correction.
So MySQL could go to make room for PostgreSQL as used in Scalix? :eek:
Ed Form
-
I don't doubt Kerio's functionality (in fact I tested it out several years ago), but SME is not the proper platform for it. Instead, you should be looking at a minimal Centos LAMP installation as the base for Kerio. I don't see a Kerio on SME contrib getting much, if any, mainstream SME dev support because of the level at which it breaks/replaces core SME functions.
Ed, I think you mis-understand my statements about SME's email functionality. Once again, most of what SME has to offer as a mail server isn't in its webmail app. SME is a very powerful mail server that lacks a good webmail frontend and some M$ exchange type functionality. There are quite a number of email filtering and spam prevention mechanisms under the hood with options that aren't available in the server-manager, but are available with console commands.
Groupware is an entirely separate discussion. Given the pace at which online Groupware apps such as iGoogle are progressing , I think you'll see small to medium business moving away from expensive MS Exchange solutions to the very feature rich online services. My company, for example, uses iGoogle for our groupware solution with full push and shared email, calendar, addressbooks, and notes to mobile devices.
The best thing you can do is raise bugs in the tracker requesting the additional functionality.
-
I don't doubt Kerio's functionality (in fact I tested it out several years ago), but SME is not the proper platform for it. Instead, you should be looking at a minimal Centos LAMP installation as the base for Kerio. I don't see a Kerio on SME contrib getting much, if any, mainstream SME dev support because of the level at which it breaks/replaces core SME functions.
You seem to have misunderstood my reason for starting this thread. I have no long term interest in Kerio, it's simply an example of a better groupware application than Horde with at least as good email server functionality. My original question was: 'Can I disable the mailserver functionality of SME and replace it with Kerio, and if so, how?' For the area of business I operate in, the SME server is built in precisely the right way and can be operated without significant difficulty by folks like me, but Horde is now a glaringly defficient part of the 'core SME functions.'
Ed, I think you mis-understand my statements about SME's email functionality. Once again, most of what SME has to offer as a mail server isn't in its webmail app. SME is a very powerful mail server that lacks a good webmail frontend and some M$ exchange type functionality. There are quite a number of email filtering and spam prevention mechanisms under the hood with options that aren't available in the server-manager, but are available with console commands.
I am completely clear on what can be done with SME below the server-manager level - I use many of the mechanisms you refer to as a matter of routine, but they are not the point; none of them is superior to the built-in functionality of Kerio, or of Scalix, or of Zimbra. I have no arguments with the underlying email server in SME, my point is that Horde is simply unsuitable for the real world.
Groupware is an entirely separate discussion.
When I started this thread, Groupware was the *entire* substance of the discussion. :roll:
Given the pace at which online Groupware apps such as iGoogle are progressing , I think you'll see small to medium business moving away from expensive MS Exchange solutions to the very feature rich online services. My company, for example, uses iGoogle for our groupware solution with full push and shared email, calendar, addressbooks, and notes to mobile devices.
I wouldn't commit any of my clients to Google for a king's ransom - apart from anything else, the Google account pages are a day-dreamer's paradise. If we had a proper backend/client set for mail and calendars built into SME there would be no need to go near Google.
The best thing you can do is raise bugs in the tracker requesting the additional functionality.
Nope! I'm not seeking to divert SME from whatever path the developers choose to drive it down. I'm trying to find out how to disable some bits of SME and install a modern groupware server in their place. If this can be done, and if the resulting hybrid works, *then* is the time to write a feature request for consideration by the developers or by the programming members of the community.
Ed Form
-
You seem to have misunderstood my reason for starting this thread. I have no long term interest in Kerio, it's simply an example of a better groupware application than Horde with at least as good email server functionality.
Ok, now we're talking. Let's expand on this, as this is most definitely a shortcoming of SME that I believe we can address. Would you be willing to outline some of your thoughts in the wiki? I'd be more than happy to help facilitate this. Between a wiki page and some reports in the bug tracker I believe we could get the mechanisms in place to help those in the community with the technical skills to make this happen understand the need.
When I started this thread, Groupware was the *entire* substance of the discussion. :roll:
I understand that now, but what your original post implied was that you wanted to replace 90%+ of SME email server functionality.
I wouldn't commit any of my clients to Google for a king's ransom - apart from anything else, the Google account pages are a day-dreamer's paradise. If we had a proper backend/client set for mail and calendars built into SME there would be no need to go near Google.
Pitty, but understood. We can leave this for a seperate discussion.
Nope! I'm not seeking to divert SME from whatever path the developers choose to drive it down.
Then nothing will ever happen. There are many developers in the community who have nothing to do with the development of the core distro who may agree with you and take up your project and run with it.
