Zarafa SYSADMIN EXCHANGELinux groupware server natively serves Outlook clients ALTERNATIVE Fotolia www.onlinebewerbung.de, Zarafa replaces Microsoft Exchange on a Linux server and collaborates website. Although these prices are cer- tainly higher than free alternatives such with Outlook thanks to native MAPI support. as Kolab, the cost of Zarafa compares fa- vorably with the cost of Microsoft Ex- BY SEBASTIAN KUMMER AND MANFRED KUTAS change, and because the server runs on Linux, you can avoid many of the issues any Linux servers work in het- relies on services such as WebDav. In associated with running Windows server erogeneous environments, many cases, each function has to be con- systems. Contact the company for infor- Mserving Windows clients that figured separately on the client side, and mation on local business partners and use MS Outlook for mail and calendar this leads to inflationary administrative support options. functions. Even if a new groupware sys- overhead. Additionally, this kind of inte- tem is introduced, the widespread use of gration only covers a small proportion of MAPI4Linux Windows clients sometimes makes Out- Outlook’s functionality. MAPI4Linux supports a compatible look an inescapable alternative. Unfortu- The Zarafa groupware server [1] takes Exchange counterpart on Linux. Zarafa nately, Outlook uses the native Windows a different approach. Instead of convert- comprises the MAPI4Linux library, Messaging Application Programming In- ing Outlook requests, Zarafa offers a which controls access to the MAPI store, terface (MAPI) for communication with comprehensive Microsoft-compatible at is core, and a collection of peripheral other applications, and the Outlook MAPI interface for Linux environments. tools. A MySQL database is used for client is designed to talk to a Windows Complex conversion of requests is no storage, and this makes it easier to back Exchange server. This preference for longer needed because the Zarafa server up or replicate the data. Exchange makes the integration of talks MAPI, specifically MAPI4Linux. MAPI4Linux controls the read and Linux-based groupware systems difficult. Zarafa is a commercial groupware write operations. Direct access to the da- Alternative groupware applications server that runs on Linux. Because the tabase is not recommended because it such as Scalix, Kolab, and Open Ex- Zarafa server communicates directly would break the caching and affect the change use an Outlook connector to with Windows clients using a variant of response time. integrate with Windows clients running MAPI, it provides a high level of Outlook Outlook. These tools convert Outlook’s compatibility with minimal client config- Open Interfaces MAPI queries to other, partly proprietary uration. See the box “Buying Zarafa” for Zarafa relies on open interfaces and protocols. Apart from this, processing a price summary as given on the Zarafa tried-and-trusted server components; it FEBRUARY 2008 ISSUE 87 73 073-079_zarafa.indd 73 13.12.2007 16:07:05 Uhr SYSADMIN Zarafa uses Postfix, for example, to send email language of Microsoft’s Ex- and Apache as its web server, making it change server access to the SpamAssasin) (eg. (eg. ClamAV) (eg. MTA Antivirus easy to integrate into environments that MAPI store. Figure 2 shows (eg. Postfix, qmail) Antispam already implement these services. the configuration menu. Figure 1 shows the Zarafa server’s SOAP messages handle major components. The MAPI kernel is communications between Mail delivery surrounded by various connectors. The the MAPI provider and the (eg. procmail) figure shows the path an email takes Outlook share on the server. Spooler / dAgent from physical reception by the Mail A proxy or Apache web Transfer Agent (MTA) through to the server transparently adver- Zarafa store. The MTA can be supple- tises this service on Intranets mented with various tools, such as spam or the Internet. To allow this Outlook Share filters or virus scanners. When an in- to happen, you just need PHP MAPI coming mail message is ready for deliv- the following entry in your ery to the receiver, the MTA passes it on Apache configuration: to the Zarafa D(elivery) Agent. This pro- MySQL cess is controlled by the mailbox_com- <IfModule mod_proxy.c> mand variable in /etc/postfix/main.cf: ProxyPass /zarafa U http://127.0.0.1:236/ MAPI 4 Linux mailbox_command = U ProxyPassReverse U U /usr/bin/zarafa-dagent "$USER" /zarafa POP3 / IMAP iCal http://127.0.0.1:236/ Gateway Gateway For QMail, the ~/.qmail file needs: <Location /zarafa> Order Allow,Deny Groupware Server | /usr/bin/zarafa-dagent U Allow from all Zarafa component Open Source component -q user_name </Location> </IfModule> Figure 1: Overview of the Zarafa server’s major com- The -q option tells the D Agent to use ponents. Qmail error codes in its reply. The mail This supports Outlook access is then passed by the agent to MAPI- without VPN access or port forwarding thanks to the Zarafa iCalendar interface. 