How to configure Zentyal's Microsoft Outlook®-compatible mail server
This tutorial describes, in an abbreviated way, the basic installation and configuration of OpenChange for Zentyal Servers. We will show a step by step configuration of a stand-alone server to make it ready to use Samba4 services and to make it compatible with Microsoft Outlook®.
The tutorial is divided in four sections:
- Basic installation of Zentyal: Installation of the system including the required modules for OpenChange and configuration of the network interfaces.
- Configuration of the required modules to use OpenChange.
- Example of how to use the mail services from an Microsoft Outlook® client within the internal network.
- Configuration of Webmail and Microsoft Outlook® Anywhere for remote clients.
Basic installation of Zentyal
In this example we will start from scratch with a basic Zentyal installation including the modules that are required for an OpenChange configuration only.
There is a more detailed tutorial which describes a basic installation of Zentyal in this document.
Once Zentyal is installed two wizards will start automatically, one to select the required modules to be installed and a second one to configure the interfaces. The required modules for an OpenChange deployment are:
- Network: Network segments and Interfaces.
- Firewall: Zentyal blocks all external connections by default, to be able to use mail services from a external network we will have to establish some services and apply filter rules to the firewall as required.
- DNS: A domain associated to our existing Samba4 domain will be automatically created.
- Mail service: We will configure virtual domains and IMAP/POP message protocols.
- NTP: Installation of a time synchronization server.
- Users, Computers and File sharing: It is the Samba4 directory module which is used by our OpenChange module as a Mail listing of registered accounts and to aunthenticate users.
- OpenChange: Module that provides compatibility with Microsoft Outlook® clients.
- OpenChange Webmail: To access mail and groupware services from a web client.
These are the required modules to use OpenChange, but we can always install and activate other modules more forward.
Install and activate modules is a very straightforward task, also the official documentation can be checked to know more about module administration.
Once modules are downloaded and installed a wizard to configure the interfaces will automatically start. In this example we will use three interfaces: one for the external connection (Internet), another to administrate Zentyal and a third one for the internal network (LAN) including local machines that will access the OpenChange service.
Eth0 will be the external network, eth1 will be the administration interface la interface y eth2 the internal network interface including the local clients:
In the next step, we will have to select the active directory server type, either to choose a stand-alone (first domain server) or to connect with an existing external Active Directory (also known as an additional controller). In our case we will select stand-alone because it will be the first server and we will also create the active directory.
In the last step of the wizard, we will have to configure virtual domains for the mail service. It is important to bear in mind that the OpenChange domain must match the existing Samba4 domain that was previously configured. We can always create more alias and domains later on.
There will be a progress bar while the installer makes the last initial configuration of the modules. After the process has ended, we will be able to access the "Dashboard". Our Zentyal system has been installed.
Our DNS domain should be already created, and according to the Samba4 configuration, the only recomendable step is to add a 'redirect' to this domain. the image below shows Google DNS servers but other DNS can be used, for example the ones specified by our ISP.
We consider that, by default, our clients should be able to access IMAP/POP services and the MAPI/RPC ports with Microsoft Outlook® clients.
Additionally, we will have to open the ports for the external networks:
- 25/TCP: To allow other mail servers to contact ours.
- 80/TCP y/o 443/TCP: For external clients that would like to access the server using Microsoft Outlook® Anywhere.
We go to the Firewall filter rules and select the section From external networks to Zentyal:
And we give access to the mentioned ports:
An OpenChange deployment requires several certificates, thus we have to set up a certification authority before configuring the OpenChange module.
Creating an Authority is a very simple process, we can do it by filling up the following form and save the changes:
Only the first field is mandatory.
This module does not need any extra modifications so far.
we will check that the mail domain exists and that is the same one than our directory root.
We could wish to configure out an external mail domain linked with our internal domain but we will not enter into more details in this case to maintain simplicity.
Activation of the OpenChange module
With the latest steps completed, there is only the 'start up' left and to save the changes. If we have some users previously created we can choose the option "Enable OpenChange account for all existing users".
There are two options that we can configure/verify from the user template.
- The default mail domain assigned to users has to match the one assigned for Samba4/OpenChange.
- We can activate by default an OpenChange account for new users created in the system.
We can create new users in our directory tree, the users created will have by default an OpenChange account.
Configuration and access from a Microsoft Outlook® client
It is possible that we will have a Windows® client already joined to the domain of Zentyal.
We will run the automatic configuration wizard, if we have not joined the domainal, then we will have to input the following credentials. On the other hand, if we are accessing with a user that has already joined the domain it will be auto-completed.
Our certificates are auto-signed (they do not come from a globally recognized CA) so we will have to accept them manually:
After accepting the certificate, the mail server will be automatically configured.
Our Microsoft Outlook® client is ready:
Webmail y Microsoft Outlook® Anywhere
Once our OpenChange deployment has been tested for the internal networks, we have two options to allow access from outside the ofice:
- Completely web based, through the OpenChange webmail module.
- MAPI/HTTP to connect with Microsoft Outlook® clients and Microsoft Outlook® Anywhere.
Activating the OpenChange Webmail modelu is very easy, it only has to be activated and installed the we can access it from http://<ip o hostname del servidor>/SOGo
To access from Microsoft Outlook® Anywhere we can follow this tutorial