-
I have seen enough interest in this idea and would love someone to start this project as I don't have the talents to do it myself. All I can help with is beta testing and documentation.
Have a look at the following posts
http://forums.contribs.org/index.php/topic,43019.0.html and
http://forums.contribs.org/index.php/topic,43038.0.html to see that there is a lot of interest.
I'm not saying drop horde, I'm just say that the interest in this project is there enought to investigate if not start this project
I put my hand up HIGH to start this project
I would like to see and from the posts that i have seen regarding an alternative, I personally believe that a Microsoft Outlook "Plugin or Addon or some other interface" to get the functionality of Exchange/Outlook would be good for the distro. I suggest and Exchange/Outlook addon because it seems to me (I could be wrong) that Outlook is the most popular because it is the most widely advertised.
I Friend on mine who is in the IT industry in currently looking for a server platform like SME that have Exchange/Outlook capabilities for a client that plans to set up the same system Australia wide.
Having said that, the Client is not just in Australia. The client has a worldwide presence.
Don't you think that if the Australian part of the client is using and is VERY happy with SME with some form of Exchange/Outlook capabilities, then the rest of the world (with regards to this client) would be looking very seriously at SME
Maybe we as a community should push SME a bit harder. I myself want to see a Exchange/Outlook capability added to the SME SERVER PLATFORM.
Lets do it guys. Lets got for it.
-
In the add user dialogue of the Windows Mailserver administrator there is a pull-down list of authentication methods. If you choose Linux(R) Pam, and If you've set your user templates correctly, you only have to enter the username and the Full name, possibly a new email address on the next screen if you have say edform as the username and ed.form as the mail name, then click through the rest of the screens and your new user will authenticate with the password they already have in SME.
Thanks Ed. I thought you have found a way to authenticate against another server rather than against the local user db.
BTW., do you know that there is an API program available, which allows you to manage user accounts from the command line? With that API it should be feasible to integrate the Kerio into the SME template system.
1 Introduction
This document describes configuration options of the User Administration API which allows remote administration of Kerio MailServer by using the command line. This application can be used to add and/or remove users, groups, aliases and email domains without the need to manipulate with configuration files and to restart the Kerio MailServer Engine. The application is also useful for processing of larger data volumes.
The configuration can be changed by line-wrapped SQL commands. Commands can be entered via the command line upon connection to the server or they can be saved as a text file (this is helpful if more commands are entered).
User administration API is represented by the kconfig utility which is available on demand at Kerio Technologies. kconfig is distributed as ZIP in three versions (for Windows, Linux and Mac OS X). When extracted, run the utility by the kconfig command.
-
So MySQL could go to make room for PostgreSQL as used in Scalix? :eek:
You can install the pgsql packages in parallel to mysql. No need to remove any standard packages. I have done this 2 years ago on SME 7.1.2
-
Maybe we as a community should push SME a bit harder. I myself want to see a Exchange/Outlook capability added to the SME SERVER PLATFORM.
how do you think you could push SME? paying? coding? how?
if you want something to use with outlook you have: buy zarafa licenses, install outlook plugin and go.. nothing more, nothing less..
if you want something like exchange, then you need exchange or something like scalix, zimbra, kerio ecc.. all of them are applications I would install on a separate machine, not over SME.
My 2c
ciao
Stefano
-
So MySQL could go to make room for PostgreSQL as used in Scalix? :eek:
MySQL and postgreSQL co-exist without a problem. [Edit: as I see Michael mentioned above.]
-
Ok, now we're talking. Let's expand on this, as this is most definitely a shortcoming of SME that I believe we can address. Would you be willing to outline some of your thoughts in the wiki? I'd be more than happy to help facilitate this. Between a wiki page and some reports in the bug tracker I believe we could get the mechanisms in place to help those in the community with the technical skills to make this happen understand the need.
I'd be happy to do that - I have access to the wiki, so I can draft a page - I'll try to get to it after I return home tomorrow from my client's site.
I understand that now, but what your original post implied was that you wanted to replace 90%+ of SME email server functionality.
Purely because some of the most interesting groupware products are either...
Self-contained with everything in the install, like Kerio, so the standard users of the ports in question have to be disabled
Or use a different set of email components to the ones favoured by the SME developers, so disabling the standard stuff is still needed.
I'm still working on the idea because I have a test box and I need an answer in the short term, but it has always been my hope that the defficiencies of the Horde stuff would be addressed in the standard distro or with a really good contribution.
Ed Form
-
I have started wondering if OpenVZ (http://wiki.openvz.org/Main_Page) would be a good solution to this question.
