Install Secure Mail

Prerequisites

  • Nginx: version 1.14.1 or later
  • Docker CE: version 23.0.0 or later
  • Docker Compose plugin
  • Sec@GW: version 3.16 or later
  • D-Center: version 3.16 or later

The above prerequisites are required for the CollabX RPM. They are downloaded automatically when you install Secure Mail.

Before you install Secure Mail, install Sec@GW.

Install Secure Mail

  1. Add Docker repository.
dnf install yum-utils
sudo yum-config-manager --add-repo    https://download.docker.com/linux/centos/docker-ce.repo
  1. Install the RPM packages, complete one of the following steps.
  • To install the RPM packages from the repository, run:
dnf install --enablerepo=collabx CollabX
  • To install local RPM packages, run:
dnf install /path/to/rpmpackageshere/*.rpm
  1. Install instance.

The --network parameter of install.pl script is used for docker containers and should be a free private network IP-address. install.pl converts this IP-address to a /27 network for the exclusive use of the instance that is being installed In this example we use 172.28.0.0 and instance containers would use 172.28.0.0/27 network.

service nftables restart
service docker restart
perl /opt/DSuite/install.pl --network 172.28.0.0 --install instancenamehere

After the installation is completed, all configs/data for the installed products can be found under /server/$instance/dsuite/. Template files and images can be found at /opt/DSuite/.

  1. Log in to D-Center to complete the Secure Mail configurations. For the instructions, click here.

  2. To enable Secure Mail, refer to the instructions below.

Enable Secure Mail

After you install Secure Mail, you must enable it.

If you install Secure Mail without enabling Secure Mail, the containers will be installed and started. However, all HTTPS requests will be directed to Sec@GW, and received secure emails will be directed to Sec@GW.

Before enabling Secure Mail, Secure Mail administrators can modify configurations, such as theming, on D-Center.

To enable Secure Mail, run:

perl /opt/DSuite/install.pl --enable instancenamehere

Troubleshooting

An error occurred while saving serverdomain

You will get something similar to the below output towards the end of installation.

> Wed Oct 25 09:33:47 2023: Starting identity-service containers
> Waiting for dcenter to startup..
>
> An error occurred while saving serverdomain: Can't connect to IPHERE:2025 (Connection refused)
>
> Connection refused at /usr/local/share/perl5/LWP/Protocol/http.pm line 50.
>
> An error occurred while saving maildomains: Can't connect to IPHERE:2025 (Connection refused)
>
> Connection refused at /usr/local/share/perl5/LWP/Protocol/http.pm line 50.

If you get the above output, run:

perl /opt/Sec\@GW/admin_tools/lib/updatedmaildomains.pl instancenamehere

If you get no output after running the script, the error is resolved.

Failed to set up IP tables

You will get the below output.

>  Wed Oct 25 07:58:34 2023: Starting installation, backups can be found at /opt/DSuite/Config_backups.646241
> Network given isn't valid (gw: IPHERE, network: IPHERE/27) Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:  (iptables failed: iptables -t nat -I DOCKER -i br-3e6747f886ea -j RETURN: iptables: No chain/target/match by that name.
>  (exit status 1))

If you get the above output, there is something wrong with nftables.

Restart nftables and Docker by running the following script.

systemctl restart nftables; systemctl restart docker

NOTE. Do not stop nftables. If you restart nftables, restart also Docker. As a result, all Secure Mail instances restart.

Useful tips

nftables chain names

When RPM is installed, you must change the nftables chain names in all nft commands from lowercase to uppercase.

Below is an example of an nft command.

[root@n1 ~]#  nft add rule filter output tcp dport 443 ct state new accept
Error: Could not process rule: No such file or directory
add rule filter output tcp dport 443 ct state new accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[root@n1 ~]#

For the above script to run successfully, the chain name output must be converted to uppercase as follows:

nft add rule filter OUTPUT tcp dport 443 ct state new accept

Listening ports

All listening ports of the Apache virtual hosts change from 443 to 4443 even if you install only one instance.

Nginx listens to port 443 and directs requests to correct services.

Docker command cheat sheet

  • docker ps shows all running containers.
  • docker ps -a shows all containers.
  • docker stop containername stops a container.
  • docker start containername starts a container.
  • docker restart containername restarts a container.
  • docker top containername shows processes inside a container.
  • docker inspect containername shows detailed information about a container.
  • docker exec -it containername command runs a command inside a Docker container.
  • docker logs containername shows container logs.
  • docker image ls lists images.
  • docker network ls lists networks.
  • docker network inspect networkname shows detailed information about a network
  • docker stats shows CPU/Mem usage of containers.

What's next?

After you installed Secure Mail 2024, you can move on to configure it.

Was this page helpful?

On this page