4Linux, which converts it into a MAPI on the firewall. Connections between the The iCal interface emulates server pro- store object for storage in the database. server and the client are simple web con- files to allow Sunbird to work with live nections. Using Apache’s own tools, you data from the Zarafa store. Outlook Connection can enable standard and SSL connec- Changes or new appointments are The Zarafa MAPI provider gives Win- tions. Additionally, administrators can immediately stored in the MAPI store, dows clients that only speak the native restrict access to specific subnets. Figure where they are available in real time 3 shows how Outlook is mapped to to all users via all supported interfaces. Buying Zarafa MAPI4Linux. Large Systems The Zarafa website lists the following Alternative Applications prices: A multiple-server setup is useful for Still Supported large installations with thousands of • Base price for up to 5 users: EUR 300 You can continue to use POP or IMAP users. Although you can’t install the (US$ 439) clients like Mozilla Thunderbird. A POP/ Zarafa core itself on multiple systems, • Every additional 5 users: EUR 150 IMAP gateway gives you access to the the service-based architecture does (US$ 219) email folders, which is easy to configure • More than 100 users: 5 percent as all you need to do is specify the ser- reduction vices and ports to enable in /etc/zarafa/ • More than 250 users: 10 percent gateway.cfg. The gateway converts email reduction from the MAPI format to regular plain • More than 1,000 users: 15 percent text mail before it reaches the client. reduction Double conversion of mail – into MAPI Municipalities receive a 25 percent re- format for incoming mail, and back duction. An education version for again before being dispatched via the schools has a 25 percent baseline reduc- Gateway – would appear to be a waste tion, with greater discounts available for of resources at first glance; however, the higher volumes. benefits in terms of compatibility with For updates and upgrades after the first any component outweigh the overhead. year, you’ll need to pay a yearly fee of 20 Alternative calendaring applications percent of the list price. such as Mozilla Sunbird are supported Figure 2: MAPI provider configuration menu. 74 ISSUE 87 FEBRUARY 2008 073-079_zarafa.indd 74 13.12.2007 16:07:12 Uhr Zarafa SYSADMIN support the following configuration: seconds), which waits for a result that is Changes immediately take effect in the • Server 1: MySQL database relevant to the client. After this interval store. For example, Zarafa will immedi- • Server 2: Zarafa core has expired, the connection terminates; ately create mail boxes for new users. • Server 3: MTA + antispam/ virus the request then recommences immedi- Admins can use policies and scripts to • Server 4: web server ately after this. Each Outlook client es- tell the system how to react to other The Zarafa core server configuration tablishes four or five connections of this kinds of change (such as when groups defines the connection between the da- kind to avoid interruptions. are modified at directory service level). tabase and the Zarafa core, which is the If you have many clients, it makes only entity to talk to it. All the other sense to increase the maximum number Backup components can use TCP port 236 to of parallel connections for the web The Zarafa Backup Utility does what its access the core server. server – Apache restricts this to 100 by name implies. The utility creates two The MTA server hands incoming email default. Because the lightweight requests files: One contains the data, the second to the delivery agent, which runs on the generate a couple of bytes of network contains an index. Creating a consistent MTA server and uses an SSL certificate transfer traffic, this isn't a problem. snapshot of the complete store without to authenticate with the Zarafa core blocking the database is not possible, server. The web server follows a similar User Management which means that elements that change approach to communicate with the Internal user management is fine for or are created during the backup process Zarafa core and thus bind the web com- smaller environments. Currently, this in- are not included in the backup. ponents to the MAPI store. volves using a command-line tool that The current 5.20 version of Zarafa in- If your spam volumes are particularly also supports OpenLDAP and Active Di- troduces advanced backup options. The high, it might make sense to distribute rectory. The admin simply adds required new features include support for brick- the MTA and antispam or antivirus soft- attributes to a configuration file. Because level backup. Individual stores, includ- ware to separate servers. changes to the directory service do not ing the public store, can now be backed This scenario also shows how to run trigger events to update the data, Zarafa up fully or incrementally.