OpenVZ allows for multiple independent containers, sharing the running kernel, but independent. SME provides the basic OS framework and templates, but services can be isolated in containers. So if you want to replace the mail backends, the SME mail container could be disabled, and a Kerio mail container installed, providing SMTP/POP/IMAP etc. For HTTP/HTTPS services, the firewall/primary web interface would mostly just provide redirection services to other containers (using SNI if needed). Authentication services can be provided by an LDAP container (and replaced with something else like samba4 or Fedora Directory server).
Contribs would end up being OpenVZ containers, thus avoiding dependency problems. Most would be small (using hardlinked templates to original OS files).
This would have the advantage of service isolation, and maybe avoid the reboots that annoy me about SME updates (you only need to restart the service container that has updated, not the whole system).
Anyhow, just a thought.
Si
-
I have started wondering if OpenVZ (http://wiki.openvz.org/Main_Page) would be a good solution to this question.
OpenVZ allows for multiple independent containers, sharing the running kernel, but independent. SME provides the basic OS framework and templates, but services can be isolated in containers. So if you want to replace the mail backends, the SME mail container could be disabled, and a Kerio mail container installed, providing SMTP/POP/IMAP etc. For HTTP/HTTPS services, the firewall/primary web interface would mostly just provide redirection services to other containers (using SNI if needed). Authentication services can be provided by an LDAP container (and replaced with something else like samba4 or Fedora Directory server).
Contribs would end up being OpenVZ containers, thus avoiding dependency problems. Most would be small (using hardlinked templates to original OS files).
This would have the advantage of service isolation, and maybe avoid the reboots that annoy me about SME updates (you only need to restart the service container that has updated, not the whole system).
Anyhow, just a thought.
Si
that's interesting but:
- it will require a complete re-design of SME
- it will require/limit HW choices (AFAIR)
- the best places to propose/discuss such an idea are bugzilla and the dev ML
just my 2c
Ciao
Stefano
-
I realise that I'm a bit late to this party, so forgive me, but anyhoo...
Now that Horde has reached 3.2, Funambol works natively so long as 'realms' is disabled in the Horde config file (see this bug (http://bugs.contribs.org/show_bug.cgi?id=4772)). So this means that you can synchronise between Outlook and Horde natively, and if you use this in combination with IMAP you have something pretty close to Exchange's base functionality.
For the full groupware you need to install Kronolith, Mnemo and Nag for Calendars, Notes and Tasks respectively. (Turba address book is pre-installed in SME.) You can also install MIMP, which is basically a clone of Outlook Mobile Access. All of these apps are already packaged by mrjhb3 and in smecontribs. Funambol is also a free download.
Now as to the shortcomings of this solution:
- No global address book / calendar etc
- No public folders
- Sharing content in Horde does not carry over into Outlook
- No MAPI - still uses Outlook in Internet mode
- Kludgy Horde interface
- "Some assembly required" ;-)
The kludgy interface can be addressed in SME8 by integrating DIMP, Horde's AJAX-interface project. Unfortuntely this can't be done on SME7 because DIMP requires PHP5.
I think that because Horde is already part of SME it may make sense to at least consider using it as a base, rather than replacing it wholesale with something else.
-
Unfortuntely this can't be done on SME7 because DIMP requires PHP5.
John B's contribution includes DIMP and it works fine in SME 7.4
I think that because Horde is already part of SME it may make sense to at least consider using it as a base, rather than replacing it wholesale with something else.
I agree! The best solution of all would be a first class Ajax client for Horde, one with a professional looking set of widgets, rather than the current crude face of Horde - including DIMP.
Connectivity to Outlook is not a priority as far as I'm concerned - although I know many others think it essential. I'd rather have a new standard established based on the capabilities and facilities of a classic LAMP server, and with a client that replaces Outlook completely. As I grow weary of saying, this is the missing capability that holds back the Linux OS family from becoming the universally preferred server technology.
As an add on thought, following some days of experimental work on this area, I've realised that a simpler approach is possible [simpler than writing the Windows application I've been advocating for years that is] to interface the capabilities of a Linux groupware server to the desktop world. The component that's missing is a family of HTML display applications with no widgets of their own, one for each desktop OS - just windows that open with only the minimise, maximise and close buttons in the top corner so that an Ajax client to a groupware server - and for that matter lots of other possible LAMP based applications - can be displayed with only their own personalities on view.
Ed Form
-
John B's contribution includes DIMP and it works fine in SME 7.4
Ah, my mistake. I must check that out.
As I grow weary of saying, this is the missing capability that holds back the Linux OS family from becoming the universally preferred server technology.
I agree completely. However, in the medium term, Outlook compatibility is a must. In the same way that Samba is a key technology because it supports Windows domains, there has to be a way to interface between Linux groupware and Win32 clients - of which Outlook is currently dominant.