Installation on Debian or Ubuntu¶
Our preferred way of installing is using our Debian packages:
On Debian login as the root server and on Ubuntu become root by running:
First add our repository to the package management system:
echo "deb http://repo.group-office.com/ sixeight main" > /etc/apt/sources.list.d/groupoffice.list
Or if you want to try our bleeding edge development then add:
echo "deb http://repo.group-office.com/ testing main" > /etc/apt/sources.list.d/groupoffice.list
Add our public key:
wget -O- https://repo.group-office.com/downloads/groupoffice.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/groupoffice.gpg
Then install Group-Office by running:
apt-get install groupoffice
Optionally you can install php-acpu for better performance of the cache:
apt-get install php-apcu
If you purchased Group-Office Professional licenses then make sure the SourceGuardian loader is installed. You can run this command to do all the work:
curl -s https://raw.githubusercontent.com/Intermesh/groupoffice/sourceguardian/scripts/sg_install.sh | bash
Then visit http://yourserver/groupoffice and the installer should appear:
Follow the instructions on screen and enjoy Group-Office!
You can also use Group-Office as a complete e-mail platform. It’s based on:
At the moment this is only possible with the Debian / Ubuntu packages.
When Group-Office is already installed you can run:
apt-get install groupoffice-mailserver
When this command is finished login to Group-Office as admin and install the “E-mail domains” module. In this module you can manage the domains, mailboxes and aliases.
The server client allows you to:
- Create mailboxes when you create a new user
- Synchronize mailbox passwords when you set a new Group-Office password.
Install the module at Start menu -> modules
Then edit /etc/groupoffice/globalconfig.inc.php or create it if it doesn’t exist:
<?php $config = [ // GO will connect to this installation to add a mailbox. It is the full url to the Group-Office installation with the postfixadmin module installed. 'serverclient_server_url' => 'http://localhost/groupoffice/', // A token to authenticate. The token has to be identical on the web and mail server. By default they are the same server so you can just set anything here. 'serverclient_token' => 'someSecureTokenOfyourChoice', // Comma separated list of mailbox domains 'serverclient_domains' => 'intermeshdev.nl', // The email account properties that will be added for the user 'serverclient_mbroot' => '', 'serverclient_use_ssl' => false, 'serverclient_use_tls' => false, 'serverclient_novalidate_cert' => '0', 'serverclient_host' => 'localhost', 'serverclient_port' => 143, 'serverclient_smtp_host' => 'localhost', 'serverclient_smtp_port' => 25, 'serverclient_smtp_encryption' =>'', 'serverclient_smtp_username' => '', 'serverclient_smtp_password' => '' ];
Now when you create a new user you have the option to create:
And when you set your password this account will be updated too.
TLS / SSL¶
It’s required to install SSL certificates for your mailserver to operate properly. So obtain an SSL certificate and take these steps:
Configure Dovecot IMAP in file /etc/dovecot/conf.d/10-ssl.conf:
ssl = yes ssl_cert = </etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem ssl_key = </etc/letsencrypt/live/YOURHOSTNAME/privkey.pem
invoke-rc.d dovecot restart
You can verify the SSL certificate with this command:
printf 'quit\n' | openssl s_client -connect YOURHOSTNAME:143 -starttls imap | openssl x509 -dates -noout
Configure Postfix SMTP with these commands:
postconf -e 'smtpd_tls_cert_file =/etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem' postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/YOURHOSTNAME/privkey.pem'
invoke-rc.d postfix restart
You can verify the SSL certificate with this command:
printf 'quit\n' | openssl s_client -connect YOURHOSTNAME:25 -starttls smtp | openssl x509 -dates -noout
When using Letsencrypt you’ll need a renewal hook to reload dovecot and postix on renewal of the certificates.
Create a file /etc/letsencrypt/renewal-hooks/post/mailservices with this content:
#!/bin/sh systemctl reload postfix systemctl reload dovecot
External IMAP access¶
By default only local connections are allowed. This means only Group-Office can connect. This is very secure but in some cases you want to allow IMAP access from the outside. You’ll have to configure your firewall or router to allow connections to the server on the necessary ports:
- IMAP: 143
- IMAPS: 993
You’ll also need to uncomment following line in /etc/dovecot/conf.d/99-groupoffice.conf:
listen = *
Now connect with:
IMAP host: YOURHOSTNAME TLS encrypttion enabled (Make sure you’ve setup SSL) Username: full email address
External SMTP access¶
We recommend to install fail2ban too because spammers will try to abuse your server when you enable SMTP!
External access is possible when using TLS on the submission port (587) with authentication.
To avoid abuse SMTP access is disabled for accounts by default since version 6.6.139. You can enable external SMTP access in Group-Office at E-mail domains -> Domain -> Mailbox.
If you want to enable it for all you can run this SQL command:
update pa_mailboxes set smtpAllowed=true;
Anti spam / virus¶
The package above installs the bare minimum so you can be free to configure your system in your own way. But for your convenience we’ve also prepared an anti spam and anti virus solution based on:
To install take these steps:
Add the rspamd repository because the official Debian repositories contain outdated versions:
apt-get install -y lsb-release wget # optional CODENAME=`lsb_release -c -s` wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add - echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt-get install groupoffice-mailserver-antispam
Run the rspamd config wizard:
Test if the spam filter works by sending a GTUBE message
Test if the anti virus works by sending an EICAR test file
Checkout the rspamd Web GUI at http://yourserver/rspamd/
The mailserver connects to the “groupoffice” database to lookup mailboxes, aliases and domains. If you need to change the “groupoffice” database password, username or name. Then you also need to change the login details in these files:
Afterwards restart postfix and dovecot:
systemctl restart postfix systemctl restart dovecot
When you remove domains or mailboxes they are removed from the database. But the actual mail data is still stored on disk. You can purge that by running this command:
/usr/share/groupoffice/groupofficecli.php -r=postfixadmin/maildir/cleanup --dryRyn=0
If you purchased the documents package you probably want to install some additional tools required for indexing file contents:
apt-get install catdoc unzip tar imagemagick tesseract-ocr tesseract-ocr-eng poppler-utils exiv2
These tools provide support for:
- Microsoft Office
- PDF documents