Install Secure Mail
Prerequisites
- Nginx: version 1.14.1 or later
- Docker CE: version 23.0.0 or later
- Docker Compose plugin
- Sec@GW: version 3.16 or later
- Admin Center (D-Center): version 3.16 or later
The above prerequisites are required for the CollabX RPM. They are downloaded automatically when you install Secure Mail.
Before you install Secure Mail, install Sec@GW.
Install Secure Mail
Add Docker repository.
dnf install yum-utils sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Install the RPM packages, complete one of the following steps.
To install the RPM packages from the repository, run:
dnf install --enablerepo=collabx CollabX
To install local RPM packages, run:
dnf install /path/to/rpmpackageshere/*.rpm
Install instance.
The
--network
parameter ofinstall.pl
script is used for docker containers and should be a free private network IP-address.install.pl
converts this IP-address to a /27 network for the exclusive use of the instance that is being installed In this example we use172.28.0.0
and instance containers would use172.28.0.0/27
network.service nftables restart service docker restart perl /opt/DSuite/install.pl --network 172.28.0.0 --install instancenamehere
After the installation is completed, all configs/data for the installed products can be found under
/server/$instance/dsuite/
. Template files and images can be found at/opt/DSuite/
.Log in to Admin Center (D-Center) to complete the Secure Mail configurations. For the instructions, click here.
To enable Secure Mail, refer to the instructions below.
Enable Secure Mail
After you install Secure Mail, you must enable it.
If you install Secure Mail without enabling Secure Mail, the containers will be installed and started. However, all HTTPS requests will be directed to Sec@GW, and received secure emails will be directed to Sec@GW.
Before enabling Secure Mail, Secure Mail administrators can modify configurations, such as theming, on Admin Center (D-Center).
To enable Secure Mail, run:
perl /opt/DSuite/install.pl --enable instancenamehere
Troubleshooting
An error occurred while saving serverdomain
You will get something similar to the below output towards the end of installation.
> Wed Oct 25 09:33:47 2023: Starting identity-service containers
> Waiting for dcenter to startup..
>
> An error occurred while saving serverdomain: Can't connect to IPHERE:2025 (Connection refused)
>
> Connection refused at /usr/local/share/perl5/LWP/Protocol/http.pm line 50.
>
> An error occurred while saving maildomains: Can't connect to IPHERE:2025 (Connection refused)
>
> Connection refused at /usr/local/share/perl5/LWP/Protocol/http.pm line 50.
If you get the above output, run:
perl /opt/Sec\@GW/admin_tools/lib/updatedmaildomains.pl instancenamehere
If you get no output after running the script, the error is resolved.
Failed to set up IP tables
You will get the below output.
> Wed Oct 25 07:58:34 2023: Starting installation, backups can be found at /opt/DSuite/Config_backups.646241
> Network given isn't valid (gw: IPHERE, network: IPHERE/27) Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables -t nat -I DOCKER -i br-3e6747f886ea -j RETURN: iptables: No chain/target/match by that name.
> (exit status 1))
If you get the above output, there is something wrong with nftables.
Restart nftables and Docker by running the following script.
systemctl restart nftables; systemctl restart docker
NOTE. Do not stop nftables. If you restart nftables, restart also Docker. As a result, all Secure Mail instances restart.
Useful tips
nftables chain names
When RPM is installed, you must change the nftables chain names in all nft commands from lowercase to uppercase.
Below is an example of an nft command.
[root@n1 ~]# nft add rule filter output tcp dport 443 ct state new accept
Error: Could not process rule: No such file or directory
add rule filter output tcp dport 443 ct state new accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[root@n1 ~]#
For the above script to run successfully, the chain name output must be converted to uppercase as follows:
nft add rule filter OUTPUT tcp dport 443 ct state new accept
Listening ports
All listening ports of the Apache virtual hosts change from 443 to 4443 even if you install only one instance.
Nginx listens to port 443 and directs requests to correct services.
Docker command cheat sheet
docker ps
shows all running containers.docker ps -a
shows all containers.docker stop containername
stops a container.docker start containername
starts a container.docker restart containername
restarts a container.docker top containername
shows processes inside a container.docker inspect containername
shows detailed information about a container.docker exec -it containername command
runs a command inside a Docker container.docker logs containername
shows container logs.docker image ls
lists images.docker network ls
lists networks.docker network inspect networkname
shows detailed information about a networkdocker stats
shows CPU/Mem usage of containers.
What's next?
After you installed Secure Mail, you can move on to configure it.